From fb111ddf63957f2f4527746087bf6804dcfa0e10 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 31 Mar 2025 00:40:49 +0000 Subject: [PATCH] chore: update SBOM for Python 3.12 --- sbom/cve-bin-tool-py3.12.json | 109 +++++++++++++++++----------------- sbom/cve-bin-tool-py3.12.spdx | 98 +++++++++++++++--------------- 2 files changed, 102 insertions(+), 105 deletions(-) diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index 11c5c70a86..b3e27388ab 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:255e8862-de94-4eda-a8ad-1aed67e25f77", + "serialNumber": "urn:uuid:a006b09a-82eb-4af3-ac28-d4b02c3e2ccf", "version": 1, "metadata": { - "timestamp": "2025-03-24T00:43:20Z", + "timestamp": "2025-03-31T00:40:47Z", "lifecycles": [ { "phase": "build" @@ -555,7 +555,7 @@ "type": "library", "bom-ref": "8-typing-extensions", "name": "typing-extensions", - "version": "4.12.2", + "version": "4.13.0", "supplier": { "name": "Guido van Jukka ukasz Michael", "contact": [ @@ -564,21 +564,12 @@ } ] }, - "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.13.0:*:*:*:*:*:*:*", "description": "Backported and Experimental Type Hints for Python 3.8+", "hashes": [ { "alg": "SHA-256", - "content": "04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d" - } - ], - "licenses": [ - { - "license": { - "id": "PSF-2.0", - "url": "https://opensource.org/licenses/Python-2.0", - "acknowledgement": "concluded" - } + "content": "c8dd92cc0d6425a97c18fbb9d1954e5ff92c1ca881a309c45f06ebc0b79058e5" } ], "externalReferences": [ @@ -588,7 +579,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/typing-extensions/4.12.2/#files", + "url": "https://pypi.org/project/typing-extensions/4.13.0/#files", "type": "distribution", "comment": "Download location for component" }, @@ -613,11 +604,11 @@ "type": "vcs" } ], - "purl": "pkg:pypi/typing-extensions@4.12.2", + "purl": "pkg:pypi/typing-extensions@4.13.0", "properties": [ { "name": "release_date", - "value": "2024-06-07T18:52:13Z" + "value": "2025-03-26T03:49:40Z" }, { "name": "language", @@ -633,7 +624,7 @@ "type": "library", "bom-ref": "9-propcache", "name": "propcache", - "version": "0.3.0", + "version": "0.3.1", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -642,12 +633,12 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.3.1:*:*:*:*:*:*:*", "description": "Accelerated property cache", "hashes": [ { "alg": "SHA-256", - "content": "efa44f64c37cc30c9f05932c740a8b40ce359f51882c70883cc95feac842da4d" + "content": "f27785888d2fdd918bc36de8b8739f2d6c791399552333721b58193f68ea3e98" } ], "licenses": [ @@ -666,7 +657,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/propcache/0.3.0/#files", + "url": "https://pypi.org/project/propcache/0.3.1/#files", "type": "distribution", "comment": "Download location for component" }, @@ -707,11 +698,11 @@ "type": "vcs" } ], - "purl": "pkg:pypi/propcache@0.3.0", + "purl": "pkg:pypi/propcache@0.3.1", "properties": [ { "name": "release_date", - "value": "2025-02-20T18:59:44Z" + "value": "2025-03-26T03:03:35Z" }, { "name": "language", @@ -1977,7 +1968,7 @@ "type": "library", "bom-ref": "30-pyparsing", "name": "pyparsing", - "version": "3.2.1", + "version": "3.2.3", "supplier": { "name": "Paul McGuire", "contact": [ @@ -1986,12 +1977,12 @@ } ] }, - "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.3:*:*:*:*:*:*:*", "description": "pyparsing module - Classes and methods to define and execute parsing grammars", "hashes": [ { "alg": "SHA-256", - "content": "506ff4f4386c4cec0590ec19e6302d3aedb992fdc02c761e90416f158dacf8e1" + "content": "a749938e02d6fd0b59b356ca504a24982314bb090c383e3cf201c95ef7e2bfcf" } ], "licenses": [ @@ -2010,16 +2001,16 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyparsing/3.2.1/#files", + "url": "https://pypi.org/project/pyparsing/3.2.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyparsing@3.2.1", + "purl": "pkg:pypi/pyparsing@3.2.3", "properties": [ { "name": "release_date", - "value": "2024-12-31T20:59:42Z" + "value": "2025-03-25T05:01:24Z" }, { "name": "language", @@ -2093,7 +2084,7 @@ "type": "library", "bom-ref": "32-pyasn1-modules", "name": "pyasn1-modules", - "version": "0.4.1", + "version": "0.4.2", "supplier": { "name": "Ilya Etingof", "contact": [ @@ -2102,12 +2093,12 @@ } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.2:*:*:*:*:*:*:*", "description": "A collection of ASN.1-based protocols modules", "hashes": [ { "alg": "SHA-256", - "content": "c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c" + "content": "29253a9207ce32b64c3ac6600edc75368f98473906e8fd1043bd6b5b1de2c14a" } ], "licenses": [ @@ -2126,7 +2117,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files", + "url": "https://pypi.org/project/pyasn1-modules/0.4.2/#files", "type": "distribution", "comment": "Download location for component" }, @@ -2143,11 +2134,11 @@ "type": "log" } ], - "purl": "pkg:pypi/pyasn1-modules@0.4.1", + "purl": "pkg:pypi/pyasn1-modules@0.4.2", "properties": [ { "name": "release_date", - "value": "2024-09-10T22:42:08Z" + "value": "2025-03-28T02:41:19Z" }, { "name": "language", @@ -3249,7 +3240,7 @@ "type": "library", "bom-ref": "50-rpds-py", "name": "rpds-py", - "version": "0.23.1", + "version": "0.24.0", "supplier": { "name": "Julian Berman", "contact": [ @@ -3258,12 +3249,12 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.23.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.24.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", "hashes": [ { "alg": "SHA-256", - "content": "2a54027554ce9b129fc3d633c92fa33b30de9f08bc61b32c053dc9b537266fed" + "content": "006f4342fe729a368c6df36578d7a348c7c716be1da0a1a0f86e3021f8e98724" } ], "licenses": [ @@ -3282,7 +3273,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.23.1/#files", + "url": "https://pypi.org/project/rpds-py/0.24.0/#files", "type": "distribution", "comment": "Download location for component" }, @@ -3311,11 +3302,11 @@ "type": "other" } ], - "purl": "pkg:pypi/rpds-py@0.23.1", + "purl": "pkg:pypi/rpds-py@0.24.0", "properties": [ { "name": "release_date", - "value": "2025-02-21T15:01:14Z" + "value": "2025-03-26T14:52:41Z" }, { "name": "language", @@ -3694,7 +3685,7 @@ "type": "library", "bom-ref": "57-rich", "name": "rich", - "version": "13.9.4", + "version": "14.0.0", "supplier": { "name": "Will McGugan", "contact": [ @@ -3703,12 +3694,12 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:14.0.0:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "hashes": [ { "alg": "SHA-256", - "content": "6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90" + "content": "1c9491e1951aac09caffd42f448ee3d04e58923ffe14993f6e83068dc395d7e0" } ], "licenses": [ @@ -3727,7 +3718,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rich/13.9.4/#files", + "url": "https://pypi.org/project/rich/14.0.0/#files", "type": "distribution", "comment": "Download location for component" }, @@ -3736,11 +3727,11 @@ "type": "documentation" } ], - "purl": "pkg:pypi/rich@13.9.4", + "purl": "pkg:pypi/rich@14.0.0", "properties": [ { "name": "release_date", - "value": "2024-11-01T16:43:55Z" + "value": "2025-03-30T14:15:12Z" }, { "name": "language", @@ -4138,7 +4129,7 @@ "type": "library", "bom-ref": "64-narwhals", "name": "narwhals", - "version": "1.31.0", + "version": "1.32.0", "supplier": { "name": "Marco Gorelli", "contact": [ @@ -4147,7 +4138,7 @@ } ] }, - "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.31.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.32.0:*:*:*:*:*:*:*", "description": "Extremely lightweight compatibility layer between dataframe libraries", "licenses": [ { @@ -4165,7 +4156,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/narwhals/1.31.0/#files", + "url": "https://pypi.org/project/narwhals/1.32.0/#files", "type": "distribution", "comment": "Download location for component" }, @@ -4182,7 +4173,7 @@ "type": "issue-tracker" } ], - "purl": "pkg:pypi/narwhals@1.31.0", + "purl": "pkg:pypi/narwhals@1.32.0", "properties": [ { "name": "release_date", @@ -4526,7 +4517,7 @@ "type": "library", "bom-ref": "70-setuptools", "name": "setuptools", - "version": "77.0.3", + "version": "78.1.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -4535,8 +4526,14 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:77.0.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:78.1.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", + "hashes": [ + { + "alg": "SHA-256", + "content": "3e386e96793c8702ae83d17b853fb93d3e09ef82ec62722e61da5cd22376dcd8" + } + ], "licenses": [ { "license": { @@ -4548,7 +4545,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/77.0.3/#files", + "url": "https://pypi.org/project/setuptools/78.1.0/#files", "type": "distribution", "comment": "Download location for component" }, @@ -4565,11 +4562,11 @@ "type": "log" } ], - "purl": "pkg:pypi/setuptools@77.0.3", + "purl": "pkg:pypi/setuptools@78.1.0", "properties": [ { "name": "release_date", - "value": "2024-07-24T21:57:45Z" + "value": "2025-03-25T22:49:33Z" }, { "name": "language", diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index 7428921cfb..3dcba6b205 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e71b727d-4e67-4cfe-99eb-19399b246ca0 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-bc5a67ca-515e-4416-adc6-eb3b103932c9 LicenseListVersion: 3.25 Creator: Tool: sbom4python-0.12.3 -Created: 2025-03-24T00:43:12Z +Created: 2025-03-31T00:40:40Z CreatorComment: This document has been automatically generated. ##### @@ -176,42 +176,41 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.2.0:*:*:*:* PackageName: typing-extensions SPDXID: SPDXRef-8-typing-extensions -PackageVersion: 4.12.2 +PackageVersion: 4.13.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) -PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files +PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.13.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/python/typing_extensions -PackageChecksum: SHA256: 04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d +PackageChecksum: SHA256: c8dd92cc0d6425a97c18fbb9d1954e5ff92c1ca881a309c45f06ebc0b79058e5 PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: PSF-2.0 -PackageLicenseComments: typing-extensions declares Python Software Foundation License which is not currently a valid SPDX License identifier or expression. +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backported and Experimental Type Hints for Python 3.8+ -ReleaseDate: 2024-06-07T18:52:13Z +ReleaseDate: 2025-03-26T03:49:40Z ExternalRef: OTHER issue-tracker https://github.com/python/typing_extensions/issues ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHANGELOG.md ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/ ExternalRef: OTHER other https://github.com/python/typing/discussions ExternalRef: OTHER vcs https://github.com/python/typing_extensions -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.12.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.13.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.13.0:*:*:*:*:*:*:* ##### PackageName: propcache SPDXID: SPDXRef-9-propcache -PackageVersion: 0.3.0 +PackageVersion: 0.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/propcache/0.3.0/#files +PackageDownloadLocation: https://pypi.org/project/propcache/0.3.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/propcache -PackageChecksum: SHA256: efa44f64c37cc30c9f05932c740a8b40ce359f51882c70883cc95feac842da4d +PackageChecksum: SHA256: f27785888d2fdd918bc36de8b8739f2d6c791399552333721b58193f68ea3e98 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Accelerated property cache -ReleaseDate: 2025-02-20T18:59:44Z +ReleaseDate: 2025-03-26T03:03:35Z ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master @@ -221,8 +220,8 @@ ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/ ExternalRef: OTHER other https://propcache.readthedocs.io ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues ExternalRef: OTHER vcs https://github.com/aio-libs/propcache -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/propcache@0.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/propcache@0.3.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.3.1:*:*:*:*:*:*:* ##### PackageName: yarl @@ -623,21 +622,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* PackageName: pyparsing SPDXID: SPDXRef-30-pyparsing -PackageVersion: 3.2.1 +PackageVersion: 3.2.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.1/#files +PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyparsing/pyparsing/ -PackageChecksum: SHA256: 506ff4f4386c4cec0590ec19e6302d3aedb992fdc02c761e90416f158dacf8e1 +PackageChecksum: SHA256: a749938e02d6fd0b59b356ca504a24982314bb090c383e3cf201c95ef7e2bfcf PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: MIT PackageLicenseComments: pyparsing declares MIT License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars -ReleaseDate: 2024-12-31T20:59:42Z -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.2.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.1:*:*:*:*:*:*:* +ReleaseDate: 2025-03-25T05:01:24Z +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.2.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.3:*:*:*:*:*:*:* ##### PackageName: oauth2client @@ -661,24 +660,24 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* PackageName: pyasn1-modules SPDXID: SPDXRef-32-pyasn1-modules -PackageVersion: 0.4.1 +PackageVersion: 0.4.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files +PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyasn1/pyasn1-modules -PackageChecksum: SHA256: c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c +PackageChecksum: SHA256: 29253a9207ce32b64c3ac6600edc75368f98473906e8fd1043bd6b5b1de2c14a PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A collection of ASN.1-based protocols modules -ReleaseDate: 2024-09-10T22:42:08Z +ReleaseDate: 2025-03-28T02:41:19Z ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1-modules ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1-modules/issues ExternalRef: OTHER log https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1-modules@0.4.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1-modules@0.4.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.2:*:*:*:*:*:*:* ##### PackageName: pyopenssl @@ -1061,26 +1060,26 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.36.2:*:*:* PackageName: rpds-py SPDXID: SPDXRef-50-rpds-py -PackageVersion: 0.23.1 +PackageVersion: 0.24.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.23.1/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.24.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageChecksum: SHA256: 2a54027554ce9b129fc3d633c92fa33b30de9f08bc61b32c053dc9b537266fed +PackageChecksum: SHA256: 006f4342fe729a368c6df36578d7a348c7c716be1da0a1a0f86e3021f8e98724 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ReleaseDate: 2025-02-21T15:01:14Z +ReleaseDate: 2025-03-26T14:52:41Z ExternalRef: OTHER documentation https://rpds.readthedocs.io/ ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/ ExternalRef: OTHER other https://github.com/sponsors/Julian ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link ExternalRef: OTHER vcs https://github.com/crate-py/rpds ExternalRef: OTHER other https://github.com/orium/rpds -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.23.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.23.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.24.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.24.0:*:*:*:*:*:*:* ##### PackageName: lib4sbom @@ -1199,21 +1198,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 PackageName: rich SPDXID: SPDXRef-57-rich -PackageVersion: 13.9.4 +PackageVersion: 14.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files +PackageDownloadLocation: https://pypi.org/project/rich/14.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich -PackageChecksum: SHA256: 6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90 +PackageChecksum: SHA256: 1c9491e1951aac09caffd42f448ee3d04e58923ffe14993f6e83068dc395d7e0 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ReleaseDate: 2024-11-01T16:43:55Z +ReleaseDate: 2025-03-30T14:15:12Z ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/ -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.9.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@14.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:14.0.0:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -1364,10 +1363,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.0.1:*:*:*:*:*:*:* PackageName: narwhals SPDXID: SPDXRef-64-narwhals -PackageVersion: 1.31.0 +PackageVersion: 1.32.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Marco Gorelli (33491632+MarcoGorelli@users.noreply.github.com) -PackageDownloadLocation: https://pypi.org/project/narwhals/1.31.0/#files +PackageDownloadLocation: https://pypi.org/project/narwhals/1.32.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/narwhals-dev/narwhals PackageLicenseDeclared: NOASSERTION @@ -1379,8 +1378,8 @@ ReleaseDate: 2025-03-17T15:02:18Z ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/ ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.31.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.31.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.32.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.32.0:*:*:*:*:*:*:* ##### PackageName: requests @@ -1485,22 +1484,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-70-setuptools -PackageVersion: 77.0.3 +PackageVersion: 78.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/77.0.3/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/78.1.0/#files FilesAnalyzed: false +PackageChecksum: SHA256: 3e386e96793c8702ae83d17b853fb93d3e09ef82ec62722e61da5cd22376dcd8 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: MIT PackageLicenseComments: setuptools declares MIT License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ReleaseDate: 2024-07-24T21:57:45Z +ReleaseDate: 2025-03-25T22:49:33Z ExternalRef: OTHER vcs https://github.com/pypa/setuptools ExternalRef: OTHER documentation https://setuptools.pypa.io/ ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@77.0.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:77.0.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@78.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:78.1.0:*:*:*:*:*:*:* ##### PackageName: xmlschema