From f870e4975eefb7df49991cf0f45f0d59848197cb Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 11:01:06 -0700 Subject: [PATCH] chore: update SBOM for Python 3.8 (#4213) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.8.json | 534 +++++++++++++++++++++-------------- sbom/cve-bin-tool-py3.8.spdx | 300 +++++++++++--------- 2 files changed, 499 insertions(+), 335 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index 0e78ff1b1d..cfee171460 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:98b04938-ce5b-4df5-9d99-2eacbcb84cc3", + "serialNumber": "urn:uuid:ace3d1ef-b123-40c1-ae05-d46823eaa9b4", "version": 1, "metadata": { - "timestamp": "2024-06-17T00:30:29Z", + "timestamp": "2024-06-24T00:29:54Z", "tools": { "components": [ { @@ -1793,31 +1793,25 @@ "type": "library", "bom-ref": "41-importlib-metadata", "name": "importlib-metadata", - "version": "7.1.0", + "version": "7.2.1", "supplier": { - "name": "Jason R . Coombs", + "name": "Jason R .", "contact": [ { "email": "jaraco@jaraco.com" } ] }, - "cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:7.1.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:7.2.1:*:*:*:*:*:*:*", "description": "Read metadata from Python packages", - "hashes": [ - { - "alg": "SHA-1", - "content": "f5d6b5f3f3f6fffe01b340c5a19562433db148a9" - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/importlib_metadata/7.1.0", + "url": "https://pypi.org/project/importlib_metadata/7.2.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/importlib-metadata@7.1.0", + "purl": "pkg:pypi/importlib-metadata@7.2.1", "properties": [ { "name": "language", @@ -2293,30 +2287,41 @@ }, { "type": "library", - "bom-ref": "54-packageurl-python", - "name": "packageurl-python", - "version": "0.15.1", + "bom-ref": "54-lib4vex", + "name": "lib4vex", + "version": "0.1.0", "supplier": { - "name": "the purl authors" + "name": "Anthony Harrison", + "contact": [ + { + "email": "anthony.p.harrison@gmail.com" + } + ] }, - "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.1:*:*:*:*:*:*:*", - "description": "A purl aka. Package URL parser and builder", + "cpe": "cpe:2.3:a:anthony_harrison:lib4vex:0.1.0:*:*:*:*:*:*:*", + "description": "VEX generator and consumer library", + "hashes": [ + { + "alg": "SHA-1", + "content": "84229c7770dd95cf887d6874e0203da4c8aa809b" + } + ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/packageurl-python/0.15.1", + "url": "https://pypi.org/project/lib4vex/0.1.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packageurl-python@0.15.1", + "purl": "pkg:pypi/lib4vex@0.1.0", "properties": [ { "name": "language", @@ -2330,27 +2335,41 @@ }, { "type": "library", - "bom-ref": "55-packaging", - "name": "packaging", - "version": "24.1", + "bom-ref": "55-csaf-tool", + "name": "csaf-tool", + "version": "0.3.2", "supplier": { - "name": "Donald Stufft", + "name": "Anthony Harrison", "contact": [ { - "email": "donald@stufft.io" + "email": "anthony.p.harrison@gmail.com" } ] }, - "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*", - "description": "Core utilities for Python packages", + "cpe": "cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:*", + "description": "CSAF generator and analyser", + "hashes": [ + { + "alg": "SHA-1", + "content": "4decb1ba24c5832955056fe3c2b0213be034c5f4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/packaging/24.1", + "url": "https://pypi.org/project/csaf-tool/0.3.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packaging@24.1", + "purl": "pkg:pypi/csaf-tool@0.3.2", "properties": [ { "name": "language", @@ -2364,19 +2383,20 @@ }, { "type": "library", - "bom-ref": "56-plotly", - "name": "plotly", - "version": "5.22.0", + "bom-ref": "56-packageurl-python", + "name": "packageurl-python", + "version": "0.15.1", "supplier": { - "name": "Chris P", - "contact": [ - { - "email": "chris@plot.ly" - } - ] + "name": "the purl authors" }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*", - "description": "An open-source, interactive data visualization library for Python", + "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.1:*:*:*:*:*:*:*", + "description": "A purl aka. Package URL parser and builder", + "hashes": [ + { + "alg": "SHA-1", + "content": "b744d07798b8aa1454f949e17d89791a18d85b0e" + } + ], "licenses": [ { "license": { @@ -2387,12 +2407,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/plotly/5.22.0", + "url": "https://pypi.org/project/packageurl-python/0.15.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/plotly@5.22.0", + "purl": "pkg:pypi/packageurl-python@0.15.1", "properties": [ { "name": "language", @@ -2406,35 +2426,35 @@ }, { "type": "library", - "bom-ref": "57-tenacity", - "name": "tenacity", - "version": "8.3.0", + "bom-ref": "57-rich", + "name": "rich", + "version": "13.7.1", "supplier": { - "name": "Julien Danjou", + "name": "Will McGugan", "contact": [ { - "email": "julien@danjou.info" + "email": "willmcgugan@gmail.com" } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.3.0:*:*:*:*:*:*:*", - "description": "Retry code until it succeeds", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:*", + "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0" + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/tenacity/8.3.0", + "url": "https://pypi.org/project/rich/13.7.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/tenacity@8.3.0", + "purl": "pkg:pypi/rich@13.7.1", "properties": [ { "name": "language", @@ -2448,41 +2468,73 @@ }, { "type": "library", - "bom-ref": "58-python-gnupg", - "name": "python-gnupg", - "version": "0.5.2", + "bom-ref": "58-markdown-it-py", + "name": "markdown-it-py", + "version": "3.0.0", "supplier": { - "name": "Vinay Sajip", + "name": "Chris Sewell", "contact": [ { - "email": "vinay_sajip@yahoo.co.uk" + "email": "chrisj_sewell@hotmail.com" } ] }, - "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:*:*:*:*", - "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "cpe": "cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*", + "description": "Python port of markdown-it. Markdown parsing, done right!", "hashes": [ { "alg": "SHA-1", - "content": "cda862f8b31c2678d5691ee55797a1cf6d44fe42" + "content": "bee6d1953be75717a3f2f6a917da6f464bed421d" } ], - "licenses": [ + "externalReferences": [ { - "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause" + "url": "https://pypi.org/project/markdown-it-py/3.0.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/markdown-it-py@3.0.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "59-mdurl", + "name": "mdurl", + "version": "0.1.2", + "supplier": { + "name": "Taneli Hukkinen", + "contact": [ + { + "email": "hukkin@users.noreply.github.com" } + ] + }, + "cpe": "cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*", + "description": "Markdown URL utilities", + "hashes": [ + { + "alg": "SHA-1", + "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e" } ], "externalReferences": [ { - "url": "https://pypi.org/project/python-gnupg/0.5.2", + "url": "https://pypi.org/project/mdurl/0.1.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/python-gnupg@0.5.2", + "purl": "pkg:pypi/mdurl@0.1.2", "properties": [ { "name": "language", @@ -2496,35 +2548,41 @@ }, { "type": "library", - "bom-ref": "59-requests", - "name": "requests", - "version": "2.32.3", + "bom-ref": "60-pygments", + "name": "pygments", + "version": "2.18.0", "supplier": { - "name": "Kenneth Reitz", + "name": "Georg Brandl", "contact": [ { - "email": "me@kennethreitz.org" + "email": "georg@python.org" } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:*", - "description": "Python HTTP for Humans.", + "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*", + "description": "Pygments is a syntax highlighting package written in Python.", + "hashes": [ + { + "alg": "SHA-1", + "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb" + } + ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0" + "id": "BSD-2-Clause", + "url": "https://opensource.org/licenses/BSD-2-Clause" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/requests/2.32.3", + "url": "https://pypi.org/project/Pygments/2.18.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/requests@2.32.3", + "purl": "pkg:pypi/pygments@2.18.0", "properties": [ { "name": "language", @@ -2538,35 +2596,27 @@ }, { "type": "library", - "bom-ref": "60-certifi", - "name": "certifi", - "version": "2024.6.2", + "bom-ref": "61-typing-extensions", + "name": "typing-extensions", + "version": "4.12.2", "supplier": { - "name": "Kenneth Reitz", + "name": "Guido van Jukka ukasz Michael", "contact": [ { - "email": "me@kennethreitz.com" + "email": "levkivskyi@gmail.com" } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.6.2:*:*:*:*:*:*:*", - "description": "Python package for providing Mozilla's CA Bundle.", - "licenses": [ - { - "license": { - "id": "MPL-2.0", - "url": "https://www.mozilla.org/MPL/2.0/" - } - } - ], + "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*", + "description": "Backported and Experimental Type Hints for Python 3.8+", "externalReferences": [ { - "url": "https://pypi.org/project/certifi/2024.6.2", + "url": "https://pypi.org/project/typing_extensions/4.12.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/certifi@2024.6.2", + "purl": "pkg:pypi/typing-extensions@4.12.2", "properties": [ { "name": "language", @@ -2580,25 +2630,53 @@ }, { "type": "library", - "bom-ref": "61-charset-normalizer", - "name": "charset-normalizer", - "version": "3.3.2", + "bom-ref": "62-packaging", + "name": "packaging", + "version": "24.1", "supplier": { - "name": "Ahmed TAHRI", + "name": "Donald Stufft", "contact": [ { - "email": "ahmed.tahri@cloudnursery.dev" + "email": "donald@stufft.io" } ] }, - "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*", - "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", - "hashes": [ + "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*", + "description": "Core utilities for Python packages", + "externalReferences": [ { - "alg": "SHA-1", - "content": "79dce4857914fead2ffe55eb787cad6d5cf14643" + "url": "https://pypi.org/project/packaging/24.1", + "type": "distribution", + "comment": "Download location for component" } ], + "purl": "pkg:pypi/packaging@24.1", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "63-plotly", + "name": "plotly", + "version": "5.22.0", + "supplier": { + "name": "Chris P", + "contact": [ + { + "email": "chris@plot.ly" + } + ] + }, + "cpe": "cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*", + "description": "An open-source, interactive data visualization library for Python", "licenses": [ { "license": { @@ -2609,12 +2687,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/charset-normalizer/3.3.2", + "url": "https://pypi.org/project/plotly/5.22.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/charset-normalizer@3.3.2", + "purl": "pkg:pypi/plotly@5.22.0", "properties": [ { "name": "language", @@ -2628,27 +2706,35 @@ }, { "type": "library", - "bom-ref": "62-urllib3", - "name": "urllib3", - "version": "2.2.1", + "bom-ref": "64-tenacity", + "name": "tenacity", + "version": "8.4.1", "supplier": { - "name": "Andrey Petrov", + "name": "Julien Danjou", "contact": [ { - "email": "andrey.petrov@shazow.net" + "email": "julien@danjou.info" } ] }, - "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.1:*:*:*:*:*:*:*", - "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.4.1:*:*:*:*:*:*:*", + "description": "Retry code until it succeeds", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/urllib3/2.2.1", + "url": "https://pypi.org/project/tenacity/8.4.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/urllib3@2.2.1", + "purl": "pkg:pypi/tenacity@8.4.1", "properties": [ { "name": "language", @@ -2662,35 +2748,41 @@ }, { "type": "library", - "bom-ref": "63-rich", - "name": "rich", - "version": "13.7.1", + "bom-ref": "65-python-gnupg", + "name": "python-gnupg", + "version": "0.5.2", "supplier": { - "name": "Will McGugan", + "name": "Vinay Sajip", "contact": [ { - "email": "willmcgugan@gmail.com" + "email": "vinay_sajip@yahoo.co.uk" } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:*", - "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", + "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:*:*:*:*", + "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "hashes": [ + { + "alg": "SHA-1", + "content": "cda862f8b31c2678d5691ee55797a1cf6d44fe42" + } + ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/rich/13.7.1", + "url": "https://pypi.org/project/python-gnupg/0.5.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.7.1", + "purl": "pkg:pypi/python-gnupg@0.5.2", "properties": [ { "name": "language", @@ -2704,33 +2796,41 @@ }, { "type": "library", - "bom-ref": "64-markdown-it-py", - "name": "markdown-it-py", - "version": "3.0.0", + "bom-ref": "66-requests", + "name": "requests", + "version": "2.32.3", "supplier": { - "name": "Chris Sewell", + "name": "Kenneth Reitz", "contact": [ { - "email": "chrisj_sewell@hotmail.com" + "email": "me@kennethreitz.org" } ] }, - "cpe": "cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*", - "description": "Python port of markdown-it. Markdown parsing, done right!", + "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:*", + "description": "Python HTTP for Humans.", "hashes": [ { "alg": "SHA-1", - "content": "bee6d1953be75717a3f2f6a917da6f464bed421d" + "content": "0e322af87745eff34caffe4df68456ebc20d9068" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/markdown-it-py/3.0.0", + "url": "https://pypi.org/project/requests/2.32.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/markdown-it-py@3.0.0", + "purl": "pkg:pypi/requests@2.32.3", "properties": [ { "name": "language", @@ -2744,33 +2844,35 @@ }, { "type": "library", - "bom-ref": "65-mdurl", - "name": "mdurl", - "version": "0.1.2", + "bom-ref": "67-certifi", + "name": "certifi", + "version": "2024.6.2", "supplier": { - "name": "Taneli Hukkinen", + "name": "Kenneth Reitz", "contact": [ { - "email": "hukkin@users.noreply.github.com" + "email": "me@kennethreitz.com" } ] }, - "cpe": "cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*", - "description": "Markdown URL utilities", - "hashes": [ + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.6.2:*:*:*:*:*:*:*", + "description": "Python package for providing Mozilla's CA Bundle.", + "licenses": [ { - "alg": "SHA-1", - "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e" + "license": { + "id": "MPL-2.0", + "url": "https://www.mozilla.org/MPL/2.0/" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/mdurl/0.1.2", + "url": "https://pypi.org/project/certifi/2024.6.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/mdurl@0.1.2", + "purl": "pkg:pypi/certifi@2024.6.2", "properties": [ { "name": "language", @@ -2784,41 +2886,41 @@ }, { "type": "library", - "bom-ref": "66-pygments", - "name": "pygments", - "version": "2.18.0", + "bom-ref": "68-charset-normalizer", + "name": "charset-normalizer", + "version": "3.3.2", "supplier": { - "name": "Georg Brandl", + "name": "Ahmed TAHRI", "contact": [ { - "email": "georg@python.org" + "email": "ahmed.tahri@cloudnursery.dev" } ] }, - "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*", - "description": "Pygments is a syntax highlighting package written in Python.", + "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*", + "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", "hashes": [ { "alg": "SHA-1", - "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb" + "content": "79dce4857914fead2ffe55eb787cad6d5cf14643" } ], "licenses": [ { "license": { - "id": "BSD-2-Clause", - "url": "https://opensource.org/licenses/BSD-2-Clause" + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.18.0", + "url": "https://pypi.org/project/charset-normalizer/3.3.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pygments@2.18.0", + "purl": "pkg:pypi/charset-normalizer@3.3.2", "properties": [ { "name": "language", @@ -2832,27 +2934,27 @@ }, { "type": "library", - "bom-ref": "67-typing-extensions", - "name": "typing-extensions", - "version": "4.12.2", + "bom-ref": "69-urllib3", + "name": "urllib3", + "version": "2.2.2", "supplier": { - "name": "Guido van Jukka ukasz Michael", + "name": "Andrey Petrov", "contact": [ { - "email": "levkivskyi@gmail.com" + "email": "andrey.petrov@shazow.net" } ] }, - "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*", - "description": "Backported and Experimental Type Hints for Python 3.8+", + "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.2:*:*:*:*:*:*:*", + "description": "HTTP library with thread-safe connection pooling, file post, and more.", "externalReferences": [ { - "url": "https://pypi.org/project/typing_extensions/4.12.2", + "url": "https://pypi.org/project/urllib3/2.2.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/typing-extensions@4.12.2", + "purl": "pkg:pypi/urllib3@2.2.2", "properties": [ { "name": "language", @@ -2866,7 +2968,7 @@ }, { "type": "library", - "bom-ref": "68-rpmfile", + "bom-ref": "70-rpmfile", "name": "rpmfile", "version": "2.0.0", "supplier": { @@ -2879,6 +2981,12 @@ }, "cpe": "cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*", "description": "Read rpm archive files", + "hashes": [ + { + "alg": "SHA-1", + "content": "c0498cd5173afb6fb0af9ed5c7d61335b7c9af0e" + } + ], "licenses": [ { "license": { @@ -2908,7 +3016,7 @@ }, { "type": "library", - "bom-ref": "69-toml", + "bom-ref": "71-toml", "name": "toml", "version": "0.10.2", "supplier": { @@ -2956,7 +3064,7 @@ }, { "type": "library", - "bom-ref": "70-xmlschema", + "bom-ref": "72-xmlschema", "name": "xmlschema", "version": "3.3.1", "supplier": { @@ -2998,7 +3106,7 @@ }, { "type": "library", - "bom-ref": "71-elementpath", + "bom-ref": "73-elementpath", "name": "elementpath", "version": "4.4.0", "supplier": { @@ -3040,7 +3148,7 @@ }, { "type": "library", - "bom-ref": "72-zstandard", + "bom-ref": "74-zstandard", "name": "zstandard", "version": "0.22.0", "supplier": { @@ -3109,18 +3217,19 @@ "44-jinja2", "46-jsonschema", "51-lib4sbom", - "54-packageurl-python", - "55-packaging", - "56-plotly", - "58-python-gnupg", + "54-lib4vex", + "56-packageurl-python", + "62-packaging", + "63-plotly", + "65-python-gnupg", "52-pyyaml", - "59-requests", - "63-rich", - "68-rpmfile", - "69-toml", - "62-urllib3", - "70-xmlschema", - "72-zstandard" + "66-requests", + "57-rich", + "70-rpmfile", + "71-toml", + "69-urllib3", + "72-xmlschema", + "74-zstandard" ] }, { @@ -3321,39 +3430,54 @@ ] }, { - "ref": "56-plotly", + "ref": "54-lib4vex", "dependsOn": [ - "55-packaging", - "57-tenacity" + "55-csaf-tool", + "51-lib4sbom", + "56-packageurl-python" ] }, { - "ref": "59-requests", + "ref": "55-csaf-tool", "dependsOn": [ - "60-certifi", - "61-charset-normalizer", - "9-idna", - "62-urllib3" + "56-packageurl-python", + "57-rich" + ] + }, + { + "ref": "57-rich", + "dependsOn": [ + "58-markdown-it-py", + "60-pygments", + "61-typing-extensions" + ] + }, + { + "ref": "58-markdown-it-py", + "dependsOn": [ + "59-mdurl" ] }, { - "ref": "63-rich", + "ref": "63-plotly", "dependsOn": [ - "64-markdown-it-py", - "66-pygments", - "67-typing-extensions" + "62-packaging", + "64-tenacity" ] }, { - "ref": "64-markdown-it-py", + "ref": "66-requests", "dependsOn": [ - "65-mdurl" + "67-certifi", + "68-charset-normalizer", + "9-idna", + "69-urllib3" ] }, { - "ref": "70-xmlschema", + "ref": "72-xmlschema", "dependsOn": [ - "71-elementpath" + "73-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index b216c8945a..bc0c67de85 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9b2572c3-bc89-4031-9f9c-0823282d441e +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-5be2bc4b-f980-4b57-a553-d22cca50c597 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.10.4 -Created: 2024-06-17T00:28:55Z +Created: 2024-06-24T00:28:51Z CreatorComment: This document has been automatically generated. ##### @@ -654,18 +654,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* PackageName: importlib-metadata SPDXID: SPDXRef-Package-41-importlib-metadata -PackageVersion: 7.1.0 +PackageVersion: 7.2.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/importlib_metadata/7.1.0 +PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) +PackageDownloadLocation: https://pypi.org/project/importlib_metadata/7.2.1 FilesAnalyzed: false -PackageChecksum: SHA1: f5d6b5f3f3f6fffe01b340c5a19562433db148a9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Read metadata from Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@7.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:7.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@7.2.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:7.2.1:*:*:*:*:*:*:* ##### PackageName: zipp @@ -853,13 +852,46 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:* ##### +PackageName: lib4vex +SPDXID: SPDXRef-Package-54-lib4vex +PackageVersion: 0.1.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) +PackageDownloadLocation: https://pypi.org/project/lib4vex/0.1.0 +FilesAnalyzed: false +PackageChecksum: SHA1: 84229c7770dd95cf887d6874e0203da4c8aa809b +PackageLicenseDeclared: Apache-2.0 +PackageLicenseConcluded: Apache-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: VEX generator and consumer library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.1.0:*:*:*:*:*:*:* +##### + +PackageName: csaf-tool +SPDXID: SPDXRef-Package-55-csaf-tool +PackageVersion: 0.3.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) +PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2 +FilesAnalyzed: false +PackageChecksum: SHA1: 4decb1ba24c5832955056fe3c2b0213be034c5f4 +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: CSAF generator and analyser +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/csaf-tool@0.3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:* +##### + PackageName: packageurl-python -SPDXID: SPDXRef-Package-54-packageurl-python +SPDXID: SPDXRef-Package-56-packageurl-python PackageVersion: 0.15.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.1 FilesAnalyzed: false +PackageChecksum: SHA1: b744d07798b8aa1454f949e17d89791a18d85b0e PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -868,8 +900,86 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.1:*:*:*:*:*:*:* ##### +PackageName: rich +SPDXID: SPDXRef-Package-57-rich +PackageVersion: 13.7.1 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) +PackageDownloadLocation: https://pypi.org/project/rich/13.7.1 +FilesAnalyzed: false +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.7.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:* +##### + +PackageName: markdown-it-py +SPDXID: SPDXRef-Package-58-markdown-it-py +PackageVersion: 3.0.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) +PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0 +FilesAnalyzed: false +PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Python port of markdown-it. Markdown parsing, done right! +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:* +##### + +PackageName: mdurl +SPDXID: SPDXRef-Package-59-mdurl +PackageVersion: 0.1.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) +PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2 +FilesAnalyzed: false +PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Markdown URL utilities +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:* +##### + +PackageName: pygments +SPDXID: SPDXRef-Package-60-pygments +PackageVersion: 2.18.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Georg Brandl (georg@python.org) +PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0 +FilesAnalyzed: false +PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb +PackageLicenseDeclared: BSD-2-Clause +PackageLicenseConcluded: BSD-2-Clause +PackageCopyrightText: NOASSERTION +PackageSummary: Pygments is a syntax highlighting package written in Python. +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:* +##### + +PackageName: typing-extensions +SPDXID: SPDXRef-Package-61-typing-extensions +PackageVersion: 4.12.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) +PackageDownloadLocation: https://pypi.org/project/typing_extensions/4.12.2 +FilesAnalyzed: false +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Backported and Experimental Type Hints for Python 3.8+ +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:* +##### + PackageName: packaging -SPDXID: SPDXRef-Package-55-packaging +SPDXID: SPDXRef-Package-62-packaging PackageVersion: 24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -884,7 +994,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-Package-56-plotly +SPDXID: SPDXRef-Package-63-plotly PackageVersion: 5.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) @@ -899,23 +1009,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-57-tenacity -PackageVersion: 8.3.0 +SPDXID: SPDXRef-Package-64-tenacity +PackageVersion: 8.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageDownloadLocation: https://pypi.org/project/tenacity/8.3.0 +PackageDownloadLocation: https://pypi.org/project/tenacity/8.4.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.4.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.4.1:*:*:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-58-python-gnupg +SPDXID: SPDXRef-Package-65-python-gnupg PackageVersion: 0.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -932,12 +1042,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-59-requests +SPDXID: SPDXRef-Package-66-requests PackageVersion: 2.32.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) PackageDownloadLocation: https://pypi.org/project/requests/2.32.3 FilesAnalyzed: false +PackageChecksum: SHA1: 0e322af87745eff34caffe4df68456ebc20d9068 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION @@ -947,7 +1058,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-60-certifi +SPDXID: SPDXRef-Package-67-certifi PackageVersion: 2024.6.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -962,7 +1073,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.6.2:*:*:*:* ##### PackageName: charset-normalizer -SPDXID: SPDXRef-Package-61-charset-normalizer +SPDXID: SPDXRef-Package-68-charset-normalizer PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) @@ -978,105 +1089,28 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:* ##### PackageName: urllib3 -SPDXID: SPDXRef-Package-62-urllib3 -PackageVersion: 2.2.1 +SPDXID: SPDXRef-Package-69-urllib3 +PackageVersion: 2.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) -PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.1 +PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.2 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.1:*:*:*:*:*:*:* -##### - -PackageName: rich -SPDXID: SPDXRef-Package-63-rich -PackageVersion: 13.7.1 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.7.1 -FilesAnalyzed: false -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.7.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:* -##### - -PackageName: markdown-it-py -SPDXID: SPDXRef-Package-64-markdown-it-py -PackageVersion: 3.0.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) -PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0 -FilesAnalyzed: false -PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageSummary: Python port of markdown-it. Markdown parsing, done right! -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:* -##### - -PackageName: mdurl -SPDXID: SPDXRef-Package-65-mdurl -PackageVersion: 0.1.2 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) -PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2 -FilesAnalyzed: false -PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageSummary: Markdown URL utilities -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:* -##### - -PackageName: pygments -SPDXID: SPDXRef-Package-66-pygments -PackageVersion: 2.18.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0 -FilesAnalyzed: false -PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb -PackageLicenseDeclared: BSD-2-Clause -PackageLicenseConcluded: BSD-2-Clause -PackageCopyrightText: NOASSERTION -PackageSummary: Pygments is a syntax highlighting package written in Python. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:* -##### - -PackageName: typing-extensions -SPDXID: SPDXRef-Package-67-typing-extensions -PackageVersion: 4.12.2 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) -PackageDownloadLocation: https://pypi.org/project/typing_extensions/4.12.2 -FilesAnalyzed: false -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageSummary: Backported and Experimental Type Hints for Python 3.8+ -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.2:*:*:*:*:*:*:* ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-68-rpmfile +SPDXID: SPDXRef-Package-70-rpmfile PackageVersion: 2.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) PackageDownloadLocation: https://pypi.org/project/rpmfile/2.0.0 FilesAnalyzed: false +PackageChecksum: SHA1: c0498cd5173afb6fb0af9ed5c7d61335b7c9af0e PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -1086,7 +1120,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:* ##### PackageName: toml -SPDXID: SPDXRef-Package-69-toml +SPDXID: SPDXRef-Package-71-toml PackageVersion: 0.10.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: William Pearson (uiri@xqz.ca) @@ -1102,7 +1136,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: ##### PackageName: xmlschema -SPDXID: SPDXRef-Package-70-xmlschema +SPDXID: SPDXRef-Package-72-xmlschema PackageVersion: 3.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1117,7 +1151,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-71-elementpath +SPDXID: SPDXRef-Package-73-elementpath PackageVersion: 4.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1132,7 +1166,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-72-zstandard +SPDXID: SPDXRef-Package-74-zstandard PackageVersion: 0.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1162,17 +1196,18 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-jinja Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-jsonschema Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-lib4sbom Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-packageurl-python -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-68-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-toml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-70-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-72-zstandard +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-lib4vex +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-packageurl-python +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-urllib3 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-70-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-71-toml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-72-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-74-zstandard Relationship: SPDXRef-Package-10-beautifulsoup4 DEPENDS_ON SPDXRef-Package-11-soupsieve Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod @@ -1243,16 +1278,21 @@ Relationship: SPDXRef-Package-48-referencing DEPENDS_ON SPDXRef-Package-6-attrs Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-52-pyyaml Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-53-semantic-version -Relationship: SPDXRef-Package-56-plotly DEPENDS_ON SPDXRef-Package-55-packaging -Relationship: SPDXRef-Package-56-plotly DEPENDS_ON SPDXRef-Package-57-tenacity -Relationship: SPDXRef-Package-59-requests DEPENDS_ON SPDXRef-Package-60-certifi -Relationship: SPDXRef-Package-59-requests DEPENDS_ON SPDXRef-Package-61-charset-normalizer -Relationship: SPDXRef-Package-59-requests DEPENDS_ON SPDXRef-Package-62-urllib3 -Relationship: SPDXRef-Package-59-requests DEPENDS_ON SPDXRef-Package-9-idna -Relationship: SPDXRef-Package-63-rich DEPENDS_ON SPDXRef-Package-64-markdown-it-py -Relationship: SPDXRef-Package-63-rich DEPENDS_ON SPDXRef-Package-66-pygments -Relationship: SPDXRef-Package-63-rich DEPENDS_ON SPDXRef-Package-67-typing-extensions -Relationship: SPDXRef-Package-64-markdown-it-py DEPENDS_ON SPDXRef-Package-65-mdurl -Relationship: SPDXRef-Package-70-xmlschema DEPENDS_ON SPDXRef-Package-71-elementpath +Relationship: SPDXRef-Package-54-lib4vex DEPENDS_ON SPDXRef-Package-51-lib4sbom +Relationship: SPDXRef-Package-54-lib4vex DEPENDS_ON SPDXRef-Package-55-csaf-tool +Relationship: SPDXRef-Package-54-lib4vex DEPENDS_ON SPDXRef-Package-56-packageurl-python +Relationship: SPDXRef-Package-55-csaf-tool DEPENDS_ON SPDXRef-Package-56-packageurl-python +Relationship: SPDXRef-Package-55-csaf-tool DEPENDS_ON SPDXRef-Package-57-rich +Relationship: SPDXRef-Package-57-rich DEPENDS_ON SPDXRef-Package-58-markdown-it-py +Relationship: SPDXRef-Package-57-rich DEPENDS_ON SPDXRef-Package-60-pygments +Relationship: SPDXRef-Package-57-rich DEPENDS_ON SPDXRef-Package-61-typing-extensions +Relationship: SPDXRef-Package-58-markdown-it-py DEPENDS_ON SPDXRef-Package-59-mdurl +Relationship: SPDXRef-Package-63-plotly DEPENDS_ON SPDXRef-Package-62-packaging +Relationship: SPDXRef-Package-63-plotly DEPENDS_ON SPDXRef-Package-64-tenacity +Relationship: SPDXRef-Package-66-requests DEPENDS_ON SPDXRef-Package-67-certifi +Relationship: SPDXRef-Package-66-requests DEPENDS_ON SPDXRef-Package-68-charset-normalizer +Relationship: SPDXRef-Package-66-requests DEPENDS_ON SPDXRef-Package-69-urllib3 +Relationship: SPDXRef-Package-66-requests DEPENDS_ON SPDXRef-Package-9-idna +Relationship: SPDXRef-Package-72-xmlschema DEPENDS_ON SPDXRef-Package-73-elementpath Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-7-multidict Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-9-idna