From 7b977597221c9fa5bea7d9ac975666ad35a3ddcb Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 14 Apr 2025 00:41:14 +0000 Subject: [PATCH] chore: update SBOM for Python 3.11 --- sbom/cve-bin-tool-py3.11.json | 232 ++++++++++++++++------------------ sbom/cve-bin-tool-py3.11.spdx | 70 +++++----- 2 files changed, 145 insertions(+), 157 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index e7087da983..daaa90ca86 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:17f70096-0b7b-431d-be85-859dff9fe279", + "serialNumber": "urn:uuid:1b8b2761-7ca6-4060-91ca-7f37128643a0", "version": 1, "metadata": { - "timestamp": "2025-04-07T00:38:38Z", + "timestamp": "2025-04-14T00:41:12Z", "lifecycles": [ { "phase": "build" @@ -81,7 +81,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -156,7 +156,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -225,7 +225,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -298,7 +298,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -383,7 +383,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -447,7 +447,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -455,7 +455,7 @@ "type": "library", "bom-ref": "7-multidict", "name": "multidict", - "version": "6.3.2", + "version": "6.4.3", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -464,12 +464,12 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.3.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.4.3:*:*:*:*:*:*:*", "description": "multidict implementation", "hashes": [ { "alg": "SHA-256", - "content": "8b3dc0eec9304fa04d84a51ea13b0ec170bace5b7ddeaac748149efd316f1504" + "content": "32a998bd8a64ca48616eac5a8c1cc4fa38fb244a3facf2eeb14abe186e0f6cc5" } ], "licenses": [ @@ -488,7 +488,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/multidict/6.3.2/#files", + "url": "https://pypi.org/project/multidict/6.4.3/#files", "type": "distribution", "comment": "Download location for component" }, @@ -529,11 +529,11 @@ "type": "vcs" } ], - "purl": "pkg:pypi/multidict@6.3.2", + "purl": "pkg:pypi/multidict@6.4.3", "properties": [ { "name": "release_date", - "value": "2025-04-03T19:41:19Z" + "value": "2025-04-10T22:17:32Z" }, { "name": "language", @@ -541,7 +541,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -549,7 +549,7 @@ "type": "library", "bom-ref": "8-typing-extensions", "name": "typing-extensions", - "version": "4.13.1", + "version": "4.13.2", "supplier": { "name": "Guido van Jukka ukasz Michael", "contact": [ @@ -558,12 +558,12 @@ } ] }, - "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.13.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.13.2:*:*:*:*:*:*:*", "description": "Backported and Experimental Type Hints for Python 3.8+", "hashes": [ { "alg": "SHA-256", - "content": "4b6cf02909eb5495cfbc3f6e8fd49217e6cc7944e145cdda8caa3734777f9e69" + "content": "a439e7c04b49fec3e5d3e2beaa21755cadbbdc391694e28ccdd36ca4a1408f8c" } ], "externalReferences": [ @@ -573,7 +573,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/typing-extensions/4.13.1/#files", + "url": "https://pypi.org/project/typing-extensions/4.13.2/#files", "type": "distribution", "comment": "Download location for component" }, @@ -598,11 +598,11 @@ "type": "vcs" } ], - "purl": "pkg:pypi/typing-extensions@4.13.1", + "purl": "pkg:pypi/typing-extensions@4.13.2", "properties": [ { "name": "release_date", - "value": "2025-04-03T16:11:19Z" + "value": "2025-04-10T14:19:03Z" }, { "name": "language", @@ -610,7 +610,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -704,7 +704,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -798,7 +798,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -863,7 +863,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -925,7 +925,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -983,7 +983,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -1057,7 +1057,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -1115,7 +1115,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -1173,7 +1173,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -1231,7 +1231,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -1289,7 +1289,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -1363,7 +1363,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -1421,7 +1421,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -1474,7 +1474,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -1532,7 +1532,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -1590,7 +1590,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -1664,7 +1664,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -1722,7 +1722,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -1780,7 +1780,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -1838,7 +1838,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -1896,7 +1896,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -1954,7 +1954,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -2012,7 +2012,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -2070,7 +2070,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -2140,7 +2140,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -2202,7 +2202,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -2272,7 +2272,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -2354,7 +2354,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -2412,7 +2412,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -2470,7 +2470,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -2528,7 +2528,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -2586,7 +2586,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -2644,7 +2644,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -2702,7 +2702,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -2760,7 +2760,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -2817,7 +2817,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -2874,7 +2874,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -2938,7 +2938,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -2993,7 +2993,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -3075,7 +3075,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -3153,7 +3153,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -3226,7 +3226,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -3308,7 +3308,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -3366,7 +3366,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -3444,7 +3444,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -3502,7 +3502,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -3560,7 +3560,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -3618,7 +3618,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -3671,7 +3671,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -3733,7 +3733,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -3795,7 +3795,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -3853,7 +3853,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -3927,7 +3927,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -3997,7 +3997,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -4054,7 +4054,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -4115,7 +4115,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -4123,7 +4123,7 @@ "type": "library", "bom-ref": "64-narwhals", "name": "narwhals", - "version": "1.33.0", + "version": "1.34.1", "supplier": { "name": "Marco Gorelli", "contact": [ @@ -4132,8 +4132,14 @@ } ] }, - "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.33.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.34.1:*:*:*:*:*:*:*", "description": "Extremely lightweight compatibility layer between dataframe libraries", + "hashes": [ + { + "alg": "SHA-256", + "content": "aee49a30d1624371ad975ede2bab16cd125ab5df0fd185e2f4757e103b074d27" + } + ], "licenses": [ { "license": { @@ -4150,7 +4156,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/narwhals/1.33.0/#files", + "url": "https://pypi.org/project/narwhals/1.34.1/#files", "type": "distribution", "comment": "Download location for component" }, @@ -4167,11 +4173,11 @@ "type": "issue-tracker" } ], - "purl": "pkg:pypi/narwhals@1.33.0", + "purl": "pkg:pypi/narwhals@1.34.1", "properties": [ { "name": "release_date", - "value": "2025-03-17T15:02:18Z" + "value": "2025-04-09T09:03:39Z" }, { "name": "language", @@ -4179,7 +4185,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -4245,7 +4251,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -4314,7 +4320,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -4322,7 +4328,7 @@ "type": "library", "bom-ref": "67-urllib3", "name": "urllib3", - "version": "2.3.0", + "version": "2.4.0", "supplier": { "name": "Andrey Petrov", "contact": [ @@ -4331,26 +4337,17 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.4.0:*:*:*:*:*:*:*", "description": "HTTP library with thread-safe connection pooling, file post, and more.", "hashes": [ { "alg": "SHA-256", - "content": "1cee9ad369867bfdbbb48b7dd50374c0967a0bb7710050facf0dd6911440e3df" - } - ], - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/license/mit/", - "acknowledgement": "concluded" - } + "content": "4e16665048960a0900c702d4a66415956a584919c03361cac9f1df5c5dd7e813" } ], "externalReferences": [ { - "url": "https://pypi.org/project/urllib3/2.3.0/#files", + "url": "https://pypi.org/project/urllib3/2.4.0/#files", "type": "distribution", "comment": "Download location for component" }, @@ -4371,11 +4368,11 @@ "type": "issue-tracker" } ], - "purl": "pkg:pypi/urllib3@2.3.0", + "purl": "pkg:pypi/urllib3@2.4.0", "properties": [ { "name": "release_date", - "value": "2024-12-22T07:47:28Z" + "value": "2025-04-10T15:23:37Z" }, { "name": "language", @@ -4383,7 +4380,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -4445,7 +4442,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -4503,7 +4500,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -4568,7 +4565,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -4576,7 +4573,7 @@ "type": "library", "bom-ref": "71-xmlschema", "name": "xmlschema", - "version": "3.4.5", + "version": "4.0.1", "supplier": { "name": "Davide Brunato", "contact": [ @@ -4585,21 +4582,12 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:4.0.1:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "hashes": [ { "alg": "SHA-256", - "content": "c91a2fca387dc4e8a2f2cb4a411ed23bef9da539968e5d858a3fe7f76a65464e" - } - ], - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/license/mit/", - "acknowledgement": "concluded" - } + "content": "cf94d3380c5005fc027532ec4760b4bec414d6b4ead425285fa5bf8eb6c515c6" } ], "externalReferences": [ @@ -4609,16 +4597,16 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/xmlschema/3.4.5/#files", + "url": "https://pypi.org/project/xmlschema/4.0.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.4.5", + "purl": "pkg:pypi/xmlschema@4.0.1", "properties": [ { "name": "release_date", - "value": "2025-03-22T07:56:15Z" + "value": "2025-04-13T20:41:21Z" }, { "name": "language", @@ -4626,7 +4614,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -4684,7 +4672,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] }, @@ -4742,7 +4730,7 @@ }, { "name": "python_version", - "value": "3.11.11" + "value": "3.11.12" } ] } diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index 0cc19e9266..6c177e3fd4 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0e8865af-433e-4fd2-8386-9e9a5478fe45 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8bc7e2b0-efe5-49ed-8c4e-975f521a7511 LicenseListVersion: 3.25 Creator: Tool: sbom4python-0.12.3 -Created: 2025-04-07T00:38:32Z +Created: 2025-04-14T00:41:05Z CreatorComment: This document has been automatically generated. ##### @@ -147,19 +147,19 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:25.3.0:*:*:*:*:* PackageName: multidict SPDXID: SPDXRef-7-multidict -PackageVersion: 6.3.2 +PackageVersion: 6.4.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/multidict/6.3.2/#files +PackageDownloadLocation: https://pypi.org/project/multidict/6.4.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/multidict -PackageChecksum: SHA256: 8b3dc0eec9304fa04d84a51ea13b0ec170bace5b7ddeaac748149efd316f1504 +PackageChecksum: SHA256: 32a998bd8a64ca48616eac5a8c1cc4fa38fb244a3facf2eeb14abe186e0f6cc5 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: multidict implementation -ReleaseDate: 2025-04-03T19:41:19Z +ReleaseDate: 2025-04-10T22:17:32Z ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions @@ -169,31 +169,31 @@ ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/ ExternalRef: OTHER other https://multidict.aio-libs.org ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues ExternalRef: OTHER vcs https://github.com/aio-libs/multidict -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/multidict@6.3.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.3.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/multidict@6.4.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.4.3:*:*:*:*:*:*:* ##### PackageName: typing-extensions SPDXID: SPDXRef-8-typing-extensions -PackageVersion: 4.13.1 +PackageVersion: 4.13.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) -PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.13.1/#files +PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.13.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/python/typing_extensions -PackageChecksum: SHA256: 4b6cf02909eb5495cfbc3f6e8fd49217e6cc7944e145cdda8caa3734777f9e69 +PackageChecksum: SHA256: a439e7c04b49fec3e5d3e2beaa21755cadbbdc391694e28ccdd36ca4a1408f8c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backported and Experimental Type Hints for Python 3.8+ -ReleaseDate: 2025-04-03T16:11:19Z +ReleaseDate: 2025-04-10T14:19:03Z ExternalRef: OTHER issue-tracker https://github.com/python/typing_extensions/issues ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHANGELOG.md ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/ ExternalRef: OTHER other https://github.com/python/typing/discussions ExternalRef: OTHER vcs https://github.com/python/typing_extensions -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.13.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.13.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.13.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.13.2:*:*:*:*:*:*:* ##### PackageName: propcache @@ -1362,23 +1362,24 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.0.1:*:*:*:*:*:*:* PackageName: narwhals SPDXID: SPDXRef-64-narwhals -PackageVersion: 1.33.0 +PackageVersion: 1.34.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Marco Gorelli (33491632+MarcoGorelli@users.noreply.github.com) -PackageDownloadLocation: https://pypi.org/project/narwhals/1.33.0/#files +PackageDownloadLocation: https://pypi.org/project/narwhals/1.34.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/narwhals-dev/narwhals +PackageChecksum: SHA256: aee49a30d1624371ad975ede2bab16cd125ab5df0fd185e2f4757e103b074d27 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: MIT PackageLicenseComments: narwhals declares MIT License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Extremely lightweight compatibility layer between dataframe libraries -ReleaseDate: 2025-03-17T15:02:18Z +ReleaseDate: 2025-04-09T09:03:39Z ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/ ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.33.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.33.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.34.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.34.1:*:*:*:*:*:*:* ##### PackageName: requests @@ -1424,24 +1425,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.1:*:*: PackageName: urllib3 SPDXID: SPDXRef-67-urllib3 -PackageVersion: 2.3.0 +PackageVersion: 2.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) -PackageDownloadLocation: https://pypi.org/project/urllib3/2.3.0/#files +PackageDownloadLocation: https://pypi.org/project/urllib3/2.4.0/#files FilesAnalyzed: false -PackageChecksum: SHA256: 1cee9ad369867bfdbbb48b7dd50374c0967a0bb7710050facf0dd6911440e3df +PackageChecksum: SHA256: 4e16665048960a0900c702d4a66415956a584919c03361cac9f1df5c5dd7e813 PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: MIT -PackageLicenseComments: urllib3 declares MIT License which is not currently a valid SPDX License identifier or expression. +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. -ReleaseDate: 2024-12-22T07:47:28Z +ReleaseDate: 2025-04-10T15:23:37Z ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst ExternalRef: OTHER documentation https://urllib3.readthedocs.io ExternalRef: OTHER vcs https://github.com/urllib3/urllib3 ExternalRef: OTHER issue-tracker https://github.com/urllib3/urllib3/issues -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@2.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@2.4.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.4.0:*:*:*:*:*:*:* ##### PackageName: certifi @@ -1504,20 +1504,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools: PackageName: xmlschema SPDXID: SPDXRef-71-xmlschema -PackageVersion: 3.4.5 +PackageVersion: 4.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.5/#files +PackageDownloadLocation: https://pypi.org/project/xmlschema/4.0.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/xmlschema -PackageChecksum: SHA256: c91a2fca387dc4e8a2f2cb4a411ed23bef9da539968e5d858a3fe7f76a65464e -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT +PackageChecksum: SHA256: cf94d3380c5005fc027532ec4760b4bec414d6b4ead425285fa5bf8eb6c515c6 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ReleaseDate: 2025-03-22T07:56:15Z -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.4.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.5:*:*:*:*:*:*:* +ReleaseDate: 2025-04-13T20:41:21Z +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@4.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:4.0.1:*:*:*:*:*:*:* ##### PackageName: elementpath