diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
index 0e78ff1b1d..cfee171460 100644
--- a/sbom/cve-bin-tool-py3.8.json
+++ b/sbom/cve-bin-tool-py3.8.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:98b04938-ce5b-4df5-9d99-2eacbcb84cc3",
+ "serialNumber": "urn:uuid:ace3d1ef-b123-40c1-ae05-d46823eaa9b4",
"version": 1,
"metadata": {
- "timestamp": "2024-06-17T00:30:29Z",
+ "timestamp": "2024-06-24T00:29:54Z",
"tools": {
"components": [
{
@@ -1793,31 +1793,25 @@
"type": "library",
"bom-ref": "41-importlib-metadata",
"name": "importlib-metadata",
- "version": "7.1.0",
+ "version": "7.2.1",
"supplier": {
- "name": "Jason R . Coombs",
+ "name": "Jason R .",
"contact": [
{
"email": "jaraco@jaraco.com"
}
]
},
- "cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:7.1.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:7.2.1:*:*:*:*:*:*:*",
"description": "Read metadata from Python packages",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "f5d6b5f3f3f6fffe01b340c5a19562433db148a9"
- }
- ],
"externalReferences": [
{
- "url": "https://pypi.org/project/importlib_metadata/7.1.0",
+ "url": "https://pypi.org/project/importlib_metadata/7.2.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/importlib-metadata@7.1.0",
+ "purl": "pkg:pypi/importlib-metadata@7.2.1",
"properties": [
{
"name": "language",
@@ -2293,30 +2287,41 @@
},
{
"type": "library",
- "bom-ref": "54-packageurl-python",
- "name": "packageurl-python",
- "version": "0.15.1",
+ "bom-ref": "54-lib4vex",
+ "name": "lib4vex",
+ "version": "0.1.0",
"supplier": {
- "name": "the purl authors"
+ "name": "Anthony Harrison",
+ "contact": [
+ {
+ "email": "anthony.p.harrison@gmail.com"
+ }
+ ]
},
- "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.1:*:*:*:*:*:*:*",
- "description": "A purl aka. Package URL parser and builder",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4vex:0.1.0:*:*:*:*:*:*:*",
+ "description": "VEX generator and consumer library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "84229c7770dd95cf887d6874e0203da4c8aa809b"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/packageurl-python/0.15.1",
+ "url": "https://pypi.org/project/lib4vex/0.1.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packageurl-python@0.15.1",
+ "purl": "pkg:pypi/lib4vex@0.1.0",
"properties": [
{
"name": "language",
@@ -2330,27 +2335,41 @@
},
{
"type": "library",
- "bom-ref": "55-packaging",
- "name": "packaging",
- "version": "24.1",
+ "bom-ref": "55-csaf-tool",
+ "name": "csaf-tool",
+ "version": "0.3.2",
"supplier": {
- "name": "Donald Stufft",
+ "name": "Anthony Harrison",
"contact": [
{
- "email": "donald@stufft.io"
+ "email": "anthony.p.harrison@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
- "description": "Core utilities for Python packages",
+ "cpe": "cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:*",
+ "description": "CSAF generator and analyser",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4decb1ba24c5832955056fe3c2b0213be034c5f4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/packaging/24.1",
+ "url": "https://pypi.org/project/csaf-tool/0.3.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packaging@24.1",
+ "purl": "pkg:pypi/csaf-tool@0.3.2",
"properties": [
{
"name": "language",
@@ -2364,19 +2383,20 @@
},
{
"type": "library",
- "bom-ref": "56-plotly",
- "name": "plotly",
- "version": "5.22.0",
+ "bom-ref": "56-packageurl-python",
+ "name": "packageurl-python",
+ "version": "0.15.1",
"supplier": {
- "name": "Chris P",
- "contact": [
- {
- "email": "chris@plot.ly"
- }
- ]
+ "name": "the purl authors"
},
- "cpe": "cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*",
- "description": "An open-source, interactive data visualization library for Python",
+ "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.1:*:*:*:*:*:*:*",
+ "description": "A purl aka. Package URL parser and builder",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b744d07798b8aa1454f949e17d89791a18d85b0e"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2387,12 +2407,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/plotly/5.22.0",
+ "url": "https://pypi.org/project/packageurl-python/0.15.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/plotly@5.22.0",
+ "purl": "pkg:pypi/packageurl-python@0.15.1",
"properties": [
{
"name": "language",
@@ -2406,35 +2426,35 @@
},
{
"type": "library",
- "bom-ref": "57-tenacity",
- "name": "tenacity",
- "version": "8.3.0",
+ "bom-ref": "57-rich",
+ "name": "rich",
+ "version": "13.7.1",
"supplier": {
- "name": "Julien Danjou",
+ "name": "Will McGugan",
"contact": [
{
- "email": "julien@danjou.info"
+ "email": "willmcgugan@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.3.0:*:*:*:*:*:*:*",
- "description": "Retry code until it succeeds",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:*",
+ "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/tenacity/8.3.0",
+ "url": "https://pypi.org/project/rich/13.7.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/tenacity@8.3.0",
+ "purl": "pkg:pypi/rich@13.7.1",
"properties": [
{
"name": "language",
@@ -2448,41 +2468,73 @@
},
{
"type": "library",
- "bom-ref": "58-python-gnupg",
- "name": "python-gnupg",
- "version": "0.5.2",
+ "bom-ref": "58-markdown-it-py",
+ "name": "markdown-it-py",
+ "version": "3.0.0",
"supplier": {
- "name": "Vinay Sajip",
+ "name": "Chris Sewell",
"contact": [
{
- "email": "vinay_sajip@yahoo.co.uk"
+ "email": "chrisj_sewell@hotmail.com"
}
]
},
- "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:*:*:*:*",
- "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
+ "cpe": "cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*",
+ "description": "Python port of markdown-it. Markdown parsing, done right!",
"hashes": [
{
"alg": "SHA-1",
- "content": "cda862f8b31c2678d5691ee55797a1cf6d44fe42"
+ "content": "bee6d1953be75717a3f2f6a917da6f464bed421d"
}
],
- "licenses": [
+ "externalReferences": [
{
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
+ "url": "https://pypi.org/project/markdown-it-py/3.0.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/markdown-it-py@3.0.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.8.18"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "59-mdurl",
+ "name": "mdurl",
+ "version": "0.1.2",
+ "supplier": {
+ "name": "Taneli Hukkinen",
+ "contact": [
+ {
+ "email": "hukkin@users.noreply.github.com"
}
+ ]
+ },
+ "cpe": "cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*",
+ "description": "Markdown URL utilities",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e"
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/python-gnupg/0.5.2",
+ "url": "https://pypi.org/project/mdurl/0.1.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/python-gnupg@0.5.2",
+ "purl": "pkg:pypi/mdurl@0.1.2",
"properties": [
{
"name": "language",
@@ -2496,35 +2548,41 @@
},
{
"type": "library",
- "bom-ref": "59-requests",
- "name": "requests",
- "version": "2.32.3",
+ "bom-ref": "60-pygments",
+ "name": "pygments",
+ "version": "2.18.0",
"supplier": {
- "name": "Kenneth Reitz",
+ "name": "Georg Brandl",
"contact": [
{
- "email": "me@kennethreitz.org"
+ "email": "georg@python.org"
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:*",
- "description": "Python HTTP for Humans.",
+ "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*",
+ "description": "Pygments is a syntax highlighting package written in Python.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "id": "BSD-2-Clause",
+ "url": "https://opensource.org/licenses/BSD-2-Clause"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/requests/2.32.3",
+ "url": "https://pypi.org/project/Pygments/2.18.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/requests@2.32.3",
+ "purl": "pkg:pypi/pygments@2.18.0",
"properties": [
{
"name": "language",
@@ -2538,35 +2596,27 @@
},
{
"type": "library",
- "bom-ref": "60-certifi",
- "name": "certifi",
- "version": "2024.6.2",
+ "bom-ref": "61-typing-extensions",
+ "name": "typing-extensions",
+ "version": "4.12.2",
"supplier": {
- "name": "Kenneth Reitz",
+ "name": "Guido van Jukka ukasz Michael",
"contact": [
{
- "email": "me@kennethreitz.com"
+ "email": "levkivskyi@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.6.2:*:*:*:*:*:*:*",
- "description": "Python package for providing Mozilla's CA Bundle.",
- "licenses": [
- {
- "license": {
- "id": "MPL-2.0",
- "url": "https://www.mozilla.org/MPL/2.0/"
- }
- }
- ],
+ "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
+ "description": "Backported and Experimental Type Hints for Python 3.8+",
"externalReferences": [
{
- "url": "https://pypi.org/project/certifi/2024.6.2",
+ "url": "https://pypi.org/project/typing_extensions/4.12.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/certifi@2024.6.2",
+ "purl": "pkg:pypi/typing-extensions@4.12.2",
"properties": [
{
"name": "language",
@@ -2580,25 +2630,53 @@
},
{
"type": "library",
- "bom-ref": "61-charset-normalizer",
- "name": "charset-normalizer",
- "version": "3.3.2",
+ "bom-ref": "62-packaging",
+ "name": "packaging",
+ "version": "24.1",
"supplier": {
- "name": "Ahmed TAHRI",
+ "name": "Donald Stufft",
"contact": [
{
- "email": "ahmed.tahri@cloudnursery.dev"
+ "email": "donald@stufft.io"
}
]
},
- "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*",
- "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
- "hashes": [
+ "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
+ "description": "Core utilities for Python packages",
+ "externalReferences": [
{
- "alg": "SHA-1",
- "content": "79dce4857914fead2ffe55eb787cad6d5cf14643"
+ "url": "https://pypi.org/project/packaging/24.1",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
+ "purl": "pkg:pypi/packaging@24.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.8.18"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "63-plotly",
+ "name": "plotly",
+ "version": "5.22.0",
+ "supplier": {
+ "name": "Chris P",
+ "contact": [
+ {
+ "email": "chris@plot.ly"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*",
+ "description": "An open-source, interactive data visualization library for Python",
"licenses": [
{
"license": {
@@ -2609,12 +2687,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/charset-normalizer/3.3.2",
+ "url": "https://pypi.org/project/plotly/5.22.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/charset-normalizer@3.3.2",
+ "purl": "pkg:pypi/plotly@5.22.0",
"properties": [
{
"name": "language",
@@ -2628,27 +2706,35 @@
},
{
"type": "library",
- "bom-ref": "62-urllib3",
- "name": "urllib3",
- "version": "2.2.1",
+ "bom-ref": "64-tenacity",
+ "name": "tenacity",
+ "version": "8.4.1",
"supplier": {
- "name": "Andrey Petrov",
+ "name": "Julien Danjou",
"contact": [
{
- "email": "andrey.petrov@shazow.net"
+ "email": "julien@danjou.info"
}
]
},
- "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.1:*:*:*:*:*:*:*",
- "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.4.1:*:*:*:*:*:*:*",
+ "description": "Retry code until it succeeds",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/urllib3/2.2.1",
+ "url": "https://pypi.org/project/tenacity/8.4.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/urllib3@2.2.1",
+ "purl": "pkg:pypi/tenacity@8.4.1",
"properties": [
{
"name": "language",
@@ -2662,35 +2748,41 @@
},
{
"type": "library",
- "bom-ref": "63-rich",
- "name": "rich",
- "version": "13.7.1",
+ "bom-ref": "65-python-gnupg",
+ "name": "python-gnupg",
+ "version": "0.5.2",
"supplier": {
- "name": "Will McGugan",
+ "name": "Vinay Sajip",
"contact": [
{
- "email": "willmcgugan@gmail.com"
+ "email": "vinay_sajip@yahoo.co.uk"
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:*",
- "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
+ "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:*:*:*:*",
+ "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "cda862f8b31c2678d5691ee55797a1cf6d44fe42"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/rich/13.7.1",
+ "url": "https://pypi.org/project/python-gnupg/0.5.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.7.1",
+ "purl": "pkg:pypi/python-gnupg@0.5.2",
"properties": [
{
"name": "language",
@@ -2704,33 +2796,41 @@
},
{
"type": "library",
- "bom-ref": "64-markdown-it-py",
- "name": "markdown-it-py",
- "version": "3.0.0",
+ "bom-ref": "66-requests",
+ "name": "requests",
+ "version": "2.32.3",
"supplier": {
- "name": "Chris Sewell",
+ "name": "Kenneth Reitz",
"contact": [
{
- "email": "chrisj_sewell@hotmail.com"
+ "email": "me@kennethreitz.org"
}
]
},
- "cpe": "cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*",
- "description": "Python port of markdown-it. Markdown parsing, done right!",
+ "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:*",
+ "description": "Python HTTP for Humans.",
"hashes": [
{
"alg": "SHA-1",
- "content": "bee6d1953be75717a3f2f6a917da6f464bed421d"
+ "content": "0e322af87745eff34caffe4df68456ebc20d9068"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ }
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/markdown-it-py/3.0.0",
+ "url": "https://pypi.org/project/requests/2.32.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/markdown-it-py@3.0.0",
+ "purl": "pkg:pypi/requests@2.32.3",
"properties": [
{
"name": "language",
@@ -2744,33 +2844,35 @@
},
{
"type": "library",
- "bom-ref": "65-mdurl",
- "name": "mdurl",
- "version": "0.1.2",
+ "bom-ref": "67-certifi",
+ "name": "certifi",
+ "version": "2024.6.2",
"supplier": {
- "name": "Taneli Hukkinen",
+ "name": "Kenneth Reitz",
"contact": [
{
- "email": "hukkin@users.noreply.github.com"
+ "email": "me@kennethreitz.com"
}
]
},
- "cpe": "cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*",
- "description": "Markdown URL utilities",
- "hashes": [
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.6.2:*:*:*:*:*:*:*",
+ "description": "Python package for providing Mozilla's CA Bundle.",
+ "licenses": [
{
- "alg": "SHA-1",
- "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e"
+ "license": {
+ "id": "MPL-2.0",
+ "url": "https://www.mozilla.org/MPL/2.0/"
+ }
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/mdurl/0.1.2",
+ "url": "https://pypi.org/project/certifi/2024.6.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/mdurl@0.1.2",
+ "purl": "pkg:pypi/certifi@2024.6.2",
"properties": [
{
"name": "language",
@@ -2784,41 +2886,41 @@
},
{
"type": "library",
- "bom-ref": "66-pygments",
- "name": "pygments",
- "version": "2.18.0",
+ "bom-ref": "68-charset-normalizer",
+ "name": "charset-normalizer",
+ "version": "3.3.2",
"supplier": {
- "name": "Georg Brandl",
+ "name": "Ahmed TAHRI",
"contact": [
{
- "email": "georg@python.org"
+ "email": "ahmed.tahri@cloudnursery.dev"
}
]
},
- "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*",
- "description": "Pygments is a syntax highlighting package written in Python.",
+ "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*",
+ "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
"hashes": [
{
"alg": "SHA-1",
- "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb"
+ "content": "79dce4857914fead2ffe55eb787cad6d5cf14643"
}
],
"licenses": [
{
"license": {
- "id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause"
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/Pygments/2.18.0",
+ "url": "https://pypi.org/project/charset-normalizer/3.3.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pygments@2.18.0",
+ "purl": "pkg:pypi/charset-normalizer@3.3.2",
"properties": [
{
"name": "language",
@@ -2832,27 +2934,27 @@
},
{
"type": "library",
- "bom-ref": "67-typing-extensions",
- "name": "typing-extensions",
- "version": "4.12.2",
+ "bom-ref": "69-urllib3",
+ "name": "urllib3",
+ "version": "2.2.2",
"supplier": {
- "name": "Guido van Jukka ukasz Michael",
+ "name": "Andrey Petrov",
"contact": [
{
- "email": "levkivskyi@gmail.com"
+ "email": "andrey.petrov@shazow.net"
}
]
},
- "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
- "description": "Backported and Experimental Type Hints for Python 3.8+",
+ "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.2:*:*:*:*:*:*:*",
+ "description": "HTTP library with thread-safe connection pooling, file post, and more.",
"externalReferences": [
{
- "url": "https://pypi.org/project/typing_extensions/4.12.2",
+ "url": "https://pypi.org/project/urllib3/2.2.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/typing-extensions@4.12.2",
+ "purl": "pkg:pypi/urllib3@2.2.2",
"properties": [
{
"name": "language",
@@ -2866,7 +2968,7 @@
},
{
"type": "library",
- "bom-ref": "68-rpmfile",
+ "bom-ref": "70-rpmfile",
"name": "rpmfile",
"version": "2.0.0",
"supplier": {
@@ -2879,6 +2981,12 @@
},
"cpe": "cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*",
"description": "Read rpm archive files",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "c0498cd5173afb6fb0af9ed5c7d61335b7c9af0e"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2908,7 +3016,7 @@
},
{
"type": "library",
- "bom-ref": "69-toml",
+ "bom-ref": "71-toml",
"name": "toml",
"version": "0.10.2",
"supplier": {
@@ -2956,7 +3064,7 @@
},
{
"type": "library",
- "bom-ref": "70-xmlschema",
+ "bom-ref": "72-xmlschema",
"name": "xmlschema",
"version": "3.3.1",
"supplier": {
@@ -2998,7 +3106,7 @@
},
{
"type": "library",
- "bom-ref": "71-elementpath",
+ "bom-ref": "73-elementpath",
"name": "elementpath",
"version": "4.4.0",
"supplier": {
@@ -3040,7 +3148,7 @@
},
{
"type": "library",
- "bom-ref": "72-zstandard",
+ "bom-ref": "74-zstandard",
"name": "zstandard",
"version": "0.22.0",
"supplier": {
@@ -3109,18 +3217,19 @@
"44-jinja2",
"46-jsonschema",
"51-lib4sbom",
- "54-packageurl-python",
- "55-packaging",
- "56-plotly",
- "58-python-gnupg",
+ "54-lib4vex",
+ "56-packageurl-python",
+ "62-packaging",
+ "63-plotly",
+ "65-python-gnupg",
"52-pyyaml",
- "59-requests",
- "63-rich",
- "68-rpmfile",
- "69-toml",
- "62-urllib3",
- "70-xmlschema",
- "72-zstandard"
+ "66-requests",
+ "57-rich",
+ "70-rpmfile",
+ "71-toml",
+ "69-urllib3",
+ "72-xmlschema",
+ "74-zstandard"
]
},
{
@@ -3321,39 +3430,54 @@
]
},
{
- "ref": "56-plotly",
+ "ref": "54-lib4vex",
"dependsOn": [
- "55-packaging",
- "57-tenacity"
+ "55-csaf-tool",
+ "51-lib4sbom",
+ "56-packageurl-python"
]
},
{
- "ref": "59-requests",
+ "ref": "55-csaf-tool",
"dependsOn": [
- "60-certifi",
- "61-charset-normalizer",
- "9-idna",
- "62-urllib3"
+ "56-packageurl-python",
+ "57-rich"
+ ]
+ },
+ {
+ "ref": "57-rich",
+ "dependsOn": [
+ "58-markdown-it-py",
+ "60-pygments",
+ "61-typing-extensions"
+ ]
+ },
+ {
+ "ref": "58-markdown-it-py",
+ "dependsOn": [
+ "59-mdurl"
]
},
{
- "ref": "63-rich",
+ "ref": "63-plotly",
"dependsOn": [
- "64-markdown-it-py",
- "66-pygments",
- "67-typing-extensions"
+ "62-packaging",
+ "64-tenacity"
]
},
{
- "ref": "64-markdown-it-py",
+ "ref": "66-requests",
"dependsOn": [
- "65-mdurl"
+ "67-certifi",
+ "68-charset-normalizer",
+ "9-idna",
+ "69-urllib3"
]
},
{
- "ref": "70-xmlschema",
+ "ref": "72-xmlschema",
"dependsOn": [
- "71-elementpath"
+ "73-elementpath"
]
}
]
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
index b216c8945a..bc0c67de85 100644
--- a/sbom/cve-bin-tool-py3.8.spdx
+++ b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9b2572c3-bc89-4031-9f9c-0823282d441e
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-5be2bc4b-f980-4b57-a553-d22cca50c597
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.10.4
-Created: 2024-06-17T00:28:55Z
+Created: 2024-06-24T00:28:51Z
CreatorComment: This document has been automatically generated.
#####
@@ -654,18 +654,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
PackageName: importlib-metadata
SPDXID: SPDXRef-Package-41-importlib-metadata
-PackageVersion: 7.1.0
+PackageVersion: 7.2.1
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/importlib_metadata/7.1.0
+PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
+PackageDownloadLocation: https://pypi.org/project/importlib_metadata/7.2.1
FilesAnalyzed: false
-PackageChecksum: SHA1: f5d6b5f3f3f6fffe01b340c5a19562433db148a9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Read metadata from Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@7.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:7.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@7.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:7.2.1:*:*:*:*:*:*:*
#####
PackageName: zipp
@@ -853,13 +852,46 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*
#####
+PackageName: lib4vex
+SPDXID: SPDXRef-Package-54-lib4vex
+PackageVersion: 0.1.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/lib4vex/0.1.0
+FilesAnalyzed: false
+PackageChecksum: SHA1: 84229c7770dd95cf887d6874e0203da4c8aa809b
+PackageLicenseDeclared: Apache-2.0
+PackageLicenseConcluded: Apache-2.0
+PackageCopyrightText: NOASSERTION
+PackageSummary: VEX generator and consumer library
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.1.0:*:*:*:*:*:*:*
+#####
+
+PackageName: csaf-tool
+SPDXID: SPDXRef-Package-55-csaf-tool
+PackageVersion: 0.3.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2
+FilesAnalyzed: false
+PackageChecksum: SHA1: 4decb1ba24c5832955056fe3c2b0213be034c5f4
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: CSAF generator and analyser
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/csaf-tool@0.3.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:*
+#####
+
PackageName: packageurl-python
-SPDXID: SPDXRef-Package-54-packageurl-python
+SPDXID: SPDXRef-Package-56-packageurl-python
PackageVersion: 0.15.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.1
FilesAnalyzed: false
+PackageChecksum: SHA1: b744d07798b8aa1454f949e17d89791a18d85b0e
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
@@ -868,8 +900,86 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.1:*:*:*:*:*:*:*
#####
+PackageName: rich
+SPDXID: SPDXRef-Package-57-rich
+PackageVersion: 13.7.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/rich/13.7.1
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.7.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:*
+#####
+
+PackageName: markdown-it-py
+SPDXID: SPDXRef-Package-58-markdown-it-py
+PackageVersion: 3.0.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
+PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0
+FilesAnalyzed: false
+PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Python port of markdown-it. Markdown parsing, done right!
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*
+#####
+
+PackageName: mdurl
+SPDXID: SPDXRef-Package-59-mdurl
+PackageVersion: 0.1.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
+PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2
+FilesAnalyzed: false
+PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Markdown URL utilities
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*
+#####
+
+PackageName: pygments
+SPDXID: SPDXRef-Package-60-pygments
+PackageVersion: 2.18.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Georg Brandl (georg@python.org)
+PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0
+FilesAnalyzed: false
+PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb
+PackageLicenseDeclared: BSD-2-Clause
+PackageLicenseConcluded: BSD-2-Clause
+PackageCopyrightText: NOASSERTION
+PackageSummary: Pygments is a syntax highlighting package written in Python.
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*
+#####
+
+PackageName: typing-extensions
+SPDXID: SPDXRef-Package-61-typing-extensions
+PackageVersion: 4.12.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/typing_extensions/4.12.2
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Backported and Experimental Type Hints for Python 3.8+
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*
+#####
+
PackageName: packaging
-SPDXID: SPDXRef-Package-55-packaging
+SPDXID: SPDXRef-Package-62-packaging
PackageVersion: 24.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
@@ -884,7 +994,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*
#####
PackageName: plotly
-SPDXID: SPDXRef-Package-56-plotly
+SPDXID: SPDXRef-Package-63-plotly
PackageVersion: 5.22.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
@@ -899,23 +1009,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*
#####
PackageName: tenacity
-SPDXID: SPDXRef-Package-57-tenacity
-PackageVersion: 8.3.0
+SPDXID: SPDXRef-Package-64-tenacity
+PackageVersion: 8.4.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
-PackageDownloadLocation: https://pypi.org/project/tenacity/8.3.0
+PackageDownloadLocation: https://pypi.org/project/tenacity/8.4.1
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Retry code until it succeeds
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.4.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.4.1:*:*:*:*:*:*:*
#####
PackageName: python-gnupg
-SPDXID: SPDXRef-Package-58-python-gnupg
+SPDXID: SPDXRef-Package-65-python-gnupg
PackageVersion: 0.5.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
@@ -932,12 +1042,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:*
#####
PackageName: requests
-SPDXID: SPDXRef-Package-59-requests
+SPDXID: SPDXRef-Package-66-requests
PackageVersion: 2.32.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
PackageDownloadLocation: https://pypi.org/project/requests/2.32.3
FilesAnalyzed: false
+PackageChecksum: SHA1: 0e322af87745eff34caffe4df68456ebc20d9068
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
@@ -947,7 +1058,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:
#####
PackageName: certifi
-SPDXID: SPDXRef-Package-60-certifi
+SPDXID: SPDXRef-Package-67-certifi
PackageVersion: 2024.6.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
@@ -962,7 +1073,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.6.2:*:*:*:*
#####
PackageName: charset-normalizer
-SPDXID: SPDXRef-Package-61-charset-normalizer
+SPDXID: SPDXRef-Package-68-charset-normalizer
PackageVersion: 3.3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev)
@@ -978,105 +1089,28 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*
#####
PackageName: urllib3
-SPDXID: SPDXRef-Package-62-urllib3
-PackageVersion: 2.2.1
+SPDXID: SPDXRef-Package-69-urllib3
+PackageVersion: 2.2.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
-PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.1
+PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.2
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.1:*:*:*:*:*:*:*
-#####
-
-PackageName: rich
-SPDXID: SPDXRef-Package-63-rich
-PackageVersion: 13.7.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.7.1
-FilesAnalyzed: false
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.7.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:*
-#####
-
-PackageName: markdown-it-py
-SPDXID: SPDXRef-Package-64-markdown-it-py
-PackageVersion: 3.0.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
-PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0
-FilesAnalyzed: false
-PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python port of markdown-it. Markdown parsing, done right!
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*
-#####
-
-PackageName: mdurl
-SPDXID: SPDXRef-Package-65-mdurl
-PackageVersion: 0.1.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
-PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2
-FilesAnalyzed: false
-PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Markdown URL utilities
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*
-#####
-
-PackageName: pygments
-SPDXID: SPDXRef-Package-66-pygments
-PackageVersion: 2.18.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Georg Brandl (georg@python.org)
-PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0
-FilesAnalyzed: false
-PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb
-PackageLicenseDeclared: BSD-2-Clause
-PackageLicenseConcluded: BSD-2-Clause
-PackageCopyrightText: NOASSERTION
-PackageSummary: Pygments is a syntax highlighting package written in Python.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*
-#####
-
-PackageName: typing-extensions
-SPDXID: SPDXRef-Package-67-typing-extensions
-PackageVersion: 4.12.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/typing_extensions/4.12.2
-FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Backported and Experimental Type Hints for Python 3.8+
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.2:*:*:*:*:*:*:*
#####
PackageName: rpmfile
-SPDXID: SPDXRef-Package-68-rpmfile
+SPDXID: SPDXRef-Package-70-rpmfile
PackageVersion: 2.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Sean Ross (srossross@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rpmfile/2.0.0
FilesAnalyzed: false
+PackageChecksum: SHA1: c0498cd5173afb6fb0af9ed5c7d61335b7c9af0e
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
@@ -1086,7 +1120,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*
#####
PackageName: toml
-SPDXID: SPDXRef-Package-69-toml
+SPDXID: SPDXRef-Package-71-toml
PackageVersion: 0.10.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: William Pearson (uiri@xqz.ca)
@@ -1102,7 +1136,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
#####
PackageName: xmlschema
-SPDXID: SPDXRef-Package-70-xmlschema
+SPDXID: SPDXRef-Package-72-xmlschema
PackageVersion: 3.3.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
@@ -1117,7 +1151,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*
#####
PackageName: elementpath
-SPDXID: SPDXRef-Package-71-elementpath
+SPDXID: SPDXRef-Package-73-elementpath
PackageVersion: 4.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
@@ -1132,7 +1166,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*
#####
PackageName: zstandard
-SPDXID: SPDXRef-Package-72-zstandard
+SPDXID: SPDXRef-Package-74-zstandard
PackageVersion: 0.22.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
@@ -1162,17 +1196,18 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-jinja
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-jsonschema
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-lib4sbom
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-pyyaml
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-packageurl-python
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-packaging
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-plotly
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-python-gnupg
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-requests
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-urllib3
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-rich
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-68-rpmfile
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-toml
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-70-xmlschema
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-72-zstandard
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-lib4vex
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-packageurl-python
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-rich
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-packaging
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-plotly
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-python-gnupg
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-requests
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-urllib3
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-70-rpmfile
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-71-toml
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-72-xmlschema
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-74-zstandard
Relationship: SPDXRef-Package-10-beautifulsoup4 DEPENDS_ON SPDXRef-Package-11-soupsieve
Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete
Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod
@@ -1243,16 +1278,21 @@ Relationship: SPDXRef-Package-48-referencing DEPENDS_ON SPDXRef-Package-6-attrs
Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml
Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-52-pyyaml
Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-53-semantic-version
-Relationship: SPDXRef-Package-56-plotly DEPENDS_ON SPDXRef-Package-55-packaging
-Relationship: SPDXRef-Package-56-plotly DEPENDS_ON SPDXRef-Package-57-tenacity
-Relationship: SPDXRef-Package-59-requests DEPENDS_ON SPDXRef-Package-60-certifi
-Relationship: SPDXRef-Package-59-requests DEPENDS_ON SPDXRef-Package-61-charset-normalizer
-Relationship: SPDXRef-Package-59-requests DEPENDS_ON SPDXRef-Package-62-urllib3
-Relationship: SPDXRef-Package-59-requests DEPENDS_ON SPDXRef-Package-9-idna
-Relationship: SPDXRef-Package-63-rich DEPENDS_ON SPDXRef-Package-64-markdown-it-py
-Relationship: SPDXRef-Package-63-rich DEPENDS_ON SPDXRef-Package-66-pygments
-Relationship: SPDXRef-Package-63-rich DEPENDS_ON SPDXRef-Package-67-typing-extensions
-Relationship: SPDXRef-Package-64-markdown-it-py DEPENDS_ON SPDXRef-Package-65-mdurl
-Relationship: SPDXRef-Package-70-xmlschema DEPENDS_ON SPDXRef-Package-71-elementpath
+Relationship: SPDXRef-Package-54-lib4vex DEPENDS_ON SPDXRef-Package-51-lib4sbom
+Relationship: SPDXRef-Package-54-lib4vex DEPENDS_ON SPDXRef-Package-55-csaf-tool
+Relationship: SPDXRef-Package-54-lib4vex DEPENDS_ON SPDXRef-Package-56-packageurl-python
+Relationship: SPDXRef-Package-55-csaf-tool DEPENDS_ON SPDXRef-Package-56-packageurl-python
+Relationship: SPDXRef-Package-55-csaf-tool DEPENDS_ON SPDXRef-Package-57-rich
+Relationship: SPDXRef-Package-57-rich DEPENDS_ON SPDXRef-Package-58-markdown-it-py
+Relationship: SPDXRef-Package-57-rich DEPENDS_ON SPDXRef-Package-60-pygments
+Relationship: SPDXRef-Package-57-rich DEPENDS_ON SPDXRef-Package-61-typing-extensions
+Relationship: SPDXRef-Package-58-markdown-it-py DEPENDS_ON SPDXRef-Package-59-mdurl
+Relationship: SPDXRef-Package-63-plotly DEPENDS_ON SPDXRef-Package-62-packaging
+Relationship: SPDXRef-Package-63-plotly DEPENDS_ON SPDXRef-Package-64-tenacity
+Relationship: SPDXRef-Package-66-requests DEPENDS_ON SPDXRef-Package-67-certifi
+Relationship: SPDXRef-Package-66-requests DEPENDS_ON SPDXRef-Package-68-charset-normalizer
+Relationship: SPDXRef-Package-66-requests DEPENDS_ON SPDXRef-Package-69-urllib3
+Relationship: SPDXRef-Package-66-requests DEPENDS_ON SPDXRef-Package-9-idna
+Relationship: SPDXRef-Package-72-xmlschema DEPENDS_ON SPDXRef-Package-73-elementpath
Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-7-multidict
Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-9-idna