diff --git a/sbom/cve-bin-tool-py3.7.json b/sbom/cve-bin-tool-py3.7.json
index cdcaa1782e..7cac5c490e 100644
--- a/sbom/cve-bin-tool-py3.7.json
+++ b/sbom/cve-bin-tool-py3.7.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.4",
- "serialNumber": "urn:uuid2c457c00-8c22-418c-ae05-b8925c5b646b",
+ "serialNumber": "urn:uuid5631bc86-1512-49df-8453-552277fe00e8",
"version": 1,
"metadata": {
- "timestamp": "2023-04-24T00:27:29Z",
+ "timestamp": "2023-05-29T01:43:32Z",
"tools": [
{
"name": "sbom4python",
@@ -205,7 +205,7 @@
"type": "library",
"bom-ref": "6-typing-extensions",
"name": "typing-extensions",
- "version": "4.5.0",
+ "version": "4.6.2",
"supplier": {
"name": "Guido van Jukka ukasz Michael",
"contact": [
@@ -214,16 +214,16 @@
}
]
},
- "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.5.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.6.2:*:*:*:*:*:*:*",
"description": "Backported and Experimental Type Hints for Python 3.7+",
"externalReferences": [
{
- "url": "https://pypi.org/project/typing_extensions/4.5.0",
+ "url": "https://pypi.org/project/typing_extensions/4.6.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/typing-extensions@4.5.0"
+ "purl": "pkg:pypi/typing-extensions@4.6.2"
},
{
"type": "library",
@@ -434,7 +434,7 @@
"type": "library",
"bom-ref": "13-yarl",
"name": "yarl",
- "version": "1.9.1",
+ "version": "1.9.2",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -443,7 +443,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -460,12 +460,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.9.1",
+ "url": "https://pypi.org/project/yarl/1.9.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.9.1"
+ "purl": "pkg:pypi/yarl@1.9.2"
},
{
"type": "library",
@@ -672,7 +672,7 @@
"type": "library",
"bom-ref": "20-gsutil",
"name": "gsutil",
- "version": "5.23",
+ "version": "5.24",
"supplier": {
"name": "Google Inc.",
"contact": [
@@ -681,7 +681,7 @@
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:gsutil:5.23:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_inc.:gsutil:5.24:*:*:*:*:*:*:*",
"description": "A command line tool for interacting with cloud storage services.",
"licenses": [
{
@@ -698,12 +698,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/gsutil/5.23",
+ "url": "https://pypi.org/project/gsutil/5.24",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/gsutil@5.23",
+ "purl": "pkg:pypi/gsutil@5.24",
"properties": [
{
"name": "License Comments",
@@ -1502,7 +1502,7 @@
"type": "library",
"bom-ref": "41-google-auth",
"name": "google-auth",
- "version": "2.17.3",
+ "version": "2.19.0",
"supplier": {
"name": "Google Cloud Platform",
"contact": [
@@ -1511,7 +1511,7 @@
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.19.0:*:*:*:*:*:*:*",
"description": "Google Authentication Library",
"licenses": [
{
@@ -1528,12 +1528,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-auth/2.17.3",
+ "url": "https://pypi.org/project/google-auth/2.19.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth@2.17.3",
+ "purl": "pkg:pypi/google-auth@2.19.0",
"properties": [
{
"name": "License Comments",
@@ -1545,7 +1545,7 @@
"type": "library",
"bom-ref": "42-cachetools",
"name": "cachetools",
- "version": "5.3.0",
+ "version": "5.3.1",
"supplier": {
"name": "Thomas Kemmer",
"contact": [
@@ -1554,7 +1554,7 @@
}
]
},
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:*",
"description": "Extensible memoizing collections and decorators",
"licenses": [
{
@@ -1571,16 +1571,53 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cachetools/5.3.0",
+ "url": "https://pypi.org/project/cachetools/5.3.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cachetools@5.3.0"
+ "purl": "pkg:pypi/cachetools@5.3.1"
},
{
"type": "library",
- "bom-ref": "43-monotonic",
+ "bom-ref": "43-urllib3",
+ "name": "urllib3",
+ "version": "1.26.16",
+ "supplier": {
+ "name": "Andrey Petrov",
+ "contact": [
+ {
+ "email": "andrey.petrov@shazow.net"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:andrey_petrov:urllib3:1.26.16:*:*:*:*:*:*:*",
+ "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://urllib3.readthedocs.io/",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/urllib3/1.26.16",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/urllib3@1.26.16"
+ },
+ {
+ "type": "library",
+ "bom-ref": "44-monotonic",
"name": "monotonic",
"version": "1.6",
"supplier": {
@@ -1623,7 +1660,7 @@
},
{
"type": "library",
- "bom-ref": "44-importlib-resources",
+ "bom-ref": "45-importlib-resources",
"name": "importlib-resources",
"version": "5.12.0",
"supplier": {
@@ -1652,7 +1689,7 @@
},
{
"type": "library",
- "bom-ref": "45-jinja2",
+ "bom-ref": "46-jinja2",
"name": "jinja2",
"version": "3.1.2",
"supplier": {
@@ -1689,7 +1726,7 @@
},
{
"type": "library",
- "bom-ref": "46-markupsafe",
+ "bom-ref": "47-markupsafe",
"name": "markupsafe",
"version": "2.1.2",
"supplier": {
@@ -1726,7 +1763,7 @@
},
{
"type": "library",
- "bom-ref": "47-jsonschema",
+ "bom-ref": "48-jsonschema",
"name": "jsonschema",
"version": "4.17.3",
"supplier": {
@@ -1753,7 +1790,7 @@
},
{
"type": "library",
- "bom-ref": "48-pkgutil-resolve-name",
+ "bom-ref": "49-pkgutil-resolve-name",
"name": "pkgutil-resolve-name",
"version": "1.3.10",
"supplier": {
@@ -1782,7 +1819,7 @@
},
{
"type": "library",
- "bom-ref": "49-pyrsistent",
+ "bom-ref": "50-pyrsistent",
"name": "pyrsistent",
"version": "0.19.3",
"supplier": {
@@ -1819,7 +1856,7 @@
},
{
"type": "library",
- "bom-ref": "50-lib4sbom",
+ "bom-ref": "51-lib4sbom",
"name": "lib4sbom",
"version": "0.3.1",
"supplier": {
@@ -1856,7 +1893,7 @@
},
{
"type": "library",
- "bom-ref": "51-pyyaml",
+ "bom-ref": "52-pyyaml",
"name": "pyyaml",
"version": "6.0",
"supplier": {
@@ -1893,7 +1930,7 @@
},
{
"type": "library",
- "bom-ref": "52-semantic-version",
+ "bom-ref": "53-semantic-version",
"name": "semantic-version",
"version": "2.10.0",
"supplier": {
@@ -1936,7 +1973,7 @@
},
{
"type": "library",
- "bom-ref": "53-packaging",
+ "bom-ref": "54-packaging",
"name": "packaging",
"version": "21.3",
"supplier": {
@@ -1978,7 +2015,7 @@
},
{
"type": "library",
- "bom-ref": "54-plotly",
+ "bom-ref": "55-plotly",
"name": "plotly",
"version": "5.14.1",
"supplier": {
@@ -2015,7 +2052,7 @@
},
{
"type": "library",
- "bom-ref": "55-tenacity",
+ "bom-ref": "56-tenacity",
"name": "tenacity",
"version": "8.2.2",
"supplier": {
@@ -2058,9 +2095,9 @@
},
{
"type": "library",
- "bom-ref": "56-requests",
+ "bom-ref": "57-requests",
"name": "requests",
- "version": "2.28.2",
+ "version": "2.31.0",
"supplier": {
"name": "Kenneth Reitz",
"contact": [
@@ -2069,7 +2106,7 @@
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:*",
"description": "Python HTTP for Humans.",
"licenses": [
{
@@ -2086,12 +2123,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/requests/2.28.2",
+ "url": "https://pypi.org/project/requests/2.31.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/requests@2.28.2",
+ "purl": "pkg:pypi/requests@2.31.0",
"properties": [
{
"name": "License Comments",
@@ -2101,9 +2138,9 @@
},
{
"type": "library",
- "bom-ref": "57-certifi",
+ "bom-ref": "58-certifi",
"name": "certifi",
- "version": "2022.12.7",
+ "version": "2023.5.7",
"supplier": {
"name": "Kenneth Reitz",
"contact": [
@@ -2112,7 +2149,7 @@
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*",
"description": "Python package for providing Mozilla's CA Bundle.",
"licenses": [
{
@@ -2129,55 +2166,18 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/certifi/2022.12.7",
+ "url": "https://pypi.org/project/certifi/2023.5.7",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/certifi@2022.12.7"
- },
- {
- "type": "library",
- "bom-ref": "58-urllib3",
- "name": "urllib3",
- "version": "1.26.15",
- "supplier": {
- "name": "Andrey Petrov",
- "contact": [
- {
- "email": "andrey.petrov@shazow.net"
- }
- ]
- },
- "cpe": "cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:*",
- "description": "HTTP library with thread-safe connection pooling, file post, and more.",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://urllib3.readthedocs.io/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/urllib3/1.26.15",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/urllib3@1.26.15"
+ "purl": "pkg:pypi/certifi@2023.5.7"
},
{
"type": "library",
"bom-ref": "59-rich",
"name": "rich",
- "version": "13.3.4",
+ "version": "13.3.5",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -2186,7 +2186,7 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.4:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.5:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"licenses": [
{
@@ -2203,12 +2203,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rich/13.3.4",
+ "url": "https://pypi.org/project/rich/13.3.5",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.3.4"
+ "purl": "pkg:pypi/rich@13.3.5"
},
{
"type": "library",
@@ -2368,7 +2368,7 @@
"type": "library",
"bom-ref": "65-xmlschema",
"name": "xmlschema",
- "version": "2.2.3",
+ "version": "2.3.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -2377,7 +2377,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.2.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.3.0:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -2394,18 +2394,18 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/xmlschema/2.2.3",
+ "url": "https://pypi.org/project/xmlschema/2.3.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@2.2.3"
+ "purl": "pkg:pypi/xmlschema@2.3.0"
},
{
"type": "library",
"bom-ref": "66-elementpath",
"name": "elementpath",
- "version": "4.1.1",
+ "version": "4.1.2",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -2414,7 +2414,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.2:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
"licenses": [
{
@@ -2431,12 +2431,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/elementpath/4.1.1",
+ "url": "https://pypi.org/project/elementpath/4.1.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/elementpath@4.1.1"
+ "purl": "pkg:pypi/elementpath@4.1.2"
},
{
"type": "library",
@@ -2499,18 +2499,18 @@
"19-distro",
"20-gsutil",
"9-importlib-metadata",
- "44-importlib-resources",
- "45-jinja2",
- "47-jsonschema",
- "50-lib4sbom",
- "53-packaging",
- "54-plotly",
- "51-pyyaml",
- "56-requests",
+ "45-importlib-resources",
+ "46-jinja2",
+ "48-jsonschema",
+ "51-lib4sbom",
+ "54-packaging",
+ "55-plotly",
+ "52-pyyaml",
+ "57-requests",
"59-rich",
"63-rpmfile",
"64-toml",
- "58-urllib3",
+ "43-urllib3",
"65-xmlschema",
"67-zstandard"
]
@@ -2579,7 +2579,7 @@
"41-google-auth",
"26-google-reauth",
"29-httplib2",
- "43-monotonic",
+ "44-monotonic",
"35-pyopenssl",
"39-retry-decorator",
"28-six"
@@ -2677,59 +2677,60 @@
"42-cachetools",
"33-pyasn1-modules",
"34-rsa",
- "28-six"
+ "28-six",
+ "43-urllib3"
]
},
{
- "ref": "44-importlib-resources",
+ "ref": "45-importlib-resources",
"dependsOn": [
"10-zipp"
]
},
{
- "ref": "45-jinja2",
+ "ref": "46-jinja2",
"dependsOn": [
- "46-markupsafe"
+ "47-markupsafe"
]
},
{
- "ref": "47-jsonschema",
+ "ref": "48-jsonschema",
"dependsOn": [
"8-attrs",
"9-importlib-metadata",
- "44-importlib-resources",
- "48-pkgutil-resolve-name",
- "49-pyrsistent",
+ "45-importlib-resources",
+ "49-pkgutil-resolve-name",
+ "50-pyrsistent",
"6-typing-extensions"
]
},
{
- "ref": "50-lib4sbom",
+ "ref": "51-lib4sbom",
"dependsOn": [
- "51-pyyaml",
- "52-semantic-version"
+ "52-pyyaml",
+ "53-semantic-version"
]
},
{
- "ref": "53-packaging",
+ "ref": "54-packaging",
"dependsOn": [
"30-pyparsing"
]
},
{
- "ref": "54-plotly",
+ "ref": "55-plotly",
"dependsOn": [
- "53-packaging",
- "55-tenacity"
+ "54-packaging",
+ "56-tenacity"
]
},
{
- "ref": "56-requests",
+ "ref": "57-requests",
"dependsOn": [
- "57-certifi",
+ "58-certifi",
"11-charset-normalizer",
"14-idna",
- "58-urllib3"
+ "43-urllib3"
]
},
{
diff --git a/sbom/cve-bin-tool-py3.7.spdx b/sbom/cve-bin-tool-py3.7.spdx
index 603bfe913e..5089ea08f7 100644
--- a/sbom/cve-bin-tool-py3.7.spdx
+++ b/sbom/cve-bin-tool-py3.7.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-d84b9d8c-409a-42ae-ac76-92c9209bcfcb
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-cbd190bf-5405-46e6-9178-6efa722247ed
LicenseListVersion: 3.20
Creator: Tool: sbom4python-0.9.1
-Created: 2023-04-24T00:25:50Z
+Created: 2023-05-29T01:41:49Z
CreatorComment: This document has been automatically generated.
#####
@@ -92,17 +92,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*
PackageName: typing-extensions
SPDXID: SPDXRef-Package-6-typing-extensions
-PackageVersion: 4.5.0
+PackageVersion: 4.6.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/typing_extensions/4.5.0
+PackageDownloadLocation: https://pypi.org/project/typing_extensions/4.6.2
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Backported and Experimental Type Hints for Python 3.7+
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.6.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.6.2:*:*:*:*:*:*:*
#####
PackageName: asynctest
@@ -204,18 +204,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:*
PackageName: yarl
SPDXID: SPDXRef-Package-13-yarl
-PackageVersion: 1.9.1
+PackageVersion: 1.9.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.9.1
+PackageDownloadLocation: https://pypi.org/project/yarl/1.9.2
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl/
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -316,10 +316,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:*
PackageName: gsutil
SPDXID: SPDXRef-Package-20-gsutil
-PackageVersion: 5.23
+PackageVersion: 5.24
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.23
+PackageDownloadLocation: https://pypi.org/project/gsutil/5.24
FilesAnalyzed: false
PackageHomePage: https://cloud.google.com/storage/docs/gsutil
PackageLicenseDeclared: NOASSERTION
@@ -327,8 +327,8 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A command line tool for interacting with cloud storage services.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.23
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.23:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.24
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.24:*:*:*:*:*:*:*
#####
PackageName: argcomplete
@@ -663,10 +663,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
PackageName: google-auth
SPDXID: SPDXRef-Package-41-google-auth
-PackageVersion: 2.17.3
+PackageVersion: 2.19.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.3
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.19.0
FilesAnalyzed: false
PackageHomePage: https://github.com/googleapis/google-auth-library-python
PackageLicenseDeclared: NOASSERTION
@@ -674,28 +674,44 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.17.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.19.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.19.0:*:*:*:*:*:*:*
#####
PackageName: cachetools
SPDXID: SPDXRef-Package-42-cachetools
-PackageVersion: 5.3.0
+PackageVersion: 5.3.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.0
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.1
FilesAnalyzed: false
PackageHomePage: https://github.com/tkem/cachetools/
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Extensible memoizing collections and decorators
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:*
+#####
+
+PackageName: urllib3
+SPDXID: SPDXRef-Package-43-urllib3
+PackageVersion: 1.26.16
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
+PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.16
+FilesAnalyzed: false
+PackageHomePage: https://urllib3.readthedocs.io/
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.16
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.16:*:*:*:*:*:*:*
#####
PackageName: monotonic
-SPDXID: SPDXRef-Package-43-monotonic
+SPDXID: SPDXRef-Package-44-monotonic
PackageVersion: 1.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ori Livneh (ori@wikimedia.org)
@@ -712,7 +728,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
#####
PackageName: importlib-resources
-SPDXID: SPDXRef-Package-44-importlib-resources
+SPDXID: SPDXRef-Package-45-importlib-resources
PackageVersion: 5.12.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Barry Warsaw (barry@python.org)
@@ -728,7 +744,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:5.12.
#####
PackageName: jinja2
-SPDXID: SPDXRef-Package-45-jinja2
+SPDXID: SPDXRef-Package-46-jinja2
PackageVersion: 3.1.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)
@@ -744,7 +760,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*:
#####
PackageName: markupsafe
-SPDXID: SPDXRef-Package-46-markupsafe
+SPDXID: SPDXRef-Package-47-markupsafe
PackageVersion: 2.1.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)
@@ -760,7 +776,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:markupsafe:2.1.2:*:*:*:
#####
PackageName: jsonschema
-SPDXID: SPDXRef-Package-47-jsonschema
+SPDXID: SPDXRef-Package-48-jsonschema
PackageVersion: 4.17.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
@@ -775,7 +791,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.17.3:*:*:*:
#####
PackageName: pkgutil-resolve-name
-SPDXID: SPDXRef-Package-48-pkgutil-resolve-name
+SPDXID: SPDXRef-Package-49-pkgutil-resolve-name
PackageVersion: 1.3.10
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
@@ -791,7 +807,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.1
#####
PackageName: pyrsistent
-SPDXID: SPDXRef-Package-49-pyrsistent
+SPDXID: SPDXRef-Package-50-pyrsistent
PackageVersion: 0.19.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Tobias Gustafsson (tobias.l.gustafsson@gmail.com)
@@ -807,7 +823,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tobias_gustafsson:pyrsistent:0.19.3:*:
#####
PackageName: lib4sbom
-SPDXID: SPDXRef-Package-50-lib4sbom
+SPDXID: SPDXRef-Package-51-lib4sbom
PackageVersion: 0.3.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
@@ -823,7 +839,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:
#####
PackageName: pyyaml
-SPDXID: SPDXRef-Package-51-pyyaml
+SPDXID: SPDXRef-Package-52-pyyaml
PackageVersion: 6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
@@ -839,7 +855,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:
#####
PackageName: semantic-version
-SPDXID: SPDXRef-Package-52-semantic-version
+SPDXID: SPDXRef-Package-53-semantic-version
PackageVersion: 2.10.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org)
@@ -856,7 +872,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.
#####
PackageName: packaging
-SPDXID: SPDXRef-Package-53-packaging
+SPDXID: SPDXRef-Package-54-packaging
PackageVersion: 21.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Donald Stufft and individual contributors (donald@stufft.io)
@@ -873,7 +889,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut
#####
PackageName: plotly
-SPDXID: SPDXRef-Package-54-plotly
+SPDXID: SPDXRef-Package-55-plotly
PackageVersion: 5.14.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
@@ -889,7 +905,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.14.1:*:*:*:*:*:*:*
#####
PackageName: tenacity
-SPDXID: SPDXRef-Package-55-tenacity
+SPDXID: SPDXRef-Package-56-tenacity
PackageVersion: 8.2.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
@@ -906,11 +922,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*
#####
PackageName: requests
-SPDXID: SPDXRef-Package-56-requests
-PackageVersion: 2.28.2
+SPDXID: SPDXRef-Package-57-requests
+PackageVersion: 2.31.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
-PackageDownloadLocation: https://pypi.org/project/requests/2.28.2
+PackageDownloadLocation: https://pypi.org/project/requests/2.31.0
FilesAnalyzed: false
PackageHomePage: https://requests.readthedocs.io
PackageLicenseDeclared: NOASSERTION
@@ -918,56 +934,40 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python HTTP for Humans.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.28.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.31.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:*
#####
PackageName: certifi
-SPDXID: SPDXRef-Package-57-certifi
-PackageVersion: 2022.12.7
+SPDXID: SPDXRef-Package-58-certifi
+PackageVersion: 2023.5.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2022.12.7
+PackageDownloadLocation: https://pypi.org/project/certifi/2023.5.7
FilesAnalyzed: false
PackageHomePage: https://github.com/certifi/python-certifi
PackageLicenseDeclared: MPL-2.0
PackageLicenseConcluded: MPL-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python package for providing Mozilla's CA Bundle.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2022.12.7
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:*:*:*:*
-#####
-
-PackageName: urllib3
-SPDXID: SPDXRef-Package-58-urllib3
-PackageVersion: 1.26.15
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
-PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.15
-FilesAnalyzed: false
-PackageHomePage: https://urllib3.readthedocs.io/
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.15
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2023.5.7
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*
#####
PackageName: rich
SPDXID: SPDXRef-Package-59-rich
-PackageVersion: 13.3.4
+PackageVersion: 13.3.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.3.4
+PackageDownloadLocation: https://pypi.org/project/rich/13.3.5
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.5:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -1049,34 +1049,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
PackageName: xmlschema
SPDXID: SPDXRef-Package-65-xmlschema
-PackageVersion: 2.2.3
+PackageVersion: 2.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/2.2.3
+PackageDownloadLocation: https://pypi.org/project/xmlschema/2.3.0
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.2.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.3.0:*:*:*:*:*:*:*
#####
PackageName: elementpath
SPDXID: SPDXRef-Package-66-elementpath
-PackageVersion: 4.1.1
+PackageVersion: 4.1.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.1
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.2
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.2:*:*:*:*:*:*:*
#####
PackageName: zstandard
@@ -1103,15 +1103,15 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-18-defus
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-19-distro
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-20-gsutil
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-importlib-resources
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-jinja2
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-jsonschema
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-lib4sbom
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-pyyaml
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-packaging
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-plotly
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-requests
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-urllib3
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-urllib3
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-importlib-resources
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-jinja2
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-jsonschema
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-lib4sbom
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-pyyaml
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-packaging
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-plotly
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-requests
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-rich
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-rpmfile
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-toml
@@ -1142,7 +1142,7 @@ Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-35-pyopenssl
Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-39-retry-decorator
Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-40-google-apitools
Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-41-google-auth
-Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-43-monotonic
+Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-44-monotonic
Relationship: SPDXRef-Package-21-argcomplete DEPENDS_ON SPDXRef-Package-9-importlib-metadata
Relationship: SPDXRef-Package-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-25-boto
Relationship: SPDXRef-Package-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-google-reauth
@@ -1174,24 +1174,25 @@ Relationship: SPDXRef-Package-41-google-auth DEPENDS_ON SPDXRef-Package-28-six
Relationship: SPDXRef-Package-41-google-auth DEPENDS_ON SPDXRef-Package-33-pyasn1-modules
Relationship: SPDXRef-Package-41-google-auth DEPENDS_ON SPDXRef-Package-34-rsa
Relationship: SPDXRef-Package-41-google-auth DEPENDS_ON SPDXRef-Package-42-cachetools
-Relationship: SPDXRef-Package-44-importlib-resources DEPENDS_ON SPDXRef-Package-10-zipp
-Relationship: SPDXRef-Package-45-jinja2 DEPENDS_ON SPDXRef-Package-46-markupsafe
-Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-44-importlib-resources
-Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-48-pkgutil-resolve-name
-Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-49-pyrsistent
-Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-6-typing-extensions
-Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-8-attrs
-Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-9-importlib-metadata
+Relationship: SPDXRef-Package-41-google-auth DEPENDS_ON SPDXRef-Package-43-urllib3
+Relationship: SPDXRef-Package-45-importlib-resources DEPENDS_ON SPDXRef-Package-10-zipp
+Relationship: SPDXRef-Package-46-jinja2 DEPENDS_ON SPDXRef-Package-47-markupsafe
+Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-45-importlib-resources
+Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-49-pkgutil-resolve-name
+Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-50-pyrsistent
+Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-6-typing-extensions
+Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-8-attrs
+Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-9-importlib-metadata
Relationship: SPDXRef-Package-5-async-timeout DEPENDS_ON SPDXRef-Package-6-typing-extensions
-Relationship: SPDXRef-Package-50-lib4sbom DEPENDS_ON SPDXRef-Package-51-pyyaml
-Relationship: SPDXRef-Package-50-lib4sbom DEPENDS_ON SPDXRef-Package-52-semantic-version
-Relationship: SPDXRef-Package-53-packaging DEPENDS_ON SPDXRef-Package-30-pyparsing
-Relationship: SPDXRef-Package-54-plotly DEPENDS_ON SPDXRef-Package-53-packaging
-Relationship: SPDXRef-Package-54-plotly DEPENDS_ON SPDXRef-Package-55-tenacity
-Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-11-charset-normalizer
-Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-14-idna
-Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-57-certifi
-Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-58-urllib3
+Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-52-pyyaml
+Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-53-semantic-version
+Relationship: SPDXRef-Package-54-packaging DEPENDS_ON SPDXRef-Package-30-pyparsing
+Relationship: SPDXRef-Package-55-plotly DEPENDS_ON SPDXRef-Package-54-packaging
+Relationship: SPDXRef-Package-55-plotly DEPENDS_ON SPDXRef-Package-56-tenacity
+Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-11-charset-normalizer
+Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-14-idna
+Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-43-urllib3
+Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-58-certifi
Relationship: SPDXRef-Package-59-rich DEPENDS_ON SPDXRef-Package-6-typing-extensions
Relationship: SPDXRef-Package-59-rich DEPENDS_ON SPDXRef-Package-60-markdown-it-py
Relationship: SPDXRef-Package-59-rich DEPENDS_ON SPDXRef-Package-62-pygments