diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index cb2ed742d5..61d90efaa6 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -659,6 +659,7 @@ transmission triaging trousers tss +ttyd turbo twonky u diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 06bcdd85b2..51aca1028a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,17 +6,12 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "daily" + interval: "weekly" - - package-ecosystem: pip - directory: /doc - schedule: - interval: daily - - - package-ecosystem: pip - directory: / + - package-ecosystem: "pip" + directory: "/" schedule: - interval: daily + interval: "weekly" # Scanning is disabled for files in /test/ to avoid false positives. # These files are used for testing; vulnerable code is never installed or used. diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml new file mode 100644 index 0000000000..56ccf23b33 --- /dev/null +++ b/.github/workflows/build-wheel.yml @@ -0,0 +1,51 @@ +name: Build pip wheel + +on: + push: + branches: [ "main" ] + workflow_dispatch: + + build: + name: Build wheel + runs-on: ubuntu-latest + permissions: + id-token: write + attestations: write + contents: read + strategy: + fail-fast: false + matrix: + python-version: + - "3.12" + if: github.repository == 'intel/cve-bin-tool' && github.ref == 'refs/heads/main' # run on origin repo only + steps: + - name: Harden Runner + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 + with: + egress-policy: audit + + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + with: + python-version: ${{ matrix.python-version }} + cache: 'pip' + - name: Install dependencies + run: | + python -m pip install --upgrade pip setuptools wheel build + - name: Build + run: | + python -m build . + - name: Get built filenames + id: filename + run: | + echo "tar=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT + echo "whl=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT + - name: Attest Build Provenance for tar + uses: actions/attest-build-provenance@951c0c5f8e375ad4efad33405ab77f7ded2358e4 # v1.1.1 + with: + subject-path: "dist/${{ steps.filename.outputs.tar }}" + - name: Attest Build Provenance for whl + uses: actions/attest-build-provenance@951c0c5f8e375ad4efad33405ab77f7ded2358e4 # v1.1.1 + with: + subject-path: "dist/${{ steps.filename.outputs.whl }}" + # TODO Upload to pypi on release creation diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index d884e368ed..fc7484f156 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -42,7 +42,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: egress-policy: audit @@ -51,7 +51,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + uses: github/codeql-action/init@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -76,4 +76,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + uses: github/codeql-action/analyze@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4 diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 760ea1c499..06f9515221 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: egress-policy: audit diff --git a/.github/workflows/cve_scan.yml b/.github/workflows/cve_scan.yml index 949f6dce1d..62ac555af3 100644 --- a/.github/workflows/cve_scan.yml +++ b/.github/workflows/cve_scan.yml @@ -15,12 +15,12 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: '3.11' cache: 'pip' diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 79fa2b938c..583b80eaf7 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,11 +17,11 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: egress-policy: audit - name: 'Checkout Repository' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: 'Dependency Review' - uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3 + uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4.3.2 diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml index ff89ed8cc4..95f6f9950b 100644 --- a/.github/workflows/formatting.yml +++ b/.github/workflows/formatting.yml @@ -19,12 +19,12 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: '3.11' cache: 'pip' @@ -36,7 +36,7 @@ jobs: run: | python cve_bin_tool/format_checkers.py - name: Create Pull Request - uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e # v6.0.2 + uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 with: commit-message: "chore: update checkers table" title: "chore: update checkers table" diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml index 713dce5d0f..aea981db35 100644 --- a/.github/workflows/fuzzing.yml +++ b/.github/workflows/fuzzing.yml @@ -19,7 +19,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v5.1.0 with: python-version: 3.9 diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index cee0e55da5..7102a7925b 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -18,12 +18,12 @@ jobs: tool: ['isort', 'black', 'pyupgrade', 'flake8', 'bandit', 'gitlint', 'mypy', 'interrogate'] steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: '3.11' cache: 'pip' diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 99f0066f2f..21e9887827 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -22,12 +22,12 @@ jobs: python: ['3.8', '3.9', '3.10', '3.11', '3.12'] steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: ${{ matrix.python }} cache: 'pip' @@ -62,7 +62,7 @@ jobs: cp cve-bin-tool-py${{ matrix.python }}.json sbom/cve-bin-tool-py${{ matrix.python }}.json - name: Create Pull Request if: ${{ steps.diff-sbom.outputs.changed }} - uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e # v6.0.2 + uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 with: commit-message: "chore: update SBOM for Python ${{ matrix.python }}" title: "chore: update SBOM for Python ${{ matrix.python }}" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 31f75239f7..ee7af4cf41 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: egress-policy: audit @@ -32,7 +32,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 with: results_file: results.sarif results_format: sarif diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index 54cc6dea2e..8a035b628f 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: egress-policy: audit diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index b25239a316..4863ba4597 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -1,5 +1,4 @@ name: Testing -permissions: read-all on: push: @@ -24,6 +23,8 @@ env: jobs: docs: name: Documentation + permissions: + contents: read if: | ! github.event.pull_request.user.login == 'github-actions[bot]' || ! ( @@ -36,12 +37,17 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: - egress-policy: audit + disable-sudo: true + egress-policy: block + allowed-endpoints: > + files.pythonhosted.org:443 + github.com:443 + pypi.org:443 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: '3.11' cache: 'pip' @@ -59,6 +65,8 @@ jobs: tests: name: Linux tests + permissions: + contents: read runs-on: ubuntu-22.04 strategy: matrix: @@ -66,12 +74,39 @@ jobs: timeout-minutes: 60 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: - egress-policy: audit + egress-policy: block + allowed-endpoints: > + access.redhat.com:443 + archives.fedoraproject.org:443 + azure.archive.ubuntu.com:80 + curl.se:443 + epss.cyentia.com:443 + esm.ubuntu.com:443 + files.pythonhosted.org:443 + ftp.fr.debian.org:80 + github.com:443 + gitlab.com:443 + mirror.cveb.in:443 + mirror.cveb.in:80 + motd.ubuntu.com:443 + nvd.nist.gov:443 + osv-vulnerabilities.storage.googleapis.com:443 + packages.microsoft.com:443 + ppa.launchpadcontent.net:443 + pypi.org:443 + raw.githubusercontent.com:443 + release-monitoring.org:443 + rpmfind.net:443 + security-tracker.debian.org:443 + services.nvd.nist.gov:443 + storage.googleapis.com:443 + www.cisa.gov:443 + www.sqlite.org:443 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: ${{ matrix.python }} cache: 'pip' @@ -149,6 +184,8 @@ jobs: long_tests: name: Long tests on Python 3.10 + permissions: + contents: read if: | ! github.event.pull_request.user.login == 'github-actions[bot]' || ! ( @@ -164,12 +201,44 @@ jobs: LONG_TESTS: 1 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: - egress-policy: audit + egress-policy: block + allowed-endpoints: > + access.redhat.com:443 + api.codecov.io:443 + api.github.com:443 + archives.fedoraproject.org:443 + azure.archive.ubuntu.com:80 + cli.codecov.io:443 + codecov.io:443 + curl.se:443 + epss.cyentia.com:443 + esm.ubuntu.com:443 + files.pythonhosted.org:443 + ftp.fr.debian.org:80 + github.com:443 + gitlab.com:443 + mirror.cveb.in:443 + mirror.cveb.in:80 + motd.ubuntu.com:443 + nvd.nist.gov:443 + osv-vulnerabilities.storage.googleapis.com:443 + packages.microsoft.com:443 + ppa.launchpadcontent.net:443 + pypi.org:443 + raw.githubusercontent.com:443 + release-monitoring.org:443 + rpmfind.net:443 + security-tracker.debian.org:443 + services.nvd.nist.gov:443 + storage.googleapis.com:443 + uploader.codecov.io:443 + www.cisa.gov:443 + www.sqlite.org:443 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: '3.10' cache: 'pip' @@ -268,7 +337,7 @@ jobs: test/test_cvedb.py - name: Upload code coverage to codecov if: env.sbom != 'true' - uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4.1.0 + uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1 with: files: ./coverage.xml flags: longtests @@ -277,6 +346,8 @@ jobs: linux-mayfail: name: Tests that may fail due to network or HTML + permissions: + contents: read if: | ! github.event.pull_request.user.login == 'github-actions[bot]' || ! ( @@ -292,12 +363,39 @@ jobs: EXTERNAL_SYSTEM: 1 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: - egress-policy: audit + egress-policy: block + allowed-endpoints: > + access.redhat.com:443 + api.github.com:443 + azure.archive.ubuntu.com:80 + csrc.nist.gov:443 + curl.se:443 + epss.cyentia.com:443 + esm.ubuntu.com:443 + files.pythonhosted.org:443 + github.com:443 + gitlab.com:443 + mirror.cveb.in:443 + mirror.cveb.in:80 + motd.ubuntu.com:443 + nvd.nist.gov:443 + osv-vulnerabilities.storage.googleapis.com:443 + packages.microsoft.com:443 + playwright.azureedge.net:443 + ppa.launchpadcontent.net:443 + pypi.org:443 + release-monitoring.org:443 + scap.nist.gov:443 + security-tracker.debian.org:443 + services.nvd.nist.gov:443 + storage.googleapis.com:443 + www.cisa.gov:443 + www.sqlite.org:443 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: '3.10' cache: 'pip' @@ -379,6 +477,8 @@ jobs: windows_long_tests: name: Windows long tests + permissions: + contents: read if: | ! github.event.pull_request.user.login == 'github-actions[bot]' || ! ( @@ -396,12 +496,12 @@ jobs: PYTHONIOENCODING: 'utf8' steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: '3.12' cache: 'pip' @@ -464,7 +564,7 @@ jobs: path: ~/conda_pkgs_dir key: ${{ runner.os }}-conda-${{ env.CACHE_NUMBER }}-${{ hashFiles('requirements.txt') }} - - uses: conda-incubator/setup-miniconda@030178870c779d9e5e1b4e563269f3aa69b04081 # v3.0.3 + - uses: conda-incubator/setup-miniconda@a4260408e20b96e80095f42ff7f1a15b27dd94ca # v3.0.4 with: auto-update-conda: true activate-environment: pdftotext @@ -481,7 +581,7 @@ jobs: - name: Test PDF generation on Windows run: pytest test/test_output_engine.py -k test_output_pdf --cov --cov-append --cov-report=xml - name: Upload code coverage to codecov - uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4.1.0 + uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1 with: files: ./coverage.xml flags: win-longtests diff --git a/.github/workflows/update-cache.yml b/.github/workflows/update-cache.yml index 590e75d122..b2e3719194 100644 --- a/.github/workflows/update-cache.yml +++ b/.github/workflows/update-cache.yml @@ -22,12 +22,12 @@ jobs: timeout-minutes: 60 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: '3.10' cache: 'pip' diff --git a/.github/workflows/update-js-dependencies.yml b/.github/workflows/update-js-dependencies.yml index d772b84036..6f20545948 100644 --- a/.github/workflows/update-js-dependencies.yml +++ b/.github/workflows/update-js-dependencies.yml @@ -22,13 +22,13 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: '3.11' @@ -54,7 +54,7 @@ jobs: run: python -m pytest -v -n auto test/test_html.py - name: Create Pull Request - uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e # v6.0.2 + uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 with: commit-message: "chore: update js dependencies" title: "chore: update js dependencies" diff --git a/.github/workflows/update-pre-commit.yml b/.github/workflows/update-pre-commit.yml index f65655c82e..da409e007f 100644 --- a/.github/workflows/update-pre-commit.yml +++ b/.github/workflows/update-pre-commit.yml @@ -22,13 +22,13 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: '3.11' @@ -48,7 +48,7 @@ jobs: python .github/workflows/update-dev-requirements.py - name: Create Pull Request - uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e # v6.0.2 + uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 with: commit-message: "chore: update pre-commit config" title: "chore: update pre-commit config" diff --git a/.github/workflows/update-spdx-header.yml b/.github/workflows/update-spdx-header.yml index f79b910e39..a0d33ee4d4 100644 --- a/.github/workflows/update-spdx-header.yml +++ b/.github/workflows/update-spdx-header.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 with: egress-policy: audit @@ -33,7 +33,7 @@ jobs: sed -i "s/[0-9]\{4\}/$(date +%Y)/" spdx_header.txt - name: Create Pull Request - uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e # v6.0.2 + uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 with: commit-message: 'chore: update spdx header' title: 'chore: update spdx header' diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 98eca8eb13..aeeaf42085 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/econchick/interrogate - rev: 1.5.0 + rev: 1.7.0 hooks: - id: interrogate verbose: True @@ -14,7 +14,7 @@ repos: exclude: ^fuzz/generated/ - repo: https://github.com/psf/black-pre-commit-mirror - rev: 24.3.0 + rev: 24.4.2 hooks: - id: black exclude: ^fuzz/generated/ @@ -45,7 +45,7 @@ repos: - id: gitlint - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.9.0 + rev: v1.10.0 hooks: - id: mypy additional_dependencies: diff --git a/README.md b/README.md index 3671d001e7..8b94c51e3c 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ CVE Binary Tool uses the NVD API but is not endorsed or certified by the NVD. The tool has two main modes of operation: -1. A binary scanner which helps you determine which packages may have been included as part of a piece of software. There are 359 checkers. Our initial focus was on common, vulnerable open source components such as openssl, libpng, libxml2 and expat. +1. A binary scanner which helps you determine which packages may have been included as part of a piece of software. There are 360 checkers. Our initial focus was on common, vulnerable open source components such as openssl, libpng, libxml2 and expat. 2. Tools for scanning known component lists in various formats, including .csv, several linux distribution package lists, language specific package scanners and several Software Bill of Materials (SBOM) formats. @@ -210,7 +210,7 @@ The following checkers are available for finding components in binary files: | | | | Available checkers | | | | -|--------------- |--------------- |------------------ |-------------- |---------------- |------------ |----------------- | +|--------------- |--------------- |------------------ |------------- |---------------- |------------ |----------------- | | accountsservice |acpid |apache_http_server |apcupsd |apparmor |asn1c |assimp | | asterisk |atftp |avahi |axel |bash |bind |binutils | | bird |bison |bluez |boinc |botan |bro |bubblewrap | @@ -258,12 +258,11 @@ The following checkers are available for finding components in binary files: | subversion |sudo |suricata |sylpheed |syslogng |sysstat |systemd | | tar |tcpdump |tcpreplay |terminology |tesseract |thrift |thttpd | | thunderbird |timescaledb |tinyproxy |tor |tpm2_tss |traceroute |transmission | -| trousers |twonky_server |u_boot |udisks |unbound |unixodbc |upx | -| util_linux |varnish |vim |vlc |vorbis_tools |vsftpd |webkitgtk | -| wget |wireshark |wolfssl |wpa_supplicant |xerces |xml2 |xscreensaver | -| xwayland |yasm |zabbix |zchunk |zeek |zlib |znc | -| zsh |zstandard | | | | | | - +| trousers |ttyd |twonky_server |u_boot |udisks |unbound |unixodbc | +| upx |util_linux |varnish |vim |vlc |vorbis_tools |vsftpd | +| webkitgtk |wget |wireshark |wolfssl |wpa_supplicant |xerces |xml2 | +| xscreensaver |xwayland |yasm |zabbix |zchunk |zeek |zlib | +| znc |zsh |zstandard | | | | | All the checkers can be found in the checkers directory, as can the diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py index e7337ba283..d9d1d59443 100644 --- a/cve_bin_tool/checkers/__init__.py +++ b/cve_bin_tool/checkers/__init__.py @@ -343,6 +343,7 @@ "traceroute", "transmission", "trousers", + "ttyd", "twonky_server", "u_boot", "udisks", diff --git a/cve_bin_tool/checkers/binutils.py b/cve_bin_tool/checkers/binutils.py index a6a0fee88e..de84b030fd 100644 --- a/cve_bin_tool/checkers/binutils.py +++ b/cve_bin_tool/checkers/binutils.py @@ -80,7 +80,7 @@ class BinutilsChecker(Checker): r"ld.bfd", # as seen on ubuntu ] VERSION_PATTERNS = [ - r"GNU Binutils[a-zA-Z ]*\) ((\d+\.)*\d+)", - r"BFD header file version %s\r?\nversion ((\d+\.)*\d+)", + r"GNU Binutils[a-zA-Z ]*\) ([0-9]+\.[0-9]+\.?[0-9]*)", + r"BFD header file version %s\r?\nversion ([0-9]+\.[0-9]+\.?[0-9]*)", ] VENDOR_PRODUCT = [("gnu", "binutils")] diff --git a/cve_bin_tool/checkers/cryptsetup.py b/cve_bin_tool/checkers/cryptsetup.py index 0275bbe12b..197b35718f 100644 --- a/cve_bin_tool/checkers/cryptsetup.py +++ b/cve_bin_tool/checkers/cryptsetup.py @@ -17,5 +17,9 @@ class CryptsetupChecker(Checker): r"Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1.", ] FILENAME_PATTERNS = [r"cryptsetup"] - VERSION_PATTERNS = [r"cryptsetup ([0-9]+\.[0-9]+\.[0-9]+)"] + VERSION_PATTERNS = [ + r"cryptsetup ([0-9]+\.[0-9]+\.[0-9]+)", + r"cryptsetup library version %s.\r?\n([0-9]+\.[0-9]+\.[0-9]+)", + r"([0-9]+\.[0-9]+\.[0-9]+)\r?\nCrypto backend \(%s\) initialized in cryptsetup", + ] VENDOR_PRODUCT = [("cryptsetup_project", "cryptsetup")] diff --git a/cve_bin_tool/checkers/openssl.py b/cve_bin_tool/checkers/openssl.py index 6c73674201..97edd4e6b3 100644 --- a/cve_bin_tool/checkers/openssl.py +++ b/cve_bin_tool/checkers/openssl.py @@ -18,7 +18,7 @@ class OpensslChecker(Checker): CONTAINS_PATTERNS = [r"part of OpenSSL", r"openssl.cnf", r"-DOPENSSL_"] FILENAME_PATTERNS = [r"libssl.so.", r"libcrypto.so"] VERSION_PATTERNS = [ - r"OpenSSL ([0-9]+\.[0-9]+\.[0-9]+[a-z]*) [a-zA-Z0-9 ]+\r?\n(?:%s \(Library: %s\)|[a-zA-Z0-9:, \-\r\n]*OPENSSLDIR|ssl)", + r"OpenSSL ([0-9]+\.[0-9]+\.[0-9]+[a-z]*) [a-zA-Z0-9 ]+\r?\n(?:%s \(Library: %s\)|[a-zA-Z0-9:, \.\-\r\n]*OPENSSLDIR|ssl)", r"%s \(Library: %s\)\r?\nOpenSSL ([0-9]+\.[0-9]+\.[0-9]+[a-z]*) [a-zA-Z0-9 ]+", ] VENDOR_PRODUCT = [("openssl", "openssl")] diff --git a/cve_bin_tool/checkers/ppp.py b/cve_bin_tool/checkers/ppp.py index 757524fcb4..828ecc05e1 100644 --- a/cve_bin_tool/checkers/ppp.py +++ b/cve_bin_tool/checkers/ppp.py @@ -5,6 +5,7 @@ """ CVE checker for point-to-point_protocol +https://www.cvedetails.com/product/2091/Samba-PPP.html?vendor_id=102 https://www.cvedetails.com/product/61854/Point-to-point-Protocol-Project-Point-to-point-Protocol.html?vendor_id=20961 """ @@ -21,4 +22,7 @@ class PppChecker(Checker): r"pppd[a-z, :%\)]*\r?\n([0-9]+\.[0-9]+\.[0-9]+)", r"([0-9]+\.[0-9]+\.[0-9]+)\r?\npppd", ] - VENDOR_PRODUCT = [("point-to-point_protocol_project", "point-to-point_protocol")] + VENDOR_PRODUCT = [ + ("point-to-point_protocol_project", "point-to-point_protocol"), + ("samba", "ppp"), + ] diff --git a/cve_bin_tool/checkers/python.py b/cve_bin_tool/checkers/python.py index 8f6fdd2495..940b0ecc89 100644 --- a/cve_bin_tool/checkers/python.py +++ b/cve_bin_tool/checkers/python.py @@ -23,5 +23,6 @@ class PythonChecker(Checker): r"pymalloc_debug\r?\n([23]+\.[0-9]+\.[0-9]+)", r"([23]+\.[0-9]+\.[0-9]+)\r?\nPython %s", r"([23]+\.[0-9]+\.[0-9]+)\r?\n%\.80s \(%\.80s\) %\.80s", + r"tags/v([23]+\.[0-9]+\.[0-9]+)\r?\nversion_info", ] VENDOR_PRODUCT = [("python_software_foundation", "python"), ("python", "python")] diff --git a/cve_bin_tool/checkers/ttyd.py b/cve_bin_tool/checkers/ttyd.py new file mode 100644 index 0000000000..02df70a52a --- /dev/null +++ b/cve_bin_tool/checkers/ttyd.py @@ -0,0 +1,20 @@ +# Copyright (C) 2024 Orange +# SPDX-License-Identifier: GPL-3.0-or-later + + +""" +CVE checker for ttyd + +https://www.cvedetails.com/product/135838/Ttyd-Project-Ttyd.html?vendor_id=29796 + +""" +from __future__ import annotations + +from cve_bin_tool.checkers import Checker + + +class TtydChecker(Checker): + CONTAINS_PATTERNS: list[str] = [] + FILENAME_PATTERNS: list[str] = [] + VERSION_PATTERNS = [r"([0-9]+\.[0-9]+\.[0-9]+)[a-z\r\n]*ttyd"] + VENDOR_PRODUCT = [("ttyd_project", "ttyd")] diff --git a/cve_bin_tool/cvedb.py b/cve_bin_tool/cvedb.py index 0c529b27df..8d21eca46a 100644 --- a/cve_bin_tool/cvedb.py +++ b/cve_bin_tool/cvedb.py @@ -60,6 +60,69 @@ class CVEDB: nvd_source.NVD_Source, # last to avoid data overwrites ] + TABLE_SCHEMAS = { + "cve_severity": """ + CREATE TABLE IF NOT EXISTS cve_severity ( + cve_number TEXT, + severity TEXT, + description TEXT, + score INTEGER, + cvss_version INTEGER, + cvss_vector TEXT, + data_source TEXT, + last_modified TIMESTAMP, + PRIMARY KEY(cve_number, data_source) + ) + """, + "cve_range": """ + CREATE TABLE IF NOT EXISTS cve_range ( + cve_number TEXT, + vendor TEXT, + product TEXT, + version TEXT, + versionStartIncluding TEXT, + versionStartExcluding TEXT, + versionEndIncluding TEXT, + versionEndExcluding TEXT, + data_source TEXT, + FOREIGN KEY(cve_number, data_source) REFERENCES cve_severity(cve_number, data_source) + ) + """, + "cve_exploited": """ + CREATE TABLE IF NOT EXISTS cve_exploited ( + cve_number TEXT, + product TEXT, + description TEXT, + PRIMARY KEY(cve_number) + ) + """, + "cve_metrics": """ + CREATE TABLE IF NOT EXISTS cve_metrics ( + cve_number TEXT, + metric_id INTEGER, + metric_score REAL, + metric_field TEXT, + FOREIGN KEY(cve_number) REFERENCES cve_severity(cve_number), + FOREIGN KEY(metric_id) REFERENCES metrics(metric_id) + ) + """, + "metrics": """ + CREATE TABLE IF NOT EXISTS metrics ( + metrics_id INTEGER, + metrics_name TEXT, + PRIMARY KEY(metrics_id) + ) + """, + } + + EMPTY_SELECT_QUERIES = { + "cve_severity": "SELECT * FROM cve_severity WHERE 1=0", + "cve_range": "SELECT * FROM cve_range WHERE 1=0", + "cve_exploited": "SELECT * FROM cve_exploited WHERE 1=0", + "cve_metrics": "SELECT * FROM cve_metrics WHERE 1=0", + "metrics": "SELECT * FROM metrics WHERE 1=0", + } + INSERT_QUERIES = { "insert_severity": """ INSERT or REPLACE INTO cve_severity( @@ -226,9 +289,15 @@ def get_cvelist_if_stale(self) -> None: severity_schema, range_schema, exploit_schema, - cve_metrics_schema, - metrics_schema, - ) = self.table_schemas() + # cve_metrics_schema, + # metrics_schema, + ) = ( + self.TABLE_SCHEMAS["cve_severity"], + self.TABLE_SCHEMAS["cve_range"], + self.TABLE_SCHEMAS["cve_exploited"], + # self.TABLE_SCHEMAS["cve_metrics"], + # self.TABLE_SCHEMAS["metrics"], + ) if ( not self.latest_schema("cve_severity", severity_schema) or not self.latest_schema("cve_range", range_schema) @@ -248,7 +317,7 @@ def latest_schema( """Check database is using latest schema""" if table_name == "": # If no table specified, check cve_range (the last one changed) - _, range_schema, __, _, _ = self.table_schemas() + range_schema = self.TABLE_SCHEMAS["cve_range"] return self.latest_schema("cve_range", range_schema) self.LOGGER.debug("Check database is using latest schema") @@ -310,69 +379,6 @@ async def get_data(self): for r in await asyncio.gather(*tasks): self.data.append(r) - def table_schemas(self): - """Returns sql commands for creating cve_severity, cve_range and cve_exploited tables.""" - cve_data_create = """ - CREATE TABLE IF NOT EXISTS cve_severity ( - cve_number TEXT, - severity TEXT, - description TEXT, - score INTEGER, - cvss_version INTEGER, - cvss_vector TEXT, - data_source TEXT, - last_modified TIMESTAMP, - PRIMARY KEY(cve_number, data_source) - ) - """ - version_range_create = """ - CREATE TABLE IF NOT EXISTS cve_range ( - cve_number TEXT, - vendor TEXT, - product TEXT, - version TEXT, - versionStartIncluding TEXT, - versionStartExcluding TEXT, - versionEndIncluding TEXT, - versionEndExcluding TEXT, - data_source TEXT, - FOREIGN KEY(cve_number, data_source) REFERENCES cve_severity(cve_number, data_source) - ) - """ - exploit_table_create = """ - CREATE TABLE IF NOT EXISTS cve_exploited ( - cve_number TEXT, - product TEXT, - description TEXT, - PRIMARY KEY(cve_number) - ) - """ - cve_metrics_table = """ - CREATE TABLE IF NOT EXISTS cve_metrics ( - cve_number TEXT, - metric_id INTEGER, - metric_score REAL, - metric_field TEXT, - FOREIGN KEY(cve_number) REFERENCES cve_severity(cve_number), - FOREIGN KEY(metric_id) REFERENCES metrics(metric_id) - ) - """ - metrics_table = """ - CREATE TABLE IF NOT EXISTS metrics ( - metrics_id INTEGER, - metrics_name TEXT, - PRIMARY KEY(metrics_id) - ) - """ - - return ( - cve_data_create, - version_range_create, - exploit_table_create, - cve_metrics_table, - metrics_table, - ) - def init_database(self) -> None: """Initialize db tables used for storing cve/version data.""" @@ -383,7 +389,13 @@ def init_database(self) -> None: exploit_table_create, cve_metrics_table_create, metrics_table_create, - ) = self.table_schemas() + ) = ( + self.TABLE_SCHEMAS["cve_severity"], + self.TABLE_SCHEMAS["cve_range"], + self.TABLE_SCHEMAS["cve_exploited"], + self.TABLE_SCHEMAS["cve_metrics"], + self.TABLE_SCHEMAS["metrics"], + ) index_range = "CREATE INDEX IF NOT EXISTS product_index ON cve_range (cve_number, vendor, product)" cursor.execute(cve_data_create) cursor.execute(version_range_create) @@ -398,7 +410,13 @@ def init_database(self) -> None: exploit_schema, cve_metrics_schema, metrics_schema, - ) = self.table_schemas() + ) = ( + self.TABLE_SCHEMAS["cve_severity"], + self.TABLE_SCHEMAS["cve_range"], + self.TABLE_SCHEMAS["cve_exploited"], + self.TABLE_SCHEMAS["cve_metrics"], + self.TABLE_SCHEMAS["metrics"], + ) # Check schema on cve_severity if not self.latest_schema("cve_severity", severity_schema, cursor): # Recreate table using latest schema @@ -831,7 +849,7 @@ def get_exploits_count(self) -> int: def create_exploit_db(self): """Create table of exploits in database if it does not already exist.""" cursor = self.db_open_and_get_cursor() - (_, _, create_exploit_table, _, _) = self.table_schemas() + create_exploit_table = self.TABLE_SCHEMAS["cve_exploited"] cursor = self.db_open_and_get_cursor() cursor.execute(create_exploit_table) self.connection.commit() @@ -1063,7 +1081,13 @@ def json_to_db_wrapper(self, path, pubkey, ignore_signature, log_signature_error exploit_table_create, cve_metrics_create, metrics_create, - ) = self.table_schemas() + ) = ( + self.TABLE_SCHEMAS["cve_severity"], + self.TABLE_SCHEMAS["cve_range"], + self.TABLE_SCHEMAS["cve_exploited"], + self.TABLE_SCHEMAS["cve_metrics"], + self.TABLE_SCHEMAS["metrics"], + ) index_range = "CREATE INDEX IF NOT EXISTS product_index ON cve_range (cve_number, vendor, product)" cursor.execute(cve_data_create) cursor.execute(version_range_create) diff --git a/cve_bin_tool/data_sources/nvd_source.py b/cve_bin_tool/data_sources/nvd_source.py index f3d66037d3..e1ad2db190 100644 --- a/cve_bin_tool/data_sources/nvd_source.py +++ b/cve_bin_tool/data_sources/nvd_source.py @@ -183,7 +183,8 @@ def parse_node(self, node: dict[str, list[dict[str, str]]]) -> list[dict[str, st if "cpe_match" in node: vulnerable_matches = (m for m in node["cpe_match"] if m["vulnerable"]) for cpe_match in vulnerable_matches: - cpe_split = cpe_match["cpe23Uri"].split(":") + # split on `:` only if it's not escaped + cpe_split = re.split(r"(? ProductInfo: urn_cdx = re.compile( r"urn:cdx:(?P.*?)\/(?P.*?)#(?P.*)" ) - + location = "location/to/product" if urn_cbt_ext_ref.match(ref): urn_dict = urn_cbt_ext_ref.match(ref).groupdict() vendor = urn_dict["vendor"] @@ -290,7 +290,9 @@ def decode_bom_ref(self, ref) -> ProductInfo: product_info = None if product is not None and self.validate_product(product): - product_info = ProductInfo(vendor.strip(), product.strip(), version.strip()) + product_info = ProductInfo( + vendor.strip(), product.strip(), version.strip(), location + ) return product_info @@ -314,7 +316,10 @@ def parse_data(self, fields: Set[str], data: Iterable) -> None: for row in data: product_info = ProductInfo( - row["vendor"].strip(), row["product"].strip(), row["version"].strip() + row["vendor"].strip(), + row["product"].strip(), + row["version"].strip(), + row.get("location", "location/to/product").strip(), ) self.parsed_data[product_info][ row.get("cve_number", "").strip() or "default" diff --git a/cve_bin_tool/merge.py b/cve_bin_tool/merge.py index cfc499c493..576bdead33 100644 --- a/cve_bin_tool/merge.py +++ b/cve_bin_tool/merge.py @@ -208,7 +208,10 @@ def parse_data_from_json( for row in json_data: product_info = ProductInfo( - row["vendor"].strip(), row["product"].strip(), row["version"].strip() + row["vendor"].strip(), + row["product"].strip(), + row["version"].strip(), + row.get("location", "location/to/product").strip(), ) parsed_data[product_info][row.get("cve_number", "").strip() or "default"] = { "remarks": Remarks(str(row.get("remarks", "")).strip()), diff --git a/cve_bin_tool/output_engine/__init__.py b/cve_bin_tool/output_engine/__init__.py index 9557855d5b..13ced56c96 100644 --- a/cve_bin_tool/output_engine/__init__.py +++ b/cve_bin_tool/output_engine/__init__.py @@ -93,6 +93,7 @@ def output_csv( "vendor", "product", "version", + "location", "cve_number", "severity", "score", @@ -918,6 +919,7 @@ def generate_sbom( sbom_relationships = [] my_package = SBOMPackage() sbom_relationship = SBOMRelationship() + # Create root package my_package.initialise() root_package = f'CVEBINTOOL-{Path(sbom_root).name.replace(".", "-")}' @@ -930,6 +932,7 @@ def generate_sbom( my_package.set_licensedeclared(license) my_package.set_licenseconcluded(license) my_package.set_supplier("UNKNOWN", "NOASSERTION") + # Store package data sbom_packages[(my_package.get_name(), my_package.get_value("version"))] = ( my_package.get_package() @@ -937,6 +940,7 @@ def generate_sbom( sbom_relationship.initialise() sbom_relationship.set_relationship(parent, "DESCRIBES", root_package) sbom_relationships.append(sbom_relationship.get_relationship()) + # Add dependent products for product_data in all_product_data: my_package.initialise() @@ -951,6 +955,8 @@ def generate_sbom( in sbom_packages and product_data.vendor == "unknown" ): + location = product_data.location + my_package.set_evidence(location) # Set location directly sbom_packages[ (my_package.get_name(), my_package.get_value("version")) ] = my_package.get_package() diff --git a/cve_bin_tool/output_engine/util.py b/cve_bin_tool/output_engine/util.py index fcbe5cc41b..ae1c8dad91 100644 --- a/cve_bin_tool/output_engine/util.py +++ b/cve_bin_tool/output_engine/util.py @@ -160,6 +160,7 @@ def format_output( "vendor": "haxx" "product": "curl", "version": "1.2.1", + "location": "/usr/local/bin/product", "cve_number": "CVE-1234-1234", "severity": "LOW", "score": "1.2", @@ -191,6 +192,7 @@ def format_output( "vendor": product_info.vendor, "product": product_info.product, "version": product_info.version, + "location": product_info.location, "cve_number": cve.cve_number, "severity": cve.severity, "score": str(cve.score), diff --git a/cve_bin_tool/parsers/__init__.py b/cve_bin_tool/parsers/__init__.py index e9cba77aaf..c3ac1fc6ed 100644 --- a/cve_bin_tool/parsers/__init__.py +++ b/cve_bin_tool/parsers/__init__.py @@ -62,18 +62,20 @@ def find_vendor(self, product, version): vendor_package_pair = self.cve_db.get_vendor_product_pairs(product) vendorlist: list[ScanInfo] = [] file_path = self.filename + location = file_path if vendor_package_pair != []: # To handle multiple vendors, return all combinations of product/vendor mappings for v in vendor_package_pair: vendor = v["vendor"] + location = v.get("location", "/usr/local/bin/product") self.logger.debug(f"{file_path} {product} {version} by {vendor}") vendorlist.append( - ScanInfo(ProductInfo(vendor, product, version), file_path) + ScanInfo(ProductInfo(vendor, product, version, location), file_path) ) else: # Add entry vendorlist.append( - ScanInfo(ProductInfo("UNKNOWN", product, version), file_path) + ScanInfo(ProductInfo("UNKNOWN", product, version, location), file_path) ) return vendorlist diff --git a/cve_bin_tool/parsers/dart.py b/cve_bin_tool/parsers/dart.py index 60fdcadae5..1903489113 100644 --- a/cve_bin_tool/parsers/dart.py +++ b/cve_bin_tool/parsers/dart.py @@ -1,6 +1,8 @@ # Copyright (C) 2024 Intel Corporation # SPDX-License-Identifier: GPL-3.0-or-later +import re + import yaml from cve_bin_tool.parsers import Parser @@ -15,6 +17,29 @@ class DartParser(Parser): def __init__(self, cve_db, logger): super().__init__(cve_db, logger) + self.purl_pkg_type = "pub" + + def generate_purl(self, product, version, vendor, qualifier={}, subpath=None): + """ + Generates PURL after normalizing all components. + pubspec: https://dart.dev/tools/pub/pubspec#name + purl-spec for pub: https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#pub + """ + # Normalize product, version, and vendor for Dart packages + product = re.sub(r"[^a-zA-Z0-9_]", "", product).lower() + version = re.sub(r"[^a-z0-9.+-]", "", version) + vendor = "UNKNOWN" # The vendor is not explicitly defined for pub packages + if not product or not version: + return None + purl = super().generate_purl( + product, + version, + vendor, + qualifier, + subpath, + ) + + return purl def run_checker(self, filename): """ diff --git a/cve_bin_tool/parsers/java.py b/cve_bin_tool/parsers/java.py index 6588f23fe3..9cb22cc6e8 100644 --- a/cve_bin_tool/parsers/java.py +++ b/cve_bin_tool/parsers/java.py @@ -57,8 +57,11 @@ def find_vendor(self, product, version): for pair in vendor_package_pair: vendor = pair["vendor"] file_path = self.filename + location = pair.get("location", "/usr/local/bin/product") self.logger.debug(f"{file_path} {product} {version} by {vendor}") - info.append(ScanInfo(ProductInfo(vendor, product, version), file_path)) + info.append( + ScanInfo(ProductInfo(vendor, product, version, location), file_path) + ) return info return None diff --git a/cve_bin_tool/parsers/php.py b/cve_bin_tool/parsers/php.py index 487d2d4390..4174d9971e 100644 --- a/cve_bin_tool/parsers/php.py +++ b/cve_bin_tool/parsers/php.py @@ -1,17 +1,45 @@ -# Copyright (C) 2022 Intel Corporation +# Copyright (C) 2024 Intel Corporation # SPDX-License-Identifier: GPL-3.0-or-later - +"""Python script containing all functionalities related to parsing of php's composer.lock files.""" import json +import re from cve_bin_tool.parsers import Parser class PhpParser(Parser): + """ + Parser for Php Composer.lock files. + This parser is designed to parse Php Composer.lock and + generate PURLs (Package URLs) for the listed packages. + """ + def __init__(self, cve_db, logger): + """Initialize the PhpParser.""" super().__init__(cve_db, logger) + self.purl_pkg_type = "composer" + + def generate_purl(self, product, version, vendor, qualifier={}, subpath=None): + """Generates PURL after normalizing all components.""" + vendor = re.sub(r"[^a-zA-Z0-9._-]", "", vendor).lower() + product = re.sub(r"[^a-zA-Z0-9._-]", "", product).lower() + version = re.sub(r"[^a-zA-Z0-9.+-]", "", version) + + if not vendor or not product or not version: + return None + + purl = super().generate_purl( + product, + version, + vendor, + qualifier, + subpath, + ) + + return purl def run_checker(self, filename): - """Process package.lock file and extract product and dependency details""" + """Process composer.lock file and extract product and dependency details""" self.filename = filename with open(self.filename) as fh: data = json.load(fh) diff --git a/cve_bin_tool/parsers/python.py b/cve_bin_tool/parsers/python.py index efcd378edd..ff8f12fe78 100644 --- a/cve_bin_tool/parsers/python.py +++ b/cve_bin_tool/parsers/python.py @@ -152,9 +152,12 @@ def run_checker(self, filename): if vendor_package_pair != []: for pair in vendor_package_pair: vendor = pair["vendor"] + location = pair.get("location", "/usr/local/bin/product") file_path = self.filename self.logger.debug(f"{file_path} is {vendor}.{product} {version}") - yield ScanInfo(ProductInfo(vendor, product, version), file_path) + yield ScanInfo( + ProductInfo(vendor, product, version, location), file_path + ) # There are packages with a METADATA file in them containing different data from what the tool expects except AttributeError: diff --git a/cve_bin_tool/parsers/r.py b/cve_bin_tool/parsers/r.py index b75abca067..32973a0889 100644 --- a/cve_bin_tool/parsers/r.py +++ b/cve_bin_tool/parsers/r.py @@ -2,15 +2,58 @@ # SPDX-License-Identifier: GPL-3.0-or-later import json +import re from cve_bin_tool.parsers import Parser class RParser(Parser): + """ + Parser implementation for R module files (renv.lock). + + This parser is designed to parse Go module files and generate Package URL (PURL) strings + based on the modules and their dependencies listed in the file. + + Attributes: + cve_db (CVEDB): The CVE database instance used for vulnerability information. + logger (Logger): The logger instance for logging messages and debugging information. + + Methods: + generate_purl(product, version, vendor): + Generates PURL after normalizing all components. + run_checker(filename): + Parse the R module file and yield valid PURLs for the modules listed in the file. + + """ + def __init__(self, cve_db, logger): super().__init__(cve_db, logger) + self.purl_pkg_type = "cran" + + def generate_purl(self, product, version, vendor, qualifier={}, subpath=None): + """Generates PURL after normalizing all components.""" + + product = re.sub(r"[^a-zA-Z0-9.-]", "", product) + version = re.sub(r"^[^a-zA-Z0-9]|[^a-zA-Z0-9.-]", "", version) + vendor = "UNKNOWN" + + if not re.match(r"^[a-zA-Z0-9_-]", product): + return + if version == "": + version = "UNKNOWN" + + purl = super().generate_purl( + product, + version, + vendor, + qualifier, + subpath, + ) + + return purl def run_checker(self, filename): + """Parse the file and yield valid PURLs.""" self.filename = filename with open(self.filename) as fh: # parse the json structure for extracting product version pairs diff --git a/cve_bin_tool/sbom_manager/__init__.py b/cve_bin_tool/sbom_manager/__init__.py index 627cec085b..f2249c9460 100644 --- a/cve_bin_tool/sbom_manager/__init__.py +++ b/cve_bin_tool/sbom_manager/__init__.py @@ -4,6 +4,7 @@ from __future__ import annotations import re +import sys from collections import defaultdict from logging import Logger from pathlib import Path @@ -15,7 +16,12 @@ from cve_bin_tool.cvedb import CVEDB from cve_bin_tool.input_engine import TriageData from cve_bin_tool.log import LOGGER -from cve_bin_tool.util import ProductInfo, Remarks +from cve_bin_tool.util import ( + ProductInfo, + Remarks, + find_product_location, + validate_location, +) from cve_bin_tool.validator import validate_cyclonedx, validate_spdx from .swid_parser import SWIDParser @@ -80,10 +86,17 @@ def common_prefix_split(self, product, version) -> list[ProductInfo]: len(common_prefix_vendor) == 1 and common_prefix_vendor[0] != "UNKNOWN" ): + location = find_product_location(common_prefix_product) + if location is None: + location = "NotFound" + if validate_location(location) is False: + raise ValueError(f"Invalid location {location} for {product}") found_common_prefix = True for vendor in common_prefix_vendor: parsed_data.append( - ProductInfo(vendor, common_prefix_product, version) + ProductInfo( + vendor, common_prefix_product, version, location + ) ) break if not found_common_prefix: @@ -97,8 +110,15 @@ def common_prefix_split(self, product, version) -> list[ProductInfo]: temp = self.get_vendor(sp) if len(temp) > 1 or (len(temp) == 1 and temp[0] != "UNKNOWN"): for vendor in temp: + location = find_product_location(sp) + if location is None: + location = "NotFound" + if validate_location(location) is False: + raise ValueError( + f"Invalid location {location} for {product}" + ) # if vendor is not None: - parsed_data.append(ProductInfo(vendor, sp, version)) + parsed_data.append(ProductInfo(vendor, sp, version, location)) return parsed_data def scan_file(self) -> dict[ProductInfo, TriageData]: @@ -139,9 +159,21 @@ def scan_file(self) -> dict[ProductInfo, TriageData]: vendor_set = self.get_vendor(product) for vendor in vendor_set: # if vendor is not None: - parsed_data.append(ProductInfo(vendor, product, version)) + location = find_product_location(product) + if location is None: + location = "NotFound" + if validate_location(location) is False: + raise ValueError(f"Invalid location {location} for {product}") + parsed_data.append(ProductInfo(vendor, product, version, location)) else: - parsed_data.append(ProductInfo(module_vendor, product, version)) + location = find_product_location(product) + if location is None: + location = "NotFound" + if validate_location(location) is False: + raise ValueError(f"Invalid location {location} for {product}") + parsed_data.append( + ProductInfo(module_vendor, product, version, location) + ) for row in parsed_data: self.sbom_data[row]["default"] = { @@ -179,19 +211,29 @@ def get_vendor(self, product: str) -> list: vendorlist.append("UNKNOWN") return vendorlist - def is_valid_purl(self, purl_string: str): + def is_valid_string(self, string_type: str, ref_string: str) -> bool: """ - Validate the PURL string is the correct form. + Validate the PURL, CPE string is the correct form. Args: - - purl_string (str): Package URL string + - ref_string (str): PURL, CPE strings + - string_type (str): ref_string type. (purl, cpe22 or cpe23) Returns: - - bool: True if the purl_string parameter is a valid purl string, False otherwise. + - bool: True if the ref_string parameter is a valid purl or cpe string, False otherwise. """ - purl_pattern = r"^(?P.+):(?P.+)/(?P.+)/(?P.+)@(?P.+)\??(?P.*)#?(?P.*)$" - return re.match(purl_pattern, purl_string) is not None + string_pattern: str + if string_type == "purl": + string_pattern = r"^(?P.+):(?P.+)/(?P.+)/(?P.+)@(?P.+)\??(?P.*)#?(?P.*)$" + + elif string_type == "cpe23": + string_pattern = r"^cpe:2\.3:[aho\*\-](:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?\!\"#\$%&'\(\)\+,\-\.\/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\*\-]))(:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?\!\"#\$%&'\(\)\+,\-\.\/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){4}" + + elif string_type == "cpe22": + string_pattern = r"^[c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9\._\-~%]*){0,6}" + + return re.match(string_pattern, ref_string) is not None def parse_sbom(self) -> [(str, str, str)]: """ @@ -271,14 +313,16 @@ def parse_ext_ref(self, ext_ref) -> (str | None, str | None, str | None): """ decoded = {} for ref in ext_ref: - if ref[1] == "cpe23Type": - decoded["cpe23Type"] = self.decode_cpe23(ref[2]) + ref_type = ref[1] + ref_string = ref[2] + if ref_type == "cpe23Type" and self.is_valid_string("cpe23", ref_string): + decoded["cpe23Type"] = self.decode_cpe23(ref_string) - elif ref[1] == "cpe22Type": - decoded["cpe22Type"] = self.decode_cpe22(ref[2]) + elif ref_type == "cpe22Type" and self.is_valid_string("cpe22", ref_string): + decoded["cpe22Type"] = self.decode_cpe22(ref_string) - elif ref[1] == "purl": - decoded["purl"] = self.decode_purl(ref[2]) + elif ref_type == "purl" and self.is_valid_string("purl", ref_string): + decoded["purl"] = self.decode_purl(ref_string) # No ext-ref matches, return none return decoded.get( @@ -298,7 +342,9 @@ def decode_cpe22(self, cpe22) -> (str | None, str | None, str | None): information extracted from the CPE 2.2 string, or None if the information is incomplete. """ - cpe = cpe22.split(":") + + # split on `:` only if it's not escaped + cpe = re.split(r"(? (str | None, str | None, str | None): information extracted from the CPE 2.3 string, or None if the information is incomplete. """ - cpe = cpe23.split(":") + + # split on `:` only if it's not escaped + cpe = re.split(r"(? (str | None, str | None, str | None): vendor = None # Because the vendor and product identifiers in the purl don't always align product = None # with the CVE DB, only the version is parsed. version = None - if self.is_valid_purl(purl): - # Process purl identifier - purl_info = PackageURL.from_string(purl).to_dict() - version = purl_info.get("version") + # Process purl identifier + purl_info = PackageURL.from_string(purl).to_dict() + version = purl_info.get("version") return [vendor or None, product or None, version or None] if __name__ == "__main__": - import sys file = sys.argv[1] sbom = SBOMManager(file) diff --git a/cve_bin_tool/sbom_manager/cyclonedx_parser.py b/cve_bin_tool/sbom_manager/cyclonedx_parser.py deleted file mode 100644 index 4ee45b245b..0000000000 --- a/cve_bin_tool/sbom_manager/cyclonedx_parser.py +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright (C) 2021 Anthony Harrison -# SPDX-License-Identifier: GPL-3.0-or-later - -from __future__ import annotations - -import json - -import defusedxml.ElementTree as ET - -from cve_bin_tool.validator import validate_cyclonedx - - -class CycloneParser: - def __init__(self, validate: bool = True): - self.validate = validate - self.components_supported = [ - "library", - "application", - "operating-system", - "framework", - ] - - def parse(self, sbom_file: str) -> list[list[str]]: - """parses CycloneDX BOM file extracting package name and version""" - # Supported cyclonedx_type = [".json", ".xml"] - if sbom_file.endswith("json"): - return self.parse_cyclonedx_json(sbom_file) - elif sbom_file.endswith(".xml"): - return self.parse_cyclonedx_xml(sbom_file) - else: - return [] - - def parse_cyclonedx_json(self, sbom_file: str) -> list[list[str]]: - """parses CycloneDX JSON BOM file extracting package name and version""" - data = json.load(open(sbom_file)) - modules: list[list[str]] = [] - for d in data["components"]: - if d["type"] in self.components_supported: - package = d["name"] - version = d["version"] - modules.append([package, version]) - - return modules - - def parse_cyclonedx_xml(self, sbom_file: str) -> list[list[str]]: - """parses CycloneDX XML BOM file extracting package name and version""" - modules: list[list[str]] = [] - if self.validate and not validate_cyclonedx(sbom_file): - return modules - tree = ET.parse(sbom_file) - # Find root element - root = tree.getroot() - # Extract schema - schema = root.tag[: root.tag.find("}") + 1] - # schema = '{http://cyclonedx.org/schema/bom/1.3}' - print("Schema", schema) - for components in root.findall(schema + "components"): - for component in components.findall(schema + "component"): - # Only for application and library components - if component.attrib["type"] in self.components_supported: - component_name = component.find(schema + "name") - if component_name is None: - raise KeyError(f"Could not find package in {component}") - package = component_name.text - if package is None: - raise KeyError(f"Could not find package in {component}") - component_version = component.find(schema + "version") - if component_version is None: - raise KeyError(f"Could not find version in {component}") - version = component_version.text - if version is not None: - modules.append([package, version]) - return modules - - -if __name__ == "__main__": - import sys - - cyclone = CycloneParser() - file = sys.argv[1] - # cyclone.parse_cyclonedx_json(file) - cyclone.parse_cyclonedx_xml(file) - print("And again....") - # Should get same results.... - cyclone.parse(file) diff --git a/cve_bin_tool/sbom_manager/spdx_parser.py b/cve_bin_tool/sbom_manager/spdx_parser.py deleted file mode 100644 index 4ef399991a..0000000000 --- a/cve_bin_tool/sbom_manager/spdx_parser.py +++ /dev/null @@ -1,163 +0,0 @@ -# Copyright (C) 2021 Anthony Harrison -# SPDX-License-Identifier: GPL-3.0-or-later - -from __future__ import annotations - -import json -import re - -import defusedxml.ElementTree as ET -import yaml - -from cve_bin_tool.log import LOGGER -from cve_bin_tool.validator import validate_spdx - - -class SPDXParser: - def __init__(self, validate: bool = True): - self.validate = validate - - def parse(self, sbom_file: str) -> list[list[str]]: - """parses SPDX BOM file extracting package name and version""" - # Supported spdx_type = [".spdx", ".spdx.json", ".spdx.rdf", ".spdx.xml" , ".spdx.yaml", ".spdx.yml" ] - if sbom_file.endswith(".spdx"): - return self.parse_spdx_tag(sbom_file) - elif sbom_file.endswith(".spdx.json"): - return self.parse_spdx_json(sbom_file) - elif sbom_file.endswith(".spdx.rdf"): - return self.parse_spdx_rdf(sbom_file) - elif sbom_file.endswith(".spdx.xml"): - return self.parse_spdx_xml(sbom_file) - elif sbom_file.endswith((".spdx.yaml", "spdx.yml")): - return self.parse_spdx_yaml(sbom_file) - else: - return [] - - def parse_spdx_tag(self, sbom_file: str) -> list[list[str]]: - """parses SPDX tag value BOM file extracting package name and version""" - with open(sbom_file) as f: - lines = f.readlines() - modules: list[list[str]] = [] - package = "" - for line in lines: - line_elements = line.split(":") - if line_elements[0] == "PackageName": - package = line_elements[1].strip().rstrip("\n") - version = None - if line_elements[0] == "PackageVersion": - # Version may contain : - version = line[16:].strip().rstrip("\n") - version = version.split("-")[0] - version = version.split("+")[0] - modules.append([package, version]) - - return modules - - def parse_spdx_json(self, sbom_file: str) -> list[list[str]]: - """parses SPDX JSON BOM file extracting package name and version""" - data = json.load(open(sbom_file)) - modules: list[list[str]] = [] - for d in data["packages"]: - package = d["name"] - try: - version = d["versionInfo"] - modules.append([package, version]) - except KeyError as e: - LOGGER.debug(e, exc_info=True) - - return modules - - def parse_spdx_rdf(self, sbom_file: str) -> list[list[str]]: - """parses SPDX RDF BOM file extracting package name and version""" - with open(sbom_file) as f: - lines = f.readlines() - modules: list[list[str]] = [] - package = "" - for line in lines: - try: - if line.strip().startswith(""): - stripped_line = line.strip().rstrip("\n") - package_match = re.search( - "(.+?)", stripped_line - ) - if not package_match: - raise KeyError(f"Could not find package in {stripped_line}") - package = package_match.group(1) - version = None - elif line.strip().startswith(""): - stripped_line = line.strip().rstrip("\n") - version_match = re.search( - "(.+?)", stripped_line - ) - if not version_match: - raise KeyError(f"Could not find version in {stripped_line}") - version = version_match.group(1) - modules.append([package, version]) - except KeyError as e: - LOGGER.debug(e, exc_info=True) - - return modules - - def parse_spdx_yaml(self, sbom_file: str) -> list[list[str]]: - """parses SPDX YAML BOM file extracting package name and version""" - data = yaml.safe_load(open(sbom_file)) - - modules: list[list[str]] = [] - for d in data["packages"]: - package = d["name"] - try: - version = d["versionInfo"] - modules.append([package, version]) - except KeyError as e: - LOGGER.debug(e, exc_info=True) - - return modules - - def parse_spdx_xml(self, sbom_file: str) -> list[list[str]]: - """parses SPDX XML BOM file extracting package name and version""" - # XML is experimental in SPDX 2.2 - modules: list[list[str]] = [] - if self.validate and not validate_spdx(sbom_file): - return modules - tree = ET.parse(sbom_file) - # Find root element - root = tree.getroot() - # Extract schema - schema = root.tag[: root.tag.find("}") + 1] - - for component in root.findall(schema + "packages"): - try: - package_match = component.find(schema + "name") - if package_match is None: - raise KeyError(f"Could not find package in {component}") - package = package_match.text - if package is None: - raise KeyError(f"Could not find package in {component}") - version_match = component.find(schema + "versionInfo") - if version_match is None: - raise KeyError(f"Could not find version in {component}") - version = version_match.text - if version is None: - raise KeyError(f"Could not find version in {component}") - modules.append([package, version]) - except KeyError as e: - LOGGER.debug(e, exc_info=True) - - return modules - - -if __name__ == "__main__": - import sys - - spdx = SPDXParser() - file = sys.argv[1] - # spdx.parse_TAG(file) - # print(spdx.parse_sbom(file)) - # spdx.parse_spdx_tag(file) - # spdx.parse_spdx_rdf(file) - # spdx.parse_spdx_json(file) - # spdx.parse_spdx_yaml(file) - spdx.parse_spdx_xml(file) - print("And again....") - # Should get same results.... - spdx.parse(file) diff --git a/cve_bin_tool/util.py b/cve_bin_tool/util.py index c0fb0ceac3..6c9d5b247c 100644 --- a/cve_bin_tool/util.py +++ b/cve_bin_tool/util.py @@ -6,6 +6,7 @@ import fnmatch import os +import re import sys from enum import Enum from pathlib import Path @@ -153,11 +154,13 @@ class ProductInfo(NamedTuple): vendor: str product: str version: str + location: str """ vendor: str product: str version: str + location: str class ScanInfo(NamedTuple): @@ -283,6 +286,52 @@ def make_http_requests(attribute, **kwargs): LOGGER.error(ve) +def find_product_location(product_name): + """ + Find the location of a product in the system. + Returns the location of the product if found, None otherwise. + """ + for path in sys.path: + product_location = Path(path) / product_name + if product_location.exists(): + return str(product_location) + parts = product_name.split("-") + for part in parts: + product_location = Path(path) / part + if product_location.exists(): + return str(product_location) + + known_installation_directories = [ + "/usr/local/bin", + "/usr/local/sbin", + "/usr/bin", + "/opt", + "/usr/sbin", + "/usr/local/lib", + "/usr/lib", + "/usr/local/share", + "/usr/share", + "/usr/local/include", + "/usr/include", + ] + + for directory in known_installation_directories: + product_location = Path(directory) / product_name + if product_location.exists(): + return str(product_location) + + return None + + +def validate_location(location: str) -> bool: + """ + Validates the location. + Returns True if the location is valid, False otherwise. + """ + pattern = r"^(?!https?:\/\/)(?=.*[\\/])(?!.*@)[a-zA-Z0-9_\-\\\/\s]+|NotFound$" + return bool(re.match(pattern, location)) + + class DirWalk: """ for filename in DirWalk('*.c').walk(roots): @@ -315,7 +364,7 @@ def walk(self, roots: list[str] | None = None) -> Iterator[str]: for root in roots: for dirpath, dirnames, filenames in os.walk(root): # Filters - for filename in filenames: + for filename in filenames.copy(): try: if ( not self.pattern_match( diff --git a/cve_bin_tool/version.py b/cve_bin_tool/version.py index 67009f937c..415fd6e2ec 100644 --- a/cve_bin_tool/version.py +++ b/cve_bin_tool/version.py @@ -8,7 +8,7 @@ from cve_bin_tool.log import LOGGER from cve_bin_tool.util import make_http_requests -VERSION: str = "3.3rc2" +VERSION: str = "3.3.1dev0" HTTP_HEADERS: dict = { "User-Agent": f"cve-bin-tool/{VERSION} (https://github.com/intel/cve-bin-tool/)", diff --git a/cve_bin_tool/version_scanner.py b/cve_bin_tool/version_scanner.py index bc4ee4704a..29b27d56e8 100644 --- a/cve_bin_tool/version_scanner.py +++ b/cve_bin_tool/version_scanner.py @@ -17,7 +17,14 @@ from cve_bin_tool.log import LOGGER from cve_bin_tool.parsers.parse import parse, valid_files from cve_bin_tool.strings import parse_strings -from cve_bin_tool.util import DirWalk, ProductInfo, ScanInfo, inpath +from cve_bin_tool.util import ( + DirWalk, + ProductInfo, + ScanInfo, + find_product_location, + inpath, + validate_location, +) if sys.version_info >= (3, 10): from importlib import metadata as importlib_metadata @@ -246,7 +253,7 @@ def run_checkers(self, filename: str, lines: str) -> Iterator[ScanInfo]: """process a Set of checker objects, run them on file lines, and yield information about detected products and versions. It uses logging to provide debug and error information along the way.""" - + LOGGER.info(f"filename = {filename}") # tko for dummy_checker_name, checker in self.checkers.items(): checker = checker() @@ -277,8 +284,16 @@ def run_checkers(self, filename: str, lines: str) -> Iterator[ScanInfo]: f'{file_path} {result["is_or_contains"]} {dummy_checker_name} {version}' ) for vendor, product in checker.VENDOR_PRODUCT: + location = find_product_location(product) + if location is None: + location = "NotFound" + if validate_location(location) is False: + raise ValueError( + f"Invalid location {location} for {product}" + ) yield ScanInfo( - ProductInfo(vendor, product, version), file_path + ProductInfo(vendor, product, version, location), + file_path, ) self.logger.debug(f"Done scanning file: {filename}") diff --git a/dev-requirements.txt b/dev-requirements.txt index 7ce04221f1..25834c70a0 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -1,14 +1,14 @@ -black==24.3.0 +black==24.4.2 isort; python_version < "3.8" isort==5.13.2; python_version >= "3.8" pre-commit; python_version <= "3.8" -pre-commit==3.7.0; python_version > "3.8" +pre-commit==3.7.1; python_version > "3.8" flake8; python_version < "3.8" flake8==7.0.0; python_version >= "3.8" bandit==1.7.8 gitlint==v0.19.1 interrogate -mypy==v1.9.0 +mypy==v1.10.0 pytest>=7.2.0 pytest-xdist pytest-cov diff --git a/doc/MANUAL.md b/doc/MANUAL.md index 284523e8ce..559c1fa6a6 100644 --- a/doc/MANUAL.md +++ b/doc/MANUAL.md @@ -206,7 +206,7 @@ which is useful if you're trying the latest code from | | | | Available checkers | | | | -|--------------- |--------------- |------------------ |-------------- |---------------- |------------ |----------------- | +|--------------- |--------------- |------------------ |------------- |---------------- |------------ |----------------- | | accountsservice |acpid |apache_http_server |apcupsd |apparmor |asn1c |assimp | | asterisk |atftp |avahi |axel |bash |bind |binutils | | bird |bison |bluez |boinc |botan |bro |bubblewrap | @@ -254,11 +254,11 @@ which is useful if you're trying the latest code from | subversion |sudo |suricata |sylpheed |syslogng |sysstat |systemd | | tar |tcpdump |tcpreplay |terminology |tesseract |thrift |thttpd | | thunderbird |timescaledb |tinyproxy |tor |tpm2_tss |traceroute |transmission | -| trousers |twonky_server |u_boot |udisks |unbound |unixodbc |upx | -| util_linux |varnish |vim |vlc |vorbis_tools |vsftpd |webkitgtk | -| wget |wireshark |wolfssl |wpa_supplicant |xerces |xml2 |xscreensaver | -| xwayland |yasm |zabbix |zchunk |zeek |zlib |znc | -| zsh |zstandard | | | | | | +| trousers |ttyd |twonky_server |u_boot |udisks |unbound |unixodbc | +| upx |util_linux |varnish |vim |vlc |vorbis_tools |vsftpd | +| webkitgtk |wget |wireshark |wolfssl |wpa_supplicant |xerces |xml2 | +| xscreensaver |xwayland |yasm |zabbix |zchunk |zeek |zlib | +| znc |zsh |zstandard | | | | | For a quick overview of usage and how it works, you can also see [the readme file](README.md). diff --git a/doc/requirements.txt b/doc/requirements.txt index 8b30cb8b81..1b9becbd88 100644 --- a/doc/requirements.txt +++ b/doc/requirements.txt @@ -1,5 +1,5 @@ -Sphinx==7.2.6 +Sphinx==7.3.7 sphinx_markdown_tables -myst_parser==2.0.0 +myst_parser==3.0.1 sbom2doc -pillow>=10.0.1 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file +pillow>=10.3.0 # not directly required, pinned by Snyk to avoid a vulnerability diff --git a/fuzz/fuzz_cargo_lock.py b/fuzz/fuzz_cargo_lock.py index 1b4794d0fe..6adcb18da9 100644 --- a/fuzz/fuzz_cargo_lock.py +++ b/fuzz/fuzz_cargo_lock.py @@ -85,7 +85,7 @@ def TestParseData(data, cve_db, logger, tmpdir): def main(): - tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-") + tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-FUZZ_RUST") try: atheris_libprotobuf_mutator.Setup( sys.argv, diff --git a/fuzz/fuzz_composer_lock.py b/fuzz/fuzz_composer_lock.py index 2ddf27eeda..37476e30aa 100644 --- a/fuzz/fuzz_composer_lock.py +++ b/fuzz/fuzz_composer_lock.py @@ -132,7 +132,7 @@ def TestParseData(data, cve_db, logger, tmpdir): def main(): """Main Function to Run Fuzzing and Facilitate Tempfile cleanup.""" - tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-fuzz-php") + tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-FUZZ_PHP") try: atheris_libprotobuf_mutator.Setup( sys.argv, diff --git a/fuzz/fuzz_cpanfile.py b/fuzz/fuzz_cpanfile.py index 0802c2c849..0447822156 100644 --- a/fuzz/fuzz_cpanfile.py +++ b/fuzz/fuzz_cpanfile.py @@ -92,7 +92,7 @@ def TestParseData(data, cve_db, logger, tmpdir): def main(): """Main Function to Run Fuzzing and Facilitate Tempfile cleanup.""" - tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-fuzz-perl") + tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-FUZZ_PERL") try: atheris_libprotobuf_mutator.Setup( sys.argv, diff --git a/fuzz/fuzz_cyclonedx.py b/fuzz/fuzz_cyclonedx.py index 0410047439..535e48419f 100644 --- a/fuzz/fuzz_cyclonedx.py +++ b/fuzz/fuzz_cyclonedx.py @@ -58,7 +58,8 @@ def TestParseData(data): file_path = str( - Path(tempfile.mkdtemp(prefix="cve-bin-tool-")) / "test_intermediate.json" + Path(tempfile.mkdtemp(prefix="cve-bin-tool-FUZZ_CYCLONEDX")) + / "test_intermediate.json" ) atheris_libprotobuf_mutator.Setup(sys.argv, TestParseData, proto=cyclonedx_pb2.Cyclone) atheris.Fuzz() diff --git a/fuzz/fuzz_gemfile_lock.py b/fuzz/fuzz_gemfile_lock.py index efc0e203d9..6daff643e8 100644 --- a/fuzz/fuzz_gemfile_lock.py +++ b/fuzz/fuzz_gemfile_lock.py @@ -106,7 +106,7 @@ def TestParseData(data, cve_db, logger, tmpdir): def main(): - tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-fuzz-ruby-") + tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-FUZZ_RUBY") try: atheris_libprotobuf_mutator.Setup( diff --git a/fuzz/fuzz_go.py b/fuzz/fuzz_go.py index 95d73d3974..9955e58b72 100644 --- a/fuzz/fuzz_go.py +++ b/fuzz/fuzz_go.py @@ -89,7 +89,7 @@ def TestParseData(data, cve_db, logger, tmpdir): def main(): """Main Function to Run Fuzzing and Facilitate Tempfile cleanup.""" - tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-") + tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-FUZZ_GO") try: atheris_libprotobuf_mutator.Setup( sys.argv, diff --git a/fuzz/fuzz_intermediate_report_merge.py b/fuzz/fuzz_intermediate_report_merge.py index 800e1d2cf8..6da76e3ad8 100644 --- a/fuzz/fuzz_intermediate_report_merge.py +++ b/fuzz/fuzz_intermediate_report_merge.py @@ -45,7 +45,8 @@ def TestParseData(data): file_path = str( - Path(tempfile.mkdtemp(prefix="cve-bin-tool-")) / "test_intermediate.json" + Path(tempfile.mkdtemp(prefix="cve-bin-tool-FUZZ_INTERMEDIATE_REPORT")) + / "test_intermediate.json" ) atheris_libprotobuf_mutator.Setup( sys.argv, TestParseData, proto=intermediate_report_pb2.IntermediateReport diff --git a/fuzz/fuzz_package_list_parser.py b/fuzz/fuzz_package_list_parser.py index 1f20968e2c..419fb8dae7 100644 --- a/fuzz/fuzz_package_list_parser.py +++ b/fuzz/fuzz_package_list_parser.py @@ -66,7 +66,7 @@ def TestPackageData(data): TestListParser(str(tempdir / "test_requirements.txt"), with_version) -tempdir = Path(tempfile.mkdtemp(prefix="cve-bin-tool-")) +tempdir = Path(tempfile.mkdtemp(prefix="cve-bin-tool-FUZZ_PACKAGE_LIST")) atheris_libprotobuf_mutator.Setup( sys.argv, TestPackageData, proto=packages_pb2.PackageList ) diff --git a/fuzz/fuzz_package_lock.py b/fuzz/fuzz_package_lock.py index 369591c1b8..5b3a3316ac 100644 --- a/fuzz/fuzz_package_lock.py +++ b/fuzz/fuzz_package_lock.py @@ -86,7 +86,9 @@ def TestParseData(data): return -file_path = str(Path(tempfile.mkdtemp(prefix="cve-bin-tool-")) / "package_lock.json") +file_path = str( + Path(tempfile.mkdtemp(prefix="cve-bin-tool-FUZZ_JAVASCRIPT")) / "package_lock.json" +) atheris_libprotobuf_mutator.Setup( sys.argv, TestParseData, proto=package_lock_pb2.PackageLock diff --git a/fuzz/fuzz_package_resolved.py b/fuzz/fuzz_package_resolved.py index eb2676777f..a7a27dfc88 100644 --- a/fuzz/fuzz_package_resolved.py +++ b/fuzz/fuzz_package_resolved.py @@ -70,7 +70,10 @@ def TestParseData(data): return -file_path = str(Path(tempfile.mkdtemp(prefix="cve-bin-tool-")) / "Package.resolved") +file_path = str( + Path(tempfile.mkdtemp(prefix="cve-bin-tool-FUZZ_PACKAGE_RESOLVED")) + / "Package.resolved" +) atheris_libprotobuf_mutator.Setup( sys.argv, TestParseData, proto=package_resolved_pb2.PackageResolved diff --git a/fuzz/fuzz_pkg_info.py b/fuzz/fuzz_pkg_info.py index c716b9c538..bab4aacfa5 100644 --- a/fuzz/fuzz_pkg_info.py +++ b/fuzz/fuzz_pkg_info.py @@ -90,7 +90,7 @@ def TestParseData(data, cve_db, logger, tmpdir): def main(): """Main Function to Run Fuzzing and Facilitate Tempfile cleanup.""" - tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-fuzz-python") + tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-FUZZ_PYTHON") try: atheris_libprotobuf_mutator.Setup( sys.argv, diff --git a/fuzz/fuzz_pom_xml.py b/fuzz/fuzz_pom_xml.py index 3845d40099..a4e090753f 100644 --- a/fuzz/fuzz_pom_xml.py +++ b/fuzz/fuzz_pom_xml.py @@ -116,7 +116,7 @@ def TestParseData(data, cve_db, logger, tmpdir): def main(): """Main Function to Run Fuzzing and Facilitate Tempfile cleanup.""" - tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-") + tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-FUZZ_JAVA") try: atheris_libprotobuf_mutator.Setup( sys.argv, diff --git a/fuzz/fuzz_pubspec_lock.py b/fuzz/fuzz_pubspec_lock.py index 7b5e4a0dd5..992573051d 100644 --- a/fuzz/fuzz_pubspec_lock.py +++ b/fuzz/fuzz_pubspec_lock.py @@ -77,7 +77,7 @@ def TestParseData(data, cve_db, logger, tmpdir): def main(): """Main Function to Run Fuzzing and Facilitate Tempfile cleanup.""" - tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-") + tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-FUZZ_DART") try: atheris_libprotobuf_mutator.Setup( sys.argv, diff --git a/fuzz/fuzz_python_requirement_parser.py b/fuzz/fuzz_python_requirement_parser.py index ae4f7e130e..84ca040baf 100644 --- a/fuzz/fuzz_python_requirement_parser.py +++ b/fuzz/fuzz_python_requirement_parser.py @@ -62,7 +62,7 @@ def TestParseData(data, cve_db, logger, tmpdir): def main(): """Main Function to Run Fuzzing and Facilitate Tempfile cleanup.""" - tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-fuzz-python-requirements") + tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-FUZZ_PYTHON_REQUIREMENTS") try: atheris_libprotobuf_mutator.Setup( sys.argv, diff --git a/fuzz/fuzz_renv_lock.py b/fuzz/fuzz_renv_lock.py index 113a598746..7092b53ead 100644 --- a/fuzz/fuzz_renv_lock.py +++ b/fuzz/fuzz_renv_lock.py @@ -102,7 +102,7 @@ def TestParseData(data, cve_db, logger, tmpdir): """ file_path = os.path.join(tmpdir, "renv.lock") try: - RenvLockBuilder(data) + RenvLockBuilder(data, file_path) r_parser = RParser(cve_db, logger) r_parser.run_checker(file_path) @@ -113,7 +113,7 @@ def TestParseData(data, cve_db, logger, tmpdir): def main(): """Main Function to Run Fuzzing and Facilitate Tempfile cleanup.""" - tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-fuzz-renv-") + tmpdir = tempfile.mkdtemp(prefix="cve-bin-tool-FUZZ_R") try: atheris_libprotobuf_mutator.Setup( sys.argv, diff --git a/requirements.txt b/requirements.txt index c48ef39f99..f451373438 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -aiohttp[speedups]>=3.7.4 +aiohttp[speedups]>=3.9.2 beautifulsoup4 cvss defusedxml @@ -9,7 +9,7 @@ importlib_metadata>=3.6; python_version < "3.10" importlib_resources; python_version < "3.9" jinja2>=2.11.3 jsonschema>=3.0.2 -lib4sbom>=0.5.0 +lib4sbom>=0.7.0 python-gnupg packageurl-python packaging diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index c548c4f58a..ec256e7177 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -1,11 +1,11 @@ { - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.5", - "serialNumber": "urn:uuid:79978f8b-4ad4-4c3f-94e4-e9417350c20a", + "specVersion": "1.6", + "serialNumber": "urn:uuid:f7285934-6771-420a-9951-5901142b3594", "version": 1, "metadata": { - "timestamp": "2024-04-08T00:27:53Z", + "timestamp": "2024-05-13T00:28:49Z", "tools": { "components": [ { @@ -26,7 +26,7 @@ "type": "application", "bom-ref": "1-cve-bin-tool", "name": "cve-bin-tool", - "version": "3.3rc2", + "version": "3.3.1.dev0", "supplier": { "name": "Terri Oda", "contact": [ @@ -35,14 +35,8 @@ } ] }, - "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:*:*:*:*:*", "description": "CVE Binary Checker Tool", - "hashes": [ - { - "alg": "SHA-1", - "content": "c491590aeea36235930d1c6b8480d2489a470ece" - } - ], "licenses": [ { "license": { @@ -53,12 +47,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cve-bin-tool/3.3rc2", + "url": "https://pypi.org/project/cve-bin-tool/3.3.1.dev0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cve-bin-tool@3.3rc2", + "purl": "pkg:pypi/cve-bin-tool@3.3.1.dev0", "properties": [ { "name": "language", @@ -74,7 +68,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.9.3", + "version": "3.9.5", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -86,12 +80,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/aiohttp/3.9.3", + "url": "https://pypi.org/project/aiohttp/3.9.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.9.3", + "purl": "pkg:pypi/aiohttp@3.9.5", "properties": [ { "name": "language", @@ -356,7 +350,7 @@ "type": "library", "bom-ref": "9-idna", "name": "idna", - "version": "3.6", + "version": "3.7", "supplier": { "name": "Kim Davies", "contact": [ @@ -365,16 +359,22 @@ } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:*", "description": "Internationalized Domain Names in Applications (IDNA)", + "hashes": [ + { + "alg": "SHA-1", + "content": "1d365e17e10d72d0b7876316fc7b9ca0eebdd38d" + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/idna/3.6", + "url": "https://pypi.org/project/idna/3.7", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/idna@3.6", + "purl": "pkg:pypi/idna@3.7", "properties": [ { "name": "language", @@ -472,7 +472,7 @@ "type": "library", "bom-ref": "12-cvss", "name": "cvss", - "version": "3.0", + "version": "3.1", "supplier": { "name": "Stanislav Red Hat Product Security", "contact": [ @@ -481,12 +481,12 @@ } ] }, - "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", "hashes": [ { "alg": "SHA-1", - "content": "c637e63a16b7411c6135b5ae8bb5408d06d89b41" + "content": "e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475" } ], "licenses": [ @@ -499,12 +499,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cvss/3.0", + "url": "https://pypi.org/project/cvss/3.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cvss@3.0", + "purl": "pkg:pypi/cvss@3.1", "properties": [ { "name": "language", @@ -658,7 +658,7 @@ "type": "library", "bom-ref": "16-gsutil", "name": "gsutil", - "version": "5.27", + "version": "5.29", "supplier": { "name": "Google Inc .", "contact": [ @@ -667,7 +667,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.29:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -679,12 +679,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gsutil/5.27", + "url": "https://pypi.org/project/gsutil/5.29", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.27", + "purl": "pkg:pypi/gsutil@5.29", "properties": [ { "name": "language", @@ -700,7 +700,7 @@ "type": "library", "bom-ref": "17-argcomplete", "name": "argcomplete", - "version": "3.2.3", + "version": "3.3.0", "supplier": { "name": "Andrey Kislyuk", "contact": [ @@ -709,8 +709,14 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:*", "description": "Bash tab completion for argparse", + "hashes": [ + { + "alg": "SHA-1", + "content": "c7cc834df1fddcf94bd35b740fef7c7ab8e9c350" + } + ], "licenses": [ { "license": { @@ -721,12 +727,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/argcomplete/3.2.3", + "url": "https://pypi.org/project/argcomplete/3.3.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/argcomplete@3.2.3", + "purl": "pkg:pypi/argcomplete@3.3.0", "properties": [ { "name": "language", @@ -827,7 +833,7 @@ "type": "library", "bom-ref": "20-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", - "version": "3.0", + "version": "3.2", "supplier": { "name": "Google Inc .", "contact": [ @@ -836,7 +842,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*", "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.", "licenses": [ { @@ -848,12 +854,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.0", + "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.0", + "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2", "properties": [ { "name": "language", @@ -915,23 +921,23 @@ }, { "type": "library", - "bom-ref": "22-google-reauth", - "name": "google-reauth", - "version": "0.1.1", + "bom-ref": "22-google-auth", + "name": "google-auth", + "version": "2.17.0", "supplier": { - "name": "Google", + "name": "Google Cloud Platform", "contact": [ { - "email": "googleapis-publisher@google.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", - "description": "Google Reauth Library", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library", "hashes": [ { "alg": "SHA-1", - "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" + "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243" } ], "licenses": [ @@ -944,12 +950,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/google-reauth/0.1.1", + "url": "https://pypi.org/project/google-auth/2.17.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-reauth@0.1.1", + "purl": "pkg:pypi/google-auth@2.17.0", "properties": [ { "name": "language", @@ -963,23 +969,149 @@ }, { "type": "library", - "bom-ref": "23-pyu2f", - "name": "pyu2f", - "version": "0.1.5", + "bom-ref": "23-cachetools", + "name": "cachetools", + "version": "5.3.3", "supplier": { - "name": "Google Inc .", + "name": "Thomas Kemmer", "contact": [ { - "email": "pyu2f-team@google.com" + "email": "tkemmer@computer.org" } ] }, - "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", - "description": "U2F host library for interacting with a U2F device over USB.", + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*", + "description": "Extensible memoizing collections and decorators", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/cachetools/5.3.3", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/cachetools@5.3.3", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.10.14" + } + ] + }, + { + "type": "library", + "bom-ref": "24-pyasn1-modules", + "name": "pyasn1-modules", + "version": "0.4.0", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*", + "description": "A collection of ASN.1-based protocols modules", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/pyasn1-modules@0.4.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.10.14" + } + ] + }, + { + "type": "library", + "bom-ref": "25-pyasn1", + "name": "pyasn1", + "version": "0.6.0", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*", + "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause", + "url": "https://opensource.org/licenses/BSD-2-Clause" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/pyasn1/0.6.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/pyasn1@0.6.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.10.14" + } + ] + }, + { + "type": "library", + "bom-ref": "26-rsa", + "name": "rsa", + "version": "4.7.2", + "supplier": { + "name": "Sybren A . Stuvel", + "contact": [ + { + "email": "sybren@stuvel.eu" + } + ] + }, + "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", + "description": "Pure-Python RSA implementation", "hashes": [ { "alg": "SHA-1", - "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" } ], "licenses": [ @@ -992,12 +1124,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyu2f/0.1.5", + "url": "https://pypi.org/project/rsa/4.7.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyu2f@0.1.5", + "purl": "pkg:pypi/rsa@4.7.2", "properties": [ { "name": "language", @@ -1011,7 +1143,7 @@ }, { "type": "library", - "bom-ref": "24-six", + "bom-ref": "27-six", "name": "six", "version": "1.16.0", "supplier": { @@ -1059,41 +1191,40 @@ }, { "type": "library", - "bom-ref": "25-httplib2", - "name": "httplib2", - "version": "0.20.4", + "bom-ref": "28-google-auth-httplib2", + "name": "google-auth-httplib2", + "version": "0.2.0", "supplier": { - "name": "Joe Gregorio", + "name": "Google Cloud Platform", "contact": [ { - "email": "joe@bitworking.org" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", - "description": "A comprehensive HTTP client library.", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", "hashes": [ { "alg": "SHA-1", - "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4" + "content": "932ac88800dd6de004c1bd59867831ccf033f031" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/httplib2/0.20.4", + "url": "https://pypi.org/project/google-auth-httplib2/0.2.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/httplib2@0.20.4", + "purl": "pkg:pypi/google-auth-httplib2@0.2.0", "properties": [ { "name": "language", @@ -1107,33 +1238,41 @@ }, { "type": "library", - "bom-ref": "26-pyparsing", - "name": "pyparsing", - "version": "3.1.2", + "bom-ref": "29-httplib2", + "name": "httplib2", + "version": "0.20.4", "supplier": { - "name": "Paul McGuire", + "name": "Joe Gregorio", "contact": [ { - "email": "ptmcg.gm+pyparsing@gmail.com" + "email": "joe@bitworking.org" } ] }, - "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*", - "description": "pyparsing module - Classes and methods to define and execute parsing grammars", + "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", + "description": "A comprehensive HTTP client library.", "hashes": [ { "alg": "SHA-1", - "content": "7d4bda2743ebc04f68d2594bc4fffc70cd65848f" + "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/pyparsing/3.1.2", + "url": "https://pypi.org/project/httplib2/0.20.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyparsing@3.1.2", + "purl": "pkg:pypi/httplib2@0.20.4", "properties": [ { "name": "language", @@ -1147,41 +1286,33 @@ }, { "type": "library", - "bom-ref": "27-oauth2client", - "name": "oauth2client", - "version": "4.1.3", + "bom-ref": "30-pyparsing", + "name": "pyparsing", + "version": "3.1.2", "supplier": { - "name": "Google Inc .", + "name": "Paul McGuire", "contact": [ { - "email": "jonwayne+oauth2client@google.com" + "email": "ptmcg.gm+pyparsing@gmail.com" } ] }, - "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", - "description": "OAuth 2.0 client library", + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*", + "description": "pyparsing module - Classes and methods to define and execute parsing grammars", "hashes": [ { "alg": "SHA-1", - "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0" - } + "content": "7d4bda2743ebc04f68d2594bc4fffc70cd65848f" } ], "externalReferences": [ { - "url": "https://pypi.org/project/oauth2client/4.1.3", + "url": "https://pypi.org/project/pyparsing/3.1.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/oauth2client@4.1.3", + "purl": "pkg:pypi/pyparsing@3.1.2", "properties": [ { "name": "language", @@ -1195,35 +1326,41 @@ }, { "type": "library", - "bom-ref": "28-pyasn1", - "name": "pyasn1", - "version": "0.6.0", + "bom-ref": "31-google-reauth", + "name": "google-reauth", + "version": "0.1.1", "supplier": { - "name": "Ilya Etingof", + "name": "Google", "contact": [ { - "email": "etingof@gmail.com" + "email": "googleapis-publisher@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*", - "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", + "description": "Google Reauth Library", + "hashes": [ + { + "alg": "SHA-1", + "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" + } + ], "licenses": [ { "license": { - "id": "BSD-2-Clause", - "url": "https://opensource.org/licenses/BSD-2-Clause" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1/0.6.0", + "url": "https://pypi.org/project/google-reauth/0.1.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1@0.6.0", + "purl": "pkg:pypi/google-reauth@0.1.1", "properties": [ { "name": "language", @@ -1237,35 +1374,41 @@ }, { "type": "library", - "bom-ref": "29-pyasn1-modules", - "name": "pyasn1-modules", - "version": "0.4.0", + "bom-ref": "32-pyu2f", + "name": "pyu2f", + "version": "0.1.5", "supplier": { - "name": "Ilya Etingof", + "name": "Google Inc .", "contact": [ { - "email": "etingof@gmail.com" + "email": "pyu2f-team@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*", - "description": "A collection of ASN.1-based protocols modules", + "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", + "description": "U2F host library for interacting with a U2F device over USB.", + "hashes": [ + { + "alg": "SHA-1", + "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + } + ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "url": "https://pypi.org/project/pyu2f/0.1.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1-modules@0.4.0", + "purl": "pkg:pypi/pyu2f@0.1.5", "properties": [ { "name": "language", @@ -1279,23 +1422,23 @@ }, { "type": "library", - "bom-ref": "30-rsa", - "name": "rsa", - "version": "4.7.2", + "bom-ref": "33-oauth2client", + "name": "oauth2client", + "version": "4.1.3", "supplier": { - "name": "Sybren A . Stuvel", + "name": "Google Inc .", "contact": [ { - "email": "sybren@stuvel.eu" + "email": "jonwayne+oauth2client@google.com" } ] }, - "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", - "description": "Pure-Python RSA implementation", + "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", + "description": "OAuth 2.0 client library", "hashes": [ { "alg": "SHA-1", - "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" + "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" } ], "licenses": [ @@ -1308,12 +1451,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rsa/4.7.2", + "url": "https://pypi.org/project/oauth2client/4.1.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rsa@4.7.2", + "purl": "pkg:pypi/oauth2client@4.1.3", "properties": [ { "name": "language", @@ -1327,7 +1470,7 @@ }, { "type": "library", - "bom-ref": "31-pyopenssl", + "bom-ref": "34-pyopenssl", "name": "pyopenssl", "version": "24.1.0", "supplier": { @@ -1375,9 +1518,9 @@ }, { "type": "library", - "bom-ref": "32-cryptography", + "bom-ref": "35-cryptography", "name": "cryptography", - "version": "42.0.5", + "version": "42.0.7", "supplier": { "name": "The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1386,7 +1529,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1395,12 +1538,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cryptography/42.0.5", + "url": "https://pypi.org/project/cryptography/42.0.7", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@42.0.5", + "purl": "pkg:pypi/cryptography@42.0.7", "properties": [ { "name": "language", @@ -1414,7 +1557,7 @@ }, { "type": "library", - "bom-ref": "33-cffi", + "bom-ref": "36-cffi", "name": "cffi", "version": "1.16.0", "supplier": { @@ -1462,7 +1605,7 @@ }, { "type": "library", - "bom-ref": "34-pycparser", + "bom-ref": "37-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -1475,6 +1618,12 @@ }, "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*", "description": "C parser in Python", + "hashes": [ + { + "alg": "SHA-1", + "content": "129d32ef805d715d90a3b2035b13168c17ca63d2" + } + ], "licenses": [ { "license": { @@ -1504,7 +1653,7 @@ }, { "type": "library", - "bom-ref": "35-retry-decorator", + "bom-ref": "38-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -1552,7 +1701,7 @@ }, { "type": "library", - "bom-ref": "36-google-apitools", + "bom-ref": "39-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -1600,91 +1749,7 @@ }, { "type": "library", - "bom-ref": "37-google-auth", - "name": "google-auth", - "version": "2.29.0", - "supplier": { - "name": "Google Cloud Platform", - "contact": [ - { - "email": "googleapis-packages@google.com" - } - ] - }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0" - } - } - ], - "externalReferences": [ - { - "url": "https://pypi.org/project/google-auth/2.29.0", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/google-auth@2.29.0", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.10.14" - } - ] - }, - { - "type": "library", - "bom-ref": "38-cachetools", - "name": "cachetools", - "version": "5.3.3", - "supplier": { - "name": "Thomas Kemmer", - "contact": [ - { - "email": "tkemmer@computer.org" - } - ] - }, - "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*", - "description": "Extensible memoizing collections and decorators", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" - } - } - ], - "externalReferences": [ - { - "url": "https://pypi.org/project/cachetools/5.3.3", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/cachetools@5.3.3", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.10.14" - } - ] - }, - { - "type": "library", - "bom-ref": "39-monotonic", + "bom-ref": "40-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1732,32 +1797,18 @@ }, { "type": "library", - "bom-ref": "40-jinja2", + "bom-ref": "41-jinja2", "name": "jinja2", - "version": "3.1.3", + "version": "3.1.4", "description": "A very fast and expressive template engine.", - "hashes": [ - { - "alg": "SHA-1", - "content": "d9de4bb215fd1cc8092a410fb834c7c4060b1fc1" - } - ], - "licenses": [ - { - "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause" - } - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/Jinja2/3.1.3", + "url": "https://pypi.org/project/Jinja2/3.1.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jinja2@3.1.3", + "purl": "pkg:pypi/jinja2@3.1.4", "properties": [ { "name": "language", @@ -1771,16 +1822,10 @@ }, { "type": "library", - "bom-ref": "41-markupsafe", + "bom-ref": "42-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", - "hashes": [ - { - "alg": "SHA-1", - "content": "fbba4acd0312826cec9cfe18371c7df07962cb65" - } - ], "licenses": [ { "license": { @@ -1810,13 +1855,13 @@ }, { "type": "library", - "bom-ref": "42-jsonschema", + "bom-ref": "43-jsonschema", "name": "jsonschema", - "version": "4.21.1", + "version": "4.22.0", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", "licenses": [ { @@ -1828,12 +1873,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema/4.21.1", + "url": "https://pypi.org/project/jsonschema/4.22.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema@4.21.1", + "purl": "pkg:pypi/jsonschema@4.22.0", "properties": [ { "name": "language", @@ -1847,7 +1892,7 @@ }, { "type": "library", - "bom-ref": "43-jsonschema-specifications", + "bom-ref": "44-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2023.12.1", "supplier": { @@ -1890,22 +1935,22 @@ }, { "type": "library", - "bom-ref": "44-referencing", + "bom-ref": "45-referencing", "name": "referencing", - "version": "0.34.0", + "version": "0.35.1", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*", "description": "JSON Referencing + Python", "externalReferences": [ { - "url": "https://pypi.org/project/referencing/0.34.0", + "url": "https://pypi.org/project/referencing/0.35.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/referencing@0.34.0", + "purl": "pkg:pypi/referencing@0.35.1", "properties": [ { "name": "language", @@ -1919,13 +1964,13 @@ }, { "type": "library", - "bom-ref": "45-rpds-py", + "bom-ref": "46-rpds-py", "name": "rpds-py", - "version": "0.18.0", + "version": "0.18.1", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.18.1:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", "licenses": [ { @@ -1937,12 +1982,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rpds-py/0.18.0", + "url": "https://pypi.org/project/rpds-py/0.18.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.18.0", + "purl": "pkg:pypi/rpds-py@0.18.1", "properties": [ { "name": "language", @@ -1956,9 +2001,9 @@ }, { "type": "library", - "bom-ref": "46-lib4sbom", + "bom-ref": "47-lib4sbom", "name": "lib4sbom", - "version": "0.7.0", + "version": "0.7.1", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -1967,8 +2012,14 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", + "hashes": [ + { + "alg": "SHA-1", + "content": "4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4" + } + ], "licenses": [ { "license": { @@ -1979,12 +2030,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4sbom/0.7.0", + "url": "https://pypi.org/project/lib4sbom/0.7.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.7.0", + "purl": "pkg:pypi/lib4sbom@0.7.1", "properties": [ { "name": "language", @@ -1998,7 +2049,7 @@ }, { "type": "library", - "bom-ref": "47-pyyaml", + "bom-ref": "48-pyyaml", "name": "pyyaml", "version": "6.0.1", "supplier": { @@ -2046,7 +2097,7 @@ }, { "type": "library", - "bom-ref": "48-semantic-version", + "bom-ref": "49-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2094,7 +2145,7 @@ }, { "type": "library", - "bom-ref": "49-packageurl-python", + "bom-ref": "50-packageurl-python", "name": "packageurl-python", "version": "0.15.0", "supplier": { @@ -2137,7 +2188,7 @@ }, { "type": "library", - "bom-ref": "50-packaging", + "bom-ref": "51-packaging", "name": "packaging", "version": "24.0", "supplier": { @@ -2171,9 +2222,9 @@ }, { "type": "library", - "bom-ref": "51-plotly", + "bom-ref": "52-plotly", "name": "plotly", - "version": "5.20.0", + "version": "5.22.0", "supplier": { "name": "Chris P", "contact": [ @@ -2182,14 +2233,8 @@ } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*", "description": "An open-source, interactive data visualization library for Python", - "hashes": [ - { - "alg": "SHA-1", - "content": "9335a34ca77399a597a72420f73e947217d3d410" - } - ], "licenses": [ { "license": { @@ -2200,12 +2245,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/plotly/5.20.0", + "url": "https://pypi.org/project/plotly/5.22.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/plotly@5.20.0", + "purl": "pkg:pypi/plotly@5.22.0", "properties": [ { "name": "language", @@ -2219,9 +2264,9 @@ }, { "type": "library", - "bom-ref": "52-tenacity", + "bom-ref": "53-tenacity", "name": "tenacity", - "version": "8.2.3", + "version": "8.3.0", "supplier": { "name": "Julien Danjou", "contact": [ @@ -2230,14 +2275,8 @@ } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.3.0:*:*:*:*:*:*:*", "description": "Retry code until it succeeds", - "hashes": [ - { - "alg": "SHA-1", - "content": "41ed2420cda8ab7650a39900451099f4730266c3" - } - ], "licenses": [ { "license": { @@ -2248,12 +2287,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/tenacity/8.2.3", + "url": "https://pypi.org/project/tenacity/8.3.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/tenacity@8.2.3", + "purl": "pkg:pypi/tenacity@8.3.0", "properties": [ { "name": "language", @@ -2267,7 +2306,7 @@ }, { "type": "library", - "bom-ref": "53-python-gnupg", + "bom-ref": "54-python-gnupg", "name": "python-gnupg", "version": "0.5.2", "supplier": { @@ -2315,7 +2354,7 @@ }, { "type": "library", - "bom-ref": "54-requests", + "bom-ref": "55-requests", "name": "requests", "version": "2.31.0", "supplier": { @@ -2363,7 +2402,7 @@ }, { "type": "library", - "bom-ref": "55-certifi", + "bom-ref": "56-certifi", "name": "certifi", "version": "2024.2.2", "supplier": { @@ -2405,7 +2444,7 @@ }, { "type": "library", - "bom-ref": "56-charset-normalizer", + "bom-ref": "57-charset-normalizer", "name": "charset-normalizer", "version": "3.3.2", "supplier": { @@ -2453,7 +2492,7 @@ }, { "type": "library", - "bom-ref": "57-urllib3", + "bom-ref": "58-urllib3", "name": "urllib3", "version": "2.2.1", "supplier": { @@ -2487,7 +2526,7 @@ }, { "type": "library", - "bom-ref": "58-rich", + "bom-ref": "59-rich", "name": "rich", "version": "13.7.1", "supplier": { @@ -2529,7 +2568,7 @@ }, { "type": "library", - "bom-ref": "59-markdown-it-py", + "bom-ref": "60-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2569,7 +2608,7 @@ }, { "type": "library", - "bom-ref": "60-mdurl", + "bom-ref": "61-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2609,9 +2648,9 @@ }, { "type": "library", - "bom-ref": "61-pygments", + "bom-ref": "62-pygments", "name": "pygments", - "version": "2.17.2", + "version": "2.18.0", "supplier": { "name": "Georg Brandl", "contact": [ @@ -2620,14 +2659,8 @@ } ] }, - "cpe": "cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*", "description": "Pygments is a syntax highlighting package written in Python.", - "hashes": [ - { - "alg": "SHA-1", - "content": "ee30ce132ae252bd72f3a74c86d9314a2214d0b4" - } - ], "licenses": [ { "license": { @@ -2638,12 +2671,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.17.2", + "url": "https://pypi.org/project/Pygments/2.18.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pygments@2.17.2", + "purl": "pkg:pypi/pygments@2.18.0", "properties": [ { "name": "language", @@ -2657,7 +2690,7 @@ }, { "type": "library", - "bom-ref": "62-rpmfile", + "bom-ref": "63-rpmfile", "name": "rpmfile", "version": "2.0.0", "supplier": { @@ -2699,7 +2732,7 @@ }, { "type": "library", - "bom-ref": "63-toml", + "bom-ref": "64-toml", "name": "toml", "version": "0.10.2", "supplier": { @@ -2747,9 +2780,9 @@ }, { "type": "library", - "bom-ref": "64-xmlschema", + "bom-ref": "65-xmlschema", "name": "xmlschema", - "version": "3.2.1", + "version": "3.3.1", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2758,7 +2791,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.2.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -2770,12 +2803,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/xmlschema/3.2.1", + "url": "https://pypi.org/project/xmlschema/3.3.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.2.1", + "purl": "pkg:pypi/xmlschema@3.3.1", "properties": [ { "name": "language", @@ -2789,7 +2822,7 @@ }, { "type": "library", - "bom-ref": "65-elementpath", + "bom-ref": "66-elementpath", "name": "elementpath", "version": "4.4.0", "supplier": { @@ -2831,7 +2864,7 @@ }, { "type": "library", - "bom-ref": "66-zstandard", + "bom-ref": "67-zstandard", "name": "zstandard", "version": "0.22.0", "supplier": { @@ -2895,21 +2928,21 @@ "14-distro", "15-filetype", "16-gsutil", - "40-jinja2", - "42-jsonschema", - "46-lib4sbom", - "49-packageurl-python", - "50-packaging", - "51-plotly", - "53-python-gnupg", - "47-pyyaml", - "54-requests", - "58-rich", - "62-rpmfile", - "63-toml", - "57-urllib3", - "64-xmlschema", - "66-zstandard" + "41-jinja2", + "43-jsonschema", + "47-lib4sbom", + "50-packageurl-python", + "51-packaging", + "52-plotly", + "54-python-gnupg", + "48-pyyaml", + "55-requests", + "59-rich", + "63-rpmfile", + "64-toml", + "58-urllib3", + "65-xmlschema", + "67-zstandard" ] }, { @@ -2949,173 +2982,184 @@ "18-crcmod", "19-fasteners", "20-gcs-oauth2-boto-plugin", - "36-google-apitools", - "37-google-auth", - "22-google-reauth", - "25-httplib2", - "39-monotonic", - "31-pyopenssl", - "35-retry-decorator", - "24-six" + "39-google-apitools", + "22-google-auth", + "28-google-auth-httplib2", + "31-google-reauth", + "29-httplib2", + "40-monotonic", + "34-pyopenssl", + "38-retry-decorator", + "27-six" ] }, { "ref": "20-gcs-oauth2-boto-plugin", "dependsOn": [ "21-boto", - "22-google-reauth", - "25-httplib2", - "27-oauth2client", - "31-pyopenssl", - "35-retry-decorator", - "30-rsa", - "24-six" + "22-google-auth", + "28-google-auth-httplib2", + "31-google-reauth", + "29-httplib2", + "33-oauth2client", + "34-pyopenssl", + "38-retry-decorator", + "26-rsa", + "27-six" ] }, { - "ref": "22-google-reauth", + "ref": "22-google-auth", "dependsOn": [ - "23-pyu2f" + "23-cachetools", + "24-pyasn1-modules", + "26-rsa", + "27-six" ] }, { - "ref": "23-pyu2f", + "ref": "24-pyasn1-modules", "dependsOn": [ - "24-six" + "25-pyasn1" ] }, { - "ref": "25-httplib2", + "ref": "26-rsa", "dependsOn": [ - "26-pyparsing" + "25-pyasn1" ] }, { - "ref": "27-oauth2client", + "ref": "28-google-auth-httplib2", "dependsOn": [ - "25-httplib2", - "28-pyasn1", - "29-pyasn1-modules", - "30-rsa", - "24-six" + "22-google-auth", + "29-httplib2" ] }, { - "ref": "29-pyasn1-modules", + "ref": "29-httplib2", "dependsOn": [ - "28-pyasn1" + "30-pyparsing" ] }, { - "ref": "30-rsa", + "ref": "31-google-reauth", "dependsOn": [ - "28-pyasn1" + "32-pyu2f" ] }, { - "ref": "31-pyopenssl", + "ref": "32-pyu2f", "dependsOn": [ - "32-cryptography" + "27-six" ] }, { - "ref": "32-cryptography", + "ref": "33-oauth2client", "dependsOn": [ - "33-cffi" + "29-httplib2", + "25-pyasn1", + "24-pyasn1-modules", + "26-rsa", + "27-six" ] }, { - "ref": "33-cffi", + "ref": "34-pyopenssl", "dependsOn": [ - "34-pycparser" + "35-cryptography" ] }, { - "ref": "36-google-apitools", + "ref": "35-cryptography", "dependsOn": [ - "19-fasteners", - "25-httplib2", - "27-oauth2client", - "24-six" + "36-cffi" + ] + }, + { + "ref": "36-cffi", + "dependsOn": [ + "37-pycparser" ] }, { - "ref": "37-google-auth", + "ref": "39-google-apitools", "dependsOn": [ - "38-cachetools", - "29-pyasn1-modules", - "30-rsa" + "19-fasteners", + "29-httplib2", + "33-oauth2client", + "27-six" ] }, { - "ref": "40-jinja2", + "ref": "41-jinja2", "dependsOn": [ - "41-markupsafe" + "42-markupsafe" ] }, { - "ref": "42-jsonschema", + "ref": "43-jsonschema", "dependsOn": [ "6-attrs", - "43-jsonschema-specifications", - "44-referencing", - "45-rpds-py" + "44-jsonschema-specifications", + "45-referencing", + "46-rpds-py" ] }, { - "ref": "43-jsonschema-specifications", + "ref": "44-jsonschema-specifications", "dependsOn": [ - "44-referencing" + "45-referencing" ] }, { - "ref": "44-referencing", + "ref": "45-referencing", "dependsOn": [ "6-attrs", - "45-rpds-py" + "46-rpds-py" ] }, { - "ref": "46-lib4sbom", + "ref": "47-lib4sbom", "dependsOn": [ "13-defusedxml", - "47-pyyaml", - "48-semantic-version" + "48-pyyaml", + "49-semantic-version" ] }, { - "ref": "51-plotly", + "ref": "52-plotly", "dependsOn": [ - "50-packaging", - "52-tenacity" + "51-packaging", + "53-tenacity" ] }, { - "ref": "54-requests", + "ref": "55-requests", "dependsOn": [ - "55-certifi", - "56-charset-normalizer", + "56-certifi", + "57-charset-normalizer", "9-idna", - "57-urllib3" + "58-urllib3" ] }, { - "ref": "58-rich", + "ref": "59-rich", "dependsOn": [ - "59-markdown-it-py", - "61-pygments" + "60-markdown-it-py", + "62-pygments" ] }, { - "ref": "59-markdown-it-py", + "ref": "60-markdown-it-py", "dependsOn": [ - "60-mdurl" + "61-mdurl" ] }, { - "ref": "64-xmlschema", + "ref": "65-xmlschema", "dependsOn": [ - "65-elementpath" + "66-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index bc30d5d1d4..09e648a612 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,42 +2,41 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c630338e-b531-4b90-bf4e-0344a52ad657 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7ebf2507-d2e7-4da3-966b-3116faa0d6c1 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.10.4 -Created: 2024-04-08T00:26:39Z +Created: 2024-05-13T00:27:18Z CreatorComment: This document has been automatically generated. ##### PackageName: cve-bin-tool SPDXID: SPDXRef-Package-1-cve-bin-tool -PackageVersion: 3.3rc2 +PackageVersion: 3.3.1.dev0 PrimaryPackagePurpose: APPLICATION PackageSupplier: Person: Terri Oda (terri.oda@intel.com) -PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3rc2 +PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3.1.dev0 FilesAnalyzed: false -PackageChecksum: SHA1: c491590aeea36235930d1c6b8480d2489a470ece PackageLicenseDeclared: GPL-3.0-or-later PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION PackageSummary: CVE Binary Checker Tool -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.3rc2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.3.1.dev0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:*:*:*:*:* ##### PackageName: aiohttp SPDXID: SPDXRef-Package-2-aiohttp -PackageVersion: 3.9.3 +PackageVersion: 3.9.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.3 +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.5 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.3 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.5 ##### PackageName: aiosignal @@ -137,17 +136,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*: PackageName: idna SPDXID: SPDXRef-Package-9-idna -PackageVersion: 3.6 +PackageVersion: 3.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) -PackageDownloadLocation: https://pypi.org/project/idna/3.6 +PackageDownloadLocation: https://pypi.org/project/idna/3.7 FilesAnalyzed: false +PackageChecksum: SHA1: 1d365e17e10d72d0b7876316fc7b9ca0eebdd38d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Internationalized Domain Names in Applications (IDNA) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.6 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.7 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 @@ -184,19 +184,19 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:* PackageName: cvss SPDXID: SPDXRef-Package-12-cvss -PackageVersion: 3.0 +PackageVersion: 3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) -PackageDownloadLocation: https://pypi.org/project/cvss/3.0 +PackageDownloadLocation: https://pypi.org/project/cvss/3.1 FilesAnalyzed: false -PackageChecksum: SHA1: c637e63a16b7411c6135b5ae8bb5408d06d89b41 +PackageChecksum: SHA1: e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3 -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:* ##### PackageName: defusedxml @@ -250,34 +250,35 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: PackageName: gsutil SPDXID: SPDXRef-Package-16-gsutil -PackageVersion: 5.27 +PackageVersion: 5.29 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.27 +PackageDownloadLocation: https://pypi.org/project/gsutil/5.29 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.27 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.29 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.29:*:*:*:*:*:*:* ##### PackageName: argcomplete SPDXID: SPDXRef-Package-17-argcomplete -PackageVersion: 3.2.3 +PackageVersion: 3.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageDownloadLocation: https://pypi.org/project/argcomplete/3.2.3 +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.3.0 FilesAnalyzed: false +PackageChecksum: SHA1: c7cc834df1fddcf94bd35b740fef7c7ab8e9c350 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.2.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:* ##### PackageName: crcmod @@ -313,18 +314,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:* PackageName: gcs-oauth2-boto-plugin SPDXID: SPDXRef-Package-20-gcs-oauth2-boto-plugin -PackageVersion: 3.0 +PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) -PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.0 +PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:* ##### PackageName: boto @@ -343,42 +344,88 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* ##### -PackageName: google-reauth -SPDXID: SPDXRef-Package-22-google-reauth -PackageVersion: 0.1.1 +PackageName: google-auth +SPDXID: SPDXRef-Package-22-google-auth +PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google (googleapis-publisher@google.com) -PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0 FilesAnalyzed: false -PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b +PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Google Reauth Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* +PackageSummary: Google Authentication Library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* ##### -PackageName: pyu2f -SPDXID: SPDXRef-Package-23-pyu2f -PackageVersion: 0.1.5 +PackageName: cachetools +SPDXID: SPDXRef-Package-23-cachetools +PackageVersion: 5.3.3 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) -PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 +PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) +PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.3 +FilesAnalyzed: false +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Extensible memoizing collections and decorators +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:* +##### + +PackageName: pyasn1-modules +SPDXID: SPDXRef-Package-24-pyasn1-modules +PackageVersion: 0.4.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 FilesAnalyzed: false -PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A collection of ASN.1-based protocols modules +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:* +##### + +PackageName: pyasn1 +SPDXID: SPDXRef-Package-25-pyasn1 +PackageVersion: 0.6.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0 +FilesAnalyzed: false +PackageLicenseDeclared: BSD-2-Clause +PackageLicenseConcluded: BSD-2-Clause +PackageCopyrightText: NOASSERTION +PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:* +##### + +PackageName: rsa +SPDXID: SPDXRef-Package-26-rsa +PackageVersion: 4.7.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) +PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 +FilesAnalyzed: false +PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: U2F host library for interacting with a U2F device over USB. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* +PackageSummary: Pure-Python RSA implementation +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-Package-24-six +SPDXID: SPDXRef-Package-27-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -393,8 +440,24 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:* ##### +PackageName: google-auth-httplib2 +SPDXID: SPDXRef-Package-28-google-auth-httplib2 +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0 +FilesAnalyzed: false +PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* +##### + PackageName: httplib2 -SPDXID: SPDXRef-Package-25-httplib2 +SPDXID: SPDXRef-Package-29-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -410,7 +473,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-Package-26-pyparsing +SPDXID: SPDXRef-Package-30-pyparsing PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) @@ -425,73 +488,59 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:* ##### -PackageName: oauth2client -SPDXID: SPDXRef-Package-27-oauth2client -PackageVersion: 4.1.3 +PackageName: google-reauth +SPDXID: SPDXRef-Package-31-google-reauth +PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) -PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 +PackageSupplier: Person: Google (googleapis-publisher@google.com) +PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 FilesAnalyzed: false -PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 +PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: OAuth 2.0 client library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* -##### - -PackageName: pyasn1 -SPDXID: SPDXRef-Package-28-pyasn1 -PackageVersion: 0.6.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0 -FilesAnalyzed: false -PackageLicenseDeclared: BSD-2-Clause -PackageLicenseConcluded: BSD-2-Clause +PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:* +PackageSummary: Google Reauth Library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* ##### -PackageName: pyasn1-modules -SPDXID: SPDXRef-Package-29-pyasn1-modules -PackageVersion: 0.4.0 +PackageName: pyu2f +SPDXID: SPDXRef-Package-32-pyu2f +PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 +PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) +PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 FilesAnalyzed: false +PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: A collection of ASN.1-based protocols modules -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:* +PackageSummary: U2F host library for interacting with a U2F device over USB. +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### -PackageName: rsa -SPDXID: SPDXRef-Package-30-rsa -PackageVersion: 4.7.2 +PackageName: oauth2client +SPDXID: SPDXRef-Package-33-oauth2client +PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) -PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 +PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) +PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 FilesAnalyzed: false -PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa +PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python RSA implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* +PackageSummary: OAuth 2.0 client library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-Package-31-pyopenssl +SPDXID: SPDXRef-Package-34-pyopenssl PackageVersion: 24.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) @@ -508,22 +557,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. ##### PackageName: cryptography -SPDXID: SPDXRef-Package-32-cryptography -PackageVersion: 42.0.5 +SPDXID: SPDXRef-Package-35-cryptography +PackageVersion: 42.0.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.5 +PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.7 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.7 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:* ##### PackageName: cffi -SPDXID: SPDXRef-Package-33-cffi +SPDXID: SPDXRef-Package-36-cffi PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) @@ -539,12 +588,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:* ##### PackageName: pycparser -SPDXID: SPDXRef-Package-34-pycparser +SPDXID: SPDXRef-Package-37-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) PackageDownloadLocation: https://pypi.org/project/pycparser/2.22 FilesAnalyzed: false +PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2 PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION @@ -554,7 +604,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-Package-35-retry-decorator +SPDXID: SPDXRef-Package-38-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) @@ -570,7 +620,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-Package-36-google-apitools +SPDXID: SPDXRef-Package-39-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -586,39 +636,8 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:* ##### -PackageName: google-auth -SPDXID: SPDXRef-Package-37-google-auth -PackageVersion: 2.29.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.29.0 -FilesAnalyzed: false -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.29.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:* -##### - -PackageName: cachetools -SPDXID: SPDXRef-Package-38-cachetools -PackageVersion: 5.3.3 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.3 -FilesAnalyzed: false -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: Extensible memoizing collections and decorators -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:* -##### - PackageName: monotonic -SPDXID: SPDXRef-Package-39-monotonic +SPDXID: SPDXRef-Package-40-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -635,28 +654,26 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-40-jinja2 -PackageVersion: 3.1.3 +SPDXID: SPDXRef-Package-41-jinja2 +PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.3 +PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.4 FilesAnalyzed: false -PackageChecksum: SHA1: d9de4bb215fd1cc8092a410fb834c7c4060b1fc1 -PackageLicenseDeclared: BSD-3-Clause -PackageLicenseConcluded: BSD-3-Clause +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A very fast and expressive template engine. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.3 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-41-markupsafe +SPDXID: SPDXRef-Package-42-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.5 FilesAnalyzed: false -PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65 PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION @@ -665,22 +682,22 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-42-jsonschema -PackageVersion: 4.21.1 +SPDXID: SPDXRef-Package-43-jsonschema +PackageVersion: 4.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema/4.21.1 +PackageDownloadLocation: https://pypi.org/project/jsonschema/4.22.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.21.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.22.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:* ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-Package-43-jsonschema-specifications +SPDXID: SPDXRef-Package-44-jsonschema-specifications PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -696,52 +713,53 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification ##### PackageName: referencing -SPDXID: SPDXRef-Package-44-referencing -PackageVersion: 0.34.0 +SPDXID: SPDXRef-Package-45-referencing +PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/referencing/0.34.0 +PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.34.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-Package-45-rpds-py -PackageVersion: 0.18.0 +SPDXID: SPDXRef-Package-46-rpds-py +PackageVersion: 0.18.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.18.0 +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.18.1 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.18.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.18.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.1:*:*:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-46-lib4sbom -PackageVersion: 0.7.0 +SPDXID: SPDXRef-Package-47-lib4sbom +PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.0 +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.1 FilesAnalyzed: false +PackageChecksum: SHA1: 4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:* ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-47-pyyaml +SPDXID: SPDXRef-Package-48-pyyaml PackageVersion: 6.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) @@ -757,7 +775,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-48-semantic-version +SPDXID: SPDXRef-Package-49-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -774,7 +792,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: packageurl-python -SPDXID: SPDXRef-Package-49-packageurl-python +SPDXID: SPDXRef-Package-50-packageurl-python PackageVersion: 0.15.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -790,7 +808,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: packaging -SPDXID: SPDXRef-Package-50-packaging +SPDXID: SPDXRef-Package-51-packaging PackageVersion: 24.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -805,40 +823,38 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-Package-51-plotly -PackageVersion: 5.20.0 +SPDXID: SPDXRef-Package-52-plotly +PackageVersion: 5.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) -PackageDownloadLocation: https://pypi.org/project/plotly/5.20.0 +PackageDownloadLocation: https://pypi.org/project/plotly/5.22.0 FilesAnalyzed: false -PackageChecksum: SHA1: 9335a34ca77399a597a72420f73e947217d3d410 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.20.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.22.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-52-tenacity -PackageVersion: 8.2.3 +SPDXID: SPDXRef-Package-53-tenacity +PackageVersion: 8.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.3 +PackageDownloadLocation: https://pypi.org/project/tenacity/8.3.0 FilesAnalyzed: false -PackageChecksum: SHA1: 41ed2420cda8ab7650a39900451099f4730266c3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.2.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.3.0:*:*:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-53-python-gnupg +SPDXID: SPDXRef-Package-54-python-gnupg PackageVersion: 0.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -855,7 +871,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-54-requests +SPDXID: SPDXRef-Package-55-requests PackageVersion: 2.31.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -872,7 +888,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-55-certifi +SPDXID: SPDXRef-Package-56-certifi PackageVersion: 2024.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -887,7 +903,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.2.2:*:*:*:* ##### PackageName: charset-normalizer -SPDXID: SPDXRef-Package-56-charset-normalizer +SPDXID: SPDXRef-Package-57-charset-normalizer PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) @@ -903,7 +919,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:* ##### PackageName: urllib3 -SPDXID: SPDXRef-Package-57-urllib3 +SPDXID: SPDXRef-Package-58-urllib3 PackageVersion: 2.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) @@ -918,7 +934,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.1:*:*:*:*:*: ##### PackageName: rich -SPDXID: SPDXRef-Package-58-rich +SPDXID: SPDXRef-Package-59-rich PackageVersion: 13.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -933,7 +949,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-59-markdown-it-py +SPDXID: SPDXRef-Package-60-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -949,7 +965,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-60-mdurl +SPDXID: SPDXRef-Package-61-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -965,23 +981,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-61-pygments -PackageVersion: 2.17.2 +SPDXID: SPDXRef-Package-62-pygments +PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.17.2 +PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0 FilesAnalyzed: false -PackageChecksum: SHA1: ee30ce132ae252bd72f3a74c86d9314a2214d0b4 PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.17.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:* ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-62-rpmfile +SPDXID: SPDXRef-Package-63-rpmfile PackageVersion: 2.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -996,7 +1011,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:* ##### PackageName: toml -SPDXID: SPDXRef-Package-63-toml +SPDXID: SPDXRef-Package-64-toml PackageVersion: 0.10.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: William Pearson (uiri@xqz.ca) @@ -1012,22 +1027,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: ##### PackageName: xmlschema -SPDXID: SPDXRef-Package-64-xmlschema -PackageVersion: 3.2.1 +SPDXID: SPDXRef-Package-65-xmlschema +PackageVersion: 3.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.2.1 +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.1 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.2.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.2.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-65-elementpath +SPDXID: SPDXRef-Package-66-elementpath PackageVersion: 4.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1042,7 +1057,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-66-zstandard +SPDXID: SPDXRef-Package-67-zstandard PackageVersion: 0.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1066,34 +1081,35 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-distr Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-filetype Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-40-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-packageurl-python -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-toml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-zstandard +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-packageurl-python +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-urllib3 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-toml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-zstandard Relationship: SPDXRef-Package-10-beautifulsoup4 DEPENDS_ON SPDXRef-Package-11-soupsieve Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-19-fasteners Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-20-gcs-oauth2-boto-plugin -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-reauth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-pyopenssl -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-35-retry-decorator -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-36-google-apitools -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-37-google-auth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-monotonic +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-google-reauth +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-34-pyopenssl +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-38-retry-decorator +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-google-apitools +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-40-monotonic Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-async-timeout @@ -1101,54 +1117,59 @@ Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-attrs Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-multidict Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-yarl Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-boto -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-reauth -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-oauth2client -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-pyopenssl -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-35-retry-decorator -Relationship: SPDXRef-Package-22-google-reauth DEPENDS_ON SPDXRef-Package-23-pyu2f -Relationship: SPDXRef-Package-23-pyu2f DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-25-httplib2 DEPENDS_ON SPDXRef-Package-26-pyparsing -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-28-pyasn1 -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-29-pyasn1-modules -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-29-pyasn1-modules DEPENDS_ON SPDXRef-Package-28-pyasn1 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-google-reauth +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-oauth2client +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-pyopenssl +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-38-retry-decorator +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-23-cachetools +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-24-pyasn1-modules +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-24-pyasn1-modules DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-26-rsa DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-29-httplib2 DEPENDS_ON SPDXRef-Package-30-pyparsing Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-30-rsa DEPENDS_ON SPDXRef-Package-28-pyasn1 -Relationship: SPDXRef-Package-31-pyopenssl DEPENDS_ON SPDXRef-Package-32-cryptography -Relationship: SPDXRef-Package-32-cryptography DEPENDS_ON SPDXRef-Package-33-cffi -Relationship: SPDXRef-Package-33-cffi DEPENDS_ON SPDXRef-Package-34-pycparser -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-27-oauth2client -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-29-pyasn1-modules -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-38-cachetools -Relationship: SPDXRef-Package-40-jinja2 DEPENDS_ON SPDXRef-Package-41-markupsafe -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-43-jsonschema-specifications -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-44-referencing -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-45-rpds-py -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-43-jsonschema-specifications DEPENDS_ON SPDXRef-Package-44-referencing -Relationship: SPDXRef-Package-44-referencing DEPENDS_ON SPDXRef-Package-45-rpds-py -Relationship: SPDXRef-Package-44-referencing DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml -Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-47-pyyaml -Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-48-semantic-version -Relationship: SPDXRef-Package-51-plotly DEPENDS_ON SPDXRef-Package-50-packaging -Relationship: SPDXRef-Package-51-plotly DEPENDS_ON SPDXRef-Package-52-tenacity -Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-55-certifi -Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-56-charset-normalizer -Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-57-urllib3 -Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-9-idna -Relationship: SPDXRef-Package-58-rich DEPENDS_ON SPDXRef-Package-59-markdown-it-py -Relationship: SPDXRef-Package-58-rich DEPENDS_ON SPDXRef-Package-61-pygments -Relationship: SPDXRef-Package-59-markdown-it-py DEPENDS_ON SPDXRef-Package-60-mdurl -Relationship: SPDXRef-Package-64-xmlschema DEPENDS_ON SPDXRef-Package-65-elementpath +Relationship: SPDXRef-Package-31-google-reauth DEPENDS_ON SPDXRef-Package-32-pyu2f +Relationship: SPDXRef-Package-32-pyu2f DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-24-pyasn1-modules +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-34-pyopenssl DEPENDS_ON SPDXRef-Package-35-cryptography +Relationship: SPDXRef-Package-35-cryptography DEPENDS_ON SPDXRef-Package-36-cffi +Relationship: SPDXRef-Package-36-cffi DEPENDS_ON SPDXRef-Package-37-pycparser +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-33-oauth2client +Relationship: SPDXRef-Package-41-jinja2 DEPENDS_ON SPDXRef-Package-42-markupsafe +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-44-jsonschema-specifications +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-45-referencing +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-46-rpds-py +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-44-jsonschema-specifications DEPENDS_ON SPDXRef-Package-45-referencing +Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-46-rpds-py +Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml +Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-48-pyyaml +Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-49-semantic-version +Relationship: SPDXRef-Package-52-plotly DEPENDS_ON SPDXRef-Package-51-packaging +Relationship: SPDXRef-Package-52-plotly DEPENDS_ON SPDXRef-Package-53-tenacity +Relationship: SPDXRef-Package-55-requests DEPENDS_ON SPDXRef-Package-56-certifi +Relationship: SPDXRef-Package-55-requests DEPENDS_ON SPDXRef-Package-57-charset-normalizer +Relationship: SPDXRef-Package-55-requests DEPENDS_ON SPDXRef-Package-58-urllib3 +Relationship: SPDXRef-Package-55-requests DEPENDS_ON SPDXRef-Package-9-idna +Relationship: SPDXRef-Package-59-rich DEPENDS_ON SPDXRef-Package-60-markdown-it-py +Relationship: SPDXRef-Package-59-rich DEPENDS_ON SPDXRef-Package-62-pygments +Relationship: SPDXRef-Package-60-markdown-it-py DEPENDS_ON SPDXRef-Package-61-mdurl +Relationship: SPDXRef-Package-65-xmlschema DEPENDS_ON SPDXRef-Package-66-elementpath Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-7-multidict Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-9-idna diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index c6be19c717..994f463946 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -1,11 +1,11 @@ { - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.5", - "serialNumber": "urn:uuid:f52f3eb5-4356-44f4-92dc-93f835a5b30f", + "specVersion": "1.6", + "serialNumber": "urn:uuid:8fc2ac9b-6e8a-43fe-bce6-727f3ac89875", "version": 1, "metadata": { - "timestamp": "2024-04-08T00:27:13Z", + "timestamp": "2024-05-13T00:28:35Z", "tools": { "components": [ { @@ -26,7 +26,7 @@ "type": "application", "bom-ref": "1-cve-bin-tool", "name": "cve-bin-tool", - "version": "3.3rc2", + "version": "3.3.1.dev0", "supplier": { "name": "Terri Oda", "contact": [ @@ -35,14 +35,8 @@ } ] }, - "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:*:*:*:*:*", "description": "CVE Binary Checker Tool", - "hashes": [ - { - "alg": "SHA-1", - "content": "c491590aeea36235930d1c6b8480d2489a470ece" - } - ], "licenses": [ { "license": { @@ -53,12 +47,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cve-bin-tool/3.3rc2", + "url": "https://pypi.org/project/cve-bin-tool/3.3.1.dev0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cve-bin-tool@3.3rc2", + "purl": "pkg:pypi/cve-bin-tool@3.3.1.dev0", "properties": [ { "name": "language", @@ -66,7 +60,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -74,7 +68,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.9.3", + "version": "3.9.5", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -86,12 +80,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/aiohttp/3.9.3", + "url": "https://pypi.org/project/aiohttp/3.9.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.9.3", + "purl": "pkg:pypi/aiohttp@3.9.5", "properties": [ { "name": "language", @@ -99,7 +93,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -137,7 +131,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -170,7 +164,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -204,7 +198,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -252,7 +246,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -300,7 +294,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -308,7 +302,7 @@ "type": "library", "bom-ref": "8-idna", "name": "idna", - "version": "3.6", + "version": "3.7", "supplier": { "name": "Kim Davies", "contact": [ @@ -317,16 +311,22 @@ } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:*", "description": "Internationalized Domain Names in Applications (IDNA)", + "hashes": [ + { + "alg": "SHA-1", + "content": "1d365e17e10d72d0b7876316fc7b9ca0eebdd38d" + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/idna/3.6", + "url": "https://pypi.org/project/idna/3.7", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/idna@3.6", + "purl": "pkg:pypi/idna@3.7", "properties": [ { "name": "language", @@ -334,7 +334,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -376,7 +376,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -416,7 +416,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -424,7 +424,7 @@ "type": "library", "bom-ref": "11-cvss", "name": "cvss", - "version": "3.0", + "version": "3.1", "supplier": { "name": "Stanislav Red Hat Product Security", "contact": [ @@ -433,12 +433,12 @@ } ] }, - "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", "hashes": [ { "alg": "SHA-1", - "content": "c637e63a16b7411c6135b5ae8bb5408d06d89b41" + "content": "e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475" } ], "licenses": [ @@ -451,12 +451,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cvss/3.0", + "url": "https://pypi.org/project/cvss/3.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cvss@3.0", + "purl": "pkg:pypi/cvss@3.1", "properties": [ { "name": "language", @@ -464,7 +464,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -512,7 +512,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -554,7 +554,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -602,7 +602,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -610,7 +610,7 @@ "type": "library", "bom-ref": "15-gsutil", "name": "gsutil", - "version": "5.27", + "version": "5.29", "supplier": { "name": "Google Inc .", "contact": [ @@ -619,7 +619,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.29:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -631,12 +631,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gsutil/5.27", + "url": "https://pypi.org/project/gsutil/5.29", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.27", + "purl": "pkg:pypi/gsutil@5.29", "properties": [ { "name": "language", @@ -644,7 +644,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -652,7 +652,7 @@ "type": "library", "bom-ref": "16-argcomplete", "name": "argcomplete", - "version": "3.2.3", + "version": "3.3.0", "supplier": { "name": "Andrey Kislyuk", "contact": [ @@ -661,8 +661,14 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:*", "description": "Bash tab completion for argparse", + "hashes": [ + { + "alg": "SHA-1", + "content": "c7cc834df1fddcf94bd35b740fef7c7ab8e9c350" + } + ], "licenses": [ { "license": { @@ -673,12 +679,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/argcomplete/3.2.3", + "url": "https://pypi.org/project/argcomplete/3.3.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/argcomplete@3.2.3", + "purl": "pkg:pypi/argcomplete@3.3.0", "properties": [ { "name": "language", @@ -686,7 +692,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -728,7 +734,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -771,7 +777,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -779,7 +785,7 @@ "type": "library", "bom-ref": "19-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", - "version": "3.0", + "version": "3.2", "supplier": { "name": "Google Inc .", "contact": [ @@ -788,7 +794,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*", "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.", "licenses": [ { @@ -800,12 +806,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.0", + "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.0", + "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2", "properties": [ { "name": "language", @@ -813,7 +819,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, @@ -861,29 +867,29 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "21-google-reauth", - "name": "google-reauth", - "version": "0.1.1", + "bom-ref": "21-google-auth", + "name": "google-auth", + "version": "2.17.0", "supplier": { - "name": "Google", + "name": "Google Cloud Platform", "contact": [ { - "email": "googleapis-publisher@google.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", - "description": "Google Reauth Library", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library", "hashes": [ { "alg": "SHA-1", - "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" + "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243" } ], "licenses": [ @@ -896,12 +902,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/google-reauth/0.1.1", + "url": "https://pypi.org/project/google-auth/2.17.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-reauth@0.1.1", + "purl": "pkg:pypi/google-auth@2.17.0", "properties": [ { "name": "language", @@ -909,29 +915,155 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "22-pyu2f", - "name": "pyu2f", - "version": "0.1.5", + "bom-ref": "22-cachetools", + "name": "cachetools", + "version": "5.3.3", "supplier": { - "name": "Google Inc .", + "name": "Thomas Kemmer", "contact": [ { - "email": "pyu2f-team@google.com" + "email": "tkemmer@computer.org" } ] }, - "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", - "description": "U2F host library for interacting with a U2F device over USB.", + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*", + "description": "Extensible memoizing collections and decorators", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/cachetools/5.3.3", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/cachetools@5.3.3", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.11.9" + } + ] + }, + { + "type": "library", + "bom-ref": "23-pyasn1-modules", + "name": "pyasn1-modules", + "version": "0.4.0", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*", + "description": "A collection of ASN.1-based protocols modules", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/pyasn1-modules@0.4.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.11.9" + } + ] + }, + { + "type": "library", + "bom-ref": "24-pyasn1", + "name": "pyasn1", + "version": "0.6.0", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*", + "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause", + "url": "https://opensource.org/licenses/BSD-2-Clause" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/pyasn1/0.6.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/pyasn1@0.6.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.11.9" + } + ] + }, + { + "type": "library", + "bom-ref": "25-rsa", + "name": "rsa", + "version": "4.7.2", + "supplier": { + "name": "Sybren A . Stuvel", + "contact": [ + { + "email": "sybren@stuvel.eu" + } + ] + }, + "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", + "description": "Pure-Python RSA implementation", "hashes": [ { "alg": "SHA-1", - "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" } ], "licenses": [ @@ -944,12 +1076,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyu2f/0.1.5", + "url": "https://pypi.org/project/rsa/4.7.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyu2f@0.1.5", + "purl": "pkg:pypi/rsa@4.7.2", "properties": [ { "name": "language", @@ -957,13 +1089,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "23-six", + "bom-ref": "26-six", "name": "six", "version": "1.16.0", "supplier": { @@ -1005,13 +1137,60 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "24-httplib2", + "bom-ref": "27-google-auth-httplib2", + "name": "google-auth-httplib2", + "version": "0.2.0", + "supplier": { + "name": "Google Cloud Platform", + "contact": [ + { + "email": "googleapis-packages@google.com" + } + ] + }, + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", + "hashes": [ + { + "alg": "SHA-1", + "content": "932ac88800dd6de004c1bd59867831ccf033f031" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/google-auth-httplib2/0.2.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/google-auth-httplib2@0.2.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.11.9" + } + ] + }, + { + "type": "library", + "bom-ref": "28-httplib2", "name": "httplib2", "version": "0.20.4", "supplier": { @@ -1053,13 +1232,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "25-pyparsing", + "bom-ref": "29-pyparsing", "name": "pyparsing", "version": "3.1.2", "supplier": { @@ -1093,29 +1272,29 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "26-oauth2client", - "name": "oauth2client", - "version": "4.1.3", + "bom-ref": "30-google-reauth", + "name": "google-reauth", + "version": "0.1.1", "supplier": { - "name": "Google Inc .", + "name": "Google", "contact": [ { - "email": "jonwayne+oauth2client@google.com" + "email": "googleapis-publisher@google.com" } ] }, - "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", - "description": "OAuth 2.0 client library", + "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", + "description": "Google Reauth Library", "hashes": [ { "alg": "SHA-1", - "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" + "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" } ], "licenses": [ @@ -1128,12 +1307,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/oauth2client/4.1.3", + "url": "https://pypi.org/project/google-reauth/0.1.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/oauth2client@4.1.3", + "purl": "pkg:pypi/google-reauth@0.1.1", "properties": [ { "name": "language", @@ -1141,83 +1320,47 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "27-pyasn1", - "name": "pyasn1", - "version": "0.6.0", + "bom-ref": "31-pyu2f", + "name": "pyu2f", + "version": "0.1.5", "supplier": { - "name": "Ilya Etingof", + "name": "Google Inc .", "contact": [ { - "email": "etingof@gmail.com" + "email": "pyu2f-team@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*", - "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause", - "url": "https://opensource.org/licenses/BSD-2-Clause" - } - } - ], - "externalReferences": [ + "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", + "description": "U2F host library for interacting with a U2F device over USB.", + "hashes": [ { - "url": "https://pypi.org/project/pyasn1/0.6.0", - "type": "distribution", - "comment": "Download location for component" + "alg": "SHA-1", + "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" } ], - "purl": "pkg:pypi/pyasn1@0.6.0", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.11.8" - } - ] - }, - { - "type": "library", - "bom-ref": "28-pyasn1-modules", - "name": "pyasn1-modules", - "version": "0.4.0", - "supplier": { - "name": "Ilya Etingof", - "contact": [ - { - "email": "etingof@gmail.com" - } - ] - }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*", - "description": "A collection of ASN.1-based protocols modules", "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "url": "https://pypi.org/project/pyu2f/0.1.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1-modules@0.4.0", + "purl": "pkg:pypi/pyu2f@0.1.5", "properties": [ { "name": "language", @@ -1225,29 +1368,29 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "29-rsa", - "name": "rsa", - "version": "4.7.2", + "bom-ref": "32-oauth2client", + "name": "oauth2client", + "version": "4.1.3", "supplier": { - "name": "Sybren A . Stuvel", + "name": "Google Inc .", "contact": [ { - "email": "sybren@stuvel.eu" + "email": "jonwayne+oauth2client@google.com" } ] }, - "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", - "description": "Pure-Python RSA implementation", + "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", + "description": "OAuth 2.0 client library", "hashes": [ { "alg": "SHA-1", - "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" + "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" } ], "licenses": [ @@ -1260,12 +1403,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rsa/4.7.2", + "url": "https://pypi.org/project/oauth2client/4.1.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rsa@4.7.2", + "purl": "pkg:pypi/oauth2client@4.1.3", "properties": [ { "name": "language", @@ -1273,13 +1416,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "30-pyopenssl", + "bom-ref": "33-pyopenssl", "name": "pyopenssl", "version": "24.1.0", "supplier": { @@ -1321,15 +1464,15 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "31-cryptography", + "bom-ref": "34-cryptography", "name": "cryptography", - "version": "42.0.5", + "version": "42.0.7", "supplier": { "name": "The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1338,7 +1481,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1347,12 +1490,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cryptography/42.0.5", + "url": "https://pypi.org/project/cryptography/42.0.7", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@42.0.5", + "purl": "pkg:pypi/cryptography@42.0.7", "properties": [ { "name": "language", @@ -1360,13 +1503,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "32-cffi", + "bom-ref": "35-cffi", "name": "cffi", "version": "1.16.0", "supplier": { @@ -1408,13 +1551,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "33-pycparser", + "bom-ref": "36-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -1427,6 +1570,12 @@ }, "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*", "description": "C parser in Python", + "hashes": [ + { + "alg": "SHA-1", + "content": "129d32ef805d715d90a3b2035b13168c17ca63d2" + } + ], "licenses": [ { "license": { @@ -1450,13 +1599,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "34-retry-decorator", + "bom-ref": "37-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -1498,13 +1647,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "35-google-apitools", + "bom-ref": "38-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -1546,97 +1695,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "36-google-auth", - "name": "google-auth", - "version": "2.29.0", - "supplier": { - "name": "Google Cloud Platform", - "contact": [ - { - "email": "googleapis-packages@google.com" - } - ] - }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0" - } - } - ], - "externalReferences": [ - { - "url": "https://pypi.org/project/google-auth/2.29.0", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/google-auth@2.29.0", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.11.8" - } - ] - }, - { - "type": "library", - "bom-ref": "37-cachetools", - "name": "cachetools", - "version": "5.3.3", - "supplier": { - "name": "Thomas Kemmer", - "contact": [ - { - "email": "tkemmer@computer.org" - } - ] - }, - "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*", - "description": "Extensible memoizing collections and decorators", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" - } - } - ], - "externalReferences": [ - { - "url": "https://pypi.org/project/cachetools/5.3.3", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/cachetools@5.3.3", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.11.8" - } - ] - }, - { - "type": "library", - "bom-ref": "38-monotonic", + "bom-ref": "39-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1678,38 +1743,24 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "39-jinja2", + "bom-ref": "40-jinja2", "name": "jinja2", - "version": "3.1.3", + "version": "3.1.4", "description": "A very fast and expressive template engine.", - "hashes": [ - { - "alg": "SHA-1", - "content": "d9de4bb215fd1cc8092a410fb834c7c4060b1fc1" - } - ], - "licenses": [ - { - "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause" - } - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/Jinja2/3.1.3", + "url": "https://pypi.org/project/Jinja2/3.1.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jinja2@3.1.3", + "purl": "pkg:pypi/jinja2@3.1.4", "properties": [ { "name": "language", @@ -1717,22 +1768,16 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "40-markupsafe", + "bom-ref": "41-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", - "hashes": [ - { - "alg": "SHA-1", - "content": "fbba4acd0312826cec9cfe18371c7df07962cb65" - } - ], "licenses": [ { "license": { @@ -1756,19 +1801,19 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "41-jsonschema", + "bom-ref": "42-jsonschema", "name": "jsonschema", - "version": "4.21.1", + "version": "4.22.0", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", "licenses": [ { @@ -1780,12 +1825,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema/4.21.1", + "url": "https://pypi.org/project/jsonschema/4.22.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema@4.21.1", + "purl": "pkg:pypi/jsonschema@4.22.0", "properties": [ { "name": "language", @@ -1793,13 +1838,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "42-jsonschema-specifications", + "bom-ref": "43-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2023.12.1", "supplier": { @@ -1836,28 +1881,28 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "43-referencing", + "bom-ref": "44-referencing", "name": "referencing", - "version": "0.34.0", + "version": "0.35.1", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*", "description": "JSON Referencing + Python", "externalReferences": [ { - "url": "https://pypi.org/project/referencing/0.34.0", + "url": "https://pypi.org/project/referencing/0.35.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/referencing@0.34.0", + "purl": "pkg:pypi/referencing@0.35.1", "properties": [ { "name": "language", @@ -1865,19 +1910,19 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "44-rpds-py", + "bom-ref": "45-rpds-py", "name": "rpds-py", - "version": "0.18.0", + "version": "0.18.1", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.18.1:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", "licenses": [ { @@ -1889,12 +1934,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rpds-py/0.18.0", + "url": "https://pypi.org/project/rpds-py/0.18.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.18.0", + "purl": "pkg:pypi/rpds-py@0.18.1", "properties": [ { "name": "language", @@ -1902,15 +1947,15 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "45-lib4sbom", + "bom-ref": "46-lib4sbom", "name": "lib4sbom", - "version": "0.7.0", + "version": "0.7.1", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -1919,8 +1964,14 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", + "hashes": [ + { + "alg": "SHA-1", + "content": "4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4" + } + ], "licenses": [ { "license": { @@ -1931,12 +1982,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4sbom/0.7.0", + "url": "https://pypi.org/project/lib4sbom/0.7.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.7.0", + "purl": "pkg:pypi/lib4sbom@0.7.1", "properties": [ { "name": "language", @@ -1944,13 +1995,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "46-pyyaml", + "bom-ref": "47-pyyaml", "name": "pyyaml", "version": "6.0.1", "supplier": { @@ -1992,13 +2043,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "47-semantic-version", + "bom-ref": "48-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2040,13 +2091,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "48-packageurl-python", + "bom-ref": "49-packageurl-python", "name": "packageurl-python", "version": "0.15.0", "supplier": { @@ -2083,13 +2134,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "49-packaging", + "bom-ref": "50-packaging", "name": "packaging", "version": "24.0", "supplier": { @@ -2117,15 +2168,15 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "50-plotly", + "bom-ref": "51-plotly", "name": "plotly", - "version": "5.20.0", + "version": "5.22.0", "supplier": { "name": "Chris P", "contact": [ @@ -2134,14 +2185,8 @@ } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*", "description": "An open-source, interactive data visualization library for Python", - "hashes": [ - { - "alg": "SHA-1", - "content": "9335a34ca77399a597a72420f73e947217d3d410" - } - ], "licenses": [ { "license": { @@ -2152,12 +2197,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/plotly/5.20.0", + "url": "https://pypi.org/project/plotly/5.22.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/plotly@5.20.0", + "purl": "pkg:pypi/plotly@5.22.0", "properties": [ { "name": "language", @@ -2165,15 +2210,15 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "51-tenacity", + "bom-ref": "52-tenacity", "name": "tenacity", - "version": "8.2.3", + "version": "8.3.0", "supplier": { "name": "Julien Danjou", "contact": [ @@ -2182,14 +2227,8 @@ } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.3.0:*:*:*:*:*:*:*", "description": "Retry code until it succeeds", - "hashes": [ - { - "alg": "SHA-1", - "content": "41ed2420cda8ab7650a39900451099f4730266c3" - } - ], "licenses": [ { "license": { @@ -2200,12 +2239,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/tenacity/8.2.3", + "url": "https://pypi.org/project/tenacity/8.3.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/tenacity@8.2.3", + "purl": "pkg:pypi/tenacity@8.3.0", "properties": [ { "name": "language", @@ -2213,13 +2252,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "52-python-gnupg", + "bom-ref": "53-python-gnupg", "name": "python-gnupg", "version": "0.5.2", "supplier": { @@ -2261,13 +2300,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "53-requests", + "bom-ref": "54-requests", "name": "requests", "version": "2.31.0", "supplier": { @@ -2309,13 +2348,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "54-certifi", + "bom-ref": "55-certifi", "name": "certifi", "version": "2024.2.2", "supplier": { @@ -2351,13 +2390,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "55-charset-normalizer", + "bom-ref": "56-charset-normalizer", "name": "charset-normalizer", "version": "3.3.2", "supplier": { @@ -2399,13 +2438,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "56-urllib3", + "bom-ref": "57-urllib3", "name": "urllib3", "version": "2.2.1", "supplier": { @@ -2433,13 +2472,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "57-rich", + "bom-ref": "58-rich", "name": "rich", "version": "13.7.1", "supplier": { @@ -2475,13 +2514,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "58-markdown-it-py", + "bom-ref": "59-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2515,13 +2554,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "59-mdurl", + "bom-ref": "60-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2555,15 +2594,15 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "60-pygments", + "bom-ref": "61-pygments", "name": "pygments", - "version": "2.17.2", + "version": "2.18.0", "supplier": { "name": "Georg Brandl", "contact": [ @@ -2572,14 +2611,8 @@ } ] }, - "cpe": "cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*", "description": "Pygments is a syntax highlighting package written in Python.", - "hashes": [ - { - "alg": "SHA-1", - "content": "ee30ce132ae252bd72f3a74c86d9314a2214d0b4" - } - ], "licenses": [ { "license": { @@ -2590,12 +2623,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.17.2", + "url": "https://pypi.org/project/Pygments/2.18.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pygments@2.17.2", + "purl": "pkg:pypi/pygments@2.18.0", "properties": [ { "name": "language", @@ -2603,13 +2636,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "61-rpmfile", + "bom-ref": "62-rpmfile", "name": "rpmfile", "version": "2.0.0", "supplier": { @@ -2645,15 +2678,15 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "62-xmlschema", + "bom-ref": "63-xmlschema", "name": "xmlschema", - "version": "3.2.1", + "version": "3.3.1", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2662,7 +2695,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.2.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -2674,12 +2707,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/xmlschema/3.2.1", + "url": "https://pypi.org/project/xmlschema/3.3.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.2.1", + "purl": "pkg:pypi/xmlschema@3.3.1", "properties": [ { "name": "language", @@ -2687,13 +2720,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "63-elementpath", + "bom-ref": "64-elementpath", "name": "elementpath", "version": "4.4.0", "supplier": { @@ -2729,13 +2762,13 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] }, { "type": "library", - "bom-ref": "64-zstandard", + "bom-ref": "65-zstandard", "name": "zstandard", "version": "0.22.0", "supplier": { @@ -2777,7 +2810,7 @@ }, { "name": "python_version", - "value": "3.11.8" + "value": "3.11.9" } ] } @@ -2799,20 +2832,20 @@ "13-distro", "14-filetype", "15-gsutil", - "39-jinja2", - "41-jsonschema", - "45-lib4sbom", - "48-packageurl-python", - "49-packaging", - "50-plotly", - "52-python-gnupg", - "46-pyyaml", - "53-requests", - "57-rich", - "61-rpmfile", - "56-urllib3", - "62-xmlschema", - "64-zstandard" + "40-jinja2", + "42-jsonschema", + "46-lib4sbom", + "49-packageurl-python", + "50-packaging", + "51-plotly", + "53-python-gnupg", + "47-pyyaml", + "54-requests", + "58-rich", + "62-rpmfile", + "57-urllib3", + "63-xmlschema", + "65-zstandard" ] }, { @@ -2851,173 +2884,184 @@ "17-crcmod", "18-fasteners", "19-gcs-oauth2-boto-plugin", - "35-google-apitools", - "36-google-auth", - "21-google-reauth", - "24-httplib2", - "38-monotonic", - "30-pyopenssl", - "34-retry-decorator", - "23-six" + "38-google-apitools", + "21-google-auth", + "27-google-auth-httplib2", + "30-google-reauth", + "28-httplib2", + "39-monotonic", + "33-pyopenssl", + "37-retry-decorator", + "26-six" ] }, { "ref": "19-gcs-oauth2-boto-plugin", "dependsOn": [ "20-boto", - "21-google-reauth", - "24-httplib2", - "26-oauth2client", - "30-pyopenssl", - "34-retry-decorator", - "29-rsa", - "23-six" + "21-google-auth", + "27-google-auth-httplib2", + "30-google-reauth", + "28-httplib2", + "32-oauth2client", + "33-pyopenssl", + "37-retry-decorator", + "25-rsa", + "26-six" ] }, { - "ref": "21-google-reauth", + "ref": "21-google-auth", "dependsOn": [ - "22-pyu2f" + "22-cachetools", + "23-pyasn1-modules", + "25-rsa", + "26-six" ] }, { - "ref": "22-pyu2f", + "ref": "23-pyasn1-modules", "dependsOn": [ - "23-six" + "24-pyasn1" ] }, { - "ref": "24-httplib2", + "ref": "25-rsa", "dependsOn": [ - "25-pyparsing" + "24-pyasn1" ] }, { - "ref": "26-oauth2client", + "ref": "27-google-auth-httplib2", "dependsOn": [ - "24-httplib2", - "27-pyasn1", - "28-pyasn1-modules", - "29-rsa", - "23-six" + "21-google-auth", + "28-httplib2" ] }, { - "ref": "28-pyasn1-modules", + "ref": "28-httplib2", "dependsOn": [ - "27-pyasn1" + "29-pyparsing" ] }, { - "ref": "29-rsa", + "ref": "30-google-reauth", "dependsOn": [ - "27-pyasn1" + "31-pyu2f" ] }, { - "ref": "30-pyopenssl", + "ref": "31-pyu2f", "dependsOn": [ - "31-cryptography" + "26-six" ] }, { - "ref": "31-cryptography", + "ref": "32-oauth2client", "dependsOn": [ - "32-cffi" + "28-httplib2", + "24-pyasn1", + "23-pyasn1-modules", + "25-rsa", + "26-six" ] }, { - "ref": "32-cffi", + "ref": "33-pyopenssl", "dependsOn": [ - "33-pycparser" + "34-cryptography" ] }, { - "ref": "35-google-apitools", + "ref": "34-cryptography", "dependsOn": [ - "18-fasteners", - "24-httplib2", - "26-oauth2client", - "23-six" + "35-cffi" + ] + }, + { + "ref": "35-cffi", + "dependsOn": [ + "36-pycparser" ] }, { - "ref": "36-google-auth", + "ref": "38-google-apitools", "dependsOn": [ - "37-cachetools", - "28-pyasn1-modules", - "29-rsa" + "18-fasteners", + "28-httplib2", + "32-oauth2client", + "26-six" ] }, { - "ref": "39-jinja2", + "ref": "40-jinja2", "dependsOn": [ - "40-markupsafe" + "41-markupsafe" ] }, { - "ref": "41-jsonschema", + "ref": "42-jsonschema", "dependsOn": [ "5-attrs", - "42-jsonschema-specifications", - "43-referencing", - "44-rpds-py" + "43-jsonschema-specifications", + "44-referencing", + "45-rpds-py" ] }, { - "ref": "42-jsonschema-specifications", + "ref": "43-jsonschema-specifications", "dependsOn": [ - "43-referencing" + "44-referencing" ] }, { - "ref": "43-referencing", + "ref": "44-referencing", "dependsOn": [ "5-attrs", - "44-rpds-py" + "45-rpds-py" ] }, { - "ref": "45-lib4sbom", + "ref": "46-lib4sbom", "dependsOn": [ "12-defusedxml", - "46-pyyaml", - "47-semantic-version" + "47-pyyaml", + "48-semantic-version" ] }, { - "ref": "50-plotly", + "ref": "51-plotly", "dependsOn": [ - "49-packaging", - "51-tenacity" + "50-packaging", + "52-tenacity" ] }, { - "ref": "53-requests", + "ref": "54-requests", "dependsOn": [ - "54-certifi", - "55-charset-normalizer", + "55-certifi", + "56-charset-normalizer", "8-idna", - "56-urllib3" + "57-urllib3" ] }, { - "ref": "57-rich", + "ref": "58-rich", "dependsOn": [ - "58-markdown-it-py", - "60-pygments" + "59-markdown-it-py", + "61-pygments" ] }, { - "ref": "58-markdown-it-py", + "ref": "59-markdown-it-py", "dependsOn": [ - "59-mdurl" + "60-mdurl" ] }, { - "ref": "62-xmlschema", + "ref": "63-xmlschema", "dependsOn": [ - "63-elementpath" + "64-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index 6201d6caa4..cae32a536e 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,42 +2,41 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c8a466e0-680c-4304-bf01-8356b7d2d654 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-955978f6-8abe-4894-a787-b8e0b16a0b30 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.10.4 -Created: 2024-04-08T00:26:04Z +Created: 2024-05-13T00:27:14Z CreatorComment: This document has been automatically generated. ##### PackageName: cve-bin-tool SPDXID: SPDXRef-Package-1-cve-bin-tool -PackageVersion: 3.3rc2 +PackageVersion: 3.3.1.dev0 PrimaryPackagePurpose: APPLICATION PackageSupplier: Person: Terri Oda (terri.oda@intel.com) -PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3rc2 +PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3.1.dev0 FilesAnalyzed: false -PackageChecksum: SHA1: c491590aeea36235930d1c6b8480d2489a470ece PackageLicenseDeclared: GPL-3.0-or-later PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION PackageSummary: CVE Binary Checker Tool -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.3rc2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.3.1.dev0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:*:*:*:*:* ##### PackageName: aiohttp SPDXID: SPDXRef-Package-2-aiohttp -PackageVersion: 3.9.3 +PackageVersion: 3.9.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.3 +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.5 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.3 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.5 ##### PackageName: aiosignal @@ -120,17 +119,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*: PackageName: idna SPDXID: SPDXRef-Package-8-idna -PackageVersion: 3.6 +PackageVersion: 3.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) -PackageDownloadLocation: https://pypi.org/project/idna/3.6 +PackageDownloadLocation: https://pypi.org/project/idna/3.7 FilesAnalyzed: false +PackageChecksum: SHA1: 1d365e17e10d72d0b7876316fc7b9ca0eebdd38d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Internationalized Domain Names in Applications (IDNA) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.6 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.7 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 @@ -167,19 +167,19 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:* PackageName: cvss SPDXID: SPDXRef-Package-11-cvss -PackageVersion: 3.0 +PackageVersion: 3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) -PackageDownloadLocation: https://pypi.org/project/cvss/3.0 +PackageDownloadLocation: https://pypi.org/project/cvss/3.1 FilesAnalyzed: false -PackageChecksum: SHA1: c637e63a16b7411c6135b5ae8bb5408d06d89b41 +PackageChecksum: SHA1: e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3 -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:* ##### PackageName: defusedxml @@ -233,34 +233,35 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: PackageName: gsutil SPDXID: SPDXRef-Package-15-gsutil -PackageVersion: 5.27 +PackageVersion: 5.29 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.27 +PackageDownloadLocation: https://pypi.org/project/gsutil/5.29 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.27 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.29 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.29:*:*:*:*:*:*:* ##### PackageName: argcomplete SPDXID: SPDXRef-Package-16-argcomplete -PackageVersion: 3.2.3 +PackageVersion: 3.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageDownloadLocation: https://pypi.org/project/argcomplete/3.2.3 +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.3.0 FilesAnalyzed: false +PackageChecksum: SHA1: c7cc834df1fddcf94bd35b740fef7c7ab8e9c350 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.2.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:* ##### PackageName: crcmod @@ -296,18 +297,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:* PackageName: gcs-oauth2-boto-plugin SPDXID: SPDXRef-Package-19-gcs-oauth2-boto-plugin -PackageVersion: 3.0 +PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) -PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.0 +PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:* ##### PackageName: boto @@ -326,42 +327,88 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* ##### -PackageName: google-reauth -SPDXID: SPDXRef-Package-21-google-reauth -PackageVersion: 0.1.1 +PackageName: google-auth +SPDXID: SPDXRef-Package-21-google-auth +PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google (googleapis-publisher@google.com) -PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0 FilesAnalyzed: false -PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b +PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Google Reauth Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* +PackageSummary: Google Authentication Library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* ##### -PackageName: pyu2f -SPDXID: SPDXRef-Package-22-pyu2f -PackageVersion: 0.1.5 +PackageName: cachetools +SPDXID: SPDXRef-Package-22-cachetools +PackageVersion: 5.3.3 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) -PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 +PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) +PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.3 +FilesAnalyzed: false +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Extensible memoizing collections and decorators +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:* +##### + +PackageName: pyasn1-modules +SPDXID: SPDXRef-Package-23-pyasn1-modules +PackageVersion: 0.4.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 FilesAnalyzed: false -PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A collection of ASN.1-based protocols modules +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:* +##### + +PackageName: pyasn1 +SPDXID: SPDXRef-Package-24-pyasn1 +PackageVersion: 0.6.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0 +FilesAnalyzed: false +PackageLicenseDeclared: BSD-2-Clause +PackageLicenseConcluded: BSD-2-Clause +PackageCopyrightText: NOASSERTION +PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:* +##### + +PackageName: rsa +SPDXID: SPDXRef-Package-25-rsa +PackageVersion: 4.7.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) +PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 +FilesAnalyzed: false +PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: U2F host library for interacting with a U2F device over USB. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* +PackageSummary: Pure-Python RSA implementation +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-Package-23-six +SPDXID: SPDXRef-Package-26-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -376,8 +423,24 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:* ##### +PackageName: google-auth-httplib2 +SPDXID: SPDXRef-Package-27-google-auth-httplib2 +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0 +FilesAnalyzed: false +PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* +##### + PackageName: httplib2 -SPDXID: SPDXRef-Package-24-httplib2 +SPDXID: SPDXRef-Package-28-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -393,7 +456,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-Package-25-pyparsing +SPDXID: SPDXRef-Package-29-pyparsing PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) @@ -408,73 +471,59 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:* ##### -PackageName: oauth2client -SPDXID: SPDXRef-Package-26-oauth2client -PackageVersion: 4.1.3 +PackageName: google-reauth +SPDXID: SPDXRef-Package-30-google-reauth +PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) -PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 +PackageSupplier: Person: Google (googleapis-publisher@google.com) +PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 FilesAnalyzed: false -PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 +PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: OAuth 2.0 client library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* -##### - -PackageName: pyasn1 -SPDXID: SPDXRef-Package-27-pyasn1 -PackageVersion: 0.6.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0 -FilesAnalyzed: false -PackageLicenseDeclared: BSD-2-Clause -PackageLicenseConcluded: BSD-2-Clause +PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:* +PackageSummary: Google Reauth Library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* ##### -PackageName: pyasn1-modules -SPDXID: SPDXRef-Package-28-pyasn1-modules -PackageVersion: 0.4.0 +PackageName: pyu2f +SPDXID: SPDXRef-Package-31-pyu2f +PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 +PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) +PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 FilesAnalyzed: false +PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: A collection of ASN.1-based protocols modules -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:* +PackageSummary: U2F host library for interacting with a U2F device over USB. +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### -PackageName: rsa -SPDXID: SPDXRef-Package-29-rsa -PackageVersion: 4.7.2 +PackageName: oauth2client +SPDXID: SPDXRef-Package-32-oauth2client +PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) -PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 +PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) +PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 FilesAnalyzed: false -PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa +PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python RSA implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* +PackageSummary: OAuth 2.0 client library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-Package-30-pyopenssl +SPDXID: SPDXRef-Package-33-pyopenssl PackageVersion: 24.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) @@ -491,22 +540,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. ##### PackageName: cryptography -SPDXID: SPDXRef-Package-31-cryptography -PackageVersion: 42.0.5 +SPDXID: SPDXRef-Package-34-cryptography +PackageVersion: 42.0.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.5 +PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.7 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.7 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:* ##### PackageName: cffi -SPDXID: SPDXRef-Package-32-cffi +SPDXID: SPDXRef-Package-35-cffi PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) @@ -522,12 +571,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:* ##### PackageName: pycparser -SPDXID: SPDXRef-Package-33-pycparser +SPDXID: SPDXRef-Package-36-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) PackageDownloadLocation: https://pypi.org/project/pycparser/2.22 FilesAnalyzed: false +PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2 PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION @@ -537,7 +587,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-Package-34-retry-decorator +SPDXID: SPDXRef-Package-37-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) @@ -553,7 +603,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-Package-35-google-apitools +SPDXID: SPDXRef-Package-38-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -569,39 +619,8 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:* ##### -PackageName: google-auth -SPDXID: SPDXRef-Package-36-google-auth -PackageVersion: 2.29.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.29.0 -FilesAnalyzed: false -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.29.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:* -##### - -PackageName: cachetools -SPDXID: SPDXRef-Package-37-cachetools -PackageVersion: 5.3.3 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.3 -FilesAnalyzed: false -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: Extensible memoizing collections and decorators -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:* -##### - PackageName: monotonic -SPDXID: SPDXRef-Package-38-monotonic +SPDXID: SPDXRef-Package-39-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -618,28 +637,26 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-39-jinja2 -PackageVersion: 3.1.3 +SPDXID: SPDXRef-Package-40-jinja2 +PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.3 +PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.4 FilesAnalyzed: false -PackageChecksum: SHA1: d9de4bb215fd1cc8092a410fb834c7c4060b1fc1 -PackageLicenseDeclared: BSD-3-Clause -PackageLicenseConcluded: BSD-3-Clause +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A very fast and expressive template engine. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.3 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-40-markupsafe +SPDXID: SPDXRef-Package-41-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.5 FilesAnalyzed: false -PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65 PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION @@ -648,22 +665,22 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-41-jsonschema -PackageVersion: 4.21.1 +SPDXID: SPDXRef-Package-42-jsonschema +PackageVersion: 4.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema/4.21.1 +PackageDownloadLocation: https://pypi.org/project/jsonschema/4.22.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.21.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.22.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:* ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-Package-42-jsonschema-specifications +SPDXID: SPDXRef-Package-43-jsonschema-specifications PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -679,52 +696,53 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification ##### PackageName: referencing -SPDXID: SPDXRef-Package-43-referencing -PackageVersion: 0.34.0 +SPDXID: SPDXRef-Package-44-referencing +PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/referencing/0.34.0 +PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.34.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-Package-44-rpds-py -PackageVersion: 0.18.0 +SPDXID: SPDXRef-Package-45-rpds-py +PackageVersion: 0.18.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.18.0 +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.18.1 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.18.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.18.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.1:*:*:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-45-lib4sbom -PackageVersion: 0.7.0 +SPDXID: SPDXRef-Package-46-lib4sbom +PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.0 +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.1 FilesAnalyzed: false +PackageChecksum: SHA1: 4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:* ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-46-pyyaml +SPDXID: SPDXRef-Package-47-pyyaml PackageVersion: 6.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) @@ -740,7 +758,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-47-semantic-version +SPDXID: SPDXRef-Package-48-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -757,7 +775,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: packageurl-python -SPDXID: SPDXRef-Package-48-packageurl-python +SPDXID: SPDXRef-Package-49-packageurl-python PackageVersion: 0.15.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -773,7 +791,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: packaging -SPDXID: SPDXRef-Package-49-packaging +SPDXID: SPDXRef-Package-50-packaging PackageVersion: 24.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -788,40 +806,38 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-Package-50-plotly -PackageVersion: 5.20.0 +SPDXID: SPDXRef-Package-51-plotly +PackageVersion: 5.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) -PackageDownloadLocation: https://pypi.org/project/plotly/5.20.0 +PackageDownloadLocation: https://pypi.org/project/plotly/5.22.0 FilesAnalyzed: false -PackageChecksum: SHA1: 9335a34ca77399a597a72420f73e947217d3d410 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.20.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.22.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-51-tenacity -PackageVersion: 8.2.3 +SPDXID: SPDXRef-Package-52-tenacity +PackageVersion: 8.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.3 +PackageDownloadLocation: https://pypi.org/project/tenacity/8.3.0 FilesAnalyzed: false -PackageChecksum: SHA1: 41ed2420cda8ab7650a39900451099f4730266c3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.2.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.3.0:*:*:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-52-python-gnupg +SPDXID: SPDXRef-Package-53-python-gnupg PackageVersion: 0.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -838,7 +854,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-53-requests +SPDXID: SPDXRef-Package-54-requests PackageVersion: 2.31.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -855,7 +871,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-54-certifi +SPDXID: SPDXRef-Package-55-certifi PackageVersion: 2024.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -870,7 +886,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.2.2:*:*:*:* ##### PackageName: charset-normalizer -SPDXID: SPDXRef-Package-55-charset-normalizer +SPDXID: SPDXRef-Package-56-charset-normalizer PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) @@ -886,7 +902,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:* ##### PackageName: urllib3 -SPDXID: SPDXRef-Package-56-urllib3 +SPDXID: SPDXRef-Package-57-urllib3 PackageVersion: 2.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) @@ -901,7 +917,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.1:*:*:*:*:*: ##### PackageName: rich -SPDXID: SPDXRef-Package-57-rich +SPDXID: SPDXRef-Package-58-rich PackageVersion: 13.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -916,7 +932,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-58-markdown-it-py +SPDXID: SPDXRef-Package-59-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -932,7 +948,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-59-mdurl +SPDXID: SPDXRef-Package-60-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -948,23 +964,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-60-pygments -PackageVersion: 2.17.2 +SPDXID: SPDXRef-Package-61-pygments +PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.17.2 +PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0 FilesAnalyzed: false -PackageChecksum: SHA1: ee30ce132ae252bd72f3a74c86d9314a2214d0b4 PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.17.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:* ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-61-rpmfile +SPDXID: SPDXRef-Package-62-rpmfile PackageVersion: 2.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -979,22 +994,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:* ##### PackageName: xmlschema -SPDXID: SPDXRef-Package-62-xmlschema -PackageVersion: 3.2.1 +SPDXID: SPDXRef-Package-63-xmlschema +PackageVersion: 3.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.2.1 +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.1 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.2.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.2.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-63-elementpath +SPDXID: SPDXRef-Package-64-elementpath PackageVersion: 4.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1009,7 +1024,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-64-zstandard +SPDXID: SPDXRef-Package-65-zstandard PackageVersion: 0.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1032,88 +1047,94 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-distr Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-filetype Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-39-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-packageurl-python -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-zstandard +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-40-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-packageurl-python +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-urllib3 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-zstandard Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-9-beautifulsoup4 Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-16-argcomplete Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-17-crcmod Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-18-fasteners Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-19-gcs-oauth2-boto-plugin -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-21-google-reauth -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-23-six -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-24-httplib2 -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-30-pyopenssl -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-34-retry-decorator -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-35-google-apitools -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-36-google-auth -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-38-monotonic +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-21-google-auth +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-26-six +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-27-google-auth-httplib2 +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-28-httplib2 +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-30-google-reauth +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-33-pyopenssl +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-37-retry-decorator +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-38-google-apitools +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-39-monotonic Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-20-boto -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-google-reauth -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-23-six -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-24-httplib2 -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-oauth2client -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-rsa -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-pyopenssl -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-retry-decorator +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-google-auth +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-25-rsa +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-six +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-google-auth-httplib2 +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-httplib2 +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-google-reauth +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-32-oauth2client +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-pyopenssl +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-37-retry-decorator Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-attrs Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-multidict Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-yarl -Relationship: SPDXRef-Package-21-google-reauth DEPENDS_ON SPDXRef-Package-22-pyu2f -Relationship: SPDXRef-Package-22-pyu2f DEPENDS_ON SPDXRef-Package-23-six -Relationship: SPDXRef-Package-24-httplib2 DEPENDS_ON SPDXRef-Package-25-pyparsing -Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-23-six -Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-24-httplib2 -Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-27-pyasn1 -Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-28-pyasn1-modules -Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-29-rsa -Relationship: SPDXRef-Package-28-pyasn1-modules DEPENDS_ON SPDXRef-Package-27-pyasn1 -Relationship: SPDXRef-Package-29-rsa DEPENDS_ON SPDXRef-Package-27-pyasn1 +Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-22-cachetools +Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-23-pyasn1-modules +Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-25-rsa +Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-26-six +Relationship: SPDXRef-Package-23-pyasn1-modules DEPENDS_ON SPDXRef-Package-24-pyasn1 +Relationship: SPDXRef-Package-25-rsa DEPENDS_ON SPDXRef-Package-24-pyasn1 +Relationship: SPDXRef-Package-27-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-21-google-auth +Relationship: SPDXRef-Package-27-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-28-httplib2 +Relationship: SPDXRef-Package-28-httplib2 DEPENDS_ON SPDXRef-Package-29-pyparsing Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-30-pyopenssl DEPENDS_ON SPDXRef-Package-31-cryptography -Relationship: SPDXRef-Package-31-cryptography DEPENDS_ON SPDXRef-Package-32-cffi -Relationship: SPDXRef-Package-32-cffi DEPENDS_ON SPDXRef-Package-33-pycparser -Relationship: SPDXRef-Package-35-google-apitools DEPENDS_ON SPDXRef-Package-18-fasteners -Relationship: SPDXRef-Package-35-google-apitools DEPENDS_ON SPDXRef-Package-23-six -Relationship: SPDXRef-Package-35-google-apitools DEPENDS_ON SPDXRef-Package-24-httplib2 -Relationship: SPDXRef-Package-35-google-apitools DEPENDS_ON SPDXRef-Package-26-oauth2client -Relationship: SPDXRef-Package-36-google-auth DEPENDS_ON SPDXRef-Package-28-pyasn1-modules -Relationship: SPDXRef-Package-36-google-auth DEPENDS_ON SPDXRef-Package-29-rsa -Relationship: SPDXRef-Package-36-google-auth DEPENDS_ON SPDXRef-Package-37-cachetools -Relationship: SPDXRef-Package-39-jinja2 DEPENDS_ON SPDXRef-Package-40-markupsafe -Relationship: SPDXRef-Package-41-jsonschema DEPENDS_ON SPDXRef-Package-42-jsonschema-specifications -Relationship: SPDXRef-Package-41-jsonschema DEPENDS_ON SPDXRef-Package-43-referencing -Relationship: SPDXRef-Package-41-jsonschema DEPENDS_ON SPDXRef-Package-44-rpds-py -Relationship: SPDXRef-Package-41-jsonschema DEPENDS_ON SPDXRef-Package-5-attrs -Relationship: SPDXRef-Package-42-jsonschema-specifications DEPENDS_ON SPDXRef-Package-43-referencing -Relationship: SPDXRef-Package-43-referencing DEPENDS_ON SPDXRef-Package-44-rpds-py -Relationship: SPDXRef-Package-43-referencing DEPENDS_ON SPDXRef-Package-5-attrs -Relationship: SPDXRef-Package-45-lib4sbom DEPENDS_ON SPDXRef-Package-12-defusedxml -Relationship: SPDXRef-Package-45-lib4sbom DEPENDS_ON SPDXRef-Package-46-pyyaml -Relationship: SPDXRef-Package-45-lib4sbom DEPENDS_ON SPDXRef-Package-47-semantic-version -Relationship: SPDXRef-Package-50-plotly DEPENDS_ON SPDXRef-Package-49-packaging -Relationship: SPDXRef-Package-50-plotly DEPENDS_ON SPDXRef-Package-51-tenacity -Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-54-certifi -Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-55-charset-normalizer -Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-56-urllib3 -Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-8-idna -Relationship: SPDXRef-Package-57-rich DEPENDS_ON SPDXRef-Package-58-markdown-it-py -Relationship: SPDXRef-Package-57-rich DEPENDS_ON SPDXRef-Package-60-pygments -Relationship: SPDXRef-Package-58-markdown-it-py DEPENDS_ON SPDXRef-Package-59-mdurl -Relationship: SPDXRef-Package-62-xmlschema DEPENDS_ON SPDXRef-Package-63-elementpath +Relationship: SPDXRef-Package-30-google-reauth DEPENDS_ON SPDXRef-Package-31-pyu2f +Relationship: SPDXRef-Package-31-pyu2f DEPENDS_ON SPDXRef-Package-26-six +Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-23-pyasn1-modules +Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-24-pyasn1 +Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-25-rsa +Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-26-six +Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-28-httplib2 +Relationship: SPDXRef-Package-33-pyopenssl DEPENDS_ON SPDXRef-Package-34-cryptography +Relationship: SPDXRef-Package-34-cryptography DEPENDS_ON SPDXRef-Package-35-cffi +Relationship: SPDXRef-Package-35-cffi DEPENDS_ON SPDXRef-Package-36-pycparser +Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-18-fasteners +Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-26-six +Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-28-httplib2 +Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-32-oauth2client +Relationship: SPDXRef-Package-40-jinja2 DEPENDS_ON SPDXRef-Package-41-markupsafe +Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-43-jsonschema-specifications +Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-44-referencing +Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-45-rpds-py +Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-5-attrs +Relationship: SPDXRef-Package-43-jsonschema-specifications DEPENDS_ON SPDXRef-Package-44-referencing +Relationship: SPDXRef-Package-44-referencing DEPENDS_ON SPDXRef-Package-45-rpds-py +Relationship: SPDXRef-Package-44-referencing DEPENDS_ON SPDXRef-Package-5-attrs +Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-12-defusedxml +Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-47-pyyaml +Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-48-semantic-version +Relationship: SPDXRef-Package-51-plotly DEPENDS_ON SPDXRef-Package-50-packaging +Relationship: SPDXRef-Package-51-plotly DEPENDS_ON SPDXRef-Package-52-tenacity +Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-55-certifi +Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-56-charset-normalizer +Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-57-urllib3 +Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-8-idna +Relationship: SPDXRef-Package-58-rich DEPENDS_ON SPDXRef-Package-59-markdown-it-py +Relationship: SPDXRef-Package-58-rich DEPENDS_ON SPDXRef-Package-61-pygments +Relationship: SPDXRef-Package-59-markdown-it-py DEPENDS_ON SPDXRef-Package-60-mdurl +Relationship: SPDXRef-Package-63-xmlschema DEPENDS_ON SPDXRef-Package-64-elementpath Relationship: SPDXRef-Package-7-yarl DEPENDS_ON SPDXRef-Package-6-multidict Relationship: SPDXRef-Package-7-yarl DEPENDS_ON SPDXRef-Package-8-idna Relationship: SPDXRef-Package-9-beautifulsoup4 DEPENDS_ON SPDXRef-Package-10-soupsieve diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index 0cb6dc20ab..ac4acfe779 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -1,11 +1,11 @@ { - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.5", - "serialNumber": "urn:uuid:f6992a7b-132d-412c-9441-05c8df1f6129", + "specVersion": "1.6", + "serialNumber": "urn:uuid:647cf345-f92b-4004-8628-0aa7151539eb", "version": 1, "metadata": { - "timestamp": "2024-04-08T00:27:35Z", + "timestamp": "2024-05-13T00:28:45Z", "tools": { "components": [ { @@ -26,7 +26,7 @@ "type": "application", "bom-ref": "1-cve-bin-tool", "name": "cve-bin-tool", - "version": "3.3rc2", + "version": "3.3.1.dev0", "supplier": { "name": "Terri Oda", "contact": [ @@ -35,14 +35,8 @@ } ] }, - "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:*:*:*:*:*", "description": "CVE Binary Checker Tool", - "hashes": [ - { - "alg": "SHA-1", - "content": "c491590aeea36235930d1c6b8480d2489a470ece" - } - ], "licenses": [ { "license": { @@ -53,12 +47,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cve-bin-tool/3.3rc2", + "url": "https://pypi.org/project/cve-bin-tool/3.3.1.dev0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cve-bin-tool@3.3rc2", + "purl": "pkg:pypi/cve-bin-tool@3.3.1.dev0", "properties": [ { "name": "language", @@ -66,7 +60,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -74,7 +68,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.9.3", + "version": "3.9.5", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -86,12 +80,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/aiohttp/3.9.3", + "url": "https://pypi.org/project/aiohttp/3.9.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.9.3", + "purl": "pkg:pypi/aiohttp@3.9.5", "properties": [ { "name": "language", @@ -99,7 +93,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -137,7 +131,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -170,7 +164,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -204,7 +198,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -252,7 +246,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -300,7 +294,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -308,7 +302,7 @@ "type": "library", "bom-ref": "8-idna", "name": "idna", - "version": "3.6", + "version": "3.7", "supplier": { "name": "Kim Davies", "contact": [ @@ -317,16 +311,22 @@ } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:*", "description": "Internationalized Domain Names in Applications (IDNA)", + "hashes": [ + { + "alg": "SHA-1", + "content": "1d365e17e10d72d0b7876316fc7b9ca0eebdd38d" + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/idna/3.6", + "url": "https://pypi.org/project/idna/3.7", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/idna@3.6", + "purl": "pkg:pypi/idna@3.7", "properties": [ { "name": "language", @@ -334,7 +334,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -376,7 +376,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -416,7 +416,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -424,7 +424,7 @@ "type": "library", "bom-ref": "11-cvss", "name": "cvss", - "version": "3.0", + "version": "3.1", "supplier": { "name": "Stanislav Red Hat Product Security", "contact": [ @@ -433,12 +433,12 @@ } ] }, - "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", "hashes": [ { "alg": "SHA-1", - "content": "c637e63a16b7411c6135b5ae8bb5408d06d89b41" + "content": "e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475" } ], "licenses": [ @@ -451,12 +451,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cvss/3.0", + "url": "https://pypi.org/project/cvss/3.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cvss@3.0", + "purl": "pkg:pypi/cvss@3.1", "properties": [ { "name": "language", @@ -464,7 +464,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -512,7 +512,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -554,7 +554,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -602,7 +602,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -610,7 +610,7 @@ "type": "library", "bom-ref": "15-gsutil", "name": "gsutil", - "version": "5.27", + "version": "5.29", "supplier": { "name": "Google Inc .", "contact": [ @@ -619,7 +619,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.29:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -631,12 +631,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gsutil/5.27", + "url": "https://pypi.org/project/gsutil/5.29", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.27", + "purl": "pkg:pypi/gsutil@5.29", "properties": [ { "name": "language", @@ -644,7 +644,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -652,7 +652,7 @@ "type": "library", "bom-ref": "16-argcomplete", "name": "argcomplete", - "version": "3.2.3", + "version": "3.3.0", "supplier": { "name": "Andrey Kislyuk", "contact": [ @@ -661,8 +661,14 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:*", "description": "Bash tab completion for argparse", + "hashes": [ + { + "alg": "SHA-1", + "content": "c7cc834df1fddcf94bd35b740fef7c7ab8e9c350" + } + ], "licenses": [ { "license": { @@ -673,12 +679,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/argcomplete/3.2.3", + "url": "https://pypi.org/project/argcomplete/3.3.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/argcomplete@3.2.3", + "purl": "pkg:pypi/argcomplete@3.3.0", "properties": [ { "name": "language", @@ -686,7 +692,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -728,7 +734,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -771,7 +777,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -779,7 +785,7 @@ "type": "library", "bom-ref": "19-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", - "version": "3.0", + "version": "3.2", "supplier": { "name": "Google Inc .", "contact": [ @@ -788,7 +794,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*", "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.", "licenses": [ { @@ -800,12 +806,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.0", + "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.0", + "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2", "properties": [ { "name": "language", @@ -813,7 +819,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, @@ -861,29 +867,29 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "21-google-reauth", - "name": "google-reauth", - "version": "0.1.1", + "bom-ref": "21-google-auth", + "name": "google-auth", + "version": "2.17.0", "supplier": { - "name": "Google", + "name": "Google Cloud Platform", "contact": [ { - "email": "googleapis-publisher@google.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", - "description": "Google Reauth Library", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library", "hashes": [ { "alg": "SHA-1", - "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" + "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243" } ], "licenses": [ @@ -896,12 +902,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/google-reauth/0.1.1", + "url": "https://pypi.org/project/google-auth/2.17.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-reauth@0.1.1", + "purl": "pkg:pypi/google-auth@2.17.0", "properties": [ { "name": "language", @@ -909,29 +915,155 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "22-pyu2f", - "name": "pyu2f", - "version": "0.1.5", + "bom-ref": "22-cachetools", + "name": "cachetools", + "version": "5.3.3", "supplier": { - "name": "Google Inc .", + "name": "Thomas Kemmer", "contact": [ { - "email": "pyu2f-team@google.com" + "email": "tkemmer@computer.org" } ] }, - "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", - "description": "U2F host library for interacting with a U2F device over USB.", + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*", + "description": "Extensible memoizing collections and decorators", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/cachetools/5.3.3", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/cachetools@5.3.3", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.12.3" + } + ] + }, + { + "type": "library", + "bom-ref": "23-pyasn1-modules", + "name": "pyasn1-modules", + "version": "0.4.0", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*", + "description": "A collection of ASN.1-based protocols modules", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/pyasn1-modules@0.4.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.12.3" + } + ] + }, + { + "type": "library", + "bom-ref": "24-pyasn1", + "name": "pyasn1", + "version": "0.6.0", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*", + "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause", + "url": "https://opensource.org/licenses/BSD-2-Clause" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/pyasn1/0.6.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/pyasn1@0.6.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.12.3" + } + ] + }, + { + "type": "library", + "bom-ref": "25-rsa", + "name": "rsa", + "version": "4.7.2", + "supplier": { + "name": "Sybren A . Stuvel", + "contact": [ + { + "email": "sybren@stuvel.eu" + } + ] + }, + "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", + "description": "Pure-Python RSA implementation", "hashes": [ { "alg": "SHA-1", - "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" } ], "licenses": [ @@ -944,12 +1076,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyu2f/0.1.5", + "url": "https://pypi.org/project/rsa/4.7.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyu2f@0.1.5", + "purl": "pkg:pypi/rsa@4.7.2", "properties": [ { "name": "language", @@ -957,13 +1089,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "23-six", + "bom-ref": "26-six", "name": "six", "version": "1.16.0", "supplier": { @@ -1005,13 +1137,60 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "24-httplib2", + "bom-ref": "27-google-auth-httplib2", + "name": "google-auth-httplib2", + "version": "0.2.0", + "supplier": { + "name": "Google Cloud Platform", + "contact": [ + { + "email": "googleapis-packages@google.com" + } + ] + }, + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", + "hashes": [ + { + "alg": "SHA-1", + "content": "932ac88800dd6de004c1bd59867831ccf033f031" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/google-auth-httplib2/0.2.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/google-auth-httplib2@0.2.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.12.3" + } + ] + }, + { + "type": "library", + "bom-ref": "28-httplib2", "name": "httplib2", "version": "0.20.4", "supplier": { @@ -1053,13 +1232,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "25-pyparsing", + "bom-ref": "29-pyparsing", "name": "pyparsing", "version": "3.1.2", "supplier": { @@ -1093,29 +1272,29 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "26-oauth2client", - "name": "oauth2client", - "version": "4.1.3", + "bom-ref": "30-google-reauth", + "name": "google-reauth", + "version": "0.1.1", "supplier": { - "name": "Google Inc .", + "name": "Google", "contact": [ { - "email": "jonwayne+oauth2client@google.com" + "email": "googleapis-publisher@google.com" } ] }, - "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", - "description": "OAuth 2.0 client library", + "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", + "description": "Google Reauth Library", "hashes": [ { "alg": "SHA-1", - "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" + "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" } ], "licenses": [ @@ -1128,12 +1307,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/oauth2client/4.1.3", + "url": "https://pypi.org/project/google-reauth/0.1.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/oauth2client@4.1.3", + "purl": "pkg:pypi/google-reauth@0.1.1", "properties": [ { "name": "language", @@ -1141,83 +1320,47 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "27-pyasn1", - "name": "pyasn1", - "version": "0.6.0", + "bom-ref": "31-pyu2f", + "name": "pyu2f", + "version": "0.1.5", "supplier": { - "name": "Ilya Etingof", + "name": "Google Inc .", "contact": [ { - "email": "etingof@gmail.com" + "email": "pyu2f-team@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*", - "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", - "licenses": [ - { - "license": { - "id": "BSD-2-Clause", - "url": "https://opensource.org/licenses/BSD-2-Clause" - } - } - ], - "externalReferences": [ + "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", + "description": "U2F host library for interacting with a U2F device over USB.", + "hashes": [ { - "url": "https://pypi.org/project/pyasn1/0.6.0", - "type": "distribution", - "comment": "Download location for component" + "alg": "SHA-1", + "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" } ], - "purl": "pkg:pypi/pyasn1@0.6.0", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.12.2" - } - ] - }, - { - "type": "library", - "bom-ref": "28-pyasn1-modules", - "name": "pyasn1-modules", - "version": "0.4.0", - "supplier": { - "name": "Ilya Etingof", - "contact": [ - { - "email": "etingof@gmail.com" - } - ] - }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*", - "description": "A collection of ASN.1-based protocols modules", "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "url": "https://pypi.org/project/pyu2f/0.1.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1-modules@0.4.0", + "purl": "pkg:pypi/pyu2f@0.1.5", "properties": [ { "name": "language", @@ -1225,29 +1368,29 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "29-rsa", - "name": "rsa", - "version": "4.7.2", + "bom-ref": "32-oauth2client", + "name": "oauth2client", + "version": "4.1.3", "supplier": { - "name": "Sybren A . Stuvel", + "name": "Google Inc .", "contact": [ { - "email": "sybren@stuvel.eu" + "email": "jonwayne+oauth2client@google.com" } ] }, - "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", - "description": "Pure-Python RSA implementation", + "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", + "description": "OAuth 2.0 client library", "hashes": [ { "alg": "SHA-1", - "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" + "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" } ], "licenses": [ @@ -1260,12 +1403,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rsa/4.7.2", + "url": "https://pypi.org/project/oauth2client/4.1.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rsa@4.7.2", + "purl": "pkg:pypi/oauth2client@4.1.3", "properties": [ { "name": "language", @@ -1273,13 +1416,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "30-pyopenssl", + "bom-ref": "33-pyopenssl", "name": "pyopenssl", "version": "24.1.0", "supplier": { @@ -1321,15 +1464,15 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "31-cryptography", + "bom-ref": "34-cryptography", "name": "cryptography", - "version": "42.0.5", + "version": "42.0.7", "supplier": { "name": "The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1338,7 +1481,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1347,12 +1490,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cryptography/42.0.5", + "url": "https://pypi.org/project/cryptography/42.0.7", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@42.0.5", + "purl": "pkg:pypi/cryptography@42.0.7", "properties": [ { "name": "language", @@ -1360,13 +1503,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "32-cffi", + "bom-ref": "35-cffi", "name": "cffi", "version": "1.16.0", "supplier": { @@ -1408,13 +1551,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "33-pycparser", + "bom-ref": "36-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -1427,6 +1570,12 @@ }, "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*", "description": "C parser in Python", + "hashes": [ + { + "alg": "SHA-1", + "content": "129d32ef805d715d90a3b2035b13168c17ca63d2" + } + ], "licenses": [ { "license": { @@ -1450,13 +1599,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "34-retry-decorator", + "bom-ref": "37-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -1498,13 +1647,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "35-google-apitools", + "bom-ref": "38-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -1546,97 +1695,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "36-google-auth", - "name": "google-auth", - "version": "2.29.0", - "supplier": { - "name": "Google Cloud Platform", - "contact": [ - { - "email": "googleapis-packages@google.com" - } - ] - }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0" - } - } - ], - "externalReferences": [ - { - "url": "https://pypi.org/project/google-auth/2.29.0", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/google-auth@2.29.0", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.12.2" - } - ] - }, - { - "type": "library", - "bom-ref": "37-cachetools", - "name": "cachetools", - "version": "5.3.3", - "supplier": { - "name": "Thomas Kemmer", - "contact": [ - { - "email": "tkemmer@computer.org" - } - ] - }, - "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*", - "description": "Extensible memoizing collections and decorators", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" - } - } - ], - "externalReferences": [ - { - "url": "https://pypi.org/project/cachetools/5.3.3", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/cachetools@5.3.3", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.12.2" - } - ] - }, - { - "type": "library", - "bom-ref": "38-monotonic", + "bom-ref": "39-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1678,38 +1743,24 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "39-jinja2", + "bom-ref": "40-jinja2", "name": "jinja2", - "version": "3.1.3", + "version": "3.1.4", "description": "A very fast and expressive template engine.", - "hashes": [ - { - "alg": "SHA-1", - "content": "d9de4bb215fd1cc8092a410fb834c7c4060b1fc1" - } - ], - "licenses": [ - { - "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause" - } - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/Jinja2/3.1.3", + "url": "https://pypi.org/project/Jinja2/3.1.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jinja2@3.1.3", + "purl": "pkg:pypi/jinja2@3.1.4", "properties": [ { "name": "language", @@ -1717,22 +1768,16 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "40-markupsafe", + "bom-ref": "41-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", - "hashes": [ - { - "alg": "SHA-1", - "content": "fbba4acd0312826cec9cfe18371c7df07962cb65" - } - ], "licenses": [ { "license": { @@ -1756,19 +1801,19 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "41-jsonschema", + "bom-ref": "42-jsonschema", "name": "jsonschema", - "version": "4.21.1", + "version": "4.22.0", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", "licenses": [ { @@ -1780,12 +1825,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema/4.21.1", + "url": "https://pypi.org/project/jsonschema/4.22.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema@4.21.1", + "purl": "pkg:pypi/jsonschema@4.22.0", "properties": [ { "name": "language", @@ -1793,13 +1838,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "42-jsonschema-specifications", + "bom-ref": "43-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2023.12.1", "supplier": { @@ -1836,28 +1881,28 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "43-referencing", + "bom-ref": "44-referencing", "name": "referencing", - "version": "0.34.0", + "version": "0.35.1", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*", "description": "JSON Referencing + Python", "externalReferences": [ { - "url": "https://pypi.org/project/referencing/0.34.0", + "url": "https://pypi.org/project/referencing/0.35.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/referencing@0.34.0", + "purl": "pkg:pypi/referencing@0.35.1", "properties": [ { "name": "language", @@ -1865,19 +1910,19 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "44-rpds-py", + "bom-ref": "45-rpds-py", "name": "rpds-py", - "version": "0.18.0", + "version": "0.18.1", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.18.1:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", "licenses": [ { @@ -1889,12 +1934,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rpds-py/0.18.0", + "url": "https://pypi.org/project/rpds-py/0.18.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.18.0", + "purl": "pkg:pypi/rpds-py@0.18.1", "properties": [ { "name": "language", @@ -1902,15 +1947,15 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "45-lib4sbom", + "bom-ref": "46-lib4sbom", "name": "lib4sbom", - "version": "0.7.0", + "version": "0.7.1", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -1919,8 +1964,14 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", + "hashes": [ + { + "alg": "SHA-1", + "content": "4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4" + } + ], "licenses": [ { "license": { @@ -1931,12 +1982,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4sbom/0.7.0", + "url": "https://pypi.org/project/lib4sbom/0.7.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.7.0", + "purl": "pkg:pypi/lib4sbom@0.7.1", "properties": [ { "name": "language", @@ -1944,13 +1995,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "46-pyyaml", + "bom-ref": "47-pyyaml", "name": "pyyaml", "version": "6.0.1", "supplier": { @@ -1992,13 +2043,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "47-semantic-version", + "bom-ref": "48-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2040,13 +2091,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "48-packageurl-python", + "bom-ref": "49-packageurl-python", "name": "packageurl-python", "version": "0.15.0", "supplier": { @@ -2083,13 +2134,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "49-packaging", + "bom-ref": "50-packaging", "name": "packaging", "version": "24.0", "supplier": { @@ -2117,15 +2168,15 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "50-plotly", + "bom-ref": "51-plotly", "name": "plotly", - "version": "5.20.0", + "version": "5.22.0", "supplier": { "name": "Chris P", "contact": [ @@ -2134,14 +2185,8 @@ } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*", "description": "An open-source, interactive data visualization library for Python", - "hashes": [ - { - "alg": "SHA-1", - "content": "9335a34ca77399a597a72420f73e947217d3d410" - } - ], "licenses": [ { "license": { @@ -2152,12 +2197,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/plotly/5.20.0", + "url": "https://pypi.org/project/plotly/5.22.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/plotly@5.20.0", + "purl": "pkg:pypi/plotly@5.22.0", "properties": [ { "name": "language", @@ -2165,15 +2210,15 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "51-tenacity", + "bom-ref": "52-tenacity", "name": "tenacity", - "version": "8.2.3", + "version": "8.3.0", "supplier": { "name": "Julien Danjou", "contact": [ @@ -2182,14 +2227,8 @@ } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.3.0:*:*:*:*:*:*:*", "description": "Retry code until it succeeds", - "hashes": [ - { - "alg": "SHA-1", - "content": "41ed2420cda8ab7650a39900451099f4730266c3" - } - ], "licenses": [ { "license": { @@ -2200,12 +2239,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/tenacity/8.2.3", + "url": "https://pypi.org/project/tenacity/8.3.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/tenacity@8.2.3", + "purl": "pkg:pypi/tenacity@8.3.0", "properties": [ { "name": "language", @@ -2213,13 +2252,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "52-python-gnupg", + "bom-ref": "53-python-gnupg", "name": "python-gnupg", "version": "0.5.2", "supplier": { @@ -2261,13 +2300,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "53-requests", + "bom-ref": "54-requests", "name": "requests", "version": "2.31.0", "supplier": { @@ -2309,13 +2348,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "54-certifi", + "bom-ref": "55-certifi", "name": "certifi", "version": "2024.2.2", "supplier": { @@ -2351,13 +2390,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "55-charset-normalizer", + "bom-ref": "56-charset-normalizer", "name": "charset-normalizer", "version": "3.3.2", "supplier": { @@ -2399,13 +2438,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "56-urllib3", + "bom-ref": "57-urllib3", "name": "urllib3", "version": "2.2.1", "supplier": { @@ -2433,13 +2472,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "57-rich", + "bom-ref": "58-rich", "name": "rich", "version": "13.7.1", "supplier": { @@ -2475,13 +2514,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "58-markdown-it-py", + "bom-ref": "59-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2515,13 +2554,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "59-mdurl", + "bom-ref": "60-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2555,15 +2594,15 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "60-pygments", + "bom-ref": "61-pygments", "name": "pygments", - "version": "2.17.2", + "version": "2.18.0", "supplier": { "name": "Georg Brandl", "contact": [ @@ -2572,14 +2611,8 @@ } ] }, - "cpe": "cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*", "description": "Pygments is a syntax highlighting package written in Python.", - "hashes": [ - { - "alg": "SHA-1", - "content": "ee30ce132ae252bd72f3a74c86d9314a2214d0b4" - } - ], "licenses": [ { "license": { @@ -2590,12 +2623,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.17.2", + "url": "https://pypi.org/project/Pygments/2.18.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pygments@2.17.2", + "purl": "pkg:pypi/pygments@2.18.0", "properties": [ { "name": "language", @@ -2603,13 +2636,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "61-rpmfile", + "bom-ref": "62-rpmfile", "name": "rpmfile", "version": "2.0.0", "supplier": { @@ -2645,15 +2678,15 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "62-xmlschema", + "bom-ref": "63-xmlschema", "name": "xmlschema", - "version": "3.2.1", + "version": "3.3.1", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2662,7 +2695,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.2.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -2674,12 +2707,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/xmlschema/3.2.1", + "url": "https://pypi.org/project/xmlschema/3.3.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.2.1", + "purl": "pkg:pypi/xmlschema@3.3.1", "properties": [ { "name": "language", @@ -2687,13 +2720,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "63-elementpath", + "bom-ref": "64-elementpath", "name": "elementpath", "version": "4.4.0", "supplier": { @@ -2729,13 +2762,13 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] }, { "type": "library", - "bom-ref": "64-zstandard", + "bom-ref": "65-zstandard", "name": "zstandard", "version": "0.22.0", "supplier": { @@ -2777,7 +2810,7 @@ }, { "name": "python_version", - "value": "3.12.2" + "value": "3.12.3" } ] } @@ -2799,20 +2832,20 @@ "13-distro", "14-filetype", "15-gsutil", - "39-jinja2", - "41-jsonschema", - "45-lib4sbom", - "48-packageurl-python", - "49-packaging", - "50-plotly", - "52-python-gnupg", - "46-pyyaml", - "53-requests", - "57-rich", - "61-rpmfile", - "56-urllib3", - "62-xmlschema", - "64-zstandard" + "40-jinja2", + "42-jsonschema", + "46-lib4sbom", + "49-packageurl-python", + "50-packaging", + "51-plotly", + "53-python-gnupg", + "47-pyyaml", + "54-requests", + "58-rich", + "62-rpmfile", + "57-urllib3", + "63-xmlschema", + "65-zstandard" ] }, { @@ -2851,173 +2884,184 @@ "17-crcmod", "18-fasteners", "19-gcs-oauth2-boto-plugin", - "35-google-apitools", - "36-google-auth", - "21-google-reauth", - "24-httplib2", - "38-monotonic", - "30-pyopenssl", - "34-retry-decorator", - "23-six" + "38-google-apitools", + "21-google-auth", + "27-google-auth-httplib2", + "30-google-reauth", + "28-httplib2", + "39-monotonic", + "33-pyopenssl", + "37-retry-decorator", + "26-six" ] }, { "ref": "19-gcs-oauth2-boto-plugin", "dependsOn": [ "20-boto", - "21-google-reauth", - "24-httplib2", - "26-oauth2client", - "30-pyopenssl", - "34-retry-decorator", - "29-rsa", - "23-six" + "21-google-auth", + "27-google-auth-httplib2", + "30-google-reauth", + "28-httplib2", + "32-oauth2client", + "33-pyopenssl", + "37-retry-decorator", + "25-rsa", + "26-six" ] }, { - "ref": "21-google-reauth", + "ref": "21-google-auth", "dependsOn": [ - "22-pyu2f" + "22-cachetools", + "23-pyasn1-modules", + "25-rsa", + "26-six" ] }, { - "ref": "22-pyu2f", + "ref": "23-pyasn1-modules", "dependsOn": [ - "23-six" + "24-pyasn1" ] }, { - "ref": "24-httplib2", + "ref": "25-rsa", "dependsOn": [ - "25-pyparsing" + "24-pyasn1" ] }, { - "ref": "26-oauth2client", + "ref": "27-google-auth-httplib2", "dependsOn": [ - "24-httplib2", - "27-pyasn1", - "28-pyasn1-modules", - "29-rsa", - "23-six" + "21-google-auth", + "28-httplib2" ] }, { - "ref": "28-pyasn1-modules", + "ref": "28-httplib2", "dependsOn": [ - "27-pyasn1" + "29-pyparsing" ] }, { - "ref": "29-rsa", + "ref": "30-google-reauth", "dependsOn": [ - "27-pyasn1" + "31-pyu2f" ] }, { - "ref": "30-pyopenssl", + "ref": "31-pyu2f", "dependsOn": [ - "31-cryptography" + "26-six" ] }, { - "ref": "31-cryptography", + "ref": "32-oauth2client", "dependsOn": [ - "32-cffi" + "28-httplib2", + "24-pyasn1", + "23-pyasn1-modules", + "25-rsa", + "26-six" ] }, { - "ref": "32-cffi", + "ref": "33-pyopenssl", "dependsOn": [ - "33-pycparser" + "34-cryptography" ] }, { - "ref": "35-google-apitools", + "ref": "34-cryptography", "dependsOn": [ - "18-fasteners", - "24-httplib2", - "26-oauth2client", - "23-six" + "35-cffi" + ] + }, + { + "ref": "35-cffi", + "dependsOn": [ + "36-pycparser" ] }, { - "ref": "36-google-auth", + "ref": "38-google-apitools", "dependsOn": [ - "37-cachetools", - "28-pyasn1-modules", - "29-rsa" + "18-fasteners", + "28-httplib2", + "32-oauth2client", + "26-six" ] }, { - "ref": "39-jinja2", + "ref": "40-jinja2", "dependsOn": [ - "40-markupsafe" + "41-markupsafe" ] }, { - "ref": "41-jsonschema", + "ref": "42-jsonschema", "dependsOn": [ "5-attrs", - "42-jsonschema-specifications", - "43-referencing", - "44-rpds-py" + "43-jsonschema-specifications", + "44-referencing", + "45-rpds-py" ] }, { - "ref": "42-jsonschema-specifications", + "ref": "43-jsonschema-specifications", "dependsOn": [ - "43-referencing" + "44-referencing" ] }, { - "ref": "43-referencing", + "ref": "44-referencing", "dependsOn": [ "5-attrs", - "44-rpds-py" + "45-rpds-py" ] }, { - "ref": "45-lib4sbom", + "ref": "46-lib4sbom", "dependsOn": [ "12-defusedxml", - "46-pyyaml", - "47-semantic-version" + "47-pyyaml", + "48-semantic-version" ] }, { - "ref": "50-plotly", + "ref": "51-plotly", "dependsOn": [ - "49-packaging", - "51-tenacity" + "50-packaging", + "52-tenacity" ] }, { - "ref": "53-requests", + "ref": "54-requests", "dependsOn": [ - "54-certifi", - "55-charset-normalizer", + "55-certifi", + "56-charset-normalizer", "8-idna", - "56-urllib3" + "57-urllib3" ] }, { - "ref": "57-rich", + "ref": "58-rich", "dependsOn": [ - "58-markdown-it-py", - "60-pygments" + "59-markdown-it-py", + "61-pygments" ] }, { - "ref": "58-markdown-it-py", + "ref": "59-markdown-it-py", "dependsOn": [ - "59-mdurl" + "60-mdurl" ] }, { - "ref": "62-xmlschema", + "ref": "63-xmlschema", "dependsOn": [ - "63-elementpath" + "64-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index 420b4ddfa3..3fef1d1b19 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,42 +2,41 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e6f8ebcd-5a53-4c80-8ee1-90be752f102d +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-d2671e66-189e-4da7-8011-d89002436f1a LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.10.4 -Created: 2024-04-08T00:26:15Z +Created: 2024-05-13T00:27:17Z CreatorComment: This document has been automatically generated. ##### PackageName: cve-bin-tool SPDXID: SPDXRef-Package-1-cve-bin-tool -PackageVersion: 3.3rc2 +PackageVersion: 3.3.1.dev0 PrimaryPackagePurpose: APPLICATION PackageSupplier: Person: Terri Oda (terri.oda@intel.com) -PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3rc2 +PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3.1.dev0 FilesAnalyzed: false -PackageChecksum: SHA1: c491590aeea36235930d1c6b8480d2489a470ece PackageLicenseDeclared: GPL-3.0-or-later PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION PackageSummary: CVE Binary Checker Tool -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.3rc2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.3.1.dev0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:*:*:*:*:* ##### PackageName: aiohttp SPDXID: SPDXRef-Package-2-aiohttp -PackageVersion: 3.9.3 +PackageVersion: 3.9.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.3 +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.5 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.3 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.5 ##### PackageName: aiosignal @@ -120,17 +119,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*: PackageName: idna SPDXID: SPDXRef-Package-8-idna -PackageVersion: 3.6 +PackageVersion: 3.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) -PackageDownloadLocation: https://pypi.org/project/idna/3.6 +PackageDownloadLocation: https://pypi.org/project/idna/3.7 FilesAnalyzed: false +PackageChecksum: SHA1: 1d365e17e10d72d0b7876316fc7b9ca0eebdd38d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Internationalized Domain Names in Applications (IDNA) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.6 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.7 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 @@ -167,19 +167,19 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:* PackageName: cvss SPDXID: SPDXRef-Package-11-cvss -PackageVersion: 3.0 +PackageVersion: 3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) -PackageDownloadLocation: https://pypi.org/project/cvss/3.0 +PackageDownloadLocation: https://pypi.org/project/cvss/3.1 FilesAnalyzed: false -PackageChecksum: SHA1: c637e63a16b7411c6135b5ae8bb5408d06d89b41 +PackageChecksum: SHA1: e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3 -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:* ##### PackageName: defusedxml @@ -233,34 +233,35 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: PackageName: gsutil SPDXID: SPDXRef-Package-15-gsutil -PackageVersion: 5.27 +PackageVersion: 5.29 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.27 +PackageDownloadLocation: https://pypi.org/project/gsutil/5.29 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.27 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.29 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.29:*:*:*:*:*:*:* ##### PackageName: argcomplete SPDXID: SPDXRef-Package-16-argcomplete -PackageVersion: 3.2.3 +PackageVersion: 3.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageDownloadLocation: https://pypi.org/project/argcomplete/3.2.3 +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.3.0 FilesAnalyzed: false +PackageChecksum: SHA1: c7cc834df1fddcf94bd35b740fef7c7ab8e9c350 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.2.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:* ##### PackageName: crcmod @@ -296,18 +297,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:* PackageName: gcs-oauth2-boto-plugin SPDXID: SPDXRef-Package-19-gcs-oauth2-boto-plugin -PackageVersion: 3.0 +PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) -PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.0 +PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:* ##### PackageName: boto @@ -326,42 +327,88 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* ##### -PackageName: google-reauth -SPDXID: SPDXRef-Package-21-google-reauth -PackageVersion: 0.1.1 +PackageName: google-auth +SPDXID: SPDXRef-Package-21-google-auth +PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google (googleapis-publisher@google.com) -PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0 FilesAnalyzed: false -PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b +PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Google Reauth Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* +PackageSummary: Google Authentication Library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* ##### -PackageName: pyu2f -SPDXID: SPDXRef-Package-22-pyu2f -PackageVersion: 0.1.5 +PackageName: cachetools +SPDXID: SPDXRef-Package-22-cachetools +PackageVersion: 5.3.3 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) -PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 +PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) +PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.3 +FilesAnalyzed: false +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Extensible memoizing collections and decorators +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:* +##### + +PackageName: pyasn1-modules +SPDXID: SPDXRef-Package-23-pyasn1-modules +PackageVersion: 0.4.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 FilesAnalyzed: false -PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A collection of ASN.1-based protocols modules +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:* +##### + +PackageName: pyasn1 +SPDXID: SPDXRef-Package-24-pyasn1 +PackageVersion: 0.6.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0 +FilesAnalyzed: false +PackageLicenseDeclared: BSD-2-Clause +PackageLicenseConcluded: BSD-2-Clause +PackageCopyrightText: NOASSERTION +PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:* +##### + +PackageName: rsa +SPDXID: SPDXRef-Package-25-rsa +PackageVersion: 4.7.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) +PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 +FilesAnalyzed: false +PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: U2F host library for interacting with a U2F device over USB. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* +PackageSummary: Pure-Python RSA implementation +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-Package-23-six +SPDXID: SPDXRef-Package-26-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -376,8 +423,24 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:* ##### +PackageName: google-auth-httplib2 +SPDXID: SPDXRef-Package-27-google-auth-httplib2 +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0 +FilesAnalyzed: false +PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* +##### + PackageName: httplib2 -SPDXID: SPDXRef-Package-24-httplib2 +SPDXID: SPDXRef-Package-28-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -393,7 +456,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-Package-25-pyparsing +SPDXID: SPDXRef-Package-29-pyparsing PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) @@ -408,73 +471,59 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:* ##### -PackageName: oauth2client -SPDXID: SPDXRef-Package-26-oauth2client -PackageVersion: 4.1.3 +PackageName: google-reauth +SPDXID: SPDXRef-Package-30-google-reauth +PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) -PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 +PackageSupplier: Person: Google (googleapis-publisher@google.com) +PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 FilesAnalyzed: false -PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 +PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: OAuth 2.0 client library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* -##### - -PackageName: pyasn1 -SPDXID: SPDXRef-Package-27-pyasn1 -PackageVersion: 0.6.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0 -FilesAnalyzed: false -PackageLicenseDeclared: BSD-2-Clause -PackageLicenseConcluded: BSD-2-Clause +PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:* +PackageSummary: Google Reauth Library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* ##### -PackageName: pyasn1-modules -SPDXID: SPDXRef-Package-28-pyasn1-modules -PackageVersion: 0.4.0 +PackageName: pyu2f +SPDXID: SPDXRef-Package-31-pyu2f +PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 +PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) +PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 FilesAnalyzed: false +PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: A collection of ASN.1-based protocols modules -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:* +PackageSummary: U2F host library for interacting with a U2F device over USB. +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### -PackageName: rsa -SPDXID: SPDXRef-Package-29-rsa -PackageVersion: 4.7.2 +PackageName: oauth2client +SPDXID: SPDXRef-Package-32-oauth2client +PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) -PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 +PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) +PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 FilesAnalyzed: false -PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa +PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python RSA implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* +PackageSummary: OAuth 2.0 client library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-Package-30-pyopenssl +SPDXID: SPDXRef-Package-33-pyopenssl PackageVersion: 24.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) @@ -491,22 +540,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. ##### PackageName: cryptography -SPDXID: SPDXRef-Package-31-cryptography -PackageVersion: 42.0.5 +SPDXID: SPDXRef-Package-34-cryptography +PackageVersion: 42.0.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.5 +PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.7 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.7 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:* ##### PackageName: cffi -SPDXID: SPDXRef-Package-32-cffi +SPDXID: SPDXRef-Package-35-cffi PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) @@ -522,12 +571,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:* ##### PackageName: pycparser -SPDXID: SPDXRef-Package-33-pycparser +SPDXID: SPDXRef-Package-36-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) PackageDownloadLocation: https://pypi.org/project/pycparser/2.22 FilesAnalyzed: false +PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2 PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION @@ -537,7 +587,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-Package-34-retry-decorator +SPDXID: SPDXRef-Package-37-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) @@ -553,7 +603,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-Package-35-google-apitools +SPDXID: SPDXRef-Package-38-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -569,39 +619,8 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:* ##### -PackageName: google-auth -SPDXID: SPDXRef-Package-36-google-auth -PackageVersion: 2.29.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.29.0 -FilesAnalyzed: false -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.29.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:* -##### - -PackageName: cachetools -SPDXID: SPDXRef-Package-37-cachetools -PackageVersion: 5.3.3 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.3 -FilesAnalyzed: false -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: Extensible memoizing collections and decorators -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:* -##### - PackageName: monotonic -SPDXID: SPDXRef-Package-38-monotonic +SPDXID: SPDXRef-Package-39-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -618,28 +637,26 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-39-jinja2 -PackageVersion: 3.1.3 +SPDXID: SPDXRef-Package-40-jinja2 +PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.3 +PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.4 FilesAnalyzed: false -PackageChecksum: SHA1: d9de4bb215fd1cc8092a410fb834c7c4060b1fc1 -PackageLicenseDeclared: BSD-3-Clause -PackageLicenseConcluded: BSD-3-Clause +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A very fast and expressive template engine. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.3 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-40-markupsafe +SPDXID: SPDXRef-Package-41-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.5 FilesAnalyzed: false -PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65 PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION @@ -648,22 +665,22 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-41-jsonschema -PackageVersion: 4.21.1 +SPDXID: SPDXRef-Package-42-jsonschema +PackageVersion: 4.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema/4.21.1 +PackageDownloadLocation: https://pypi.org/project/jsonschema/4.22.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.21.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.22.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:* ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-Package-42-jsonschema-specifications +SPDXID: SPDXRef-Package-43-jsonschema-specifications PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -679,52 +696,53 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification ##### PackageName: referencing -SPDXID: SPDXRef-Package-43-referencing -PackageVersion: 0.34.0 +SPDXID: SPDXRef-Package-44-referencing +PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/referencing/0.34.0 +PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.34.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-Package-44-rpds-py -PackageVersion: 0.18.0 +SPDXID: SPDXRef-Package-45-rpds-py +PackageVersion: 0.18.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.18.0 +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.18.1 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.18.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.18.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.1:*:*:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-45-lib4sbom -PackageVersion: 0.7.0 +SPDXID: SPDXRef-Package-46-lib4sbom +PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.0 +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.1 FilesAnalyzed: false +PackageChecksum: SHA1: 4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:* ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-46-pyyaml +SPDXID: SPDXRef-Package-47-pyyaml PackageVersion: 6.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) @@ -740,7 +758,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-47-semantic-version +SPDXID: SPDXRef-Package-48-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -757,7 +775,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: packageurl-python -SPDXID: SPDXRef-Package-48-packageurl-python +SPDXID: SPDXRef-Package-49-packageurl-python PackageVersion: 0.15.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -773,7 +791,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: packaging -SPDXID: SPDXRef-Package-49-packaging +SPDXID: SPDXRef-Package-50-packaging PackageVersion: 24.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -788,40 +806,38 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-Package-50-plotly -PackageVersion: 5.20.0 +SPDXID: SPDXRef-Package-51-plotly +PackageVersion: 5.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) -PackageDownloadLocation: https://pypi.org/project/plotly/5.20.0 +PackageDownloadLocation: https://pypi.org/project/plotly/5.22.0 FilesAnalyzed: false -PackageChecksum: SHA1: 9335a34ca77399a597a72420f73e947217d3d410 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.20.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.22.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-51-tenacity -PackageVersion: 8.2.3 +SPDXID: SPDXRef-Package-52-tenacity +PackageVersion: 8.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.3 +PackageDownloadLocation: https://pypi.org/project/tenacity/8.3.0 FilesAnalyzed: false -PackageChecksum: SHA1: 41ed2420cda8ab7650a39900451099f4730266c3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.2.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.3.0:*:*:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-52-python-gnupg +SPDXID: SPDXRef-Package-53-python-gnupg PackageVersion: 0.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -838,7 +854,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-53-requests +SPDXID: SPDXRef-Package-54-requests PackageVersion: 2.31.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -855,7 +871,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-54-certifi +SPDXID: SPDXRef-Package-55-certifi PackageVersion: 2024.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -870,7 +886,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.2.2:*:*:*:* ##### PackageName: charset-normalizer -SPDXID: SPDXRef-Package-55-charset-normalizer +SPDXID: SPDXRef-Package-56-charset-normalizer PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) @@ -886,7 +902,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:* ##### PackageName: urllib3 -SPDXID: SPDXRef-Package-56-urllib3 +SPDXID: SPDXRef-Package-57-urllib3 PackageVersion: 2.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) @@ -901,7 +917,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.1:*:*:*:*:*: ##### PackageName: rich -SPDXID: SPDXRef-Package-57-rich +SPDXID: SPDXRef-Package-58-rich PackageVersion: 13.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -916,7 +932,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-58-markdown-it-py +SPDXID: SPDXRef-Package-59-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -932,7 +948,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-59-mdurl +SPDXID: SPDXRef-Package-60-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -948,23 +964,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-60-pygments -PackageVersion: 2.17.2 +SPDXID: SPDXRef-Package-61-pygments +PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.17.2 +PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0 FilesAnalyzed: false -PackageChecksum: SHA1: ee30ce132ae252bd72f3a74c86d9314a2214d0b4 PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.17.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:* ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-61-rpmfile +SPDXID: SPDXRef-Package-62-rpmfile PackageVersion: 2.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -979,22 +994,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:* ##### PackageName: xmlschema -SPDXID: SPDXRef-Package-62-xmlschema -PackageVersion: 3.2.1 +SPDXID: SPDXRef-Package-63-xmlschema +PackageVersion: 3.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.2.1 +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.1 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.2.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.2.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-63-elementpath +SPDXID: SPDXRef-Package-64-elementpath PackageVersion: 4.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1009,7 +1024,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-64-zstandard +SPDXID: SPDXRef-Package-65-zstandard PackageVersion: 0.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1032,88 +1047,94 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-distr Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-filetype Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-39-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-packageurl-python -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-zstandard +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-40-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-packageurl-python +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-urllib3 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-zstandard Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-9-beautifulsoup4 Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-16-argcomplete Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-17-crcmod Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-18-fasteners Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-19-gcs-oauth2-boto-plugin -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-21-google-reauth -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-23-six -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-24-httplib2 -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-30-pyopenssl -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-34-retry-decorator -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-35-google-apitools -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-36-google-auth -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-38-monotonic +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-21-google-auth +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-26-six +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-27-google-auth-httplib2 +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-28-httplib2 +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-30-google-reauth +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-33-pyopenssl +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-37-retry-decorator +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-38-google-apitools +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-39-monotonic Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-20-boto -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-google-reauth -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-23-six -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-24-httplib2 -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-oauth2client -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-rsa -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-pyopenssl -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-retry-decorator +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-google-auth +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-25-rsa +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-six +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-google-auth-httplib2 +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-httplib2 +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-google-reauth +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-32-oauth2client +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-pyopenssl +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-37-retry-decorator Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-attrs Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-multidict Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-yarl -Relationship: SPDXRef-Package-21-google-reauth DEPENDS_ON SPDXRef-Package-22-pyu2f -Relationship: SPDXRef-Package-22-pyu2f DEPENDS_ON SPDXRef-Package-23-six -Relationship: SPDXRef-Package-24-httplib2 DEPENDS_ON SPDXRef-Package-25-pyparsing -Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-23-six -Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-24-httplib2 -Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-27-pyasn1 -Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-28-pyasn1-modules -Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-29-rsa -Relationship: SPDXRef-Package-28-pyasn1-modules DEPENDS_ON SPDXRef-Package-27-pyasn1 -Relationship: SPDXRef-Package-29-rsa DEPENDS_ON SPDXRef-Package-27-pyasn1 +Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-22-cachetools +Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-23-pyasn1-modules +Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-25-rsa +Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-26-six +Relationship: SPDXRef-Package-23-pyasn1-modules DEPENDS_ON SPDXRef-Package-24-pyasn1 +Relationship: SPDXRef-Package-25-rsa DEPENDS_ON SPDXRef-Package-24-pyasn1 +Relationship: SPDXRef-Package-27-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-21-google-auth +Relationship: SPDXRef-Package-27-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-28-httplib2 +Relationship: SPDXRef-Package-28-httplib2 DEPENDS_ON SPDXRef-Package-29-pyparsing Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-30-pyopenssl DEPENDS_ON SPDXRef-Package-31-cryptography -Relationship: SPDXRef-Package-31-cryptography DEPENDS_ON SPDXRef-Package-32-cffi -Relationship: SPDXRef-Package-32-cffi DEPENDS_ON SPDXRef-Package-33-pycparser -Relationship: SPDXRef-Package-35-google-apitools DEPENDS_ON SPDXRef-Package-18-fasteners -Relationship: SPDXRef-Package-35-google-apitools DEPENDS_ON SPDXRef-Package-23-six -Relationship: SPDXRef-Package-35-google-apitools DEPENDS_ON SPDXRef-Package-24-httplib2 -Relationship: SPDXRef-Package-35-google-apitools DEPENDS_ON SPDXRef-Package-26-oauth2client -Relationship: SPDXRef-Package-36-google-auth DEPENDS_ON SPDXRef-Package-28-pyasn1-modules -Relationship: SPDXRef-Package-36-google-auth DEPENDS_ON SPDXRef-Package-29-rsa -Relationship: SPDXRef-Package-36-google-auth DEPENDS_ON SPDXRef-Package-37-cachetools -Relationship: SPDXRef-Package-39-jinja2 DEPENDS_ON SPDXRef-Package-40-markupsafe -Relationship: SPDXRef-Package-41-jsonschema DEPENDS_ON SPDXRef-Package-42-jsonschema-specifications -Relationship: SPDXRef-Package-41-jsonschema DEPENDS_ON SPDXRef-Package-43-referencing -Relationship: SPDXRef-Package-41-jsonschema DEPENDS_ON SPDXRef-Package-44-rpds-py -Relationship: SPDXRef-Package-41-jsonschema DEPENDS_ON SPDXRef-Package-5-attrs -Relationship: SPDXRef-Package-42-jsonschema-specifications DEPENDS_ON SPDXRef-Package-43-referencing -Relationship: SPDXRef-Package-43-referencing DEPENDS_ON SPDXRef-Package-44-rpds-py -Relationship: SPDXRef-Package-43-referencing DEPENDS_ON SPDXRef-Package-5-attrs -Relationship: SPDXRef-Package-45-lib4sbom DEPENDS_ON SPDXRef-Package-12-defusedxml -Relationship: SPDXRef-Package-45-lib4sbom DEPENDS_ON SPDXRef-Package-46-pyyaml -Relationship: SPDXRef-Package-45-lib4sbom DEPENDS_ON SPDXRef-Package-47-semantic-version -Relationship: SPDXRef-Package-50-plotly DEPENDS_ON SPDXRef-Package-49-packaging -Relationship: SPDXRef-Package-50-plotly DEPENDS_ON SPDXRef-Package-51-tenacity -Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-54-certifi -Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-55-charset-normalizer -Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-56-urllib3 -Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-8-idna -Relationship: SPDXRef-Package-57-rich DEPENDS_ON SPDXRef-Package-58-markdown-it-py -Relationship: SPDXRef-Package-57-rich DEPENDS_ON SPDXRef-Package-60-pygments -Relationship: SPDXRef-Package-58-markdown-it-py DEPENDS_ON SPDXRef-Package-59-mdurl -Relationship: SPDXRef-Package-62-xmlschema DEPENDS_ON SPDXRef-Package-63-elementpath +Relationship: SPDXRef-Package-30-google-reauth DEPENDS_ON SPDXRef-Package-31-pyu2f +Relationship: SPDXRef-Package-31-pyu2f DEPENDS_ON SPDXRef-Package-26-six +Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-23-pyasn1-modules +Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-24-pyasn1 +Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-25-rsa +Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-26-six +Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-28-httplib2 +Relationship: SPDXRef-Package-33-pyopenssl DEPENDS_ON SPDXRef-Package-34-cryptography +Relationship: SPDXRef-Package-34-cryptography DEPENDS_ON SPDXRef-Package-35-cffi +Relationship: SPDXRef-Package-35-cffi DEPENDS_ON SPDXRef-Package-36-pycparser +Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-18-fasteners +Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-26-six +Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-28-httplib2 +Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-32-oauth2client +Relationship: SPDXRef-Package-40-jinja2 DEPENDS_ON SPDXRef-Package-41-markupsafe +Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-43-jsonschema-specifications +Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-44-referencing +Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-45-rpds-py +Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-5-attrs +Relationship: SPDXRef-Package-43-jsonschema-specifications DEPENDS_ON SPDXRef-Package-44-referencing +Relationship: SPDXRef-Package-44-referencing DEPENDS_ON SPDXRef-Package-45-rpds-py +Relationship: SPDXRef-Package-44-referencing DEPENDS_ON SPDXRef-Package-5-attrs +Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-12-defusedxml +Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-47-pyyaml +Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-48-semantic-version +Relationship: SPDXRef-Package-51-plotly DEPENDS_ON SPDXRef-Package-50-packaging +Relationship: SPDXRef-Package-51-plotly DEPENDS_ON SPDXRef-Package-52-tenacity +Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-55-certifi +Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-56-charset-normalizer +Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-57-urllib3 +Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-8-idna +Relationship: SPDXRef-Package-58-rich DEPENDS_ON SPDXRef-Package-59-markdown-it-py +Relationship: SPDXRef-Package-58-rich DEPENDS_ON SPDXRef-Package-61-pygments +Relationship: SPDXRef-Package-59-markdown-it-py DEPENDS_ON SPDXRef-Package-60-mdurl +Relationship: SPDXRef-Package-63-xmlschema DEPENDS_ON SPDXRef-Package-64-elementpath Relationship: SPDXRef-Package-7-yarl DEPENDS_ON SPDXRef-Package-6-multidict Relationship: SPDXRef-Package-7-yarl DEPENDS_ON SPDXRef-Package-8-idna Relationship: SPDXRef-Package-9-beautifulsoup4 DEPENDS_ON SPDXRef-Package-10-soupsieve diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index d2ecf4f67e..e8015eac99 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -1,11 +1,11 @@ { - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.5", - "serialNumber": "urn:uuid:5c954ebf-4bb9-4c1c-a196-01f5616d7939", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3178e3ea-d027-4327-a88b-1a6f2c9f1925", "version": 1, "metadata": { - "timestamp": "2024-04-08T00:27:58Z", + "timestamp": "2024-05-13T00:29:26Z", "tools": { "components": [ { @@ -26,7 +26,7 @@ "type": "application", "bom-ref": "1-cve-bin-tool", "name": "cve-bin-tool", - "version": "3.3rc2", + "version": "3.3.1.dev0", "supplier": { "name": "Terri Oda", "contact": [ @@ -35,14 +35,8 @@ } ] }, - "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:*:*:*:*:*", "description": "CVE Binary Checker Tool", - "hashes": [ - { - "alg": "SHA-1", - "content": "c491590aeea36235930d1c6b8480d2489a470ece" - } - ], "licenses": [ { "license": { @@ -53,12 +47,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cve-bin-tool/3.3rc2", + "url": "https://pypi.org/project/cve-bin-tool/3.3.1.dev0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cve-bin-tool@3.3rc2", + "purl": "pkg:pypi/cve-bin-tool@3.3.1.dev0", "properties": [ { "name": "language", @@ -74,7 +68,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.9.3", + "version": "3.9.5", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -86,12 +80,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/aiohttp/3.9.3", + "url": "https://pypi.org/project/aiohttp/3.9.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.9.3", + "purl": "pkg:pypi/aiohttp@3.9.5", "properties": [ { "name": "language", @@ -356,7 +350,7 @@ "type": "library", "bom-ref": "9-idna", "name": "idna", - "version": "3.6", + "version": "3.7", "supplier": { "name": "Kim Davies", "contact": [ @@ -365,16 +359,22 @@ } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:*", "description": "Internationalized Domain Names in Applications (IDNA)", + "hashes": [ + { + "alg": "SHA-1", + "content": "1d365e17e10d72d0b7876316fc7b9ca0eebdd38d" + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/idna/3.6", + "url": "https://pypi.org/project/idna/3.7", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/idna@3.6", + "purl": "pkg:pypi/idna@3.7", "properties": [ { "name": "language", @@ -472,7 +472,7 @@ "type": "library", "bom-ref": "12-cvss", "name": "cvss", - "version": "3.0", + "version": "3.1", "supplier": { "name": "Stanislav Red Hat Product Security", "contact": [ @@ -481,12 +481,12 @@ } ] }, - "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", "hashes": [ { "alg": "SHA-1", - "content": "c637e63a16b7411c6135b5ae8bb5408d06d89b41" + "content": "e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475" } ], "licenses": [ @@ -499,12 +499,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cvss/3.0", + "url": "https://pypi.org/project/cvss/3.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cvss@3.0", + "purl": "pkg:pypi/cvss@3.1", "properties": [ { "name": "language", @@ -658,7 +658,7 @@ "type": "library", "bom-ref": "16-gsutil", "name": "gsutil", - "version": "5.27", + "version": "5.29", "supplier": { "name": "Google Inc .", "contact": [ @@ -667,7 +667,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.29:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -679,12 +679,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gsutil/5.27", + "url": "https://pypi.org/project/gsutil/5.29", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.27", + "purl": "pkg:pypi/gsutil@5.29", "properties": [ { "name": "language", @@ -700,7 +700,7 @@ "type": "library", "bom-ref": "17-argcomplete", "name": "argcomplete", - "version": "3.2.3", + "version": "3.3.0", "supplier": { "name": "Andrey Kislyuk", "contact": [ @@ -709,8 +709,14 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:*", "description": "Bash tab completion for argparse", + "hashes": [ + { + "alg": "SHA-1", + "content": "c7cc834df1fddcf94bd35b740fef7c7ab8e9c350" + } + ], "licenses": [ { "license": { @@ -721,12 +727,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/argcomplete/3.2.3", + "url": "https://pypi.org/project/argcomplete/3.3.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/argcomplete@3.2.3", + "purl": "pkg:pypi/argcomplete@3.3.0", "properties": [ { "name": "language", @@ -827,7 +833,7 @@ "type": "library", "bom-ref": "20-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", - "version": "3.0", + "version": "3.2", "supplier": { "name": "Google Inc .", "contact": [ @@ -836,7 +842,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*", "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.", "licenses": [ { @@ -848,12 +854,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.0", + "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.0", + "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2", "properties": [ { "name": "language", @@ -915,23 +921,23 @@ }, { "type": "library", - "bom-ref": "22-google-reauth", - "name": "google-reauth", - "version": "0.1.1", + "bom-ref": "22-google-auth", + "name": "google-auth", + "version": "2.17.0", "supplier": { - "name": "Google", + "name": "Google Cloud Platform", "contact": [ { - "email": "googleapis-publisher@google.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", - "description": "Google Reauth Library", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library", "hashes": [ { "alg": "SHA-1", - "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" + "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243" } ], "licenses": [ @@ -944,12 +950,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/google-reauth/0.1.1", + "url": "https://pypi.org/project/google-auth/2.17.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-reauth@0.1.1", + "purl": "pkg:pypi/google-auth@2.17.0", "properties": [ { "name": "language", @@ -963,23 +969,149 @@ }, { "type": "library", - "bom-ref": "23-pyu2f", - "name": "pyu2f", - "version": "0.1.5", + "bom-ref": "23-cachetools", + "name": "cachetools", + "version": "5.3.3", "supplier": { - "name": "Google Inc .", + "name": "Thomas Kemmer", "contact": [ { - "email": "pyu2f-team@google.com" + "email": "tkemmer@computer.org" } ] }, - "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", - "description": "U2F host library for interacting with a U2F device over USB.", + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*", + "description": "Extensible memoizing collections and decorators", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/cachetools/5.3.3", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/cachetools@5.3.3", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "24-pyasn1-modules", + "name": "pyasn1-modules", + "version": "0.4.0", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*", + "description": "A collection of ASN.1-based protocols modules", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/pyasn1-modules@0.4.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "25-pyasn1", + "name": "pyasn1", + "version": "0.6.0", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*", + "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause", + "url": "https://opensource.org/licenses/BSD-2-Clause" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/pyasn1/0.6.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/pyasn1@0.6.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "26-rsa", + "name": "rsa", + "version": "4.7.2", + "supplier": { + "name": "Sybren A . Stuvel", + "contact": [ + { + "email": "sybren@stuvel.eu" + } + ] + }, + "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", + "description": "Pure-Python RSA implementation", "hashes": [ { "alg": "SHA-1", - "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" } ], "licenses": [ @@ -992,12 +1124,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyu2f/0.1.5", + "url": "https://pypi.org/project/rsa/4.7.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyu2f@0.1.5", + "purl": "pkg:pypi/rsa@4.7.2", "properties": [ { "name": "language", @@ -1011,7 +1143,7 @@ }, { "type": "library", - "bom-ref": "24-six", + "bom-ref": "27-six", "name": "six", "version": "1.16.0", "supplier": { @@ -1059,41 +1191,40 @@ }, { "type": "library", - "bom-ref": "25-httplib2", - "name": "httplib2", - "version": "0.20.4", + "bom-ref": "28-google-auth-httplib2", + "name": "google-auth-httplib2", + "version": "0.2.0", "supplier": { - "name": "Joe Gregorio", + "name": "Google Cloud Platform", "contact": [ { - "email": "joe@bitworking.org" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", - "description": "A comprehensive HTTP client library.", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", "hashes": [ { "alg": "SHA-1", - "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4" + "content": "932ac88800dd6de004c1bd59867831ccf033f031" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/httplib2/0.20.4", + "url": "https://pypi.org/project/google-auth-httplib2/0.2.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/httplib2@0.20.4", + "purl": "pkg:pypi/google-auth-httplib2@0.2.0", "properties": [ { "name": "language", @@ -1107,33 +1238,41 @@ }, { "type": "library", - "bom-ref": "26-pyparsing", - "name": "pyparsing", - "version": "3.1.2", + "bom-ref": "29-httplib2", + "name": "httplib2", + "version": "0.20.4", "supplier": { - "name": "Paul McGuire", + "name": "Joe Gregorio", "contact": [ { - "email": "ptmcg.gm+pyparsing@gmail.com" + "email": "joe@bitworking.org" } ] }, - "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*", - "description": "pyparsing module - Classes and methods to define and execute parsing grammars", + "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", + "description": "A comprehensive HTTP client library.", "hashes": [ { "alg": "SHA-1", - "content": "7d4bda2743ebc04f68d2594bc4fffc70cd65848f" + "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/pyparsing/3.1.2", + "url": "https://pypi.org/project/httplib2/0.20.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyparsing@3.1.2", + "purl": "pkg:pypi/httplib2@0.20.4", "properties": [ { "name": "language", @@ -1147,41 +1286,33 @@ }, { "type": "library", - "bom-ref": "27-oauth2client", - "name": "oauth2client", - "version": "4.1.3", + "bom-ref": "30-pyparsing", + "name": "pyparsing", + "version": "3.1.2", "supplier": { - "name": "Google Inc .", + "name": "Paul McGuire", "contact": [ { - "email": "jonwayne+oauth2client@google.com" + "email": "ptmcg.gm+pyparsing@gmail.com" } ] }, - "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", - "description": "OAuth 2.0 client library", + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*", + "description": "pyparsing module - Classes and methods to define and execute parsing grammars", "hashes": [ { "alg": "SHA-1", - "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0" - } + "content": "7d4bda2743ebc04f68d2594bc4fffc70cd65848f" } ], "externalReferences": [ { - "url": "https://pypi.org/project/oauth2client/4.1.3", + "url": "https://pypi.org/project/pyparsing/3.1.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/oauth2client@4.1.3", + "purl": "pkg:pypi/pyparsing@3.1.2", "properties": [ { "name": "language", @@ -1195,35 +1326,41 @@ }, { "type": "library", - "bom-ref": "28-pyasn1", - "name": "pyasn1", - "version": "0.6.0", + "bom-ref": "31-google-reauth", + "name": "google-reauth", + "version": "0.1.1", "supplier": { - "name": "Ilya Etingof", + "name": "Google", "contact": [ { - "email": "etingof@gmail.com" + "email": "googleapis-publisher@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*", - "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", + "description": "Google Reauth Library", + "hashes": [ + { + "alg": "SHA-1", + "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" + } + ], "licenses": [ { "license": { - "id": "BSD-2-Clause", - "url": "https://opensource.org/licenses/BSD-2-Clause" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1/0.6.0", + "url": "https://pypi.org/project/google-reauth/0.1.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1@0.6.0", + "purl": "pkg:pypi/google-reauth@0.1.1", "properties": [ { "name": "language", @@ -1237,35 +1374,41 @@ }, { "type": "library", - "bom-ref": "29-pyasn1-modules", - "name": "pyasn1-modules", - "version": "0.4.0", + "bom-ref": "32-pyu2f", + "name": "pyu2f", + "version": "0.1.5", "supplier": { - "name": "Ilya Etingof", + "name": "Google Inc .", "contact": [ { - "email": "etingof@gmail.com" + "email": "pyu2f-team@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*", - "description": "A collection of ASN.1-based protocols modules", + "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", + "description": "U2F host library for interacting with a U2F device over USB.", + "hashes": [ + { + "alg": "SHA-1", + "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + } + ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "url": "https://pypi.org/project/pyu2f/0.1.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1-modules@0.4.0", + "purl": "pkg:pypi/pyu2f@0.1.5", "properties": [ { "name": "language", @@ -1279,23 +1422,23 @@ }, { "type": "library", - "bom-ref": "30-rsa", - "name": "rsa", - "version": "4.7.2", + "bom-ref": "33-oauth2client", + "name": "oauth2client", + "version": "4.1.3", "supplier": { - "name": "Sybren A . Stuvel", + "name": "Google Inc .", "contact": [ { - "email": "sybren@stuvel.eu" + "email": "jonwayne+oauth2client@google.com" } ] }, - "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", - "description": "Pure-Python RSA implementation", + "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", + "description": "OAuth 2.0 client library", "hashes": [ { "alg": "SHA-1", - "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" + "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" } ], "licenses": [ @@ -1308,12 +1451,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rsa/4.7.2", + "url": "https://pypi.org/project/oauth2client/4.1.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rsa@4.7.2", + "purl": "pkg:pypi/oauth2client@4.1.3", "properties": [ { "name": "language", @@ -1327,7 +1470,7 @@ }, { "type": "library", - "bom-ref": "31-pyopenssl", + "bom-ref": "34-pyopenssl", "name": "pyopenssl", "version": "24.1.0", "supplier": { @@ -1375,9 +1518,9 @@ }, { "type": "library", - "bom-ref": "32-cryptography", + "bom-ref": "35-cryptography", "name": "cryptography", - "version": "42.0.5", + "version": "42.0.7", "supplier": { "name": "The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1386,7 +1529,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1395,12 +1538,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cryptography/42.0.5", + "url": "https://pypi.org/project/cryptography/42.0.7", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@42.0.5", + "purl": "pkg:pypi/cryptography@42.0.7", "properties": [ { "name": "language", @@ -1414,7 +1557,7 @@ }, { "type": "library", - "bom-ref": "33-cffi", + "bom-ref": "36-cffi", "name": "cffi", "version": "1.16.0", "supplier": { @@ -1462,7 +1605,7 @@ }, { "type": "library", - "bom-ref": "34-pycparser", + "bom-ref": "37-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -1475,6 +1618,12 @@ }, "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*", "description": "C parser in Python", + "hashes": [ + { + "alg": "SHA-1", + "content": "129d32ef805d715d90a3b2035b13168c17ca63d2" + } + ], "licenses": [ { "license": { @@ -1504,7 +1653,7 @@ }, { "type": "library", - "bom-ref": "35-retry-decorator", + "bom-ref": "38-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -1552,7 +1701,7 @@ }, { "type": "library", - "bom-ref": "36-google-apitools", + "bom-ref": "39-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -1600,91 +1749,7 @@ }, { "type": "library", - "bom-ref": "37-google-auth", - "name": "google-auth", - "version": "2.29.0", - "supplier": { - "name": "Google Cloud Platform", - "contact": [ - { - "email": "googleapis-packages@google.com" - } - ] - }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0" - } - } - ], - "externalReferences": [ - { - "url": "https://pypi.org/project/google-auth/2.29.0", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/google-auth@2.29.0", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.8.18" - } - ] - }, - { - "type": "library", - "bom-ref": "38-cachetools", - "name": "cachetools", - "version": "5.3.3", - "supplier": { - "name": "Thomas Kemmer", - "contact": [ - { - "email": "tkemmer@computer.org" - } - ] - }, - "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*", - "description": "Extensible memoizing collections and decorators", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" - } - } - ], - "externalReferences": [ - { - "url": "https://pypi.org/project/cachetools/5.3.3", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/cachetools@5.3.3", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.8.18" - } - ] - }, - { - "type": "library", - "bom-ref": "39-monotonic", + "bom-ref": "40-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1732,7 +1797,7 @@ }, { "type": "library", - "bom-ref": "40-importlib-metadata", + "bom-ref": "41-importlib-metadata", "name": "importlib-metadata", "version": "7.1.0", "supplier": { @@ -1745,6 +1810,12 @@ }, "cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:7.1.0:*:*:*:*:*:*:*", "description": "Read metadata from Python packages", + "hashes": [ + { + "alg": "SHA-1", + "content": "f5d6b5f3f3f6fffe01b340c5a19562433db148a9" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/importlib_metadata/7.1.0", @@ -1766,7 +1837,7 @@ }, { "type": "library", - "bom-ref": "41-zipp", + "bom-ref": "42-zipp", "name": "zipp", "version": "3.18.1", "supplier": { @@ -1779,6 +1850,12 @@ }, "cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.18.1:*:*:*:*:*:*:*", "description": "Backport of pathlib-compatible object wrapper for zip files", + "hashes": [ + { + "alg": "SHA-1", + "content": "bfae83474a730e8cc9b8a71027fb859b46b3875c" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/zipp/3.18.1", @@ -1800,7 +1877,7 @@ }, { "type": "library", - "bom-ref": "42-importlib-resources", + "bom-ref": "43-importlib-resources", "name": "importlib-resources", "version": "6.4.0", "supplier": { @@ -1813,6 +1890,12 @@ }, "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.0:*:*:*:*:*:*:*", "description": "Read resources from Python packages", + "hashes": [ + { + "alg": "SHA-1", + "content": "1f4d3f10a3ed5d65b3092a39369c08e71e30a97c" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/importlib_resources/6.4.0", @@ -1834,32 +1917,18 @@ }, { "type": "library", - "bom-ref": "43-jinja2", + "bom-ref": "44-jinja2", "name": "jinja2", - "version": "3.1.3", + "version": "3.1.4", "description": "A very fast and expressive template engine.", - "hashes": [ - { - "alg": "SHA-1", - "content": "d9de4bb215fd1cc8092a410fb834c7c4060b1fc1" - } - ], - "licenses": [ - { - "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause" - } - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/Jinja2/3.1.3", + "url": "https://pypi.org/project/Jinja2/3.1.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jinja2@3.1.3", + "purl": "pkg:pypi/jinja2@3.1.4", "properties": [ { "name": "language", @@ -1873,16 +1942,10 @@ }, { "type": "library", - "bom-ref": "44-markupsafe", + "bom-ref": "45-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", - "hashes": [ - { - "alg": "SHA-1", - "content": "fbba4acd0312826cec9cfe18371c7df07962cb65" - } - ], "licenses": [ { "license": { @@ -1912,13 +1975,13 @@ }, { "type": "library", - "bom-ref": "45-jsonschema", + "bom-ref": "46-jsonschema", "name": "jsonschema", - "version": "4.21.1", + "version": "4.22.0", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", "licenses": [ { @@ -1930,12 +1993,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema/4.21.1", + "url": "https://pypi.org/project/jsonschema/4.22.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema@4.21.1", + "purl": "pkg:pypi/jsonschema@4.22.0", "properties": [ { "name": "language", @@ -1949,7 +2012,7 @@ }, { "type": "library", - "bom-ref": "46-jsonschema-specifications", + "bom-ref": "47-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2023.12.1", "supplier": { @@ -1992,22 +2055,22 @@ }, { "type": "library", - "bom-ref": "47-referencing", + "bom-ref": "48-referencing", "name": "referencing", - "version": "0.34.0", + "version": "0.35.1", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*", "description": "JSON Referencing + Python", "externalReferences": [ { - "url": "https://pypi.org/project/referencing/0.34.0", + "url": "https://pypi.org/project/referencing/0.35.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/referencing@0.34.0", + "purl": "pkg:pypi/referencing@0.35.1", "properties": [ { "name": "language", @@ -2021,13 +2084,13 @@ }, { "type": "library", - "bom-ref": "48-rpds-py", + "bom-ref": "49-rpds-py", "name": "rpds-py", - "version": "0.18.0", + "version": "0.18.1", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.18.1:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", "licenses": [ { @@ -2039,12 +2102,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rpds-py/0.18.0", + "url": "https://pypi.org/project/rpds-py/0.18.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.18.0", + "purl": "pkg:pypi/rpds-py@0.18.1", "properties": [ { "name": "language", @@ -2058,7 +2121,7 @@ }, { "type": "library", - "bom-ref": "49-pkgutil-resolve-name", + "bom-ref": "50-pkgutil-resolve-name", "name": "pkgutil-resolve-name", "version": "1.3.10", "supplier": { @@ -2092,9 +2155,9 @@ }, { "type": "library", - "bom-ref": "50-lib4sbom", + "bom-ref": "51-lib4sbom", "name": "lib4sbom", - "version": "0.7.0", + "version": "0.7.1", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -2103,8 +2166,14 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", + "hashes": [ + { + "alg": "SHA-1", + "content": "4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4" + } + ], "licenses": [ { "license": { @@ -2115,12 +2184,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4sbom/0.7.0", + "url": "https://pypi.org/project/lib4sbom/0.7.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.7.0", + "purl": "pkg:pypi/lib4sbom@0.7.1", "properties": [ { "name": "language", @@ -2134,7 +2203,7 @@ }, { "type": "library", - "bom-ref": "51-pyyaml", + "bom-ref": "52-pyyaml", "name": "pyyaml", "version": "6.0.1", "supplier": { @@ -2182,7 +2251,7 @@ }, { "type": "library", - "bom-ref": "52-semantic-version", + "bom-ref": "53-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2230,7 +2299,7 @@ }, { "type": "library", - "bom-ref": "53-packageurl-python", + "bom-ref": "54-packageurl-python", "name": "packageurl-python", "version": "0.15.0", "supplier": { @@ -2273,7 +2342,7 @@ }, { "type": "library", - "bom-ref": "54-packaging", + "bom-ref": "55-packaging", "name": "packaging", "version": "24.0", "supplier": { @@ -2307,9 +2376,9 @@ }, { "type": "library", - "bom-ref": "55-plotly", + "bom-ref": "56-plotly", "name": "plotly", - "version": "5.20.0", + "version": "5.22.0", "supplier": { "name": "Chris P", "contact": [ @@ -2318,14 +2387,8 @@ } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*", "description": "An open-source, interactive data visualization library for Python", - "hashes": [ - { - "alg": "SHA-1", - "content": "9335a34ca77399a597a72420f73e947217d3d410" - } - ], "licenses": [ { "license": { @@ -2336,12 +2399,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/plotly/5.20.0", + "url": "https://pypi.org/project/plotly/5.22.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/plotly@5.20.0", + "purl": "pkg:pypi/plotly@5.22.0", "properties": [ { "name": "language", @@ -2355,9 +2418,9 @@ }, { "type": "library", - "bom-ref": "56-tenacity", + "bom-ref": "57-tenacity", "name": "tenacity", - "version": "8.2.3", + "version": "8.3.0", "supplier": { "name": "Julien Danjou", "contact": [ @@ -2366,14 +2429,8 @@ } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.3.0:*:*:*:*:*:*:*", "description": "Retry code until it succeeds", - "hashes": [ - { - "alg": "SHA-1", - "content": "41ed2420cda8ab7650a39900451099f4730266c3" - } - ], "licenses": [ { "license": { @@ -2384,12 +2441,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/tenacity/8.2.3", + "url": "https://pypi.org/project/tenacity/8.3.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/tenacity@8.2.3", + "purl": "pkg:pypi/tenacity@8.3.0", "properties": [ { "name": "language", @@ -2403,7 +2460,7 @@ }, { "type": "library", - "bom-ref": "57-python-gnupg", + "bom-ref": "58-python-gnupg", "name": "python-gnupg", "version": "0.5.2", "supplier": { @@ -2451,7 +2508,7 @@ }, { "type": "library", - "bom-ref": "58-requests", + "bom-ref": "59-requests", "name": "requests", "version": "2.31.0", "supplier": { @@ -2499,7 +2556,7 @@ }, { "type": "library", - "bom-ref": "59-certifi", + "bom-ref": "60-certifi", "name": "certifi", "version": "2024.2.2", "supplier": { @@ -2541,7 +2598,7 @@ }, { "type": "library", - "bom-ref": "60-charset-normalizer", + "bom-ref": "61-charset-normalizer", "name": "charset-normalizer", "version": "3.3.2", "supplier": { @@ -2589,7 +2646,7 @@ }, { "type": "library", - "bom-ref": "61-urllib3", + "bom-ref": "62-urllib3", "name": "urllib3", "version": "2.2.1", "supplier": { @@ -2623,7 +2680,7 @@ }, { "type": "library", - "bom-ref": "62-rich", + "bom-ref": "63-rich", "name": "rich", "version": "13.7.1", "supplier": { @@ -2665,7 +2722,7 @@ }, { "type": "library", - "bom-ref": "63-markdown-it-py", + "bom-ref": "64-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2705,7 +2762,7 @@ }, { "type": "library", - "bom-ref": "64-mdurl", + "bom-ref": "65-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2745,9 +2802,9 @@ }, { "type": "library", - "bom-ref": "65-pygments", + "bom-ref": "66-pygments", "name": "pygments", - "version": "2.17.2", + "version": "2.18.0", "supplier": { "name": "Georg Brandl", "contact": [ @@ -2756,14 +2813,8 @@ } ] }, - "cpe": "cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*", "description": "Pygments is a syntax highlighting package written in Python.", - "hashes": [ - { - "alg": "SHA-1", - "content": "ee30ce132ae252bd72f3a74c86d9314a2214d0b4" - } - ], "licenses": [ { "license": { @@ -2774,12 +2825,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.17.2", + "url": "https://pypi.org/project/Pygments/2.18.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pygments@2.17.2", + "purl": "pkg:pypi/pygments@2.18.0", "properties": [ { "name": "language", @@ -2793,7 +2844,7 @@ }, { "type": "library", - "bom-ref": "66-typing-extensions", + "bom-ref": "67-typing-extensions", "name": "typing-extensions", "version": "4.11.0", "supplier": { @@ -2806,6 +2857,12 @@ }, "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.11.0:*:*:*:*:*:*:*", "description": "Backported and Experimental Type Hints for Python 3.8+", + "hashes": [ + { + "alg": "SHA-1", + "content": "d4d929d44bd984350e2d17726362295f588eaace" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/typing_extensions/4.11.0", @@ -2827,7 +2884,7 @@ }, { "type": "library", - "bom-ref": "67-rpmfile", + "bom-ref": "68-rpmfile", "name": "rpmfile", "version": "2.0.0", "supplier": { @@ -2869,7 +2926,7 @@ }, { "type": "library", - "bom-ref": "68-toml", + "bom-ref": "69-toml", "name": "toml", "version": "0.10.2", "supplier": { @@ -2917,9 +2974,9 @@ }, { "type": "library", - "bom-ref": "69-xmlschema", + "bom-ref": "70-xmlschema", "name": "xmlschema", - "version": "3.2.1", + "version": "3.3.1", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2928,7 +2985,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.2.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -2940,12 +2997,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/xmlschema/3.2.1", + "url": "https://pypi.org/project/xmlschema/3.3.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.2.1", + "purl": "pkg:pypi/xmlschema@3.3.1", "properties": [ { "name": "language", @@ -2959,7 +3016,7 @@ }, { "type": "library", - "bom-ref": "70-elementpath", + "bom-ref": "71-elementpath", "name": "elementpath", "version": "4.4.0", "supplier": { @@ -3001,7 +3058,7 @@ }, { "type": "library", - "bom-ref": "71-zstandard", + "bom-ref": "72-zstandard", "name": "zstandard", "version": "0.22.0", "supplier": { @@ -3065,23 +3122,23 @@ "14-distro", "15-filetype", "16-gsutil", - "40-importlib-metadata", - "42-importlib-resources", - "43-jinja2", - "45-jsonschema", - "50-lib4sbom", - "53-packageurl-python", - "54-packaging", - "55-plotly", - "57-python-gnupg", - "51-pyyaml", - "58-requests", - "62-rich", - "67-rpmfile", - "68-toml", - "61-urllib3", - "69-xmlschema", - "71-zstandard" + "41-importlib-metadata", + "43-importlib-resources", + "44-jinja2", + "46-jsonschema", + "51-lib4sbom", + "54-packageurl-python", + "55-packaging", + "56-plotly", + "58-python-gnupg", + "52-pyyaml", + "59-requests", + "63-rich", + "68-rpmfile", + "69-toml", + "62-urllib3", + "70-xmlschema", + "72-zstandard" ] }, { @@ -3121,189 +3178,200 @@ "18-crcmod", "19-fasteners", "20-gcs-oauth2-boto-plugin", - "36-google-apitools", - "37-google-auth", - "22-google-reauth", - "25-httplib2", - "39-monotonic", - "31-pyopenssl", - "35-retry-decorator", - "24-six" + "39-google-apitools", + "22-google-auth", + "28-google-auth-httplib2", + "31-google-reauth", + "29-httplib2", + "40-monotonic", + "34-pyopenssl", + "38-retry-decorator", + "27-six" ] }, { "ref": "20-gcs-oauth2-boto-plugin", "dependsOn": [ "21-boto", - "22-google-reauth", - "25-httplib2", - "27-oauth2client", - "31-pyopenssl", - "35-retry-decorator", - "30-rsa", - "24-six" + "22-google-auth", + "28-google-auth-httplib2", + "31-google-reauth", + "29-httplib2", + "33-oauth2client", + "34-pyopenssl", + "38-retry-decorator", + "26-rsa", + "27-six" ] }, { - "ref": "22-google-reauth", + "ref": "22-google-auth", "dependsOn": [ - "23-pyu2f" + "23-cachetools", + "24-pyasn1-modules", + "26-rsa", + "27-six" ] }, { - "ref": "23-pyu2f", + "ref": "24-pyasn1-modules", "dependsOn": [ - "24-six" + "25-pyasn1" ] }, { - "ref": "25-httplib2", + "ref": "26-rsa", "dependsOn": [ - "26-pyparsing" + "25-pyasn1" ] }, { - "ref": "27-oauth2client", + "ref": "28-google-auth-httplib2", "dependsOn": [ - "25-httplib2", - "28-pyasn1", - "29-pyasn1-modules", - "30-rsa", - "24-six" + "22-google-auth", + "29-httplib2" ] }, { - "ref": "29-pyasn1-modules", + "ref": "29-httplib2", "dependsOn": [ - "28-pyasn1" + "30-pyparsing" ] }, { - "ref": "30-rsa", + "ref": "31-google-reauth", "dependsOn": [ - "28-pyasn1" + "32-pyu2f" ] }, { - "ref": "31-pyopenssl", + "ref": "32-pyu2f", "dependsOn": [ - "32-cryptography" + "27-six" ] }, { - "ref": "32-cryptography", + "ref": "33-oauth2client", "dependsOn": [ - "33-cffi" + "29-httplib2", + "25-pyasn1", + "24-pyasn1-modules", + "26-rsa", + "27-six" ] }, { - "ref": "33-cffi", + "ref": "34-pyopenssl", "dependsOn": [ - "34-pycparser" + "35-cryptography" ] }, { - "ref": "36-google-apitools", + "ref": "35-cryptography", "dependsOn": [ - "19-fasteners", - "25-httplib2", - "27-oauth2client", - "24-six" + "36-cffi" ] }, { - "ref": "37-google-auth", + "ref": "36-cffi", "dependsOn": [ - "38-cachetools", - "29-pyasn1-modules", - "30-rsa" + "37-pycparser" + ] + }, + { + "ref": "39-google-apitools", + "dependsOn": [ + "19-fasteners", + "29-httplib2", + "33-oauth2client", + "27-six" ] }, { - "ref": "40-importlib-metadata", + "ref": "41-importlib-metadata", "dependsOn": [ - "41-zipp" + "42-zipp" ] }, { - "ref": "42-importlib-resources", + "ref": "43-importlib-resources", "dependsOn": [ - "41-zipp" + "42-zipp" ] }, { - "ref": "43-jinja2", + "ref": "44-jinja2", "dependsOn": [ - "44-markupsafe" + "45-markupsafe" ] }, { - "ref": "45-jsonschema", + "ref": "46-jsonschema", "dependsOn": [ "6-attrs", - "42-importlib-resources", - "46-jsonschema-specifications", - "49-pkgutil-resolve-name", - "47-referencing", - "48-rpds-py" + "43-importlib-resources", + "47-jsonschema-specifications", + "50-pkgutil-resolve-name", + "48-referencing", + "49-rpds-py" ] }, { - "ref": "46-jsonschema-specifications", + "ref": "47-jsonschema-specifications", "dependsOn": [ - "42-importlib-resources", - "47-referencing" + "43-importlib-resources", + "48-referencing" ] }, { - "ref": "47-referencing", + "ref": "48-referencing", "dependsOn": [ "6-attrs", - "48-rpds-py" + "49-rpds-py" ] }, { - "ref": "50-lib4sbom", + "ref": "51-lib4sbom", "dependsOn": [ "13-defusedxml", - "51-pyyaml", - "52-semantic-version" + "52-pyyaml", + "53-semantic-version" ] }, { - "ref": "55-plotly", + "ref": "56-plotly", "dependsOn": [ - "54-packaging", - "56-tenacity" + "55-packaging", + "57-tenacity" ] }, { - "ref": "58-requests", + "ref": "59-requests", "dependsOn": [ - "59-certifi", - "60-charset-normalizer", + "60-certifi", + "61-charset-normalizer", "9-idna", - "61-urllib3" + "62-urllib3" ] }, { - "ref": "62-rich", + "ref": "63-rich", "dependsOn": [ - "63-markdown-it-py", - "65-pygments", - "66-typing-extensions" + "64-markdown-it-py", + "66-pygments", + "67-typing-extensions" ] }, { - "ref": "63-markdown-it-py", + "ref": "64-markdown-it-py", "dependsOn": [ - "64-mdurl" + "65-mdurl" ] }, { - "ref": "69-xmlschema", + "ref": "70-xmlschema", "dependsOn": [ - "70-elementpath" + "71-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index c1b0eb1f1e..43ded4abd6 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,42 +2,41 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a228b5bf-0565-4e04-b688-0865d0c12357 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-43ca30d9-07f7-4748-a669-8136d177492c LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.10.4 -Created: 2024-04-08T00:26:37Z +Created: 2024-05-13T00:27:42Z CreatorComment: This document has been automatically generated. ##### PackageName: cve-bin-tool SPDXID: SPDXRef-Package-1-cve-bin-tool -PackageVersion: 3.3rc2 +PackageVersion: 3.3.1.dev0 PrimaryPackagePurpose: APPLICATION PackageSupplier: Person: Terri Oda (terri.oda@intel.com) -PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3rc2 +PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3.1.dev0 FilesAnalyzed: false -PackageChecksum: SHA1: c491590aeea36235930d1c6b8480d2489a470ece PackageLicenseDeclared: GPL-3.0-or-later PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION PackageSummary: CVE Binary Checker Tool -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.3rc2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.3.1.dev0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:*:*:*:*:* ##### PackageName: aiohttp SPDXID: SPDXRef-Package-2-aiohttp -PackageVersion: 3.9.3 +PackageVersion: 3.9.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.3 +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.5 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.3 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.5 ##### PackageName: aiosignal @@ -137,17 +136,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*: PackageName: idna SPDXID: SPDXRef-Package-9-idna -PackageVersion: 3.6 +PackageVersion: 3.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) -PackageDownloadLocation: https://pypi.org/project/idna/3.6 +PackageDownloadLocation: https://pypi.org/project/idna/3.7 FilesAnalyzed: false +PackageChecksum: SHA1: 1d365e17e10d72d0b7876316fc7b9ca0eebdd38d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Internationalized Domain Names in Applications (IDNA) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.6 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.7 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 @@ -184,19 +184,19 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:* PackageName: cvss SPDXID: SPDXRef-Package-12-cvss -PackageVersion: 3.0 +PackageVersion: 3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) -PackageDownloadLocation: https://pypi.org/project/cvss/3.0 +PackageDownloadLocation: https://pypi.org/project/cvss/3.1 FilesAnalyzed: false -PackageChecksum: SHA1: c637e63a16b7411c6135b5ae8bb5408d06d89b41 +PackageChecksum: SHA1: e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3 -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:* ##### PackageName: defusedxml @@ -250,34 +250,35 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: PackageName: gsutil SPDXID: SPDXRef-Package-16-gsutil -PackageVersion: 5.27 +PackageVersion: 5.29 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.27 +PackageDownloadLocation: https://pypi.org/project/gsutil/5.29 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.27 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.29 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.29:*:*:*:*:*:*:* ##### PackageName: argcomplete SPDXID: SPDXRef-Package-17-argcomplete -PackageVersion: 3.2.3 +PackageVersion: 3.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageDownloadLocation: https://pypi.org/project/argcomplete/3.2.3 +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.3.0 FilesAnalyzed: false +PackageChecksum: SHA1: c7cc834df1fddcf94bd35b740fef7c7ab8e9c350 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.2.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:* ##### PackageName: crcmod @@ -313,18 +314,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:* PackageName: gcs-oauth2-boto-plugin SPDXID: SPDXRef-Package-20-gcs-oauth2-boto-plugin -PackageVersion: 3.0 +PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) -PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.0 +PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:* ##### PackageName: boto @@ -343,42 +344,88 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* ##### -PackageName: google-reauth -SPDXID: SPDXRef-Package-22-google-reauth -PackageVersion: 0.1.1 +PackageName: google-auth +SPDXID: SPDXRef-Package-22-google-auth +PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google (googleapis-publisher@google.com) -PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0 FilesAnalyzed: false -PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b +PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Google Reauth Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* +PackageSummary: Google Authentication Library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* ##### -PackageName: pyu2f -SPDXID: SPDXRef-Package-23-pyu2f -PackageVersion: 0.1.5 +PackageName: cachetools +SPDXID: SPDXRef-Package-23-cachetools +PackageVersion: 5.3.3 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) -PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 +PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) +PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.3 +FilesAnalyzed: false +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Extensible memoizing collections and decorators +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:* +##### + +PackageName: pyasn1-modules +SPDXID: SPDXRef-Package-24-pyasn1-modules +PackageVersion: 0.4.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 FilesAnalyzed: false -PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A collection of ASN.1-based protocols modules +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:* +##### + +PackageName: pyasn1 +SPDXID: SPDXRef-Package-25-pyasn1 +PackageVersion: 0.6.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0 +FilesAnalyzed: false +PackageLicenseDeclared: BSD-2-Clause +PackageLicenseConcluded: BSD-2-Clause +PackageCopyrightText: NOASSERTION +PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:* +##### + +PackageName: rsa +SPDXID: SPDXRef-Package-26-rsa +PackageVersion: 4.7.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) +PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 +FilesAnalyzed: false +PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: U2F host library for interacting with a U2F device over USB. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* +PackageSummary: Pure-Python RSA implementation +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-Package-24-six +SPDXID: SPDXRef-Package-27-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -393,8 +440,24 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:* ##### +PackageName: google-auth-httplib2 +SPDXID: SPDXRef-Package-28-google-auth-httplib2 +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0 +FilesAnalyzed: false +PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* +##### + PackageName: httplib2 -SPDXID: SPDXRef-Package-25-httplib2 +SPDXID: SPDXRef-Package-29-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -410,7 +473,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-Package-26-pyparsing +SPDXID: SPDXRef-Package-30-pyparsing PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) @@ -425,73 +488,59 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:* ##### -PackageName: oauth2client -SPDXID: SPDXRef-Package-27-oauth2client -PackageVersion: 4.1.3 +PackageName: google-reauth +SPDXID: SPDXRef-Package-31-google-reauth +PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) -PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 +PackageSupplier: Person: Google (googleapis-publisher@google.com) +PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 FilesAnalyzed: false -PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 +PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: OAuth 2.0 client library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* -##### - -PackageName: pyasn1 -SPDXID: SPDXRef-Package-28-pyasn1 -PackageVersion: 0.6.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0 -FilesAnalyzed: false -PackageLicenseDeclared: BSD-2-Clause -PackageLicenseConcluded: BSD-2-Clause +PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:* +PackageSummary: Google Reauth Library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* ##### -PackageName: pyasn1-modules -SPDXID: SPDXRef-Package-29-pyasn1-modules -PackageVersion: 0.4.0 +PackageName: pyu2f +SPDXID: SPDXRef-Package-32-pyu2f +PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 +PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) +PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 FilesAnalyzed: false +PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: A collection of ASN.1-based protocols modules -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:* +PackageSummary: U2F host library for interacting with a U2F device over USB. +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### -PackageName: rsa -SPDXID: SPDXRef-Package-30-rsa -PackageVersion: 4.7.2 +PackageName: oauth2client +SPDXID: SPDXRef-Package-33-oauth2client +PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) -PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 +PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) +PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 FilesAnalyzed: false -PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa +PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python RSA implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* +PackageSummary: OAuth 2.0 client library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-Package-31-pyopenssl +SPDXID: SPDXRef-Package-34-pyopenssl PackageVersion: 24.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) @@ -508,22 +557,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. ##### PackageName: cryptography -SPDXID: SPDXRef-Package-32-cryptography -PackageVersion: 42.0.5 +SPDXID: SPDXRef-Package-35-cryptography +PackageVersion: 42.0.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.5 +PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.7 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.7 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:* ##### PackageName: cffi -SPDXID: SPDXRef-Package-33-cffi +SPDXID: SPDXRef-Package-36-cffi PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) @@ -539,12 +588,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:* ##### PackageName: pycparser -SPDXID: SPDXRef-Package-34-pycparser +SPDXID: SPDXRef-Package-37-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) PackageDownloadLocation: https://pypi.org/project/pycparser/2.22 FilesAnalyzed: false +PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2 PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION @@ -554,7 +604,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-Package-35-retry-decorator +SPDXID: SPDXRef-Package-38-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) @@ -570,7 +620,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-Package-36-google-apitools +SPDXID: SPDXRef-Package-39-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -586,39 +636,8 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:* ##### -PackageName: google-auth -SPDXID: SPDXRef-Package-37-google-auth -PackageVersion: 2.29.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.29.0 -FilesAnalyzed: false -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.29.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:* -##### - -PackageName: cachetools -SPDXID: SPDXRef-Package-38-cachetools -PackageVersion: 5.3.3 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.3 -FilesAnalyzed: false -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: Extensible memoizing collections and decorators -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:* -##### - PackageName: monotonic -SPDXID: SPDXRef-Package-39-monotonic +SPDXID: SPDXRef-Package-40-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -635,12 +654,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: importlib-metadata -SPDXID: SPDXRef-Package-40-importlib-metadata +SPDXID: SPDXRef-Package-41-importlib-metadata PackageVersion: 7.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com) PackageDownloadLocation: https://pypi.org/project/importlib_metadata/7.1.0 FilesAnalyzed: false +PackageChecksum: SHA1: f5d6b5f3f3f6fffe01b340c5a19562433db148a9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -650,12 +670,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:7.1 ##### PackageName: zipp -SPDXID: SPDXRef-Package-41-zipp +SPDXID: SPDXRef-Package-42-zipp PackageVersion: 3.18.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com) PackageDownloadLocation: https://pypi.org/project/zipp/3.18.1 FilesAnalyzed: false +PackageChecksum: SHA1: bfae83474a730e8cc9b8a71027fb859b46b3875c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -665,12 +686,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.18.1:*:*:*:*:*: ##### PackageName: importlib-resources -SPDXID: SPDXRef-Package-42-importlib-resources +SPDXID: SPDXRef-Package-43-importlib-resources PackageVersion: 6.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Barry Warsaw (barry@python.org) PackageDownloadLocation: https://pypi.org/project/importlib_resources/6.4.0 FilesAnalyzed: false +PackageChecksum: SHA1: 1f4d3f10a3ed5d65b3092a39369c08e71e30a97c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -680,28 +702,26 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.4.0 ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-43-jinja2 -PackageVersion: 3.1.3 +SPDXID: SPDXRef-Package-44-jinja2 +PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.3 +PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.4 FilesAnalyzed: false -PackageChecksum: SHA1: d9de4bb215fd1cc8092a410fb834c7c4060b1fc1 -PackageLicenseDeclared: BSD-3-Clause -PackageLicenseConcluded: BSD-3-Clause +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A very fast and expressive template engine. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.3 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-44-markupsafe +SPDXID: SPDXRef-Package-45-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.5 FilesAnalyzed: false -PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65 PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION @@ -710,22 +730,22 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-45-jsonschema -PackageVersion: 4.21.1 +SPDXID: SPDXRef-Package-46-jsonschema +PackageVersion: 4.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema/4.21.1 +PackageDownloadLocation: https://pypi.org/project/jsonschema/4.22.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.21.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.22.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:* ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-Package-46-jsonschema-specifications +SPDXID: SPDXRef-Package-47-jsonschema-specifications PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -741,37 +761,37 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification ##### PackageName: referencing -SPDXID: SPDXRef-Package-47-referencing -PackageVersion: 0.34.0 +SPDXID: SPDXRef-Package-48-referencing +PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/referencing/0.34.0 +PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.34.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-Package-48-rpds-py -PackageVersion: 0.18.0 +SPDXID: SPDXRef-Package-49-rpds-py +PackageVersion: 0.18.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.18.0 +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.18.1 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.18.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.18.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.1:*:*:*:*:*:*:* ##### PackageName: pkgutil-resolve-name -SPDXID: SPDXRef-Package-49-pkgutil-resolve-name +SPDXID: SPDXRef-Package-50-pkgutil-resolve-name PackageVersion: 1.3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -786,22 +806,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.1 ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-50-lib4sbom -PackageVersion: 0.7.0 +SPDXID: SPDXRef-Package-51-lib4sbom +PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.0 +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.1 FilesAnalyzed: false +PackageChecksum: SHA1: 4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:* ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-51-pyyaml +SPDXID: SPDXRef-Package-52-pyyaml PackageVersion: 6.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) @@ -817,7 +838,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-52-semantic-version +SPDXID: SPDXRef-Package-53-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -834,7 +855,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: packageurl-python -SPDXID: SPDXRef-Package-53-packageurl-python +SPDXID: SPDXRef-Package-54-packageurl-python PackageVersion: 0.15.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -850,7 +871,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: packaging -SPDXID: SPDXRef-Package-54-packaging +SPDXID: SPDXRef-Package-55-packaging PackageVersion: 24.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -865,40 +886,38 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-Package-55-plotly -PackageVersion: 5.20.0 +SPDXID: SPDXRef-Package-56-plotly +PackageVersion: 5.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) -PackageDownloadLocation: https://pypi.org/project/plotly/5.20.0 +PackageDownloadLocation: https://pypi.org/project/plotly/5.22.0 FilesAnalyzed: false -PackageChecksum: SHA1: 9335a34ca77399a597a72420f73e947217d3d410 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.20.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.22.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-56-tenacity -PackageVersion: 8.2.3 +SPDXID: SPDXRef-Package-57-tenacity +PackageVersion: 8.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.3 +PackageDownloadLocation: https://pypi.org/project/tenacity/8.3.0 FilesAnalyzed: false -PackageChecksum: SHA1: 41ed2420cda8ab7650a39900451099f4730266c3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.2.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.3.0:*:*:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-57-python-gnupg +SPDXID: SPDXRef-Package-58-python-gnupg PackageVersion: 0.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -915,7 +934,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-58-requests +SPDXID: SPDXRef-Package-59-requests PackageVersion: 2.31.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -932,7 +951,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-59-certifi +SPDXID: SPDXRef-Package-60-certifi PackageVersion: 2024.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -947,7 +966,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.2.2:*:*:*:* ##### PackageName: charset-normalizer -SPDXID: SPDXRef-Package-60-charset-normalizer +SPDXID: SPDXRef-Package-61-charset-normalizer PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) @@ -963,7 +982,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:* ##### PackageName: urllib3 -SPDXID: SPDXRef-Package-61-urllib3 +SPDXID: SPDXRef-Package-62-urllib3 PackageVersion: 2.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) @@ -978,7 +997,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.1:*:*:*:*:*: ##### PackageName: rich -SPDXID: SPDXRef-Package-62-rich +SPDXID: SPDXRef-Package-63-rich PackageVersion: 13.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -993,7 +1012,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-63-markdown-it-py +SPDXID: SPDXRef-Package-64-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -1009,7 +1028,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-64-mdurl +SPDXID: SPDXRef-Package-65-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -1025,28 +1044,28 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-65-pygments -PackageVersion: 2.17.2 +SPDXID: SPDXRef-Package-66-pygments +PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.17.2 +PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0 FilesAnalyzed: false -PackageChecksum: SHA1: ee30ce132ae252bd72f3a74c86d9314a2214d0b4 PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.17.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:* ##### PackageName: typing-extensions -SPDXID: SPDXRef-Package-66-typing-extensions +SPDXID: SPDXRef-Package-67-typing-extensions PackageVersion: 4.11.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) PackageDownloadLocation: https://pypi.org/project/typing_extensions/4.11.0 FilesAnalyzed: false +PackageChecksum: SHA1: d4d929d44bd984350e2d17726362295f588eaace PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1056,7 +1075,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-67-rpmfile +SPDXID: SPDXRef-Package-68-rpmfile PackageVersion: 2.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -1071,7 +1090,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:* ##### PackageName: toml -SPDXID: SPDXRef-Package-68-toml +SPDXID: SPDXRef-Package-69-toml PackageVersion: 0.10.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: William Pearson (uiri@xqz.ca) @@ -1087,22 +1106,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: ##### PackageName: xmlschema -SPDXID: SPDXRef-Package-69-xmlschema -PackageVersion: 3.2.1 +SPDXID: SPDXRef-Package-70-xmlschema +PackageVersion: 3.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.2.1 +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.1 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.2.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.2.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-70-elementpath +SPDXID: SPDXRef-Package-71-elementpath PackageVersion: 4.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1117,7 +1136,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-71-zstandard +SPDXID: SPDXRef-Package-72-zstandard PackageVersion: 0.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1141,36 +1160,37 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-distr Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-filetype Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-40-importlib-metadata -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-importlib-resources -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-packageurl-python -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-68-toml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-71-zstandard +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-importlib-metadata +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-importlib-resources +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-packageurl-python +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-urllib3 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-68-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-toml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-70-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-72-zstandard Relationship: SPDXRef-Package-10-beautifulsoup4 DEPENDS_ON SPDXRef-Package-11-soupsieve Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-19-fasteners Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-20-gcs-oauth2-boto-plugin -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-reauth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-pyopenssl -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-35-retry-decorator -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-36-google-apitools -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-37-google-auth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-monotonic +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-google-reauth +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-34-pyopenssl +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-38-retry-decorator +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-google-apitools +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-40-monotonic Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-async-timeout @@ -1178,60 +1198,65 @@ Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-attrs Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-multidict Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-yarl Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-boto -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-reauth -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-oauth2client -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-pyopenssl -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-35-retry-decorator -Relationship: SPDXRef-Package-22-google-reauth DEPENDS_ON SPDXRef-Package-23-pyu2f -Relationship: SPDXRef-Package-23-pyu2f DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-25-httplib2 DEPENDS_ON SPDXRef-Package-26-pyparsing -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-28-pyasn1 -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-29-pyasn1-modules -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-29-pyasn1-modules DEPENDS_ON SPDXRef-Package-28-pyasn1 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-google-reauth +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-oauth2client +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-pyopenssl +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-38-retry-decorator +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-23-cachetools +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-24-pyasn1-modules +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-24-pyasn1-modules DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-26-rsa DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-29-httplib2 DEPENDS_ON SPDXRef-Package-30-pyparsing Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-30-rsa DEPENDS_ON SPDXRef-Package-28-pyasn1 -Relationship: SPDXRef-Package-31-pyopenssl DEPENDS_ON SPDXRef-Package-32-cryptography -Relationship: SPDXRef-Package-32-cryptography DEPENDS_ON SPDXRef-Package-33-cffi -Relationship: SPDXRef-Package-33-cffi DEPENDS_ON SPDXRef-Package-34-pycparser -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-27-oauth2client -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-29-pyasn1-modules -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-38-cachetools -Relationship: SPDXRef-Package-40-importlib-metadata DEPENDS_ON SPDXRef-Package-41-zipp -Relationship: SPDXRef-Package-42-importlib-resources DEPENDS_ON SPDXRef-Package-41-zipp -Relationship: SPDXRef-Package-43-jinja2 DEPENDS_ON SPDXRef-Package-44-markupsafe -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-42-importlib-resources -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-46-jsonschema-specifications -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-47-referencing -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-48-rpds-py -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-49-pkgutil-resolve-name -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-46-jsonschema-specifications DEPENDS_ON SPDXRef-Package-42-importlib-resources -Relationship: SPDXRef-Package-46-jsonschema-specifications DEPENDS_ON SPDXRef-Package-47-referencing -Relationship: SPDXRef-Package-47-referencing DEPENDS_ON SPDXRef-Package-48-rpds-py -Relationship: SPDXRef-Package-47-referencing DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-50-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml -Relationship: SPDXRef-Package-50-lib4sbom DEPENDS_ON SPDXRef-Package-51-pyyaml -Relationship: SPDXRef-Package-50-lib4sbom DEPENDS_ON SPDXRef-Package-52-semantic-version -Relationship: SPDXRef-Package-55-plotly DEPENDS_ON SPDXRef-Package-54-packaging -Relationship: SPDXRef-Package-55-plotly DEPENDS_ON SPDXRef-Package-56-tenacity -Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-59-certifi -Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-60-charset-normalizer -Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-61-urllib3 -Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-9-idna -Relationship: SPDXRef-Package-62-rich DEPENDS_ON SPDXRef-Package-63-markdown-it-py -Relationship: SPDXRef-Package-62-rich DEPENDS_ON SPDXRef-Package-65-pygments -Relationship: SPDXRef-Package-62-rich DEPENDS_ON SPDXRef-Package-66-typing-extensions -Relationship: SPDXRef-Package-63-markdown-it-py DEPENDS_ON SPDXRef-Package-64-mdurl -Relationship: SPDXRef-Package-69-xmlschema DEPENDS_ON SPDXRef-Package-70-elementpath +Relationship: SPDXRef-Package-31-google-reauth DEPENDS_ON SPDXRef-Package-32-pyu2f +Relationship: SPDXRef-Package-32-pyu2f DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-24-pyasn1-modules +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-34-pyopenssl DEPENDS_ON SPDXRef-Package-35-cryptography +Relationship: SPDXRef-Package-35-cryptography DEPENDS_ON SPDXRef-Package-36-cffi +Relationship: SPDXRef-Package-36-cffi DEPENDS_ON SPDXRef-Package-37-pycparser +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-33-oauth2client +Relationship: SPDXRef-Package-41-importlib-metadata DEPENDS_ON SPDXRef-Package-42-zipp +Relationship: SPDXRef-Package-43-importlib-resources DEPENDS_ON SPDXRef-Package-42-zipp +Relationship: SPDXRef-Package-44-jinja2 DEPENDS_ON SPDXRef-Package-45-markupsafe +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-43-importlib-resources +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-47-jsonschema-specifications +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-48-referencing +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-49-rpds-py +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-50-pkgutil-resolve-name +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-47-jsonschema-specifications DEPENDS_ON SPDXRef-Package-43-importlib-resources +Relationship: SPDXRef-Package-47-jsonschema-specifications DEPENDS_ON SPDXRef-Package-48-referencing +Relationship: SPDXRef-Package-48-referencing DEPENDS_ON SPDXRef-Package-49-rpds-py +Relationship: SPDXRef-Package-48-referencing DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml +Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-52-pyyaml +Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-53-semantic-version +Relationship: SPDXRef-Package-56-plotly DEPENDS_ON SPDXRef-Package-55-packaging +Relationship: SPDXRef-Package-56-plotly DEPENDS_ON SPDXRef-Package-57-tenacity +Relationship: SPDXRef-Package-59-requests DEPENDS_ON SPDXRef-Package-60-certifi +Relationship: SPDXRef-Package-59-requests DEPENDS_ON SPDXRef-Package-61-charset-normalizer +Relationship: SPDXRef-Package-59-requests DEPENDS_ON SPDXRef-Package-62-urllib3 +Relationship: SPDXRef-Package-59-requests DEPENDS_ON SPDXRef-Package-9-idna +Relationship: SPDXRef-Package-63-rich DEPENDS_ON SPDXRef-Package-64-markdown-it-py +Relationship: SPDXRef-Package-63-rich DEPENDS_ON SPDXRef-Package-66-pygments +Relationship: SPDXRef-Package-63-rich DEPENDS_ON SPDXRef-Package-67-typing-extensions +Relationship: SPDXRef-Package-64-markdown-it-py DEPENDS_ON SPDXRef-Package-65-mdurl +Relationship: SPDXRef-Package-70-xmlschema DEPENDS_ON SPDXRef-Package-71-elementpath Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-7-multidict Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-9-idna diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index a5cdd1164d..2678572818 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -1,11 +1,11 @@ { - "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.5", - "serialNumber": "urn:uuid:f3b971fe-7324-4a25-872a-43efebe6bc9d", + "specVersion": "1.6", + "serialNumber": "urn:uuid:6b8040ba-91ea-45e2-b48e-cf3f925e08dd", "version": 1, "metadata": { - "timestamp": "2024-04-08T00:27:26Z", + "timestamp": "2024-05-13T00:29:02Z", "tools": { "components": [ { @@ -26,7 +26,7 @@ "type": "application", "bom-ref": "1-cve-bin-tool", "name": "cve-bin-tool", - "version": "3.3rc2", + "version": "3.3.1.dev0", "supplier": { "name": "Terri Oda", "contact": [ @@ -35,14 +35,8 @@ } ] }, - "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:*:*:*:*:*", "description": "CVE Binary Checker Tool", - "hashes": [ - { - "alg": "SHA-1", - "content": "c491590aeea36235930d1c6b8480d2489a470ece" - } - ], "licenses": [ { "license": { @@ -53,12 +47,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cve-bin-tool/3.3rc2", + "url": "https://pypi.org/project/cve-bin-tool/3.3.1.dev0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cve-bin-tool@3.3rc2", + "purl": "pkg:pypi/cve-bin-tool@3.3.1.dev0", "properties": [ { "name": "language", @@ -74,7 +68,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.9.3", + "version": "3.9.5", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -86,12 +80,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/aiohttp/3.9.3", + "url": "https://pypi.org/project/aiohttp/3.9.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.9.3", + "purl": "pkg:pypi/aiohttp@3.9.5", "properties": [ { "name": "language", @@ -356,7 +350,7 @@ "type": "library", "bom-ref": "9-idna", "name": "idna", - "version": "3.6", + "version": "3.7", "supplier": { "name": "Kim Davies", "contact": [ @@ -365,16 +359,22 @@ } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:*", "description": "Internationalized Domain Names in Applications (IDNA)", + "hashes": [ + { + "alg": "SHA-1", + "content": "1d365e17e10d72d0b7876316fc7b9ca0eebdd38d" + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/idna/3.6", + "url": "https://pypi.org/project/idna/3.7", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/idna@3.6", + "purl": "pkg:pypi/idna@3.7", "properties": [ { "name": "language", @@ -472,7 +472,7 @@ "type": "library", "bom-ref": "12-cvss", "name": "cvss", - "version": "3.0", + "version": "3.1", "supplier": { "name": "Stanislav Red Hat Product Security", "contact": [ @@ -481,12 +481,12 @@ } ] }, - "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", "hashes": [ { "alg": "SHA-1", - "content": "c637e63a16b7411c6135b5ae8bb5408d06d89b41" + "content": "e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475" } ], "licenses": [ @@ -499,12 +499,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cvss/3.0", + "url": "https://pypi.org/project/cvss/3.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cvss@3.0", + "purl": "pkg:pypi/cvss@3.1", "properties": [ { "name": "language", @@ -658,7 +658,7 @@ "type": "library", "bom-ref": "16-gsutil", "name": "gsutil", - "version": "5.27", + "version": "5.29", "supplier": { "name": "Google Inc .", "contact": [ @@ -667,7 +667,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.29:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -679,12 +679,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gsutil/5.27", + "url": "https://pypi.org/project/gsutil/5.29", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.27", + "purl": "pkg:pypi/gsutil@5.29", "properties": [ { "name": "language", @@ -700,7 +700,7 @@ "type": "library", "bom-ref": "17-argcomplete", "name": "argcomplete", - "version": "3.2.3", + "version": "3.3.0", "supplier": { "name": "Andrey Kislyuk", "contact": [ @@ -709,8 +709,14 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:*", "description": "Bash tab completion for argparse", + "hashes": [ + { + "alg": "SHA-1", + "content": "c7cc834df1fddcf94bd35b740fef7c7ab8e9c350" + } + ], "licenses": [ { "license": { @@ -721,12 +727,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/argcomplete/3.2.3", + "url": "https://pypi.org/project/argcomplete/3.3.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/argcomplete@3.2.3", + "purl": "pkg:pypi/argcomplete@3.3.0", "properties": [ { "name": "language", @@ -827,7 +833,7 @@ "type": "library", "bom-ref": "20-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", - "version": "3.0", + "version": "3.2", "supplier": { "name": "Google Inc .", "contact": [ @@ -836,7 +842,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*", "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.", "licenses": [ { @@ -848,12 +854,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.0", + "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.0", + "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2", "properties": [ { "name": "language", @@ -915,23 +921,23 @@ }, { "type": "library", - "bom-ref": "22-google-reauth", - "name": "google-reauth", - "version": "0.1.1", + "bom-ref": "22-google-auth", + "name": "google-auth", + "version": "2.17.0", "supplier": { - "name": "Google", + "name": "Google Cloud Platform", "contact": [ { - "email": "googleapis-publisher@google.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", - "description": "Google Reauth Library", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library", "hashes": [ { "alg": "SHA-1", - "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" + "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243" } ], "licenses": [ @@ -944,12 +950,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/google-reauth/0.1.1", + "url": "https://pypi.org/project/google-auth/2.17.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-reauth@0.1.1", + "purl": "pkg:pypi/google-auth@2.17.0", "properties": [ { "name": "language", @@ -963,23 +969,149 @@ }, { "type": "library", - "bom-ref": "23-pyu2f", - "name": "pyu2f", - "version": "0.1.5", + "bom-ref": "23-cachetools", + "name": "cachetools", + "version": "5.3.3", "supplier": { - "name": "Google Inc .", + "name": "Thomas Kemmer", "contact": [ { - "email": "pyu2f-team@google.com" + "email": "tkemmer@computer.org" } ] }, - "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", - "description": "U2F host library for interacting with a U2F device over USB.", + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*", + "description": "Extensible memoizing collections and decorators", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/cachetools/5.3.3", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/cachetools@5.3.3", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.9.19" + } + ] + }, + { + "type": "library", + "bom-ref": "24-pyasn1-modules", + "name": "pyasn1-modules", + "version": "0.4.0", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*", + "description": "A collection of ASN.1-based protocols modules", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/pyasn1-modules@0.4.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.9.19" + } + ] + }, + { + "type": "library", + "bom-ref": "25-pyasn1", + "name": "pyasn1", + "version": "0.6.0", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*", + "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause", + "url": "https://opensource.org/licenses/BSD-2-Clause" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/pyasn1/0.6.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/pyasn1@0.6.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.9.19" + } + ] + }, + { + "type": "library", + "bom-ref": "26-rsa", + "name": "rsa", + "version": "4.7.2", + "supplier": { + "name": "Sybren A . Stuvel", + "contact": [ + { + "email": "sybren@stuvel.eu" + } + ] + }, + "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", + "description": "Pure-Python RSA implementation", "hashes": [ { "alg": "SHA-1", - "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" } ], "licenses": [ @@ -992,12 +1124,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyu2f/0.1.5", + "url": "https://pypi.org/project/rsa/4.7.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyu2f@0.1.5", + "purl": "pkg:pypi/rsa@4.7.2", "properties": [ { "name": "language", @@ -1011,7 +1143,7 @@ }, { "type": "library", - "bom-ref": "24-six", + "bom-ref": "27-six", "name": "six", "version": "1.16.0", "supplier": { @@ -1059,41 +1191,40 @@ }, { "type": "library", - "bom-ref": "25-httplib2", - "name": "httplib2", - "version": "0.20.4", + "bom-ref": "28-google-auth-httplib2", + "name": "google-auth-httplib2", + "version": "0.2.0", "supplier": { - "name": "Joe Gregorio", + "name": "Google Cloud Platform", "contact": [ { - "email": "joe@bitworking.org" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", - "description": "A comprehensive HTTP client library.", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", "hashes": [ { "alg": "SHA-1", - "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4" + "content": "932ac88800dd6de004c1bd59867831ccf033f031" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/httplib2/0.20.4", + "url": "https://pypi.org/project/google-auth-httplib2/0.2.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/httplib2@0.20.4", + "purl": "pkg:pypi/google-auth-httplib2@0.2.0", "properties": [ { "name": "language", @@ -1107,33 +1238,41 @@ }, { "type": "library", - "bom-ref": "26-pyparsing", - "name": "pyparsing", - "version": "3.1.2", + "bom-ref": "29-httplib2", + "name": "httplib2", + "version": "0.20.4", "supplier": { - "name": "Paul McGuire", + "name": "Joe Gregorio", "contact": [ { - "email": "ptmcg.gm+pyparsing@gmail.com" + "email": "joe@bitworking.org" } ] }, - "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*", - "description": "pyparsing module - Classes and methods to define and execute parsing grammars", + "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", + "description": "A comprehensive HTTP client library.", "hashes": [ { "alg": "SHA-1", - "content": "7d4bda2743ebc04f68d2594bc4fffc70cd65848f" + "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/pyparsing/3.1.2", + "url": "https://pypi.org/project/httplib2/0.20.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyparsing@3.1.2", + "purl": "pkg:pypi/httplib2@0.20.4", "properties": [ { "name": "language", @@ -1147,41 +1286,33 @@ }, { "type": "library", - "bom-ref": "27-oauth2client", - "name": "oauth2client", - "version": "4.1.3", + "bom-ref": "30-pyparsing", + "name": "pyparsing", + "version": "3.1.2", "supplier": { - "name": "Google Inc .", + "name": "Paul McGuire", "contact": [ { - "email": "jonwayne+oauth2client@google.com" + "email": "ptmcg.gm+pyparsing@gmail.com" } ] }, - "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", - "description": "OAuth 2.0 client library", + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*", + "description": "pyparsing module - Classes and methods to define and execute parsing grammars", "hashes": [ { "alg": "SHA-1", - "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0" - } + "content": "7d4bda2743ebc04f68d2594bc4fffc70cd65848f" } ], "externalReferences": [ { - "url": "https://pypi.org/project/oauth2client/4.1.3", + "url": "https://pypi.org/project/pyparsing/3.1.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/oauth2client@4.1.3", + "purl": "pkg:pypi/pyparsing@3.1.2", "properties": [ { "name": "language", @@ -1195,35 +1326,41 @@ }, { "type": "library", - "bom-ref": "28-pyasn1", - "name": "pyasn1", - "version": "0.6.0", + "bom-ref": "31-google-reauth", + "name": "google-reauth", + "version": "0.1.1", "supplier": { - "name": "Ilya Etingof", + "name": "Google", "contact": [ { - "email": "etingof@gmail.com" + "email": "googleapis-publisher@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*", - "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", + "description": "Google Reauth Library", + "hashes": [ + { + "alg": "SHA-1", + "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" + } + ], "licenses": [ { "license": { - "id": "BSD-2-Clause", - "url": "https://opensource.org/licenses/BSD-2-Clause" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1/0.6.0", + "url": "https://pypi.org/project/google-reauth/0.1.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1@0.6.0", + "purl": "pkg:pypi/google-reauth@0.1.1", "properties": [ { "name": "language", @@ -1237,35 +1374,41 @@ }, { "type": "library", - "bom-ref": "29-pyasn1-modules", - "name": "pyasn1-modules", - "version": "0.4.0", + "bom-ref": "32-pyu2f", + "name": "pyu2f", + "version": "0.1.5", "supplier": { - "name": "Ilya Etingof", + "name": "Google Inc .", "contact": [ { - "email": "etingof@gmail.com" + "email": "pyu2f-team@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*", - "description": "A collection of ASN.1-based protocols modules", + "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", + "description": "U2F host library for interacting with a U2F device over USB.", + "hashes": [ + { + "alg": "SHA-1", + "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + } + ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "url": "https://pypi.org/project/pyu2f/0.1.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1-modules@0.4.0", + "purl": "pkg:pypi/pyu2f@0.1.5", "properties": [ { "name": "language", @@ -1279,23 +1422,23 @@ }, { "type": "library", - "bom-ref": "30-rsa", - "name": "rsa", - "version": "4.7.2", + "bom-ref": "33-oauth2client", + "name": "oauth2client", + "version": "4.1.3", "supplier": { - "name": "Sybren A . Stuvel", + "name": "Google Inc .", "contact": [ { - "email": "sybren@stuvel.eu" + "email": "jonwayne+oauth2client@google.com" } ] }, - "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", - "description": "Pure-Python RSA implementation", + "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", + "description": "OAuth 2.0 client library", "hashes": [ { "alg": "SHA-1", - "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" + "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" } ], "licenses": [ @@ -1308,12 +1451,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rsa/4.7.2", + "url": "https://pypi.org/project/oauth2client/4.1.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rsa@4.7.2", + "purl": "pkg:pypi/oauth2client@4.1.3", "properties": [ { "name": "language", @@ -1327,7 +1470,7 @@ }, { "type": "library", - "bom-ref": "31-pyopenssl", + "bom-ref": "34-pyopenssl", "name": "pyopenssl", "version": "24.1.0", "supplier": { @@ -1375,9 +1518,9 @@ }, { "type": "library", - "bom-ref": "32-cryptography", + "bom-ref": "35-cryptography", "name": "cryptography", - "version": "42.0.5", + "version": "42.0.7", "supplier": { "name": "The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1386,7 +1529,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1395,12 +1538,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cryptography/42.0.5", + "url": "https://pypi.org/project/cryptography/42.0.7", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@42.0.5", + "purl": "pkg:pypi/cryptography@42.0.7", "properties": [ { "name": "language", @@ -1414,7 +1557,7 @@ }, { "type": "library", - "bom-ref": "33-cffi", + "bom-ref": "36-cffi", "name": "cffi", "version": "1.16.0", "supplier": { @@ -1462,7 +1605,7 @@ }, { "type": "library", - "bom-ref": "34-pycparser", + "bom-ref": "37-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -1475,6 +1618,12 @@ }, "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*", "description": "C parser in Python", + "hashes": [ + { + "alg": "SHA-1", + "content": "129d32ef805d715d90a3b2035b13168c17ca63d2" + } + ], "licenses": [ { "license": { @@ -1504,7 +1653,7 @@ }, { "type": "library", - "bom-ref": "35-retry-decorator", + "bom-ref": "38-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -1552,7 +1701,7 @@ }, { "type": "library", - "bom-ref": "36-google-apitools", + "bom-ref": "39-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -1600,91 +1749,7 @@ }, { "type": "library", - "bom-ref": "37-google-auth", - "name": "google-auth", - "version": "2.29.0", - "supplier": { - "name": "Google Cloud Platform", - "contact": [ - { - "email": "googleapis-packages@google.com" - } - ] - }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0" - } - } - ], - "externalReferences": [ - { - "url": "https://pypi.org/project/google-auth/2.29.0", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/google-auth@2.29.0", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.9.19" - } - ] - }, - { - "type": "library", - "bom-ref": "38-cachetools", - "name": "cachetools", - "version": "5.3.3", - "supplier": { - "name": "Thomas Kemmer", - "contact": [ - { - "email": "tkemmer@computer.org" - } - ] - }, - "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*", - "description": "Extensible memoizing collections and decorators", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" - } - } - ], - "externalReferences": [ - { - "url": "https://pypi.org/project/cachetools/5.3.3", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/cachetools@5.3.3", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.9.19" - } - ] - }, - { - "type": "library", - "bom-ref": "39-monotonic", + "bom-ref": "40-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1732,7 +1797,7 @@ }, { "type": "library", - "bom-ref": "40-importlib-metadata", + "bom-ref": "41-importlib-metadata", "name": "importlib-metadata", "version": "7.1.0", "supplier": { @@ -1745,6 +1810,12 @@ }, "cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:7.1.0:*:*:*:*:*:*:*", "description": "Read metadata from Python packages", + "hashes": [ + { + "alg": "SHA-1", + "content": "f5d6b5f3f3f6fffe01b340c5a19562433db148a9" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/importlib_metadata/7.1.0", @@ -1766,7 +1837,7 @@ }, { "type": "library", - "bom-ref": "41-zipp", + "bom-ref": "42-zipp", "name": "zipp", "version": "3.18.1", "supplier": { @@ -1779,6 +1850,12 @@ }, "cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.18.1:*:*:*:*:*:*:*", "description": "Backport of pathlib-compatible object wrapper for zip files", + "hashes": [ + { + "alg": "SHA-1", + "content": "bfae83474a730e8cc9b8a71027fb859b46b3875c" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/zipp/3.18.1", @@ -1800,32 +1877,18 @@ }, { "type": "library", - "bom-ref": "42-jinja2", + "bom-ref": "43-jinja2", "name": "jinja2", - "version": "3.1.3", + "version": "3.1.4", "description": "A very fast and expressive template engine.", - "hashes": [ - { - "alg": "SHA-1", - "content": "d9de4bb215fd1cc8092a410fb834c7c4060b1fc1" - } - ], - "licenses": [ - { - "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause" - } - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/Jinja2/3.1.3", + "url": "https://pypi.org/project/Jinja2/3.1.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jinja2@3.1.3", + "purl": "pkg:pypi/jinja2@3.1.4", "properties": [ { "name": "language", @@ -1839,16 +1902,10 @@ }, { "type": "library", - "bom-ref": "43-markupsafe", + "bom-ref": "44-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", - "hashes": [ - { - "alg": "SHA-1", - "content": "fbba4acd0312826cec9cfe18371c7df07962cb65" - } - ], "licenses": [ { "license": { @@ -1878,13 +1935,13 @@ }, { "type": "library", - "bom-ref": "44-jsonschema", + "bom-ref": "45-jsonschema", "name": "jsonschema", - "version": "4.21.1", + "version": "4.22.0", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", "licenses": [ { @@ -1896,12 +1953,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema/4.21.1", + "url": "https://pypi.org/project/jsonschema/4.22.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema@4.21.1", + "purl": "pkg:pypi/jsonschema@4.22.0", "properties": [ { "name": "language", @@ -1915,7 +1972,7 @@ }, { "type": "library", - "bom-ref": "45-jsonschema-specifications", + "bom-ref": "46-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2023.12.1", "supplier": { @@ -1958,22 +2015,22 @@ }, { "type": "library", - "bom-ref": "46-referencing", + "bom-ref": "47-referencing", "name": "referencing", - "version": "0.34.0", + "version": "0.35.1", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*", "description": "JSON Referencing + Python", "externalReferences": [ { - "url": "https://pypi.org/project/referencing/0.34.0", + "url": "https://pypi.org/project/referencing/0.35.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/referencing@0.34.0", + "purl": "pkg:pypi/referencing@0.35.1", "properties": [ { "name": "language", @@ -1987,13 +2044,13 @@ }, { "type": "library", - "bom-ref": "47-rpds-py", + "bom-ref": "48-rpds-py", "name": "rpds-py", - "version": "0.18.0", + "version": "0.18.1", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.18.1:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", "licenses": [ { @@ -2005,12 +2062,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rpds-py/0.18.0", + "url": "https://pypi.org/project/rpds-py/0.18.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.18.0", + "purl": "pkg:pypi/rpds-py@0.18.1", "properties": [ { "name": "language", @@ -2024,9 +2081,9 @@ }, { "type": "library", - "bom-ref": "48-lib4sbom", + "bom-ref": "49-lib4sbom", "name": "lib4sbom", - "version": "0.7.0", + "version": "0.7.1", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -2035,8 +2092,14 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", + "hashes": [ + { + "alg": "SHA-1", + "content": "4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4" + } + ], "licenses": [ { "license": { @@ -2047,12 +2110,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4sbom/0.7.0", + "url": "https://pypi.org/project/lib4sbom/0.7.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.7.0", + "purl": "pkg:pypi/lib4sbom@0.7.1", "properties": [ { "name": "language", @@ -2066,7 +2129,7 @@ }, { "type": "library", - "bom-ref": "49-pyyaml", + "bom-ref": "50-pyyaml", "name": "pyyaml", "version": "6.0.1", "supplier": { @@ -2114,7 +2177,7 @@ }, { "type": "library", - "bom-ref": "50-semantic-version", + "bom-ref": "51-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2162,7 +2225,7 @@ }, { "type": "library", - "bom-ref": "51-packageurl-python", + "bom-ref": "52-packageurl-python", "name": "packageurl-python", "version": "0.15.0", "supplier": { @@ -2205,7 +2268,7 @@ }, { "type": "library", - "bom-ref": "52-packaging", + "bom-ref": "53-packaging", "name": "packaging", "version": "24.0", "supplier": { @@ -2239,9 +2302,9 @@ }, { "type": "library", - "bom-ref": "53-plotly", + "bom-ref": "54-plotly", "name": "plotly", - "version": "5.20.0", + "version": "5.22.0", "supplier": { "name": "Chris P", "contact": [ @@ -2250,14 +2313,8 @@ } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*", "description": "An open-source, interactive data visualization library for Python", - "hashes": [ - { - "alg": "SHA-1", - "content": "9335a34ca77399a597a72420f73e947217d3d410" - } - ], "licenses": [ { "license": { @@ -2268,12 +2325,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/plotly/5.20.0", + "url": "https://pypi.org/project/plotly/5.22.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/plotly@5.20.0", + "purl": "pkg:pypi/plotly@5.22.0", "properties": [ { "name": "language", @@ -2287,9 +2344,9 @@ }, { "type": "library", - "bom-ref": "54-tenacity", + "bom-ref": "55-tenacity", "name": "tenacity", - "version": "8.2.3", + "version": "8.3.0", "supplier": { "name": "Julien Danjou", "contact": [ @@ -2298,14 +2355,8 @@ } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.3.0:*:*:*:*:*:*:*", "description": "Retry code until it succeeds", - "hashes": [ - { - "alg": "SHA-1", - "content": "41ed2420cda8ab7650a39900451099f4730266c3" - } - ], "licenses": [ { "license": { @@ -2316,12 +2367,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/tenacity/8.2.3", + "url": "https://pypi.org/project/tenacity/8.3.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/tenacity@8.2.3", + "purl": "pkg:pypi/tenacity@8.3.0", "properties": [ { "name": "language", @@ -2335,7 +2386,7 @@ }, { "type": "library", - "bom-ref": "55-python-gnupg", + "bom-ref": "56-python-gnupg", "name": "python-gnupg", "version": "0.5.2", "supplier": { @@ -2383,7 +2434,7 @@ }, { "type": "library", - "bom-ref": "56-requests", + "bom-ref": "57-requests", "name": "requests", "version": "2.31.0", "supplier": { @@ -2431,7 +2482,7 @@ }, { "type": "library", - "bom-ref": "57-certifi", + "bom-ref": "58-certifi", "name": "certifi", "version": "2024.2.2", "supplier": { @@ -2473,7 +2524,7 @@ }, { "type": "library", - "bom-ref": "58-charset-normalizer", + "bom-ref": "59-charset-normalizer", "name": "charset-normalizer", "version": "3.3.2", "supplier": { @@ -2521,7 +2572,7 @@ }, { "type": "library", - "bom-ref": "59-urllib3", + "bom-ref": "60-urllib3", "name": "urllib3", "version": "2.2.1", "supplier": { @@ -2555,7 +2606,7 @@ }, { "type": "library", - "bom-ref": "60-rich", + "bom-ref": "61-rich", "name": "rich", "version": "13.7.1", "supplier": { @@ -2597,7 +2648,7 @@ }, { "type": "library", - "bom-ref": "61-markdown-it-py", + "bom-ref": "62-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2637,7 +2688,7 @@ }, { "type": "library", - "bom-ref": "62-mdurl", + "bom-ref": "63-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2677,9 +2728,9 @@ }, { "type": "library", - "bom-ref": "63-pygments", + "bom-ref": "64-pygments", "name": "pygments", - "version": "2.17.2", + "version": "2.18.0", "supplier": { "name": "Georg Brandl", "contact": [ @@ -2688,14 +2739,8 @@ } ] }, - "cpe": "cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*", "description": "Pygments is a syntax highlighting package written in Python.", - "hashes": [ - { - "alg": "SHA-1", - "content": "ee30ce132ae252bd72f3a74c86d9314a2214d0b4" - } - ], "licenses": [ { "license": { @@ -2706,12 +2751,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.17.2", + "url": "https://pypi.org/project/Pygments/2.18.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pygments@2.17.2", + "purl": "pkg:pypi/pygments@2.18.0", "properties": [ { "name": "language", @@ -2725,7 +2770,7 @@ }, { "type": "library", - "bom-ref": "64-rpmfile", + "bom-ref": "65-rpmfile", "name": "rpmfile", "version": "2.0.0", "supplier": { @@ -2767,7 +2812,7 @@ }, { "type": "library", - "bom-ref": "65-toml", + "bom-ref": "66-toml", "name": "toml", "version": "0.10.2", "supplier": { @@ -2815,9 +2860,9 @@ }, { "type": "library", - "bom-ref": "66-xmlschema", + "bom-ref": "67-xmlschema", "name": "xmlschema", - "version": "3.2.1", + "version": "3.3.1", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2826,7 +2871,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.2.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -2838,12 +2883,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/xmlschema/3.2.1", + "url": "https://pypi.org/project/xmlschema/3.3.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.2.1", + "purl": "pkg:pypi/xmlschema@3.3.1", "properties": [ { "name": "language", @@ -2857,7 +2902,7 @@ }, { "type": "library", - "bom-ref": "67-elementpath", + "bom-ref": "68-elementpath", "name": "elementpath", "version": "4.4.0", "supplier": { @@ -2899,7 +2944,7 @@ }, { "type": "library", - "bom-ref": "68-zstandard", + "bom-ref": "69-zstandard", "name": "zstandard", "version": "0.22.0", "supplier": { @@ -2963,22 +3008,22 @@ "14-distro", "15-filetype", "16-gsutil", - "40-importlib-metadata", - "42-jinja2", - "44-jsonschema", - "48-lib4sbom", - "51-packageurl-python", - "52-packaging", - "53-plotly", - "55-python-gnupg", - "49-pyyaml", - "56-requests", - "60-rich", - "64-rpmfile", - "65-toml", - "59-urllib3", - "66-xmlschema", - "68-zstandard" + "41-importlib-metadata", + "43-jinja2", + "45-jsonschema", + "49-lib4sbom", + "52-packageurl-python", + "53-packaging", + "54-plotly", + "56-python-gnupg", + "50-pyyaml", + "57-requests", + "61-rich", + "65-rpmfile", + "66-toml", + "60-urllib3", + "67-xmlschema", + "69-zstandard" ] }, { @@ -3018,179 +3063,190 @@ "18-crcmod", "19-fasteners", "20-gcs-oauth2-boto-plugin", - "36-google-apitools", - "37-google-auth", - "22-google-reauth", - "25-httplib2", - "39-monotonic", - "31-pyopenssl", - "35-retry-decorator", - "24-six" + "39-google-apitools", + "22-google-auth", + "28-google-auth-httplib2", + "31-google-reauth", + "29-httplib2", + "40-monotonic", + "34-pyopenssl", + "38-retry-decorator", + "27-six" ] }, { "ref": "20-gcs-oauth2-boto-plugin", "dependsOn": [ "21-boto", - "22-google-reauth", - "25-httplib2", - "27-oauth2client", - "31-pyopenssl", - "35-retry-decorator", - "30-rsa", - "24-six" + "22-google-auth", + "28-google-auth-httplib2", + "31-google-reauth", + "29-httplib2", + "33-oauth2client", + "34-pyopenssl", + "38-retry-decorator", + "26-rsa", + "27-six" ] }, { - "ref": "22-google-reauth", + "ref": "22-google-auth", "dependsOn": [ - "23-pyu2f" + "23-cachetools", + "24-pyasn1-modules", + "26-rsa", + "27-six" ] }, { - "ref": "23-pyu2f", + "ref": "24-pyasn1-modules", "dependsOn": [ - "24-six" + "25-pyasn1" ] }, { - "ref": "25-httplib2", + "ref": "26-rsa", "dependsOn": [ - "26-pyparsing" + "25-pyasn1" ] }, { - "ref": "27-oauth2client", + "ref": "28-google-auth-httplib2", "dependsOn": [ - "25-httplib2", - "28-pyasn1", - "29-pyasn1-modules", - "30-rsa", - "24-six" + "22-google-auth", + "29-httplib2" ] }, { - "ref": "29-pyasn1-modules", + "ref": "29-httplib2", "dependsOn": [ - "28-pyasn1" + "30-pyparsing" ] }, { - "ref": "30-rsa", + "ref": "31-google-reauth", "dependsOn": [ - "28-pyasn1" + "32-pyu2f" ] }, { - "ref": "31-pyopenssl", + "ref": "32-pyu2f", "dependsOn": [ - "32-cryptography" + "27-six" ] }, { - "ref": "32-cryptography", + "ref": "33-oauth2client", "dependsOn": [ - "33-cffi" + "29-httplib2", + "25-pyasn1", + "24-pyasn1-modules", + "26-rsa", + "27-six" ] }, { - "ref": "33-cffi", + "ref": "34-pyopenssl", "dependsOn": [ - "34-pycparser" + "35-cryptography" ] }, { - "ref": "36-google-apitools", + "ref": "35-cryptography", "dependsOn": [ - "19-fasteners", - "25-httplib2", - "27-oauth2client", - "24-six" + "36-cffi" + ] + }, + { + "ref": "36-cffi", + "dependsOn": [ + "37-pycparser" ] }, { - "ref": "37-google-auth", + "ref": "39-google-apitools", "dependsOn": [ - "38-cachetools", - "29-pyasn1-modules", - "30-rsa" + "19-fasteners", + "29-httplib2", + "33-oauth2client", + "27-six" ] }, { - "ref": "40-importlib-metadata", + "ref": "41-importlib-metadata", "dependsOn": [ - "41-zipp" + "42-zipp" ] }, { - "ref": "42-jinja2", + "ref": "43-jinja2", "dependsOn": [ - "43-markupsafe" + "44-markupsafe" ] }, { - "ref": "44-jsonschema", + "ref": "45-jsonschema", "dependsOn": [ "6-attrs", - "45-jsonschema-specifications", - "46-referencing", - "47-rpds-py" + "46-jsonschema-specifications", + "47-referencing", + "48-rpds-py" ] }, { - "ref": "45-jsonschema-specifications", + "ref": "46-jsonschema-specifications", "dependsOn": [ - "46-referencing" + "47-referencing" ] }, { - "ref": "46-referencing", + "ref": "47-referencing", "dependsOn": [ "6-attrs", - "47-rpds-py" + "48-rpds-py" ] }, { - "ref": "48-lib4sbom", + "ref": "49-lib4sbom", "dependsOn": [ "13-defusedxml", - "49-pyyaml", - "50-semantic-version" + "50-pyyaml", + "51-semantic-version" ] }, { - "ref": "53-plotly", + "ref": "54-plotly", "dependsOn": [ - "52-packaging", - "54-tenacity" + "53-packaging", + "55-tenacity" ] }, { - "ref": "56-requests", + "ref": "57-requests", "dependsOn": [ - "57-certifi", - "58-charset-normalizer", + "58-certifi", + "59-charset-normalizer", "9-idna", - "59-urllib3" + "60-urllib3" ] }, { - "ref": "60-rich", + "ref": "61-rich", "dependsOn": [ - "61-markdown-it-py", - "63-pygments" + "62-markdown-it-py", + "64-pygments" ] }, { - "ref": "61-markdown-it-py", + "ref": "62-markdown-it-py", "dependsOn": [ - "62-mdurl" + "63-mdurl" ] }, { - "ref": "66-xmlschema", + "ref": "67-xmlschema", "dependsOn": [ - "67-elementpath" + "68-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index 56e11cbf3e..956a22ea55 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,42 +2,41 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-179884b8-4d95-4ae4-9d55-d569d800b01a +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-f75310d1-b81b-40c2-930d-22699181394d LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.10.4 -Created: 2024-04-08T00:26:09Z +Created: 2024-05-13T00:27:25Z CreatorComment: This document has been automatically generated. ##### PackageName: cve-bin-tool SPDXID: SPDXRef-Package-1-cve-bin-tool -PackageVersion: 3.3rc2 +PackageVersion: 3.3.1.dev0 PrimaryPackagePurpose: APPLICATION PackageSupplier: Person: Terri Oda (terri.oda@intel.com) -PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3rc2 +PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3.1.dev0 FilesAnalyzed: false -PackageChecksum: SHA1: c491590aeea36235930d1c6b8480d2489a470ece PackageLicenseDeclared: GPL-3.0-or-later PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION PackageSummary: CVE Binary Checker Tool -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.3rc2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.3.1.dev0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:*:*:*:*:* ##### PackageName: aiohttp SPDXID: SPDXRef-Package-2-aiohttp -PackageVersion: 3.9.3 +PackageVersion: 3.9.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.3 +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.5 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.3 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.5 ##### PackageName: aiosignal @@ -137,17 +136,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*: PackageName: idna SPDXID: SPDXRef-Package-9-idna -PackageVersion: 3.6 +PackageVersion: 3.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) -PackageDownloadLocation: https://pypi.org/project/idna/3.6 +PackageDownloadLocation: https://pypi.org/project/idna/3.7 FilesAnalyzed: false +PackageChecksum: SHA1: 1d365e17e10d72d0b7876316fc7b9ca0eebdd38d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Internationalized Domain Names in Applications (IDNA) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.6 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.7 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 @@ -184,19 +184,19 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:* PackageName: cvss SPDXID: SPDXRef-Package-12-cvss -PackageVersion: 3.0 +PackageVersion: 3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) -PackageDownloadLocation: https://pypi.org/project/cvss/3.0 +PackageDownloadLocation: https://pypi.org/project/cvss/3.1 FilesAnalyzed: false -PackageChecksum: SHA1: c637e63a16b7411c6135b5ae8bb5408d06d89b41 +PackageChecksum: SHA1: e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3 -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:* ##### PackageName: defusedxml @@ -250,34 +250,35 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: PackageName: gsutil SPDXID: SPDXRef-Package-16-gsutil -PackageVersion: 5.27 +PackageVersion: 5.29 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.27 +PackageDownloadLocation: https://pypi.org/project/gsutil/5.29 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.27 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.29 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.29:*:*:*:*:*:*:* ##### PackageName: argcomplete SPDXID: SPDXRef-Package-17-argcomplete -PackageVersion: 3.2.3 +PackageVersion: 3.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageDownloadLocation: https://pypi.org/project/argcomplete/3.2.3 +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.3.0 FilesAnalyzed: false +PackageChecksum: SHA1: c7cc834df1fddcf94bd35b740fef7c7ab8e9c350 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.2.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:* ##### PackageName: crcmod @@ -313,18 +314,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:* PackageName: gcs-oauth2-boto-plugin SPDXID: SPDXRef-Package-20-gcs-oauth2-boto-plugin -PackageVersion: 3.0 +PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) -PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.0 +PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:* ##### PackageName: boto @@ -343,42 +344,88 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* ##### -PackageName: google-reauth -SPDXID: SPDXRef-Package-22-google-reauth -PackageVersion: 0.1.1 +PackageName: google-auth +SPDXID: SPDXRef-Package-22-google-auth +PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google (googleapis-publisher@google.com) -PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0 FilesAnalyzed: false -PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b +PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Google Reauth Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* +PackageSummary: Google Authentication Library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* ##### -PackageName: pyu2f -SPDXID: SPDXRef-Package-23-pyu2f -PackageVersion: 0.1.5 +PackageName: cachetools +SPDXID: SPDXRef-Package-23-cachetools +PackageVersion: 5.3.3 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) -PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 +PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) +PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.3 +FilesAnalyzed: false +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Extensible memoizing collections and decorators +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:* +##### + +PackageName: pyasn1-modules +SPDXID: SPDXRef-Package-24-pyasn1-modules +PackageVersion: 0.4.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 FilesAnalyzed: false -PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A collection of ASN.1-based protocols modules +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:* +##### + +PackageName: pyasn1 +SPDXID: SPDXRef-Package-25-pyasn1 +PackageVersion: 0.6.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0 +FilesAnalyzed: false +PackageLicenseDeclared: BSD-2-Clause +PackageLicenseConcluded: BSD-2-Clause +PackageCopyrightText: NOASSERTION +PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:* +##### + +PackageName: rsa +SPDXID: SPDXRef-Package-26-rsa +PackageVersion: 4.7.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) +PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 +FilesAnalyzed: false +PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: U2F host library for interacting with a U2F device over USB. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* +PackageSummary: Pure-Python RSA implementation +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-Package-24-six +SPDXID: SPDXRef-Package-27-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -393,8 +440,24 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:* ##### +PackageName: google-auth-httplib2 +SPDXID: SPDXRef-Package-28-google-auth-httplib2 +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0 +FilesAnalyzed: false +PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* +##### + PackageName: httplib2 -SPDXID: SPDXRef-Package-25-httplib2 +SPDXID: SPDXRef-Package-29-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -410,7 +473,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-Package-26-pyparsing +SPDXID: SPDXRef-Package-30-pyparsing PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) @@ -425,73 +488,59 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:* ##### -PackageName: oauth2client -SPDXID: SPDXRef-Package-27-oauth2client -PackageVersion: 4.1.3 +PackageName: google-reauth +SPDXID: SPDXRef-Package-31-google-reauth +PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) -PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 +PackageSupplier: Person: Google (googleapis-publisher@google.com) +PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 FilesAnalyzed: false -PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 +PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: OAuth 2.0 client library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* -##### - -PackageName: pyasn1 -SPDXID: SPDXRef-Package-28-pyasn1 -PackageVersion: 0.6.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0 -FilesAnalyzed: false -PackageLicenseDeclared: BSD-2-Clause -PackageLicenseConcluded: BSD-2-Clause +PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:* +PackageSummary: Google Reauth Library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* ##### -PackageName: pyasn1-modules -SPDXID: SPDXRef-Package-29-pyasn1-modules -PackageVersion: 0.4.0 +PackageName: pyu2f +SPDXID: SPDXRef-Package-32-pyu2f +PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 +PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) +PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 FilesAnalyzed: false +PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: A collection of ASN.1-based protocols modules -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:* +PackageSummary: U2F host library for interacting with a U2F device over USB. +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### -PackageName: rsa -SPDXID: SPDXRef-Package-30-rsa -PackageVersion: 4.7.2 +PackageName: oauth2client +SPDXID: SPDXRef-Package-33-oauth2client +PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) -PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 +PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) +PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 FilesAnalyzed: false -PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa +PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python RSA implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* +PackageSummary: OAuth 2.0 client library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-Package-31-pyopenssl +SPDXID: SPDXRef-Package-34-pyopenssl PackageVersion: 24.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) @@ -508,22 +557,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. ##### PackageName: cryptography -SPDXID: SPDXRef-Package-32-cryptography -PackageVersion: 42.0.5 +SPDXID: SPDXRef-Package-35-cryptography +PackageVersion: 42.0.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.5 +PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.7 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.7 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:* ##### PackageName: cffi -SPDXID: SPDXRef-Package-33-cffi +SPDXID: SPDXRef-Package-36-cffi PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) @@ -539,12 +588,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:* ##### PackageName: pycparser -SPDXID: SPDXRef-Package-34-pycparser +SPDXID: SPDXRef-Package-37-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) PackageDownloadLocation: https://pypi.org/project/pycparser/2.22 FilesAnalyzed: false +PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2 PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION @@ -554,7 +604,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-Package-35-retry-decorator +SPDXID: SPDXRef-Package-38-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) @@ -570,7 +620,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-Package-36-google-apitools +SPDXID: SPDXRef-Package-39-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -586,39 +636,8 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:* ##### -PackageName: google-auth -SPDXID: SPDXRef-Package-37-google-auth -PackageVersion: 2.29.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.29.0 -FilesAnalyzed: false -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.29.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:* -##### - -PackageName: cachetools -SPDXID: SPDXRef-Package-38-cachetools -PackageVersion: 5.3.3 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.3 -FilesAnalyzed: false -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: Extensible memoizing collections and decorators -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:* -##### - PackageName: monotonic -SPDXID: SPDXRef-Package-39-monotonic +SPDXID: SPDXRef-Package-40-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -635,12 +654,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: importlib-metadata -SPDXID: SPDXRef-Package-40-importlib-metadata +SPDXID: SPDXRef-Package-41-importlib-metadata PackageVersion: 7.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com) PackageDownloadLocation: https://pypi.org/project/importlib_metadata/7.1.0 FilesAnalyzed: false +PackageChecksum: SHA1: f5d6b5f3f3f6fffe01b340c5a19562433db148a9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -650,12 +670,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:7.1 ##### PackageName: zipp -SPDXID: SPDXRef-Package-41-zipp +SPDXID: SPDXRef-Package-42-zipp PackageVersion: 3.18.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com) PackageDownloadLocation: https://pypi.org/project/zipp/3.18.1 FilesAnalyzed: false +PackageChecksum: SHA1: bfae83474a730e8cc9b8a71027fb859b46b3875c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -665,28 +686,26 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.18.1:*:*:*:*:*: ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-42-jinja2 -PackageVersion: 3.1.3 +SPDXID: SPDXRef-Package-43-jinja2 +PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.3 +PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.4 FilesAnalyzed: false -PackageChecksum: SHA1: d9de4bb215fd1cc8092a410fb834c7c4060b1fc1 -PackageLicenseDeclared: BSD-3-Clause -PackageLicenseConcluded: BSD-3-Clause +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A very fast and expressive template engine. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.3 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-43-markupsafe +SPDXID: SPDXRef-Package-44-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.5 FilesAnalyzed: false -PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65 PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION @@ -695,22 +714,22 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-44-jsonschema -PackageVersion: 4.21.1 +SPDXID: SPDXRef-Package-45-jsonschema +PackageVersion: 4.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema/4.21.1 +PackageDownloadLocation: https://pypi.org/project/jsonschema/4.22.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.21.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.22.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:* ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-Package-45-jsonschema-specifications +SPDXID: SPDXRef-Package-46-jsonschema-specifications PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -726,52 +745,53 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification ##### PackageName: referencing -SPDXID: SPDXRef-Package-46-referencing -PackageVersion: 0.34.0 +SPDXID: SPDXRef-Package-47-referencing +PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/referencing/0.34.0 +PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.34.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-Package-47-rpds-py -PackageVersion: 0.18.0 +SPDXID: SPDXRef-Package-48-rpds-py +PackageVersion: 0.18.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.18.0 +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.18.1 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.18.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.18.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.1:*:*:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-48-lib4sbom -PackageVersion: 0.7.0 +SPDXID: SPDXRef-Package-49-lib4sbom +PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.0 +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.1 FilesAnalyzed: false +PackageChecksum: SHA1: 4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:* ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-49-pyyaml +SPDXID: SPDXRef-Package-50-pyyaml PackageVersion: 6.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) @@ -787,7 +807,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-50-semantic-version +SPDXID: SPDXRef-Package-51-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -804,7 +824,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: packageurl-python -SPDXID: SPDXRef-Package-51-packageurl-python +SPDXID: SPDXRef-Package-52-packageurl-python PackageVersion: 0.15.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -820,7 +840,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: packaging -SPDXID: SPDXRef-Package-52-packaging +SPDXID: SPDXRef-Package-53-packaging PackageVersion: 24.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -835,40 +855,38 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-Package-53-plotly -PackageVersion: 5.20.0 +SPDXID: SPDXRef-Package-54-plotly +PackageVersion: 5.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) -PackageDownloadLocation: https://pypi.org/project/plotly/5.20.0 +PackageDownloadLocation: https://pypi.org/project/plotly/5.22.0 FilesAnalyzed: false -PackageChecksum: SHA1: 9335a34ca77399a597a72420f73e947217d3d410 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.20.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.22.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-54-tenacity -PackageVersion: 8.2.3 +SPDXID: SPDXRef-Package-55-tenacity +PackageVersion: 8.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.3 +PackageDownloadLocation: https://pypi.org/project/tenacity/8.3.0 FilesAnalyzed: false -PackageChecksum: SHA1: 41ed2420cda8ab7650a39900451099f4730266c3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.2.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.3.0:*:*:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-55-python-gnupg +SPDXID: SPDXRef-Package-56-python-gnupg PackageVersion: 0.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -885,7 +903,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-56-requests +SPDXID: SPDXRef-Package-57-requests PackageVersion: 2.31.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -902,7 +920,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-57-certifi +SPDXID: SPDXRef-Package-58-certifi PackageVersion: 2024.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -917,7 +935,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.2.2:*:*:*:* ##### PackageName: charset-normalizer -SPDXID: SPDXRef-Package-58-charset-normalizer +SPDXID: SPDXRef-Package-59-charset-normalizer PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) @@ -933,7 +951,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:* ##### PackageName: urllib3 -SPDXID: SPDXRef-Package-59-urllib3 +SPDXID: SPDXRef-Package-60-urllib3 PackageVersion: 2.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) @@ -948,7 +966,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.1:*:*:*:*:*: ##### PackageName: rich -SPDXID: SPDXRef-Package-60-rich +SPDXID: SPDXRef-Package-61-rich PackageVersion: 13.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -963,7 +981,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-61-markdown-it-py +SPDXID: SPDXRef-Package-62-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -979,7 +997,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-62-mdurl +SPDXID: SPDXRef-Package-63-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -995,23 +1013,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-63-pygments -PackageVersion: 2.17.2 +SPDXID: SPDXRef-Package-64-pygments +PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.17.2 +PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0 FilesAnalyzed: false -PackageChecksum: SHA1: ee30ce132ae252bd72f3a74c86d9314a2214d0b4 PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.17.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:* ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-64-rpmfile +SPDXID: SPDXRef-Package-65-rpmfile PackageVersion: 2.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -1026,7 +1043,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:* ##### PackageName: toml -SPDXID: SPDXRef-Package-65-toml +SPDXID: SPDXRef-Package-66-toml PackageVersion: 0.10.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: William Pearson (uiri@xqz.ca) @@ -1042,22 +1059,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: ##### PackageName: xmlschema -SPDXID: SPDXRef-Package-66-xmlschema -PackageVersion: 3.2.1 +SPDXID: SPDXRef-Package-67-xmlschema +PackageVersion: 3.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.2.1 +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.1 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.2.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.2.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-67-elementpath +SPDXID: SPDXRef-Package-68-elementpath PackageVersion: 4.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1072,7 +1089,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-68-zstandard +SPDXID: SPDXRef-Package-69-zstandard PackageVersion: 0.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1096,35 +1113,36 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-distr Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-filetype Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-40-importlib-metadata -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-packageurl-python -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-toml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-68-zstandard +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-importlib-metadata +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-packageurl-python +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-urllib3 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-toml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-zstandard Relationship: SPDXRef-Package-10-beautifulsoup4 DEPENDS_ON SPDXRef-Package-11-soupsieve Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-19-fasteners Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-20-gcs-oauth2-boto-plugin -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-reauth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-pyopenssl -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-35-retry-decorator -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-36-google-apitools -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-37-google-auth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-monotonic +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-google-reauth +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-34-pyopenssl +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-38-retry-decorator +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-google-apitools +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-40-monotonic Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-async-timeout @@ -1132,55 +1150,60 @@ Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-attrs Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-multidict Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-yarl Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-boto -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-reauth -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-oauth2client -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-pyopenssl -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-35-retry-decorator -Relationship: SPDXRef-Package-22-google-reauth DEPENDS_ON SPDXRef-Package-23-pyu2f -Relationship: SPDXRef-Package-23-pyu2f DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-25-httplib2 DEPENDS_ON SPDXRef-Package-26-pyparsing -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-28-pyasn1 -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-29-pyasn1-modules -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-29-pyasn1-modules DEPENDS_ON SPDXRef-Package-28-pyasn1 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-google-reauth +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-oauth2client +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-pyopenssl +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-38-retry-decorator +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-23-cachetools +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-24-pyasn1-modules +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-24-pyasn1-modules DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-26-rsa DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-29-httplib2 DEPENDS_ON SPDXRef-Package-30-pyparsing Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-30-rsa DEPENDS_ON SPDXRef-Package-28-pyasn1 -Relationship: SPDXRef-Package-31-pyopenssl DEPENDS_ON SPDXRef-Package-32-cryptography -Relationship: SPDXRef-Package-32-cryptography DEPENDS_ON SPDXRef-Package-33-cffi -Relationship: SPDXRef-Package-33-cffi DEPENDS_ON SPDXRef-Package-34-pycparser -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-27-oauth2client -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-29-pyasn1-modules -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-38-cachetools -Relationship: SPDXRef-Package-40-importlib-metadata DEPENDS_ON SPDXRef-Package-41-zipp -Relationship: SPDXRef-Package-42-jinja2 DEPENDS_ON SPDXRef-Package-43-markupsafe -Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-45-jsonschema-specifications -Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-46-referencing -Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-47-rpds-py -Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-45-jsonschema-specifications DEPENDS_ON SPDXRef-Package-46-referencing -Relationship: SPDXRef-Package-46-referencing DEPENDS_ON SPDXRef-Package-47-rpds-py -Relationship: SPDXRef-Package-46-referencing DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-48-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml -Relationship: SPDXRef-Package-48-lib4sbom DEPENDS_ON SPDXRef-Package-49-pyyaml -Relationship: SPDXRef-Package-48-lib4sbom DEPENDS_ON SPDXRef-Package-50-semantic-version -Relationship: SPDXRef-Package-53-plotly DEPENDS_ON SPDXRef-Package-52-packaging -Relationship: SPDXRef-Package-53-plotly DEPENDS_ON SPDXRef-Package-54-tenacity -Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-57-certifi -Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-58-charset-normalizer -Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-59-urllib3 -Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-9-idna -Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-61-markdown-it-py -Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-63-pygments -Relationship: SPDXRef-Package-61-markdown-it-py DEPENDS_ON SPDXRef-Package-62-mdurl -Relationship: SPDXRef-Package-66-xmlschema DEPENDS_ON SPDXRef-Package-67-elementpath +Relationship: SPDXRef-Package-31-google-reauth DEPENDS_ON SPDXRef-Package-32-pyu2f +Relationship: SPDXRef-Package-32-pyu2f DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-24-pyasn1-modules +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-34-pyopenssl DEPENDS_ON SPDXRef-Package-35-cryptography +Relationship: SPDXRef-Package-35-cryptography DEPENDS_ON SPDXRef-Package-36-cffi +Relationship: SPDXRef-Package-36-cffi DEPENDS_ON SPDXRef-Package-37-pycparser +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-33-oauth2client +Relationship: SPDXRef-Package-41-importlib-metadata DEPENDS_ON SPDXRef-Package-42-zipp +Relationship: SPDXRef-Package-43-jinja2 DEPENDS_ON SPDXRef-Package-44-markupsafe +Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-46-jsonschema-specifications +Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-47-referencing +Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-48-rpds-py +Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-46-jsonschema-specifications DEPENDS_ON SPDXRef-Package-47-referencing +Relationship: SPDXRef-Package-47-referencing DEPENDS_ON SPDXRef-Package-48-rpds-py +Relationship: SPDXRef-Package-47-referencing DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml +Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-50-pyyaml +Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-51-semantic-version +Relationship: SPDXRef-Package-54-plotly DEPENDS_ON SPDXRef-Package-53-packaging +Relationship: SPDXRef-Package-54-plotly DEPENDS_ON SPDXRef-Package-55-tenacity +Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-58-certifi +Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-59-charset-normalizer +Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-60-urllib3 +Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-9-idna +Relationship: SPDXRef-Package-61-rich DEPENDS_ON SPDXRef-Package-62-markdown-it-py +Relationship: SPDXRef-Package-61-rich DEPENDS_ON SPDXRef-Package-64-pygments +Relationship: SPDXRef-Package-62-markdown-it-py DEPENDS_ON SPDXRef-Package-63-mdurl +Relationship: SPDXRef-Package-67-xmlschema DEPENDS_ON SPDXRef-Package-68-elementpath Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-7-multidict Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-9-idna diff --git a/test/condensed-downloads/libcryptsetup12_2.1.0-5+deb10u2_arm64.deb.tar.gz b/test/condensed-downloads/libcryptsetup12_2.1.0-5+deb10u2_arm64.deb.tar.gz new file mode 100644 index 0000000000..f7d44483ce Binary files /dev/null and b/test/condensed-downloads/libcryptsetup12_2.1.0-5+deb10u2_arm64.deb.tar.gz differ diff --git a/test/condensed-downloads/libssl3_3.1.5-1_arm64.deb.tar.gz b/test/condensed-downloads/libssl3_3.1.5-1_arm64.deb.tar.gz new file mode 100644 index 0000000000..844af75df8 Binary files /dev/null and b/test/condensed-downloads/libssl3_3.1.5-1_arm64.deb.tar.gz differ diff --git a/test/condensed-downloads/ttyd-1.7.4-1.3.aarch64.rpm.tar.gz b/test/condensed-downloads/ttyd-1.7.4-1.3.aarch64.rpm.tar.gz new file mode 100644 index 0000000000..c903c24098 Binary files /dev/null and b/test/condensed-downloads/ttyd-1.7.4-1.3.aarch64.rpm.tar.gz differ diff --git a/test/condensed-downloads/ttyd_1.5.2-2_x86_64.ipk.tar.gz b/test/condensed-downloads/ttyd_1.5.2-2_x86_64.ipk.tar.gz new file mode 100644 index 0000000000..dd83c5d16e Binary files /dev/null and b/test/condensed-downloads/ttyd_1.5.2-2_x86_64.ipk.tar.gz differ diff --git a/test/condensed-downloads/ttyd_1.6.3-3~bpo11+1_amd64.deb.tar.gz b/test/condensed-downloads/ttyd_1.6.3-3~bpo11+1_amd64.deb.tar.gz new file mode 100644 index 0000000000..344431b5f0 Binary files /dev/null and b/test/condensed-downloads/ttyd_1.6.3-3~bpo11+1_amd64.deb.tar.gz differ diff --git a/test/sbom/cyclonedx_bad_cpe22.json b/test/sbom/cyclonedx_bad_cpe22.json index 09d9bf4fb6..f32e5aeda4 100644 --- a/test/sbom/cyclonedx_bad_cpe22.json +++ b/test/sbom/cyclonedx_bad_cpe22.json @@ -35,7 +35,7 @@ "supplier": { "name": "ijg" }, - "cpe": "cpe:/a::libjpeg:8b" + "cpe": "cpe:::libjpeg:8b" }, { "type": "library", @@ -45,7 +45,7 @@ "supplier": { "name": "libexpat project" }, - "cpe": "cpe:/a:libexpat_project::2.0.1" + "cpe": "cpe::libexpat_project::2.0.1" }, { "type": "library", @@ -55,7 +55,7 @@ "supplier": { "name": "gnu" }, - "cpe": "cpe:/a:gnu:ncurses:" + "cpe": "cpe::gnu:ncurses:" }, { "type": "library", diff --git a/test/sbom/cyclonedx_bad_purl.json b/test/sbom/cyclonedx_bad_purl.json index 35d64cfc02..ccc45c23e8 100644 --- a/test/sbom/cyclonedx_bad_purl.json +++ b/test/sbom/cyclonedx_bad_purl.json @@ -30,7 +30,7 @@ { "type": "library", "bom-ref": "2-libjpeg", - "name": "libjpeg", + "name": "libjpeg-novendor", "version": "8b", "supplier": { "name": "ijg" @@ -50,7 +50,7 @@ { "type": "library", "bom-ref": "4-ncurses", - "name": "ncurses", + "name": "ncurses-noversion", "version": "5.9.noversion", "supplier": { "name": "gnu" diff --git a/test/test_available_fix.py b/test/test_available_fix.py index 07f9809f37..9ada02a206 100644 --- a/test/test_available_fix.py +++ b/test/test_available_fix.py @@ -152,7 +152,12 @@ def test_redhat_available_fix_output( assert expected_output == [rec.message for rec in caplog.records] MOCK_PSPP_CVE_DATA = { - ProductInfo(vendor="gnu", product="pspp", version="1.2.0"): CVEData( + ProductInfo( + vendor="gnu", + product="pspp", + version="1.2.0", + location="/usr/local/bin/pspp", + ): CVEData( None, { "cves": [ @@ -176,7 +181,12 @@ def test_redhat_available_fix_output( } MOCK_AVAHI_CVE_DATA = { - ProductInfo(vendor="avahi", product="avahi", version="0.6.25"): CVEData( + ProductInfo( + vendor="avahi", + product="avahi", + version="0.6.25", + location="/usr/local/bin/avahi", + ): CVEData( None, { "cves": [ @@ -221,7 +231,12 @@ def test_redhat_available_fix_output( } MOCK_NODEJS_CVE_DATA = { - ProductInfo(vendor="nodejs", product="node.js", version="14.16.0"): CVEData( + ProductInfo( + vendor="nodejs", + product="node.js", + version="14.16.0", + location="/usr/local/bin/nodejs", + ): CVEData( None, { "cves": [ diff --git a/test/test_cli.py b/test/test_cli.py index 0d11d960a6..c60e514b1b 100644 --- a/test/test_cli.py +++ b/test/test_cli.py @@ -6,6 +6,7 @@ """ import logging import os +import re import shutil import sys import tempfile @@ -630,11 +631,26 @@ def test_SBOM(self, caplog): ] ) + # find the "known CVEs detected" line from caplog + known_cves_message = None + # tuple is (tool_name, log_level, log_message) but we only care about the last + for _, _, log_message in caplog.record_tuples: + if re.search(r"with known CVEs detected", log_message): + known_cves_message = log_message + assert ( - "cve_bin_tool", - logging.INFO, - "There are 3 products with known CVEs detected", - ) in caplog.record_tuples + known_cves_message is not None + ), "Expected 3 products with cves, none found" + + # since sometimes this test breaks due to data changes, let's just say we want at least 2 + # products with cves (though there should be 3 at time of writing) + m = re.match( + r"There are (?P\d*) products with known CVEs detected", + known_cves_message, + ) + assert ( + int(m.group("product_number")) >= 2 + ), "Not enough products with cves found in output" def test_sbom_detection(self, caplog): SBOM_PATH = Path(__file__).parent.resolve() / "sbom" diff --git a/test/test_data/cryptsetup.py b/test/test_data/cryptsetup.py index 2ea3e97ab0..018e788f5e 100644 --- a/test/test_data/cryptsetup.py +++ b/test/test_data/cryptsetup.py @@ -29,9 +29,15 @@ "version": "2.3.6", }, { - "url": " http://mirror.centos.org/altarch/7/os/aarch64/Packages/", + "url": "http://mirror.centos.org/altarch/7/os/aarch64/Packages/", "package_name": "cryptsetup-2.0.3-6.el7.aarch64.rpm", "product": "cryptsetup", "version": "2.0.3", }, + { + "url": "http://ftp.fr.debian.org/debian/pool/main/c/cryptsetup/", + "package_name": "libcryptsetup12_2.1.0-5+deb10u2_arm64.deb", + "product": "cryptsetup", + "version": "2.1.0", + }, ] diff --git a/test/test_data/openssl.py b/test/test_data/openssl.py index af55e70ae3..607730bb79 100644 --- a/test/test_data/openssl.py +++ b/test/test_data/openssl.py @@ -32,6 +32,12 @@ "product": "openssl", "version": "3.0.5", }, + { + "url": "http://ftp.de.debian.org/debian/pool/main/o/openssl/", + "package_name": "libssl3_3.1.5-1_arm64.deb", + "product": "openssl", + "version": "3.1.5", + }, { "url": "https://files.pythonhosted.org/packages/ba/91/84a29d6a27fd6dfc21f475704c4d2053d58ed7a4033c2b0ce1b4ca4d03d9/", "package_name": "cryptography-3.0-cp35-abi3-manylinux2010_x86_64.whl", diff --git a/test/test_data/ttyd.py b/test/test_data/ttyd.py new file mode 100644 index 0000000000..1cfc02e4f9 --- /dev/null +++ b/test/test_data/ttyd.py @@ -0,0 +1,26 @@ +# Copyright (C) 2024 Orange +# SPDX-License-Identifier: GPL-3.0-or-later + +mapping_test_data = [ + {"product": "ttyd", "version": "1.6.3", "version_strings": ["1.6.3\nttyd"]} +] +package_test_data = [ + { + "url": "http://rpmfind.net/linux/opensuse/ports/aarch64/tumbleweed/repo/oss/aarch64/", + "package_name": "ttyd-1.7.4-1.3.aarch64.rpm", + "product": "ttyd", + "version": "1.7.4", + }, + { + "url": "http://ftp.fr.debian.org/debian/pool/main/t/ttyd/", + "package_name": "ttyd_1.6.3-3~bpo11+1_amd64.deb", + "product": "ttyd", + "version": "1.6.3", + }, + { + "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/", + "package_name": "ttyd_1.5.2-2_x86_64.ipk", + "product": "ttyd", + "version": "1.5.2", + }, +] diff --git a/test/test_exploits.py b/test/test_exploits.py index f6c752a5ec..348ba5c2e8 100644 --- a/test/test_exploits.py +++ b/test/test_exploits.py @@ -15,7 +15,10 @@ class TestExploitScanner: True, ["CVE-2018-19664"], ProductInfo( - vendor="libjpeg-turbo", product="libjpeg-turbo", version="2.0.1" + vendor="libjpeg-turbo", + product="libjpeg-turbo", + version="2.0.1", + location="/usr/lib/x86_64-linux-gnu/libjpeg-turbo", ), { "CVE-2018-19664": { @@ -29,7 +32,10 @@ class TestExploitScanner: False, ["CVE-2018-19664"], ProductInfo( - vendor="libjpeg-turbo", product="libjpeg-turbo", version="2.0.1" + vendor="libjpeg-turbo", + product="libjpeg-turbo", + version="2.0.1", + location="/usr/lib/x86_64-linux-gnu/libjpeg-turbo", ), { "CVE-2018-19664": { @@ -43,7 +49,10 @@ class TestExploitScanner: True, ["CVE-2019-19664"], ProductInfo( - vendor="libjpeg-turbo", product="libjpeg-turbo", version="2.0.1" + vendor="libjpeg-turbo", + product="libjpeg-turbo", + version="2.0.1", + location="/usr/lib/x86_64-linux-gnu/libjpeg-turbo", ), { "CVE-2018-19664": { @@ -57,7 +66,10 @@ class TestExploitScanner: False, ["CVE-2019-19664"], ProductInfo( - vendor="libjpeg-turbo", product="libjpeg-turbo", version="2.0.1" + vendor="libjpeg-turbo", + product="libjpeg-turbo", + version="2.0.1", + location="/usr/lib/x86_64-linux-gnu/libjpeg-turbo", ), { "CVE-2018-19664": { diff --git a/test/test_html.py b/test/test_html.py index 7dcc558828..7b5c528ad6 100644 --- a/test/test_html.py +++ b/test/test_html.py @@ -13,7 +13,7 @@ class TestOutputHTML: MOCK_OUTPUT = { - ProductInfo("vendor0", "product0", "1.0"): CVEData( + ProductInfo("vendor0", "product0", "1.0", "/usr/local/bin/product"): CVEData( cves=[ CVE( "CVE-1234-1000", @@ -36,7 +36,7 @@ class TestOutputHTML: ], paths={""}, ), - ProductInfo("vendor0", "product0", "2.8.6"): CVEData( + ProductInfo("vendor0", "product0", "2.8.6", "/usr/local/bin/product"): CVEData( cves=[ CVE( "CVE-1234-1002", @@ -50,7 +50,9 @@ class TestOutputHTML: ], paths={""}, ), - ProductInfo("vendor1", "product1", "3.2.1.0"): CVEData( + ProductInfo( + "vendor1", "product1", "3.2.1.0", "/usr/local/bin/product" + ): CVEData( cves=[ CVE( "CVE-1234-1003", @@ -64,7 +66,9 @@ class TestOutputHTML: ], paths={""}, ), - ProductInfo("vendor1", "product1", "4.2.1.0"): CVEData( + ProductInfo( + "vendor1", "product1", "4.2.1.0", "/usr/local/bin/product" + ): CVEData( cves=[ CVE( "CVE-1234-1004", @@ -78,7 +82,9 @@ class TestOutputHTML: ], paths={""}, ), - ProductInfo("vendor1", "product2", "5.2.1.0"): CVEData( + ProductInfo( + "vendor1", "product2", "5.2.1.0", "/usr/local/bin/product" + ): CVEData( cves=[ CVE( "CVE-1234-1005", @@ -92,7 +98,9 @@ class TestOutputHTML: ], paths={""}, ), - ProductInfo("vendor1", "product3", "6.2.1.0"): CVEData( + ProductInfo( + "vendor1", "product3", "6.2.1.0", "/usr/local/bin/product" + ): CVEData( cves=[ CVE( "CVE-1234-1006", @@ -304,7 +312,7 @@ def test_cve_remarks_table(self) -> None: def test_empty_cve_list(self) -> None: """Test that the HTML report renders correctly with an empty cve_data["cves"] list.""" empty_output = { - ProductInfo("vendor0", "product0", "1.0"): CVEData( + ProductInfo("vendor0", "product0", "1.0", "usr/local/bin/product"): CVEData( cves=[], paths={""}, ) @@ -320,7 +328,7 @@ def test_empty_cve_list(self) -> None: def test_unknown_cve_number(self) -> None: """Test that the HTML report renders correctly with a cve_data["cves"] list containing an 'UNKNOWN' CVE number.""" unknown_cve_output = { - ProductInfo("vendor0", "product0", "1.0"): CVEData( + ProductInfo("vendor0", "product0", "1.0", "usr/local/bin/product"): CVEData( cves=[ CVE( "UNKNOWN", diff --git a/test/test_input_engine.py b/test/test_input_engine.py index a8d7355f83..87a4eda9eb 100644 --- a/test/test_input_engine.py +++ b/test/test_input_engine.py @@ -25,15 +25,15 @@ class TestInputEngine: JSON_PATH = TMP_DIR / "json" VEX_PATH = TMP_DIR / "vex" PARSED_TRIAGE_DATA = { - ProductInfo("haxx", "curl", "7.59.0"): { + ProductInfo("haxx", "curl", "7.59.0", "location/to/product"): { "default": {"comments": "", "remarks": Remarks.NewFound, "severity": ""}, "paths": {""}, }, - ProductInfo("haxx", "libcurl", "7.59.0"): { + ProductInfo("haxx", "libcurl", "7.59.0", "location/to/product"): { "default": {"comments": "", "remarks": Remarks.Unexplored, "severity": ""}, "paths": {""}, }, - ProductInfo("libjpeg-turbo", "libjpeg-turbo", "2.0.1"): { + ProductInfo("libjpeg-turbo", "libjpeg-turbo", "2.0.1", "location/to/product"): { "CVE-2018-19664": { "comments": "High priority need to resolve fast", "remarks": Remarks.Confirmed, @@ -46,21 +46,21 @@ class TestInputEngine: }, "paths": {""}, }, - ProductInfo("mit", "kerberos_5", "1.15.1"): { + ProductInfo("mit", "kerberos_5", "1.15.1", "location/to/product"): { "default": {"comments": "", "remarks": Remarks.Confirmed, "severity": ""}, "paths": {""}, }, - ProductInfo("ssh", "ssh2", "2.0"): { + ProductInfo("ssh", "ssh2", "2.0", "location/to/product"): { "default": {"comments": "", "remarks": Remarks.Mitigated, "severity": ""}, "paths": {""}, }, - ProductInfo("sun", "sunos", "5.4"): { + ProductInfo("sun", "sunos", "5.4", "location/to/product"): { "default": {"comments": "", "remarks": Remarks.Mitigated, "severity": ""}, "paths": {""}, }, } VEX_TRIAGE_DATA = { - ProductInfo("d.r.commander", "libjpeg-turbo", "2.0.1"): { + ProductInfo("d.r.commander", "libjpeg-turbo", "2.0.1", "location/to/product"): { "CVE-2018-19664": { "comments": "High priority need to resolve fast", "remarks": Remarks.Confirmed, @@ -70,7 +70,7 @@ class TestInputEngine: }, "paths": {}, }, - ProductInfo("gnu", "glibc", "2.33"): { + ProductInfo("gnu", "glibc", "2.33", "location/to/product"): { "CVE-2021-1234": { "comments": "", "remarks": Remarks.Unexplored, @@ -82,7 +82,7 @@ class TestInputEngine: } # cyclonedx currently doesn't have vendors VEX_TRIAGE_DATA_CYCLONEDX = { - ProductInfo("UNKNOWN", "libjpeg-turbo", "2.0.1"): { + ProductInfo("UNKNOWN", "libjpeg-turbo", "2.0.1", "location/to/product"): { "CVE-2018-19664": { "comments": "High priority need to resolve fast", "remarks": Remarks.Confirmed, @@ -91,7 +91,7 @@ class TestInputEngine: }, "paths": {}, }, - ProductInfo("UNKNOWN", "glibc", "2.33"): { + ProductInfo("UNKNOWN", "glibc", "2.33", "location/to/product"): { "CVE-2021-1234": { "comments": "", "remarks": Remarks.Unexplored, @@ -102,7 +102,12 @@ class TestInputEngine: }, } VEX_TRIAGE_DATA_CYCLONEDX_CASE13 = { - ProductInfo(vendor="UNKNOWN", product="acme-product", version="1"): { + ProductInfo( + vendor="UNKNOWN", + product="acme-product", + version="1", + location="location/to/product", + ): { "CVE-2020-25649": { "comments": "Automated " "dataflow " @@ -130,7 +135,12 @@ class TestInputEngine: }, "paths": {}, }, - ProductInfo(vendor="UNKNOWN", product="acme-product", version="2"): { + ProductInfo( + vendor="UNKNOWN", + product="acme-product", + version="2", + location="location/to/product", + ): { "CVE-2020-25649": { "comments": "Automated " "dataflow " @@ -158,7 +168,12 @@ class TestInputEngine: }, "paths": {}, }, - ProductInfo(vendor="UNKNOWN", product="acme-product", version="3"): { + ProductInfo( + vendor="UNKNOWN", + product="acme-product", + version="3", + location="location/to/product", + ): { "CVE-2020-25649": { "comments": "Automated " "dataflow " @@ -247,7 +262,12 @@ def test_missing_fields(self, filepath, missing_fields): ) def test_valid_file(self, filepath, parsed_data): input_engine = InputEngine(filepath, error_mode=ErrorMode.FullTrace) - assert dict(input_engine.parse_input()) == parsed_data + parsed_data_actual = input_engine.parse_input() + + for product_info, expected_data in parsed_data.items(): + print("Parsed Data Actual:", parsed_data_actual) + print("Expected Data:", parsed_data) + assert parsed_data_actual[product_info] == expected_data @pytest.mark.parametrize( "filepath, parsed_data", diff --git a/test/test_language_scanner.py b/test/test_language_scanner.py index 2c890b49bb..d30dfb325e 100644 --- a/test/test_language_scanner.py +++ b/test/test_language_scanner.py @@ -252,5 +252,7 @@ def test_python_package(self, filename: str) -> None: for product in scanner.scan_file(filename): if product: product_info, file_path = product - assert product_info == ProductInfo("facebook", "zstandard", "0.18.0") + assert product_info == ProductInfo( + "facebook", "zstandard", "0.18.0", "/usr/local/bin/product" + ) assert file_path == filename diff --git a/test/test_merge.py b/test/test_merge.py index c48cc2cf0a..e7e8b1f051 100644 --- a/test/test_merge.py +++ b/test/test_merge.py @@ -21,7 +21,12 @@ class TestMergeReports: INTERMEDIATE_PATH = Path(__file__).parent.resolve() / "json" MERGED_TRIAGE_DATA = { - ProductInfo(vendor="libjpeg-turbo", product="libjpeg-turbo", version="2.0.1"): { + ProductInfo( + vendor="libjpeg-turbo", + product="libjpeg-turbo", + version="2.0.1", + location="location/to/product", + ): { "CVE-2018-19664": { "remarks": Remarks.Confirmed, "comments": "High priority need to resolve fast", diff --git a/test/test_output_engine.py b/test/test_output_engine.py index 6575b46c13..04dcc34280 100644 --- a/test/test_output_engine.py +++ b/test/test_output_engine.py @@ -36,7 +36,7 @@ class TestOutputEngine(unittest.TestCase): """Test the OutputEngine class functions""" MOCK_DETAILED_OUTPUT = { - ProductInfo("vendor0", "product0", "1.0"): CVEData( + ProductInfo("vendor0", "product0", "1.0", "/usr/local/bin/product"): CVEData( cves=[ CVE( "CVE-1234-1000", @@ -53,7 +53,7 @@ class TestOutputEngine(unittest.TestCase): ], paths={""}, ), - ProductInfo("vendor0", "product0", "2.8.6"): CVEData( + ProductInfo("vendor0", "product0", "2.8.6", "/usr/local/bin/product"): CVEData( cves=[ CVE( "CVE-1234-1001", @@ -75,6 +75,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "1.0", + "location": "/usr/local/bin/product", "cve_number": "CVE-1234-1000", "source": "NVD", "severity": "MEDIUM", @@ -92,6 +93,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "2.8.6", + "location": "/usr/local/bin/product", "cve_number": "CVE-1234-1001", "source": "NVD", "severity": "LOW", @@ -108,7 +110,7 @@ class TestOutputEngine(unittest.TestCase): ] MOCK_OUTPUT = { - ProductInfo("vendor0", "product0", "1.0"): CVEData( + ProductInfo("vendor0", "product0", "1.0", "/usr/local/bin/product"): CVEData( cves=[ CVE( "CVE-1234-1004", @@ -157,7 +159,7 @@ class TestOutputEngine(unittest.TestCase): ], paths={""}, ), - ProductInfo("vendor0", "product0", "2.8.6"): CVEData( + ProductInfo("vendor0", "product0", "2.8.6", "/usr/local/bin/product"): CVEData( cves=[ CVE( "CVE-1234-1007", @@ -202,7 +204,9 @@ class TestOutputEngine(unittest.TestCase): ], paths={""}, ), - ProductInfo("vendor1", "product1", "3.2.1.0"): CVEData( + ProductInfo( + "vendor1", "product1", "3.2.1.0", "/usr/local/bin/product" + ): CVEData( cves=[ CVE( "CVE-1234-1010", @@ -226,7 +230,7 @@ class TestOutputEngine(unittest.TestCase): } MOCK_OUTPUT_2 = { - ProductInfo("vendor0", "product0", "1.0"): CVEData( + ProductInfo("vendor0", "product0", "1.0", "/usr/local/bin/product"): CVEData( cves=[ CVE( "CVE-1234-1011", @@ -249,7 +253,7 @@ class TestOutputEngine(unittest.TestCase): ], paths={""}, ), - ProductInfo("vendor0", "product0", "2.8.7"): CVEData( + ProductInfo("vendor0", "product0", "2.8.7", "/usr/local/bin/product"): CVEData( cves=[ CVE( "CVE-1234-1013", @@ -263,7 +267,7 @@ class TestOutputEngine(unittest.TestCase): ], paths={""}, ), - ProductInfo("vendor1", "product1", "3.3.1"): CVEData( + ProductInfo("vendor1", "product1", "3.3.1", "/usr/local/bin/product"): CVEData( cves=[ CVE( "CVE-1234-1014", @@ -280,7 +284,7 @@ class TestOutputEngine(unittest.TestCase): } MOCK_PDF_OUTPUT = { - ProductInfo("vendor0", "product0", "1.0"): CVEData( + ProductInfo("vendor0", "product0", "1.0", "/usr/local/bin/product"): CVEData( cves=[ CVE( "CVE-1234-1015", @@ -307,7 +311,7 @@ class TestOutputEngine(unittest.TestCase): ], paths={""}, ), - ProductInfo("vendor0", "product0", "2.8.6"): CVEData( + ProductInfo("vendor0", "product0", "2.8.6", "/usr/local/bin/product"): CVEData( cves=[ CVE( "CVE-1234-1017", @@ -323,7 +327,9 @@ class TestOutputEngine(unittest.TestCase): ], paths={""}, ), - ProductInfo("vendor1", "product1", "3.2.1.0"): CVEData( + ProductInfo( + "vendor1", "product1", "3.2.1.0", "/usr/local/bin/product" + ): CVEData( cves=[ CVE( "CVE-1234-1018", @@ -340,7 +346,7 @@ class TestOutputEngine(unittest.TestCase): } MOCK_ALL_CVE_DATA = { - ProductInfo("vendor0", "product0", "1.0"): CVEData( + ProductInfo("vendor0", "product0", "1.0", "/usr/local/bin/product"): CVEData( cves=[ CVE( "UNKNOWN", @@ -472,6 +478,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "1.0", + "location": "/usr/local/bin/product", "cve_number": "CVE-1234-1004", "severity": "CRITICAL", "score": "4.2", @@ -488,6 +495,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "1.0", + "location": "/usr/local/bin/product", "cve_number": "CVE-1234-1005", "severity": "MEDIUM", "score": "4.2", @@ -506,6 +514,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "1.0", + "location": "/usr/local/bin/product", "cve_number": "CVE-1234-1006", "severity": "LOW", "score": "1.2", @@ -524,6 +533,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "2.8.6", + "location": "/usr/local/bin/product", "cve_number": "CVE-1234-1007", "severity": "LOW", "score": "2.5", @@ -540,6 +550,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "2.8.6", + "location": "/usr/local/bin/product", "cve_number": "CVE-1234-1008", "severity": "UNKNOWN", "score": "2.5", @@ -556,6 +567,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "2.8.6", + "location": "/usr/local/bin/product", "cve_number": "CVE-1234-1009", "severity": "MEDIUM", "score": "2.5", @@ -572,6 +584,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor1", "product": "product1", "version": "3.2.1.0", + "location": "/usr/local/bin/product", "cve_number": "CVE-1234-1010", "severity": "HIGH", "score": "7.5", @@ -591,6 +604,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "1.0", + "location": "/usr/local/bin/product", "cve_number": "UNKNOWN", "severity": "UNKNOWN", "score": "0", @@ -605,6 +619,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "1.0", + "location": "/usr/local/bin/product", "cve_number": "CVE-9999-0001", "severity": "MEDIUM", "score": "4.2", @@ -619,6 +634,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "1.0", + "location": "/usr/local/bin/product", "cve_number": "CVE-9999-0002", "severity": "MEDIUM", "score": "4.2", @@ -633,6 +649,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "1.0", + "location": "/usr/local/bin/product", "cve_number": "CVE-9999-0003", "severity": "MEDIUM", "score": "4.2", @@ -647,6 +664,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "1.0", + "location": "/usr/local/bin/product", "cve_number": "CVE-9999-0004", "severity": "MEDIUM", "score": "4.2", @@ -661,6 +679,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "1.0", + "location": "/usr/local/bin/product", "cve_number": "CVE-9999-0005", "severity": "MEDIUM", "score": "4.2", @@ -675,6 +694,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "1.0", + "location": "/usr/local/bin/product", "cve_number": "CVE-9999-0006", "severity": "MEDIUM", "score": "4.2", @@ -689,6 +709,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "1.0", + "location": "/usr/local/bin/product", "cve_number": "CVE-9999-0007", "severity": "MEDIUM", "score": "4.2", @@ -703,6 +724,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "1.0", + "location": "/usr/local/bin/product", "cve_number": "CVE-9999-0008", "severity": "MEDIUM", "score": "4.2", @@ -717,6 +739,7 @@ class TestOutputEngine(unittest.TestCase): "vendor": "vendor0", "product": "product0", "version": "1.0", + "location": "/usr/local/bin/product", "cve_number": "CVE-9999-9999", "severity": "LOW", "score": "1.2", @@ -1165,7 +1188,9 @@ def test_output_vex_urn_cbt(self): """Test that versions are fully captured when encoding a URN""" version = "sky%2fx6069_trx_l601_sky%2fx6069_trx_l601_sky%3a6.0%2fmra58k%2f1482897127%3auser%2frelease-keys" mocked_version_output = { - ProductInfo("vendor0", "product0", version): CVEData( + ProductInfo( + "vendor0", "product0", version, "/usr/local/bin/product" + ): CVEData( cves=[ CVE( "CVE-1234-1018", @@ -1552,7 +1577,9 @@ def test_csv_macros(self): characters, used in spreadsheet macros""" bad_input = { - ProductInfo("=vendor0", "\t+product0", "@1.0"): CVEData( + ProductInfo( + "=vendor0", "\t+product0", "@1.0", "/usr/local/bin/product" + ): CVEData( cves=[ CVE( "-CVE-1234-1234", @@ -1574,6 +1601,7 @@ def test_csv_macros(self): "vendor": "vendor0", "product": "product0", "version": "1.0", + "location": "/usr/local/bin/product", "cve_number": "CVE-1234-1234", "source": "NVD", "severity": "MEDIUM", diff --git a/test/test_package_list_parser.py b/test/test_package_list_parser.py index 2d5d47f635..8d6ca59aee 100644 --- a/test/test_package_list_parser.py +++ b/test/test_package_list_parser.py @@ -27,11 +27,21 @@ class TestPackageListParser: TXT_PATH = Path(__file__).parent.resolve() / "txt" REQ_PARSED_TRIAGE_DATA = { - ProductInfo(vendor="httplib2_project*", product="httplib2", version="0.18.1"): { + ProductInfo( + vendor="httplib2_project*", + product="httplib2", + version="0.18.1", + location="/usr/local/bin/httplib2", + ): { "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""}, "paths": {""}, }, - ProductInfo(vendor="python*", product="requests", version="2.25.1"): { + ProductInfo( + vendor="python*", + product="requests", + version="2.25.1", + location="/usr/local/bin/requests", + ): { "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""}, "paths": {""}, }, @@ -60,19 +70,28 @@ class TestPackageListParser: UBUNTU_PARSED_TRIAGE_DATA = { ProductInfo( - vendor="gnu*", product="bash", version=UBUNTU_PACKAGE_VERSIONS[0] + vendor="gnu*", + product="bash", + version=UBUNTU_PACKAGE_VERSIONS[0], + location="/usr/local/bin/bash", ): { "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""}, "paths": {""}, }, ProductInfo( - vendor="gnu*", product="binutils", version=UBUNTU_PACKAGE_VERSIONS[1] + vendor="gnu*", + product="binutils", + version=UBUNTU_PACKAGE_VERSIONS[1], + location="/usr/local/bin/binutils", ): { "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""}, "paths": {""}, }, ProductInfo( - vendor="gnu*", product="wget", version=UBUNTU_PACKAGE_VERSIONS[2] + vendor="gnu*", + product="wget", + version=UBUNTU_PACKAGE_VERSIONS[2], + location="/usr/local/bin/wget", ): { "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""}, "paths": {""}, diff --git a/test/test_sbom.py b/test/test_sbom.py index 9bd703a577..134eafd327 100644 --- a/test/test_sbom.py +++ b/test/test_sbom.py @@ -15,53 +15,101 @@ class TestSBOM: SBOM_PATH = Path(__file__).parent.resolve() / "sbom" PARSED_SBOM_DATA = { - ProductInfo(vendor="gnu", product="glibc", version="2.11.1"): { + ProductInfo( + vendor="gnu", product="glibc", version="2.11.1", location="NotFound" + ): { "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""}, "paths": {""}, } } PARSED_SBOM_DATA2 = { - ProductInfo(vendor="ubuntu", product="ubuntu", version="22.04"): { + ProductInfo( + vendor="ubuntu", product="ubuntu", version="22.04", location="NotFound" + ): { "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""}, "paths": {""}, } } PARSED_SBOM_DATA3 = { - ProductInfo(vendor="gnu", product="glibc", version="2.11.1"): { + ProductInfo( + vendor="gnu", product="glibc", version="2.11.1", location="NotFound" + ): { "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""}, "paths": {""}, }, - ProductInfo(vendor="saxon", product="saxon", version="8.8"): { + ProductInfo( + vendor="saxon", product="saxon", version="8.8", location="NotFound" + ): { "default": {"remarks": Remarks.NewFound, "comments": "", "severity": ""}, "paths": {""}, }, } SPLIT_DATA = [ - ProductInfo(vendor="openzeppelin", product="contracts", version="4.8.1"), - ProductInfo(vendor="downline_goldmine", product="builder", version="3.2.4"), + ProductInfo( + vendor="openzeppelin", + product="contracts", + version="4.8.1", + location="NotFound", + ), + ProductInfo( + vendor="downline_goldmine", + product="builder", + version="3.2.4", + location="NotFound", + ), ] PARSED_BAD_SBOM_DATA = [ - # Unknown vendor has multiple results - ProductInfo(vendor="ijg", product="libjpeg", version="8b"), - ProductInfo(vendor="unknown", product="libjpeg", version="8b"), - ProductInfo(vendor="jpeg", product="libjpeg", version="8b"), - ProductInfo(vendor="libjpeg_project", product="libjpeg", version="8b"), - # Unknown project pulls the product name from the SBOM - ProductInfo(vendor="libexpat_project", product="libexpat", version="2.0.1"), - # Unknown version pulls the version number from the SBOM - ProductInfo(vendor="gnu", product="ncurses", version="5.9.noversion"), + ProductInfo( + vendor="UNKNOWN", + product="libjpeg-novendor", + version="8b", + location="NotFound", + ), + ProductInfo( + vendor="libexpat_project", + product="libexpat", + version="2.0.1", + location="NotFound", + ), + ProductInfo( + vendor="UNKNOWN", + product="ncurses-noversion", + version="5.9.noversion", + location="NotFound", + ), + ProductInfo( + vendor="zlib", product="zlib", version="1.2.3", location="NotFound" + ), ] PARSED_EXT_REF_PRIORITY_SBOM_DATA = [ - ProductInfo(vendor="ijg", product="libjpeg", version="8b"), - ProductInfo(vendor="libexpat_project", product="libexpat", version="2.0.1"), - ProductInfo(vendor="gnu", product="ncurses", version="5.9"), - ProductInfo(vendor="unknown", product="ncurses", version="5.9"), - ProductInfo(vendor="ncurses_project", product="ncurses", version="5.9"), - ProductInfo(vendor="zlib", product="zlib", version="1.2.3"), - ProductInfo(vendor="unknown", product="zlib", version="1.2.3"), - ProductInfo(vendor="gnu", product="zlib", version="1.2.3"), + ProductInfo(vendor="ijg", product="libjpeg", version="8b", location="NotFound"), + ProductInfo( + vendor="libexpat_project", + product="libexpat", + version="2.0.1", + location="NotFound", + ), + ProductInfo( + vendor="gnu", product="ncurses", version="5.9", location="NotFound" + ), + ProductInfo( + vendor="unknown", product="ncurses", version="5.9", location="NotFound" + ), + ProductInfo( + vendor="ncurses_project", + product="ncurses", + version="5.9", + location="NotFound", + ), + ProductInfo( + vendor="zlib", product="zlib", version="1.2.3", location="NotFound" + ), + ProductInfo( + vendor="unknown", product="zlib", version="1.2.3", location="NotFound" + ), + ProductInfo(vendor="gnu", product="zlib", version="1.2.3", location="NotFound"), ] @pytest.mark.parametrize( diff --git a/test/test_util.py b/test/test_util.py index 52c5588d3d..822d9b1c70 100644 --- a/test/test_util.py +++ b/test/test_util.py @@ -5,10 +5,14 @@ CVE-bin-tool util tests """ import inspect +import sys +from pathlib import Path from typing import DefaultDict +import pytest + from cve_bin_tool.cve_scanner import CVEScanner -from cve_bin_tool.util import CVEData, ProductInfo, inpath +from cve_bin_tool.util import CVEData, ProductInfo, find_product_location, inpath class TestUtil: @@ -22,6 +26,42 @@ def test_inpath(self): def test_not_inpath(self): assert not inpath("cve_bin_tool_test_for_not_in_path") + @pytest.mark.parametrize( + "mock_sys_path, known_dirs", + [ + ( + ["/usr/local/bin", "/usr/local/lib/python3.10/site-packages"], + [ + "/usr/local/lib/python3.10/site-packages", + "/usr/local/share", + "/usr/share", + "/usr/local/include", + "/usr/include", + ], + ), + ], + ) + def test_find_product_location(self, monkeypatch, mock_sys_path, known_dirs): + product_name = "lib4sbom" + monkeypatch.setattr(sys, "path", mock_sys_path) + + def mock_exists(path): + for dir in known_dirs: + if dir in str(path): + return True + return False + + monkeypatch.setattr("pathlib.Path.exists", mock_exists) + + expected_path = None + for dir in known_dirs: + product_location = Path(dir) / product_name + if product_location.exists(): + expected_path = str(product_location) + break + + assert find_product_location(product_name) == expected_path + class TestSignature: """Tests signature of critical class and functions"""