From cb12734f01d2528353cf344281981a5750aea695 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 6 May 2024 00:28:49 +0000 Subject: [PATCH] chore: update SBOM for Python 3.8 --- sbom/cve-bin-tool-py3.8.json | 790 ++++++++++++++++++----------------- sbom/cve-bin-tool-py3.8.spdx | 531 ++++++++++++----------- 2 files changed, 693 insertions(+), 628 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index 113366430f..0acdb3c118 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:f71e88da-e1db-49f6-acbf-30c67afd914a", + "serialNumber": "urn:uuid:120bb2a5-fa0c-4b63-8098-1c048eeed9f3", "version": 1, "metadata": { - "timestamp": "2024-04-29T00:27:35Z", + "timestamp": "2024-05-06T00:28:48Z", "tools": { "components": [ { @@ -652,7 +652,7 @@ "type": "library", "bom-ref": "16-gsutil", "name": "gsutil", - "version": "5.27", + "version": "5.28", "supplier": { "name": "Google Inc .", "contact": [ @@ -661,7 +661,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.28:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -673,12 +673,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gsutil/5.27", + "url": "https://pypi.org/project/gsutil/5.28", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.27", + "purl": "pkg:pypi/gsutil@5.28", "properties": [ { "name": "language", @@ -827,7 +827,7 @@ "type": "library", "bom-ref": "20-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", - "version": "3.0", + "version": "3.2", "supplier": { "name": "Google Inc .", "contact": [ @@ -836,7 +836,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*", "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.", "licenses": [ { @@ -848,12 +848,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.0", + "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.0", + "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2", "properties": [ { "name": "language", @@ -915,23 +915,23 @@ }, { "type": "library", - "bom-ref": "22-google-reauth", - "name": "google-reauth", - "version": "0.1.1", + "bom-ref": "22-google-auth", + "name": "google-auth", + "version": "2.17.0", "supplier": { - "name": "Google", + "name": "Google Cloud Platform", "contact": [ { - "email": "googleapis-publisher@google.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", - "description": "Google Reauth Library", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library", "hashes": [ { "alg": "SHA-1", - "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" + "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243" } ], "licenses": [ @@ -944,12 +944,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/google-reauth/0.1.1", + "url": "https://pypi.org/project/google-auth/2.17.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-reauth@0.1.1", + "purl": "pkg:pypi/google-auth@2.17.0", "properties": [ { "name": "language", @@ -963,23 +963,149 @@ }, { "type": "library", - "bom-ref": "23-pyu2f", - "name": "pyu2f", - "version": "0.1.5", + "bom-ref": "23-cachetools", + "name": "cachetools", + "version": "5.3.3", "supplier": { - "name": "Google Inc .", + "name": "Thomas Kemmer", "contact": [ { - "email": "pyu2f-team@google.com" + "email": "tkemmer@computer.org" } ] }, - "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", - "description": "U2F host library for interacting with a U2F device over USB.", + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*", + "description": "Extensible memoizing collections and decorators", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/cachetools/5.3.3", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/cachetools@5.3.3", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "24-pyasn1-modules", + "name": "pyasn1-modules", + "version": "0.4.0", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*", + "description": "A collection of ASN.1-based protocols modules", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/pyasn1-modules@0.4.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "25-pyasn1", + "name": "pyasn1", + "version": "0.6.0", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*", + "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause", + "url": "https://opensource.org/licenses/BSD-2-Clause" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/pyasn1/0.6.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/pyasn1@0.6.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "26-rsa", + "name": "rsa", + "version": "4.7.2", + "supplier": { + "name": "Sybren A . Stuvel", + "contact": [ + { + "email": "sybren@stuvel.eu" + } + ] + }, + "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", + "description": "Pure-Python RSA implementation", "hashes": [ { "alg": "SHA-1", - "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" } ], "licenses": [ @@ -992,12 +1118,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyu2f/0.1.5", + "url": "https://pypi.org/project/rsa/4.7.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyu2f@0.1.5", + "purl": "pkg:pypi/rsa@4.7.2", "properties": [ { "name": "language", @@ -1011,7 +1137,7 @@ }, { "type": "library", - "bom-ref": "24-six", + "bom-ref": "27-six", "name": "six", "version": "1.16.0", "supplier": { @@ -1059,41 +1185,40 @@ }, { "type": "library", - "bom-ref": "25-httplib2", - "name": "httplib2", - "version": "0.20.4", + "bom-ref": "28-google-auth-httplib2", + "name": "google-auth-httplib2", + "version": "0.2.0", "supplier": { - "name": "Joe Gregorio", + "name": "Google Cloud Platform", "contact": [ { - "email": "joe@bitworking.org" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", - "description": "A comprehensive HTTP client library.", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", "hashes": [ { "alg": "SHA-1", - "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4" + "content": "932ac88800dd6de004c1bd59867831ccf033f031" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/httplib2/0.20.4", + "url": "https://pypi.org/project/google-auth-httplib2/0.2.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/httplib2@0.20.4", + "purl": "pkg:pypi/google-auth-httplib2@0.2.0", "properties": [ { "name": "language", @@ -1107,33 +1232,41 @@ }, { "type": "library", - "bom-ref": "26-pyparsing", - "name": "pyparsing", - "version": "3.1.2", + "bom-ref": "29-httplib2", + "name": "httplib2", + "version": "0.20.4", "supplier": { - "name": "Paul McGuire", + "name": "Joe Gregorio", "contact": [ { - "email": "ptmcg.gm+pyparsing@gmail.com" + "email": "joe@bitworking.org" } ] }, - "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*", - "description": "pyparsing module - Classes and methods to define and execute parsing grammars", + "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", + "description": "A comprehensive HTTP client library.", "hashes": [ { "alg": "SHA-1", - "content": "7d4bda2743ebc04f68d2594bc4fffc70cd65848f" + "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/pyparsing/3.1.2", + "url": "https://pypi.org/project/httplib2/0.20.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyparsing@3.1.2", + "purl": "pkg:pypi/httplib2@0.20.4", "properties": [ { "name": "language", @@ -1147,41 +1280,33 @@ }, { "type": "library", - "bom-ref": "27-oauth2client", - "name": "oauth2client", - "version": "4.1.3", + "bom-ref": "30-pyparsing", + "name": "pyparsing", + "version": "3.1.2", "supplier": { - "name": "Google Inc .", + "name": "Paul McGuire", "contact": [ { - "email": "jonwayne+oauth2client@google.com" + "email": "ptmcg.gm+pyparsing@gmail.com" } ] }, - "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", - "description": "OAuth 2.0 client library", + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*", + "description": "pyparsing module - Classes and methods to define and execute parsing grammars", "hashes": [ { "alg": "SHA-1", - "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0" - } + "content": "7d4bda2743ebc04f68d2594bc4fffc70cd65848f" } ], "externalReferences": [ { - "url": "https://pypi.org/project/oauth2client/4.1.3", + "url": "https://pypi.org/project/pyparsing/3.1.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/oauth2client@4.1.3", + "purl": "pkg:pypi/pyparsing@3.1.2", "properties": [ { "name": "language", @@ -1195,35 +1320,41 @@ }, { "type": "library", - "bom-ref": "28-pyasn1", - "name": "pyasn1", - "version": "0.6.0", + "bom-ref": "31-google-reauth", + "name": "google-reauth", + "version": "0.1.1", "supplier": { - "name": "Ilya Etingof", + "name": "Google", "contact": [ { - "email": "etingof@gmail.com" + "email": "googleapis-publisher@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*", - "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", + "description": "Google Reauth Library", + "hashes": [ + { + "alg": "SHA-1", + "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" + } + ], "licenses": [ { "license": { - "id": "BSD-2-Clause", - "url": "https://opensource.org/licenses/BSD-2-Clause" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1/0.6.0", + "url": "https://pypi.org/project/google-reauth/0.1.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1@0.6.0", + "purl": "pkg:pypi/google-reauth@0.1.1", "properties": [ { "name": "language", @@ -1237,35 +1368,41 @@ }, { "type": "library", - "bom-ref": "29-pyasn1-modules", - "name": "pyasn1-modules", - "version": "0.4.0", + "bom-ref": "32-pyu2f", + "name": "pyu2f", + "version": "0.1.5", "supplier": { - "name": "Ilya Etingof", + "name": "Google Inc .", "contact": [ { - "email": "etingof@gmail.com" + "email": "pyu2f-team@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*", - "description": "A collection of ASN.1-based protocols modules", + "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", + "description": "U2F host library for interacting with a U2F device over USB.", + "hashes": [ + { + "alg": "SHA-1", + "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + } + ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "url": "https://pypi.org/project/pyu2f/0.1.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1-modules@0.4.0", + "purl": "pkg:pypi/pyu2f@0.1.5", "properties": [ { "name": "language", @@ -1279,23 +1416,23 @@ }, { "type": "library", - "bom-ref": "30-rsa", - "name": "rsa", - "version": "4.7.2", + "bom-ref": "33-oauth2client", + "name": "oauth2client", + "version": "4.1.3", "supplier": { - "name": "Sybren A . Stuvel", + "name": "Google Inc .", "contact": [ { - "email": "sybren@stuvel.eu" + "email": "jonwayne+oauth2client@google.com" } ] }, - "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", - "description": "Pure-Python RSA implementation", + "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", + "description": "OAuth 2.0 client library", "hashes": [ { "alg": "SHA-1", - "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" + "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" } ], "licenses": [ @@ -1308,12 +1445,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rsa/4.7.2", + "url": "https://pypi.org/project/oauth2client/4.1.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rsa@4.7.2", + "purl": "pkg:pypi/oauth2client@4.1.3", "properties": [ { "name": "language", @@ -1327,7 +1464,7 @@ }, { "type": "library", - "bom-ref": "31-pyopenssl", + "bom-ref": "34-pyopenssl", "name": "pyopenssl", "version": "24.1.0", "supplier": { @@ -1375,9 +1512,9 @@ }, { "type": "library", - "bom-ref": "32-cryptography", + "bom-ref": "35-cryptography", "name": "cryptography", - "version": "42.0.5", + "version": "42.0.6", "supplier": { "name": "The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1386,14 +1523,8 @@ } ] }, - "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.6:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", - "hashes": [ - { - "alg": "SHA-1", - "content": "33833f031d9d36234e11d9671be150d53b9e598d" - } - ], "licenses": [ { "expression": "Apache-2.0 OR BSD-3-Clause" @@ -1401,12 +1532,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cryptography/42.0.5", + "url": "https://pypi.org/project/cryptography/42.0.6", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@42.0.5", + "purl": "pkg:pypi/cryptography@42.0.6", "properties": [ { "name": "language", @@ -1420,7 +1551,7 @@ }, { "type": "library", - "bom-ref": "33-cffi", + "bom-ref": "36-cffi", "name": "cffi", "version": "1.16.0", "supplier": { @@ -1468,7 +1599,7 @@ }, { "type": "library", - "bom-ref": "34-pycparser", + "bom-ref": "37-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -1516,7 +1647,7 @@ }, { "type": "library", - "bom-ref": "35-retry-decorator", + "bom-ref": "38-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -1564,7 +1695,7 @@ }, { "type": "library", - "bom-ref": "36-google-apitools", + "bom-ref": "39-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -1612,91 +1743,7 @@ }, { "type": "library", - "bom-ref": "37-google-auth", - "name": "google-auth", - "version": "2.29.0", - "supplier": { - "name": "Google Cloud Platform", - "contact": [ - { - "email": "googleapis-packages@google.com" - } - ] - }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0" - } - } - ], - "externalReferences": [ - { - "url": "https://pypi.org/project/google-auth/2.29.0", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/google-auth@2.29.0", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.8.18" - } - ] - }, - { - "type": "library", - "bom-ref": "38-cachetools", - "name": "cachetools", - "version": "5.3.3", - "supplier": { - "name": "Thomas Kemmer", - "contact": [ - { - "email": "tkemmer@computer.org" - } - ] - }, - "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*", - "description": "Extensible memoizing collections and decorators", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" - } - } - ], - "externalReferences": [ - { - "url": "https://pypi.org/project/cachetools/5.3.3", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/cachetools@5.3.3", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.8.18" - } - ] - }, - { - "type": "library", - "bom-ref": "39-monotonic", + "bom-ref": "40-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1744,7 +1791,7 @@ }, { "type": "library", - "bom-ref": "40-importlib-metadata", + "bom-ref": "41-importlib-metadata", "name": "importlib-metadata", "version": "7.1.0", "supplier": { @@ -1784,7 +1831,7 @@ }, { "type": "library", - "bom-ref": "41-zipp", + "bom-ref": "42-zipp", "name": "zipp", "version": "3.18.1", "supplier": { @@ -1824,7 +1871,7 @@ }, { "type": "library", - "bom-ref": "42-importlib-resources", + "bom-ref": "43-importlib-resources", "name": "importlib-resources", "version": "6.4.0", "supplier": { @@ -1864,32 +1911,18 @@ }, { "type": "library", - "bom-ref": "43-jinja2", + "bom-ref": "44-jinja2", "name": "jinja2", - "version": "3.1.3", + "version": "3.1.4", "description": "A very fast and expressive template engine.", - "hashes": [ - { - "alg": "SHA-1", - "content": "d9de4bb215fd1cc8092a410fb834c7c4060b1fc1" - } - ], - "licenses": [ - { - "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause" - } - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/Jinja2/3.1.3", + "url": "https://pypi.org/project/Jinja2/3.1.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jinja2@3.1.3", + "purl": "pkg:pypi/jinja2@3.1.4", "properties": [ { "name": "language", @@ -1903,7 +1936,7 @@ }, { "type": "library", - "bom-ref": "44-markupsafe", + "bom-ref": "45-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", @@ -1942,13 +1975,13 @@ }, { "type": "library", - "bom-ref": "45-jsonschema", + "bom-ref": "46-jsonschema", "name": "jsonschema", - "version": "4.21.1", + "version": "4.22.0", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", "licenses": [ { @@ -1960,12 +1993,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema/4.21.1", + "url": "https://pypi.org/project/jsonschema/4.22.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema@4.21.1", + "purl": "pkg:pypi/jsonschema@4.22.0", "properties": [ { "name": "language", @@ -1979,7 +2012,7 @@ }, { "type": "library", - "bom-ref": "46-jsonschema-specifications", + "bom-ref": "47-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2023.12.1", "supplier": { @@ -2022,22 +2055,22 @@ }, { "type": "library", - "bom-ref": "47-referencing", + "bom-ref": "48-referencing", "name": "referencing", - "version": "0.35.0", + "version": "0.35.1", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*", "description": "JSON Referencing + Python", "externalReferences": [ { - "url": "https://pypi.org/project/referencing/0.35.0", + "url": "https://pypi.org/project/referencing/0.35.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/referencing@0.35.0", + "purl": "pkg:pypi/referencing@0.35.1", "properties": [ { "name": "language", @@ -2051,7 +2084,7 @@ }, { "type": "library", - "bom-ref": "48-rpds-py", + "bom-ref": "49-rpds-py", "name": "rpds-py", "version": "0.18.0", "supplier": { @@ -2088,7 +2121,7 @@ }, { "type": "library", - "bom-ref": "49-pkgutil-resolve-name", + "bom-ref": "50-pkgutil-resolve-name", "name": "pkgutil-resolve-name", "version": "1.3.10", "supplier": { @@ -2122,7 +2155,7 @@ }, { "type": "library", - "bom-ref": "50-lib4sbom", + "bom-ref": "51-lib4sbom", "name": "lib4sbom", "version": "0.7.1", "supplier": { @@ -2135,6 +2168,12 @@ }, "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", + "hashes": [ + { + "alg": "SHA-1", + "content": "4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4" + } + ], "licenses": [ { "license": { @@ -2164,7 +2203,7 @@ }, { "type": "library", - "bom-ref": "51-pyyaml", + "bom-ref": "52-pyyaml", "name": "pyyaml", "version": "6.0.1", "supplier": { @@ -2212,7 +2251,7 @@ }, { "type": "library", - "bom-ref": "52-semantic-version", + "bom-ref": "53-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2260,7 +2299,7 @@ }, { "type": "library", - "bom-ref": "53-packageurl-python", + "bom-ref": "54-packageurl-python", "name": "packageurl-python", "version": "0.15.0", "supplier": { @@ -2303,7 +2342,7 @@ }, { "type": "library", - "bom-ref": "54-packaging", + "bom-ref": "55-packaging", "name": "packaging", "version": "24.0", "supplier": { @@ -2337,9 +2376,9 @@ }, { "type": "library", - "bom-ref": "55-plotly", + "bom-ref": "56-plotly", "name": "plotly", - "version": "5.21.0", + "version": "5.22.0", "supplier": { "name": "Chris P", "contact": [ @@ -2348,7 +2387,7 @@ } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.21.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*", "description": "An open-source, interactive data visualization library for Python", "licenses": [ { @@ -2360,12 +2399,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/plotly/5.21.0", + "url": "https://pypi.org/project/plotly/5.22.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/plotly@5.21.0", + "purl": "pkg:pypi/plotly@5.22.0", "properties": [ { "name": "language", @@ -2379,7 +2418,7 @@ }, { "type": "library", - "bom-ref": "56-tenacity", + "bom-ref": "57-tenacity", "name": "tenacity", "version": "8.2.3", "supplier": { @@ -2427,7 +2466,7 @@ }, { "type": "library", - "bom-ref": "57-python-gnupg", + "bom-ref": "58-python-gnupg", "name": "python-gnupg", "version": "0.5.2", "supplier": { @@ -2475,7 +2514,7 @@ }, { "type": "library", - "bom-ref": "58-requests", + "bom-ref": "59-requests", "name": "requests", "version": "2.31.0", "supplier": { @@ -2523,7 +2562,7 @@ }, { "type": "library", - "bom-ref": "59-certifi", + "bom-ref": "60-certifi", "name": "certifi", "version": "2024.2.2", "supplier": { @@ -2565,7 +2604,7 @@ }, { "type": "library", - "bom-ref": "60-charset-normalizer", + "bom-ref": "61-charset-normalizer", "name": "charset-normalizer", "version": "3.3.2", "supplier": { @@ -2613,7 +2652,7 @@ }, { "type": "library", - "bom-ref": "61-urllib3", + "bom-ref": "62-urllib3", "name": "urllib3", "version": "2.2.1", "supplier": { @@ -2647,7 +2686,7 @@ }, { "type": "library", - "bom-ref": "62-rich", + "bom-ref": "63-rich", "name": "rich", "version": "13.7.1", "supplier": { @@ -2689,7 +2728,7 @@ }, { "type": "library", - "bom-ref": "63-markdown-it-py", + "bom-ref": "64-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2729,7 +2768,7 @@ }, { "type": "library", - "bom-ref": "64-mdurl", + "bom-ref": "65-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2769,9 +2808,9 @@ }, { "type": "library", - "bom-ref": "65-pygments", + "bom-ref": "66-pygments", "name": "pygments", - "version": "2.17.2", + "version": "2.18.0", "supplier": { "name": "Georg Brandl", "contact": [ @@ -2780,14 +2819,8 @@ } ] }, - "cpe": "cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*", "description": "Pygments is a syntax highlighting package written in Python.", - "hashes": [ - { - "alg": "SHA-1", - "content": "ee30ce132ae252bd72f3a74c86d9314a2214d0b4" - } - ], "licenses": [ { "license": { @@ -2798,12 +2831,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.17.2", + "url": "https://pypi.org/project/Pygments/2.18.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pygments@2.17.2", + "purl": "pkg:pypi/pygments@2.18.0", "properties": [ { "name": "language", @@ -2817,7 +2850,7 @@ }, { "type": "library", - "bom-ref": "66-typing-extensions", + "bom-ref": "67-typing-extensions", "name": "typing-extensions", "version": "4.11.0", "supplier": { @@ -2857,7 +2890,7 @@ }, { "type": "library", - "bom-ref": "67-rpmfile", + "bom-ref": "68-rpmfile", "name": "rpmfile", "version": "2.0.0", "supplier": { @@ -2899,7 +2932,7 @@ }, { "type": "library", - "bom-ref": "68-toml", + "bom-ref": "69-toml", "name": "toml", "version": "0.10.2", "supplier": { @@ -2947,7 +2980,7 @@ }, { "type": "library", - "bom-ref": "69-xmlschema", + "bom-ref": "70-xmlschema", "name": "xmlschema", "version": "3.3.1", "supplier": { @@ -2989,7 +3022,7 @@ }, { "type": "library", - "bom-ref": "70-elementpath", + "bom-ref": "71-elementpath", "name": "elementpath", "version": "4.4.0", "supplier": { @@ -3031,7 +3064,7 @@ }, { "type": "library", - "bom-ref": "71-zstandard", + "bom-ref": "72-zstandard", "name": "zstandard", "version": "0.22.0", "supplier": { @@ -3095,23 +3128,23 @@ "14-distro", "15-filetype", "16-gsutil", - "40-importlib-metadata", - "42-importlib-resources", - "43-jinja2", - "45-jsonschema", - "50-lib4sbom", - "53-packageurl-python", - "54-packaging", - "55-plotly", - "57-python-gnupg", - "51-pyyaml", - "58-requests", - "62-rich", - "67-rpmfile", - "68-toml", - "61-urllib3", - "69-xmlschema", - "71-zstandard" + "41-importlib-metadata", + "43-importlib-resources", + "44-jinja2", + "46-jsonschema", + "51-lib4sbom", + "54-packageurl-python", + "55-packaging", + "56-plotly", + "58-python-gnupg", + "52-pyyaml", + "59-requests", + "63-rich", + "68-rpmfile", + "69-toml", + "62-urllib3", + "70-xmlschema", + "72-zstandard" ] }, { @@ -3151,189 +3184,200 @@ "18-crcmod", "19-fasteners", "20-gcs-oauth2-boto-plugin", - "36-google-apitools", - "37-google-auth", - "22-google-reauth", - "25-httplib2", - "39-monotonic", - "31-pyopenssl", - "35-retry-decorator", - "24-six" + "39-google-apitools", + "22-google-auth", + "28-google-auth-httplib2", + "31-google-reauth", + "29-httplib2", + "40-monotonic", + "34-pyopenssl", + "38-retry-decorator", + "27-six" ] }, { "ref": "20-gcs-oauth2-boto-plugin", "dependsOn": [ "21-boto", - "22-google-reauth", - "25-httplib2", - "27-oauth2client", - "31-pyopenssl", - "35-retry-decorator", - "30-rsa", - "24-six" + "22-google-auth", + "28-google-auth-httplib2", + "31-google-reauth", + "29-httplib2", + "33-oauth2client", + "34-pyopenssl", + "38-retry-decorator", + "26-rsa", + "27-six" ] }, { - "ref": "22-google-reauth", + "ref": "22-google-auth", "dependsOn": [ - "23-pyu2f" + "23-cachetools", + "24-pyasn1-modules", + "26-rsa", + "27-six" ] }, { - "ref": "23-pyu2f", + "ref": "24-pyasn1-modules", "dependsOn": [ - "24-six" + "25-pyasn1" ] }, { - "ref": "25-httplib2", + "ref": "26-rsa", "dependsOn": [ - "26-pyparsing" + "25-pyasn1" ] }, { - "ref": "27-oauth2client", + "ref": "28-google-auth-httplib2", "dependsOn": [ - "25-httplib2", - "28-pyasn1", - "29-pyasn1-modules", - "30-rsa", - "24-six" + "22-google-auth", + "29-httplib2" ] }, { - "ref": "29-pyasn1-modules", + "ref": "29-httplib2", "dependsOn": [ - "28-pyasn1" + "30-pyparsing" ] }, { - "ref": "30-rsa", + "ref": "31-google-reauth", "dependsOn": [ - "28-pyasn1" + "32-pyu2f" ] }, { - "ref": "31-pyopenssl", + "ref": "32-pyu2f", "dependsOn": [ - "32-cryptography" + "27-six" ] }, { - "ref": "32-cryptography", + "ref": "33-oauth2client", "dependsOn": [ - "33-cffi" + "29-httplib2", + "25-pyasn1", + "24-pyasn1-modules", + "26-rsa", + "27-six" ] }, { - "ref": "33-cffi", + "ref": "34-pyopenssl", "dependsOn": [ - "34-pycparser" + "35-cryptography" ] }, { - "ref": "36-google-apitools", + "ref": "35-cryptography", "dependsOn": [ - "19-fasteners", - "25-httplib2", - "27-oauth2client", - "24-six" + "36-cffi" + ] + }, + { + "ref": "36-cffi", + "dependsOn": [ + "37-pycparser" ] }, { - "ref": "37-google-auth", + "ref": "39-google-apitools", "dependsOn": [ - "38-cachetools", - "29-pyasn1-modules", - "30-rsa" + "19-fasteners", + "29-httplib2", + "33-oauth2client", + "27-six" ] }, { - "ref": "40-importlib-metadata", + "ref": "41-importlib-metadata", "dependsOn": [ - "41-zipp" + "42-zipp" ] }, { - "ref": "42-importlib-resources", + "ref": "43-importlib-resources", "dependsOn": [ - "41-zipp" + "42-zipp" ] }, { - "ref": "43-jinja2", + "ref": "44-jinja2", "dependsOn": [ - "44-markupsafe" + "45-markupsafe" ] }, { - "ref": "45-jsonschema", + "ref": "46-jsonschema", "dependsOn": [ "6-attrs", - "42-importlib-resources", - "46-jsonschema-specifications", - "49-pkgutil-resolve-name", - "47-referencing", - "48-rpds-py" + "43-importlib-resources", + "47-jsonschema-specifications", + "50-pkgutil-resolve-name", + "48-referencing", + "49-rpds-py" ] }, { - "ref": "46-jsonschema-specifications", + "ref": "47-jsonschema-specifications", "dependsOn": [ - "42-importlib-resources", - "47-referencing" + "43-importlib-resources", + "48-referencing" ] }, { - "ref": "47-referencing", + "ref": "48-referencing", "dependsOn": [ "6-attrs", - "48-rpds-py" + "49-rpds-py" ] }, { - "ref": "50-lib4sbom", + "ref": "51-lib4sbom", "dependsOn": [ "13-defusedxml", - "51-pyyaml", - "52-semantic-version" + "52-pyyaml", + "53-semantic-version" ] }, { - "ref": "55-plotly", + "ref": "56-plotly", "dependsOn": [ - "54-packaging", - "56-tenacity" + "55-packaging", + "57-tenacity" ] }, { - "ref": "58-requests", + "ref": "59-requests", "dependsOn": [ - "59-certifi", - "60-charset-normalizer", + "60-certifi", + "61-charset-normalizer", "9-idna", - "61-urllib3" + "62-urllib3" ] }, { - "ref": "62-rich", + "ref": "63-rich", "dependsOn": [ - "63-markdown-it-py", - "65-pygments", - "66-typing-extensions" + "64-markdown-it-py", + "66-pygments", + "67-typing-extensions" ] }, { - "ref": "63-markdown-it-py", + "ref": "64-markdown-it-py", "dependsOn": [ - "64-mdurl" + "65-mdurl" ] }, { - "ref": "69-xmlschema", + "ref": "70-xmlschema", "dependsOn": [ - "70-elementpath" + "71-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index 78994456f0..aaf056ef01 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3e09fd99-db2d-4685-ac0b-5dc0d4c7b348 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e22d6ccd-3b1e-4723-801c-333cec52ae09 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.10.4 -Created: 2024-04-29T00:26:10Z +Created: 2024-05-06T00:27:03Z CreatorComment: This document has been automatically generated. ##### @@ -249,18 +249,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: PackageName: gsutil SPDXID: SPDXRef-Package-16-gsutil -PackageVersion: 5.27 +PackageVersion: 5.28 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.27 +PackageDownloadLocation: https://pypi.org/project/gsutil/5.28 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.27 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.28 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.28:*:*:*:*:*:*:* ##### PackageName: argcomplete @@ -313,18 +313,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:* PackageName: gcs-oauth2-boto-plugin SPDXID: SPDXRef-Package-20-gcs-oauth2-boto-plugin -PackageVersion: 3.0 +PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) -PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.0 +PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:* ##### PackageName: boto @@ -343,42 +343,88 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* ##### -PackageName: google-reauth -SPDXID: SPDXRef-Package-22-google-reauth -PackageVersion: 0.1.1 +PackageName: google-auth +SPDXID: SPDXRef-Package-22-google-auth +PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google (googleapis-publisher@google.com) -PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0 FilesAnalyzed: false -PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b +PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Google Reauth Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* +PackageSummary: Google Authentication Library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* ##### -PackageName: pyu2f -SPDXID: SPDXRef-Package-23-pyu2f -PackageVersion: 0.1.5 +PackageName: cachetools +SPDXID: SPDXRef-Package-23-cachetools +PackageVersion: 5.3.3 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) -PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 +PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) +PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.3 FilesAnalyzed: false -PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Extensible memoizing collections and decorators +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:* +##### + +PackageName: pyasn1-modules +SPDXID: SPDXRef-Package-24-pyasn1-modules +PackageVersion: 0.4.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 +FilesAnalyzed: false +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A collection of ASN.1-based protocols modules +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:* +##### + +PackageName: pyasn1 +SPDXID: SPDXRef-Package-25-pyasn1 +PackageVersion: 0.6.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0 +FilesAnalyzed: false +PackageLicenseDeclared: BSD-2-Clause +PackageLicenseConcluded: BSD-2-Clause +PackageCopyrightText: NOASSERTION +PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:* +##### + +PackageName: rsa +SPDXID: SPDXRef-Package-26-rsa +PackageVersion: 4.7.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) +PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 +FilesAnalyzed: false +PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: U2F host library for interacting with a U2F device over USB. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* +PackageSummary: Pure-Python RSA implementation +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-Package-24-six +SPDXID: SPDXRef-Package-27-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -393,8 +439,24 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:* ##### +PackageName: google-auth-httplib2 +SPDXID: SPDXRef-Package-28-google-auth-httplib2 +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0 +FilesAnalyzed: false +PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* +##### + PackageName: httplib2 -SPDXID: SPDXRef-Package-25-httplib2 +SPDXID: SPDXRef-Package-29-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -410,7 +472,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-Package-26-pyparsing +SPDXID: SPDXRef-Package-30-pyparsing PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) @@ -425,73 +487,59 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:* ##### -PackageName: oauth2client -SPDXID: SPDXRef-Package-27-oauth2client -PackageVersion: 4.1.3 +PackageName: google-reauth +SPDXID: SPDXRef-Package-31-google-reauth +PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) -PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 +PackageSupplier: Person: Google (googleapis-publisher@google.com) +PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 FilesAnalyzed: false -PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 +PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: OAuth 2.0 client library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* -##### - -PackageName: pyasn1 -SPDXID: SPDXRef-Package-28-pyasn1 -PackageVersion: 0.6.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0 -FilesAnalyzed: false -PackageLicenseDeclared: BSD-2-Clause -PackageLicenseConcluded: BSD-2-Clause +PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:* +PackageSummary: Google Reauth Library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* ##### -PackageName: pyasn1-modules -SPDXID: SPDXRef-Package-29-pyasn1-modules -PackageVersion: 0.4.0 +PackageName: pyu2f +SPDXID: SPDXRef-Package-32-pyu2f +PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 +PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) +PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 FilesAnalyzed: false +PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: A collection of ASN.1-based protocols modules -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:* +PackageSummary: U2F host library for interacting with a U2F device over USB. +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### -PackageName: rsa -SPDXID: SPDXRef-Package-30-rsa -PackageVersion: 4.7.2 +PackageName: oauth2client +SPDXID: SPDXRef-Package-33-oauth2client +PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) -PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 +PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) +PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 FilesAnalyzed: false -PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa +PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python RSA implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* +PackageSummary: OAuth 2.0 client library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-Package-31-pyopenssl +SPDXID: SPDXRef-Package-34-pyopenssl PackageVersion: 24.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) @@ -508,23 +556,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. ##### PackageName: cryptography -SPDXID: SPDXRef-Package-32-cryptography -PackageVersion: 42.0.5 +SPDXID: SPDXRef-Package-35-cryptography +PackageVersion: 42.0.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.5 +PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.6 FilesAnalyzed: false -PackageChecksum: SHA1: 33833f031d9d36234e11d9671be150d53b9e598d PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.6 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.6:*:*:*:*:*:*:* ##### PackageName: cffi -SPDXID: SPDXRef-Package-33-cffi +SPDXID: SPDXRef-Package-36-cffi PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) @@ -540,7 +587,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:* ##### PackageName: pycparser -SPDXID: SPDXRef-Package-34-pycparser +SPDXID: SPDXRef-Package-37-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) @@ -556,7 +603,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-Package-35-retry-decorator +SPDXID: SPDXRef-Package-38-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) @@ -572,7 +619,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-Package-36-google-apitools +SPDXID: SPDXRef-Package-39-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -588,39 +635,8 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:* ##### -PackageName: google-auth -SPDXID: SPDXRef-Package-37-google-auth -PackageVersion: 2.29.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.29.0 -FilesAnalyzed: false -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.29.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:* -##### - -PackageName: cachetools -SPDXID: SPDXRef-Package-38-cachetools -PackageVersion: 5.3.3 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.3 -FilesAnalyzed: false -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: Extensible memoizing collections and decorators -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:* -##### - PackageName: monotonic -SPDXID: SPDXRef-Package-39-monotonic +SPDXID: SPDXRef-Package-40-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -637,7 +653,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: importlib-metadata -SPDXID: SPDXRef-Package-40-importlib-metadata +SPDXID: SPDXRef-Package-41-importlib-metadata PackageVersion: 7.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com) @@ -653,7 +669,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:7.1 ##### PackageName: zipp -SPDXID: SPDXRef-Package-41-zipp +SPDXID: SPDXRef-Package-42-zipp PackageVersion: 3.18.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com) @@ -669,7 +685,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.18.1:*:*:*:*:*: ##### PackageName: importlib-resources -SPDXID: SPDXRef-Package-42-importlib-resources +SPDXID: SPDXRef-Package-43-importlib-resources PackageVersion: 6.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Barry Warsaw (barry@python.org) @@ -685,22 +701,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.4.0 ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-43-jinja2 -PackageVersion: 3.1.3 +SPDXID: SPDXRef-Package-44-jinja2 +PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.3 +PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.4 FilesAnalyzed: false -PackageChecksum: SHA1: d9de4bb215fd1cc8092a410fb834c7c4060b1fc1 -PackageLicenseDeclared: BSD-3-Clause -PackageLicenseConcluded: BSD-3-Clause +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A very fast and expressive template engine. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.3 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-44-markupsafe +SPDXID: SPDXRef-Package-45-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -715,22 +730,22 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-45-jsonschema -PackageVersion: 4.21.1 +SPDXID: SPDXRef-Package-46-jsonschema +PackageVersion: 4.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema/4.21.1 +PackageDownloadLocation: https://pypi.org/project/jsonschema/4.22.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.21.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.22.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:* ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-Package-46-jsonschema-specifications +SPDXID: SPDXRef-Package-47-jsonschema-specifications PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -746,22 +761,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification ##### PackageName: referencing -SPDXID: SPDXRef-Package-47-referencing -PackageVersion: 0.35.0 +SPDXID: SPDXRef-Package-48-referencing +PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/referencing/0.35.0 +PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-Package-48-rpds-py +SPDXID: SPDXRef-Package-49-rpds-py PackageVersion: 0.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -776,7 +791,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:* ##### PackageName: pkgutil-resolve-name -SPDXID: SPDXRef-Package-49-pkgutil-resolve-name +SPDXID: SPDXRef-Package-50-pkgutil-resolve-name PackageVersion: 1.3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -791,12 +806,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.1 ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-50-lib4sbom +SPDXID: SPDXRef-Package-51-lib4sbom PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.1 FilesAnalyzed: false +PackageChecksum: SHA1: 4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION @@ -806,7 +822,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*: ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-51-pyyaml +SPDXID: SPDXRef-Package-52-pyyaml PackageVersion: 6.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) @@ -822,7 +838,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-52-semantic-version +SPDXID: SPDXRef-Package-53-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -839,7 +855,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: packageurl-python -SPDXID: SPDXRef-Package-53-packageurl-python +SPDXID: SPDXRef-Package-54-packageurl-python PackageVersion: 0.15.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -855,7 +871,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: packaging -SPDXID: SPDXRef-Package-54-packaging +SPDXID: SPDXRef-Package-55-packaging PackageVersion: 24.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -870,22 +886,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-Package-55-plotly -PackageVersion: 5.21.0 +SPDXID: SPDXRef-Package-56-plotly +PackageVersion: 5.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) -PackageDownloadLocation: https://pypi.org/project/plotly/5.21.0 +PackageDownloadLocation: https://pypi.org/project/plotly/5.22.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.21.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.21.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.22.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-56-tenacity +SPDXID: SPDXRef-Package-57-tenacity PackageVersion: 8.2.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) @@ -902,7 +918,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-57-python-gnupg +SPDXID: SPDXRef-Package-58-python-gnupg PackageVersion: 0.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -919,7 +935,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-58-requests +SPDXID: SPDXRef-Package-59-requests PackageVersion: 2.31.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -936,7 +952,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-59-certifi +SPDXID: SPDXRef-Package-60-certifi PackageVersion: 2024.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -951,7 +967,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.2.2:*:*:*:* ##### PackageName: charset-normalizer -SPDXID: SPDXRef-Package-60-charset-normalizer +SPDXID: SPDXRef-Package-61-charset-normalizer PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) @@ -967,7 +983,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:* ##### PackageName: urllib3 -SPDXID: SPDXRef-Package-61-urllib3 +SPDXID: SPDXRef-Package-62-urllib3 PackageVersion: 2.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) @@ -982,7 +998,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.1:*:*:*:*:*: ##### PackageName: rich -SPDXID: SPDXRef-Package-62-rich +SPDXID: SPDXRef-Package-63-rich PackageVersion: 13.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -997,7 +1013,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-63-markdown-it-py +SPDXID: SPDXRef-Package-64-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -1013,7 +1029,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-64-mdurl +SPDXID: SPDXRef-Package-65-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -1029,23 +1045,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-65-pygments -PackageVersion: 2.17.2 +SPDXID: SPDXRef-Package-66-pygments +PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.17.2 +PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0 FilesAnalyzed: false -PackageChecksum: SHA1: ee30ce132ae252bd72f3a74c86d9314a2214d0b4 PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.17.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:* ##### PackageName: typing-extensions -SPDXID: SPDXRef-Package-66-typing-extensions +SPDXID: SPDXRef-Package-67-typing-extensions PackageVersion: 4.11.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) @@ -1061,7 +1076,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-67-rpmfile +SPDXID: SPDXRef-Package-68-rpmfile PackageVersion: 2.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -1076,7 +1091,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:* ##### PackageName: toml -SPDXID: SPDXRef-Package-68-toml +SPDXID: SPDXRef-Package-69-toml PackageVersion: 0.10.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: William Pearson (uiri@xqz.ca) @@ -1092,7 +1107,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: ##### PackageName: xmlschema -SPDXID: SPDXRef-Package-69-xmlschema +SPDXID: SPDXRef-Package-70-xmlschema PackageVersion: 3.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1107,7 +1122,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-70-elementpath +SPDXID: SPDXRef-Package-71-elementpath PackageVersion: 4.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1122,7 +1137,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-71-zstandard +SPDXID: SPDXRef-Package-72-zstandard PackageVersion: 0.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1146,36 +1161,37 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-distr Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-filetype Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-40-importlib-metadata -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-importlib-resources -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-packageurl-python -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-68-toml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-71-zstandard +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-importlib-metadata +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-importlib-resources +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-packageurl-python +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-urllib3 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-68-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-toml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-70-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-72-zstandard Relationship: SPDXRef-Package-10-beautifulsoup4 DEPENDS_ON SPDXRef-Package-11-soupsieve Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-19-fasteners Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-20-gcs-oauth2-boto-plugin -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-reauth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-pyopenssl -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-35-retry-decorator -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-36-google-apitools -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-37-google-auth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-monotonic +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-google-reauth +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-34-pyopenssl +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-38-retry-decorator +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-google-apitools +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-40-monotonic Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-async-timeout @@ -1183,60 +1199,65 @@ Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-attrs Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-multidict Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-yarl Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-boto -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-reauth -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-oauth2client -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-pyopenssl -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-35-retry-decorator -Relationship: SPDXRef-Package-22-google-reauth DEPENDS_ON SPDXRef-Package-23-pyu2f -Relationship: SPDXRef-Package-23-pyu2f DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-25-httplib2 DEPENDS_ON SPDXRef-Package-26-pyparsing -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-28-pyasn1 -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-29-pyasn1-modules -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-29-pyasn1-modules DEPENDS_ON SPDXRef-Package-28-pyasn1 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-google-reauth +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-oauth2client +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-pyopenssl +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-38-retry-decorator +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-23-cachetools +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-24-pyasn1-modules +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-24-pyasn1-modules DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-26-rsa DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-29-httplib2 DEPENDS_ON SPDXRef-Package-30-pyparsing Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-30-rsa DEPENDS_ON SPDXRef-Package-28-pyasn1 -Relationship: SPDXRef-Package-31-pyopenssl DEPENDS_ON SPDXRef-Package-32-cryptography -Relationship: SPDXRef-Package-32-cryptography DEPENDS_ON SPDXRef-Package-33-cffi -Relationship: SPDXRef-Package-33-cffi DEPENDS_ON SPDXRef-Package-34-pycparser -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-27-oauth2client -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-29-pyasn1-modules -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-38-cachetools -Relationship: SPDXRef-Package-40-importlib-metadata DEPENDS_ON SPDXRef-Package-41-zipp -Relationship: SPDXRef-Package-42-importlib-resources DEPENDS_ON SPDXRef-Package-41-zipp -Relationship: SPDXRef-Package-43-jinja2 DEPENDS_ON SPDXRef-Package-44-markupsafe -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-42-importlib-resources -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-46-jsonschema-specifications -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-47-referencing -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-48-rpds-py -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-49-pkgutil-resolve-name -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-46-jsonschema-specifications DEPENDS_ON SPDXRef-Package-42-importlib-resources -Relationship: SPDXRef-Package-46-jsonschema-specifications DEPENDS_ON SPDXRef-Package-47-referencing -Relationship: SPDXRef-Package-47-referencing DEPENDS_ON SPDXRef-Package-48-rpds-py -Relationship: SPDXRef-Package-47-referencing DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-50-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml -Relationship: SPDXRef-Package-50-lib4sbom DEPENDS_ON SPDXRef-Package-51-pyyaml -Relationship: SPDXRef-Package-50-lib4sbom DEPENDS_ON SPDXRef-Package-52-semantic-version -Relationship: SPDXRef-Package-55-plotly DEPENDS_ON SPDXRef-Package-54-packaging -Relationship: SPDXRef-Package-55-plotly DEPENDS_ON SPDXRef-Package-56-tenacity -Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-59-certifi -Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-60-charset-normalizer -Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-61-urllib3 -Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-9-idna -Relationship: SPDXRef-Package-62-rich DEPENDS_ON SPDXRef-Package-63-markdown-it-py -Relationship: SPDXRef-Package-62-rich DEPENDS_ON SPDXRef-Package-65-pygments -Relationship: SPDXRef-Package-62-rich DEPENDS_ON SPDXRef-Package-66-typing-extensions -Relationship: SPDXRef-Package-63-markdown-it-py DEPENDS_ON SPDXRef-Package-64-mdurl -Relationship: SPDXRef-Package-69-xmlschema DEPENDS_ON SPDXRef-Package-70-elementpath +Relationship: SPDXRef-Package-31-google-reauth DEPENDS_ON SPDXRef-Package-32-pyu2f +Relationship: SPDXRef-Package-32-pyu2f DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-24-pyasn1-modules +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-34-pyopenssl DEPENDS_ON SPDXRef-Package-35-cryptography +Relationship: SPDXRef-Package-35-cryptography DEPENDS_ON SPDXRef-Package-36-cffi +Relationship: SPDXRef-Package-36-cffi DEPENDS_ON SPDXRef-Package-37-pycparser +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-33-oauth2client +Relationship: SPDXRef-Package-41-importlib-metadata DEPENDS_ON SPDXRef-Package-42-zipp +Relationship: SPDXRef-Package-43-importlib-resources DEPENDS_ON SPDXRef-Package-42-zipp +Relationship: SPDXRef-Package-44-jinja2 DEPENDS_ON SPDXRef-Package-45-markupsafe +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-43-importlib-resources +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-47-jsonschema-specifications +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-48-referencing +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-49-rpds-py +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-50-pkgutil-resolve-name +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-47-jsonschema-specifications DEPENDS_ON SPDXRef-Package-43-importlib-resources +Relationship: SPDXRef-Package-47-jsonschema-specifications DEPENDS_ON SPDXRef-Package-48-referencing +Relationship: SPDXRef-Package-48-referencing DEPENDS_ON SPDXRef-Package-49-rpds-py +Relationship: SPDXRef-Package-48-referencing DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml +Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-52-pyyaml +Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-53-semantic-version +Relationship: SPDXRef-Package-56-plotly DEPENDS_ON SPDXRef-Package-55-packaging +Relationship: SPDXRef-Package-56-plotly DEPENDS_ON SPDXRef-Package-57-tenacity +Relationship: SPDXRef-Package-59-requests DEPENDS_ON SPDXRef-Package-60-certifi +Relationship: SPDXRef-Package-59-requests DEPENDS_ON SPDXRef-Package-61-charset-normalizer +Relationship: SPDXRef-Package-59-requests DEPENDS_ON SPDXRef-Package-62-urllib3 +Relationship: SPDXRef-Package-59-requests DEPENDS_ON SPDXRef-Package-9-idna +Relationship: SPDXRef-Package-63-rich DEPENDS_ON SPDXRef-Package-64-markdown-it-py +Relationship: SPDXRef-Package-63-rich DEPENDS_ON SPDXRef-Package-66-pygments +Relationship: SPDXRef-Package-63-rich DEPENDS_ON SPDXRef-Package-67-typing-extensions +Relationship: SPDXRef-Package-64-markdown-it-py DEPENDS_ON SPDXRef-Package-65-mdurl +Relationship: SPDXRef-Package-70-xmlschema DEPENDS_ON SPDXRef-Package-71-elementpath Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-7-multidict Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-9-idna