diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
index 49875a3b1d..6df4e905c0 100644
--- a/sbom/cve-bin-tool-py3.8.json
+++ b/sbom/cve-bin-tool-py3.8.json
@@ -1,17 +1,20 @@
{
- "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
+ "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"bomFormat": "CycloneDX",
- "specVersion": "1.4",
- "serialNumber": "urn:uuid2594a2d8-1a8e-49ce-8155-b6f102ba7513",
+ "specVersion": "1.5",
+ "serialNumber": "urn:uuid:8083bf6a-706e-4919-a70c-db40fee3c07a",
"version": 1,
"metadata": {
- "timestamp": "2023-07-10T00:39:47Z",
- "tools": [
- {
- "name": "sbom4python",
- "version": "0.9.2"
- }
- ],
+ "timestamp": "2023-12-04T01:23:09Z",
+ "tools": {
+ "components": [
+ {
+ "name": "sbom4python",
+ "version": "0.10.1",
+ "type": "application"
+ }
+ ]
+ },
"component": {
"type": "application",
"bom-ref": "CDXRef-DOCUMENT",
@@ -49,13 +52,23 @@
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cve-bin-tool@3.2.2.dev0"
+ "purl": "pkg:pypi/cve-bin-tool@3.2.2.dev0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.8.4",
+ "version": "3.9.1",
+ "supplier": {
+ "name": "NOASSERTION"
+ },
+ "cpe": "cpe:/a:NOASSERTION:aiohttp:3.9.1",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
@@ -67,13 +80,17 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/aiohttp/3.8.4",
+ "url": "https://pypi.org/project/aiohttp/3.9.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohttp@3.8.4",
+ "purl": "pkg:pypi/aiohttp@3.9.1",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression."
@@ -85,6 +102,10 @@
"bom-ref": "3-aiosignal",
"name": "aiosignal",
"version": "1.3.1",
+ "supplier": {
+ "name": "NOASSERTION"
+ },
+ "cpe": "cpe:/a:NOASSERTION:aiosignal:1.3.1",
"licenses": [
{
"license": {
@@ -102,6 +123,10 @@
],
"purl": "pkg:pypi/aiosignal@1.3.1",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
@@ -112,7 +137,11 @@
"type": "library",
"bom-ref": "4-frozenlist",
"name": "frozenlist",
- "version": "1.3.3",
+ "version": "1.4.0",
+ "supplier": {
+ "name": "NOASSERTION"
+ },
+ "cpe": "cpe:/a:NOASSERTION:frozenlist:1.4.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
"licenses": [
{
@@ -124,13 +153,17 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/frozenlist/1.3.3",
+ "url": "https://pypi.org/project/frozenlist/1.4.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/frozenlist@1.3.3",
+ "purl": "pkg:pypi/frozenlist@1.4.0",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression."
@@ -141,7 +174,7 @@
"type": "library",
"bom-ref": "5-async-timeout",
"name": "async-timeout",
- "version": "4.0.2",
+ "version": "4.0.3",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -150,7 +183,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*",
"description": "Timeout context manager for asyncio programs",
"licenses": [
{
@@ -162,13 +195,17 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/async-timeout/4.0.2",
+ "url": "https://pypi.org/project/async-timeout/4.0.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/async-timeout@4.0.2",
+ "purl": "pkg:pypi/async-timeout@4.0.3",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression."
@@ -197,43 +234,17 @@
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/attrs@23.1.0"
- },
- {
- "type": "library",
- "bom-ref": "7-charset-normalizer",
- "name": "charset-normalizer",
- "version": "3.2.0",
- "supplier": {
- "name": "Ahmed TAHRI",
- "contact": [
- {
- "email": "ahmed.tahri@cloudnursery.dev"
- }
- ]
- },
- "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.2.0:*:*:*:*:*:*:*",
- "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
+ "purl": "pkg:pypi/attrs@23.1.0",
+ "properties": [
{
- "url": "https://pypi.org/project/charset-normalizer/3.2.0",
- "type": "distribution",
- "comment": "Download location for component"
+ "name": "language",
+ "value": "Python"
}
- ],
- "purl": "pkg:pypi/charset-normalizer@3.2.0"
+ ]
},
{
"type": "library",
- "bom-ref": "8-multidict",
+ "bom-ref": "7-multidict",
"name": "multidict",
"version": "6.0.4",
"supplier": {
@@ -263,6 +274,10 @@
],
"purl": "pkg:pypi/multidict@6.0.4",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression."
@@ -271,9 +286,9 @@
},
{
"type": "library",
- "bom-ref": "9-yarl",
+ "bom-ref": "8-yarl",
"name": "yarl",
- "version": "1.9.2",
+ "version": "1.9.3",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -282,7 +297,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.3:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -294,40 +309,52 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/yarl/1.9.2",
+ "url": "https://pypi.org/project/yarl/1.9.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.9.2"
+ "purl": "pkg:pypi/yarl@1.9.3",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "10-idna",
+ "bom-ref": "9-idna",
"name": "idna",
- "version": "3.4",
+ "version": "3.6",
"supplier": {
"name": "Kim Davies",
"contact": [
{
- "email": "kim@cynosure.com.au"
+ "email": "kim+pypi@gumleaf.org"
}
]
},
- "cpe": "cpe:2.3:a:kim_davies:idna:3.4:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:*",
"description": "Internationalized Domain Names in Applications (IDNA)",
"externalReferences": [
{
- "url": "https://pypi.org/project/idna/3.4",
+ "url": "https://pypi.org/project/idna/3.6",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/idna@3.4"
+ "purl": "pkg:pypi/idna@3.6",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "11-beautifulsoup4",
+ "bom-ref": "10-beautifulsoup4",
"name": "beautifulsoup4",
"version": "4.12.2",
"supplier": {
@@ -347,13 +374,19 @@
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/beautifulsoup4@4.12.2"
+ "purl": "pkg:pypi/beautifulsoup4@4.12.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "12-soupsieve",
+ "bom-ref": "11-soupsieve",
"name": "soupsieve",
- "version": "2.4.1",
+ "version": "2.5",
"supplier": {
"name": "Isaac Muse",
"contact": [
@@ -362,20 +395,26 @@
}
]
},
- "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.4.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
"externalReferences": [
{
- "url": "https://pypi.org/project/soupsieve/2.4.1",
+ "url": "https://pypi.org/project/soupsieve/2.5",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/soupsieve@2.4.1"
+ "purl": "pkg:pypi/soupsieve@2.5",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "13-cvss",
+ "bom-ref": "12-cvss",
"name": "cvss",
"version": "2.6",
"supplier": {
@@ -405,6 +444,10 @@
],
"purl": "pkg:pypi/cvss@2.6",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression."
@@ -413,7 +456,7 @@
},
{
"type": "library",
- "bom-ref": "14-defusedxml",
+ "bom-ref": "13-defusedxml",
"name": "defusedxml",
"version": "0.7.1",
"supplier": {
@@ -443,6 +486,10 @@
],
"purl": "pkg:pypi/defusedxml@0.7.1",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression."
@@ -451,7 +498,7 @@
},
{
"type": "library",
- "bom-ref": "15-distro",
+ "bom-ref": "14-distro",
"name": "distro",
"version": "1.8.0",
"supplier": {
@@ -481,6 +528,10 @@
],
"purl": "pkg:pypi/distro@1.8.0",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression."
@@ -489,18 +540,18 @@
},
{
"type": "library",
- "bom-ref": "16-gsutil",
+ "bom-ref": "15-gsutil",
"name": "gsutil",
- "version": "5.25",
+ "version": "5.27",
"supplier": {
- "name": "Google Inc.",
+ "name": "Google Inc .",
"contact": [
{
"email": "buganizer-system+187143@google.com"
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*",
"description": "A command line tool for interacting with cloud storage services.",
"licenses": [
{
@@ -512,13 +563,17 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/gsutil/5.25",
+ "url": "https://pypi.org/project/gsutil/5.27",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/gsutil@5.25",
+ "purl": "pkg:pypi/gsutil@5.27",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
@@ -527,9 +582,9 @@
},
{
"type": "library",
- "bom-ref": "17-argcomplete",
+ "bom-ref": "16-argcomplete",
"name": "argcomplete",
- "version": "3.1.1",
+ "version": "3.1.6",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
@@ -538,7 +593,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.6:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
"licenses": [
{
@@ -550,13 +605,17 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/argcomplete/3.1.1",
+ "url": "https://pypi.org/project/argcomplete/3.1.6",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/argcomplete@3.1.1",
+ "purl": "pkg:pypi/argcomplete@3.1.6",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression."
@@ -565,7 +624,7 @@
},
{
"type": "library",
- "bom-ref": "18-crcmod",
+ "bom-ref": "17-crcmod",
"name": "crcmod",
"version": "1.7",
"supplier": {
@@ -593,17 +652,23 @@
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/crcmod@1.7"
+ "purl": "pkg:pypi/crcmod@1.7",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "19-fasteners",
+ "bom-ref": "18-fasteners",
"name": "fasteners",
- "version": "0.18",
+ "version": "0.19",
"supplier": {
"name": "Joshua Harlow"
},
- "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*",
"description": "A python package that provides useful locks",
"licenses": [
{
@@ -615,26 +680,26 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/fasteners/0.18",
+ "url": "https://pypi.org/project/fasteners/0.19",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/fasteners@0.18",
+ "purl": "pkg:pypi/fasteners@0.19",
"properties": [
{
- "name": "License Comments",
- "value": "fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression."
+ "name": "language",
+ "value": "Python"
}
]
},
{
"type": "library",
- "bom-ref": "20-gcs-oauth2-boto-plugin",
+ "bom-ref": "19-gcs-oauth2-boto-plugin",
"name": "gcs-oauth2-boto-plugin",
"version": "3.0",
"supplier": {
- "name": "Google Inc.",
+ "name": "Google Inc .",
"contact": [
{
"email": "gs-team@google.com"
@@ -660,6 +725,10 @@
],
"purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.0",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
@@ -668,7 +737,7 @@
},
{
"type": "library",
- "bom-ref": "21-boto",
+ "bom-ref": "20-boto",
"name": "boto",
"version": "2.49.0",
"supplier": {
@@ -696,11 +765,17 @@
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/boto@2.49.0"
+ "purl": "pkg:pypi/boto@2.49.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "22-google-reauth",
+ "bom-ref": "21-google-reauth",
"name": "google-reauth",
"version": "0.1.1",
"supplier": {
@@ -730,6 +805,10 @@
],
"purl": "pkg:pypi/google-reauth@0.1.1",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
@@ -738,11 +817,11 @@
},
{
"type": "library",
- "bom-ref": "23-pyu2f",
+ "bom-ref": "22-pyu2f",
"name": "pyu2f",
"version": "0.1.5",
"supplier": {
- "name": "Google Inc.",
+ "name": "Google Inc .",
"contact": [
{
"email": "pyu2f-team@google.com"
@@ -768,6 +847,10 @@
],
"purl": "pkg:pypi/pyu2f@0.1.5",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
@@ -776,7 +859,7 @@
},
{
"type": "library",
- "bom-ref": "24-six",
+ "bom-ref": "23-six",
"name": "six",
"version": "1.16.0",
"supplier": {
@@ -804,11 +887,17 @@
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/six@1.16.0"
+ "purl": "pkg:pypi/six@1.16.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "25-httplib2",
+ "bom-ref": "24-httplib2",
"name": "httplib2",
"version": "0.20.4",
"supplier": {
@@ -836,13 +925,19 @@
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/httplib2@0.20.4"
+ "purl": "pkg:pypi/httplib2@0.20.4",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "26-pyparsing",
+ "bom-ref": "25-pyparsing",
"name": "pyparsing",
- "version": "3.1.0",
+ "version": "3.1.1",
"supplier": {
"name": "Paul McGuire",
"contact": [
@@ -851,24 +946,30 @@
}
]
},
- "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:*",
"description": "pyparsing module - Classes and methods to define and execute parsing grammars",
"externalReferences": [
{
- "url": "https://pypi.org/project/pyparsing/3.1.0",
+ "url": "https://pypi.org/project/pyparsing/3.1.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyparsing@3.1.0"
+ "purl": "pkg:pypi/pyparsing@3.1.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "27-oauth2client",
+ "bom-ref": "26-oauth2client",
"name": "oauth2client",
"version": "4.1.3",
"supplier": {
- "name": "Google Inc.",
+ "name": "Google Inc .",
"contact": [
{
"email": "jonwayne+oauth2client@google.com"
@@ -894,6 +995,10 @@
],
"purl": "pkg:pypi/oauth2client@4.1.3",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
@@ -902,9 +1007,9 @@
},
{
"type": "library",
- "bom-ref": "28-pyasn1",
+ "bom-ref": "27-pyasn1",
"name": "pyasn1",
- "version": "0.5.0",
+ "version": "0.5.1",
"supplier": {
"name": "Ilya Etingof",
"contact": [
@@ -913,7 +1018,7 @@
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.5.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.5.1:*:*:*:*:*:*:*",
"description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
"licenses": [
{
@@ -925,16 +1030,22 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/pyasn1/0.5.0",
+ "url": "https://pypi.org/project/pyasn1/0.5.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1@0.5.0"
+ "purl": "pkg:pypi/pyasn1@0.5.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "29-pyasn1-modules",
+ "bom-ref": "28-pyasn1-modules",
"name": "pyasn1-modules",
"version": "0.3.0",
"supplier": {
@@ -964,6 +1075,10 @@
],
"purl": "pkg:pypi/pyasn1-modules@0.3.0",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression."
@@ -972,11 +1087,11 @@
},
{
"type": "library",
- "bom-ref": "30-rsa",
+ "bom-ref": "29-rsa",
"name": "rsa",
"version": "4.7.2",
"supplier": {
- "name": "Sybren A. Stuvel",
+ "name": "Sybren A . Stuvel",
"contact": [
{
"email": "sybren@stuvel.eu"
@@ -1002,6 +1117,10 @@
],
"purl": "pkg:pypi/rsa@4.7.2",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression."
@@ -1010,9 +1129,9 @@
},
{
"type": "library",
- "bom-ref": "31-pyopenssl",
+ "bom-ref": "30-pyopenssl",
"name": "pyopenssl",
- "version": "23.2.0",
+ "version": "23.3.0",
"supplier": {
"name": "The pyOpenSSL developers",
"contact": [
@@ -1021,7 +1140,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.3.0:*:*:*:*:*:*:*",
"description": "Python wrapper module around the OpenSSL library",
"licenses": [
{
@@ -1033,13 +1152,17 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/pyOpenSSL/23.2.0",
+ "url": "https://pypi.org/project/pyOpenSSL/23.3.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyopenssl@23.2.0",
+ "purl": "pkg:pypi/pyopenssl@23.3.0",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression."
@@ -1048,9 +1171,9 @@
},
{
"type": "library",
- "bom-ref": "32-cryptography",
+ "bom-ref": "31-cryptography",
"name": "cryptography",
- "version": "41.0.1",
+ "version": "41.0.7",
"supplier": {
"name": "The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -1059,29 +1182,33 @@
}
]
},
- "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.7:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
- "license": {
- "expression": "Apache-2.0 OR BSD-3-Clause"
- }
+ "expression": "Apache-2.0 OR BSD-3-Clause"
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cryptography/41.0.1",
+ "url": "https://pypi.org/project/cryptography/41.0.7",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@41.0.1"
+ "purl": "pkg:pypi/cryptography@41.0.7",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "33-cffi",
+ "bom-ref": "32-cffi",
"name": "cffi",
- "version": "1.15.1",
+ "version": "1.16.0",
"supplier": {
"name": "Armin Maciej Fijalkowski",
"contact": [
@@ -1090,7 +1217,7 @@
}
]
},
- "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.15.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:*:*:*:*:*:*:*",
"description": "Foreign Function Interface for Python calling C code.",
"licenses": [
{
@@ -1102,16 +1229,22 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cffi/1.15.1",
+ "url": "https://pypi.org/project/cffi/1.16.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cffi@1.15.1"
+ "purl": "pkg:pypi/cffi@1.16.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "34-pycparser",
+ "bom-ref": "33-pycparser",
"name": "pycparser",
"version": "2.21",
"supplier": {
@@ -1141,6 +1274,10 @@
],
"purl": "pkg:pypi/pycparser@2.21",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "pycparser declares BSD which is not currently a valid SPDX License identifier or expression."
@@ -1149,7 +1286,7 @@
},
{
"type": "library",
- "bom-ref": "35-retry-decorator",
+ "bom-ref": "34-retry-decorator",
"name": "retry-decorator",
"version": "1.1.1",
"supplier": {
@@ -1177,11 +1314,17 @@
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/retry-decorator@1.1.1"
+ "purl": "pkg:pypi/retry-decorator@1.1.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "36-google-apitools",
+ "bom-ref": "35-google-apitools",
"name": "google-apitools",
"version": "0.5.32",
"supplier": {
@@ -1211,6 +1354,10 @@
],
"purl": "pkg:pypi/google-apitools@0.5.32",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
@@ -1219,9 +1366,9 @@
},
{
"type": "library",
- "bom-ref": "37-google-auth",
+ "bom-ref": "36-google-auth",
"name": "google-auth",
- "version": "2.21.0",
+ "version": "2.24.0",
"supplier": {
"name": "Google Cloud Platform",
"contact": [
@@ -1230,7 +1377,7 @@
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.21.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.24.0:*:*:*:*:*:*:*",
"description": "Google Authentication Library",
"licenses": [
{
@@ -1242,13 +1389,17 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/google-auth/2.21.0",
+ "url": "https://pypi.org/project/google-auth/2.24.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth@2.21.0",
+ "purl": "pkg:pypi/google-auth@2.24.0",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
@@ -1257,9 +1408,9 @@
},
{
"type": "library",
- "bom-ref": "38-cachetools",
+ "bom-ref": "37-cachetools",
"name": "cachetools",
- "version": "5.3.1",
+ "version": "5.3.2",
"supplier": {
"name": "Thomas Kemmer",
"contact": [
@@ -1268,7 +1419,7 @@
}
]
},
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.2:*:*:*:*:*:*:*",
"description": "Extensible memoizing collections and decorators",
"licenses": [
{
@@ -1280,48 +1431,22 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cachetools/5.3.1",
+ "url": "https://pypi.org/project/cachetools/5.3.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cachetools@5.3.1"
- },
- {
- "type": "library",
- "bom-ref": "39-urllib3",
- "name": "urllib3",
- "version": "1.26.16",
- "supplier": {
- "name": "Andrey Petrov",
- "contact": [
- {
- "email": "andrey.petrov@shazow.net"
- }
- ]
- },
- "cpe": "cpe:2.3:a:andrey_petrov:urllib3:1.26.16:*:*:*:*:*:*:*",
- "description": "HTTP library with thread-safe connection pooling, file post, and more.",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
+ "purl": "pkg:pypi/cachetools@5.3.2",
+ "properties": [
{
- "url": "https://pypi.org/project/urllib3/1.26.16",
- "type": "distribution",
- "comment": "Download location for component"
+ "name": "language",
+ "value": "Python"
}
- ],
- "purl": "pkg:pypi/urllib3@1.26.16"
+ ]
},
{
"type": "library",
- "bom-ref": "40-monotonic",
+ "bom-ref": "38-monotonic",
"name": "monotonic",
"version": "1.6",
"supplier": {
@@ -1351,6 +1476,10 @@
],
"purl": "pkg:pypi/monotonic@1.6",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "monotonic declares Apache which is not currently a valid SPDX License identifier or expression."
@@ -1359,57 +1488,69 @@
},
{
"type": "library",
- "bom-ref": "41-importlib-metadata",
+ "bom-ref": "39-importlib-metadata",
"name": "importlib-metadata",
- "version": "6.8.0",
+ "version": "7.0.0",
"supplier": {
- "name": "Jason R. Coombs",
+ "name": "Jason R . Coombs",
"contact": [
{
"email": "jaraco@jaraco.com"
}
]
},
- "cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:6.8.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:7.0.0:*:*:*:*:*:*:*",
"description": "Read metadata from Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/importlib-metadata/6.8.0",
+ "url": "https://pypi.org/project/importlib-metadata/7.0.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/importlib-metadata@6.8.0"
+ "purl": "pkg:pypi/importlib-metadata@7.0.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "42-zipp",
+ "bom-ref": "40-zipp",
"name": "zipp",
- "version": "3.16.0",
+ "version": "3.17.0",
"supplier": {
- "name": "Jason R. Coombs",
+ "name": "Jason R . Coombs",
"contact": [
{
"email": "jaraco@jaraco.com"
}
]
},
- "cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.16.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.17.0:*:*:*:*:*:*:*",
"description": "Backport of pathlib-compatible object wrapper for zip files",
"externalReferences": [
{
- "url": "https://pypi.org/project/zipp/3.16.0",
+ "url": "https://pypi.org/project/zipp/3.17.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zipp@3.16.0"
+ "purl": "pkg:pypi/zipp@3.17.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "43-importlib-resources",
+ "bom-ref": "41-importlib-resources",
"name": "importlib-resources",
- "version": "6.0.0",
+ "version": "6.1.1",
"supplier": {
"name": "Barry Warsaw",
"contact": [
@@ -1418,20 +1559,26 @@
}
]
},
- "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.0.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.1.1:*:*:*:*:*:*:*",
"description": "Read resources from Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/importlib-resources/6.0.0",
+ "url": "https://pypi.org/project/importlib-resources/6.1.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/importlib-resources@6.0.0"
+ "purl": "pkg:pypi/importlib-resources@6.1.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "44-jinja2",
+ "bom-ref": "42-jinja2",
"name": "jinja2",
"version": "3.1.2",
"supplier": {
@@ -1459,13 +1606,23 @@
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/jinja2@3.1.2"
+ "purl": "pkg:pypi/jinja2@3.1.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "45-markupsafe",
+ "bom-ref": "43-markupsafe",
"name": "markupsafe",
"version": "2.1.3",
+ "supplier": {
+ "name": "NOASSERTION"
+ },
+ "cpe": "cpe:/a:NOASSERTION:markupsafe:2.1.3",
"description": "Safely add untrusted strings to HTML/XML markup.",
"licenses": [
{
@@ -1482,17 +1639,23 @@
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/markupsafe@2.1.3"
+ "purl": "pkg:pypi/markupsafe@2.1.3",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "46-jsonschema",
+ "bom-ref": "44-jsonschema",
"name": "jsonschema",
- "version": "4.18.0",
+ "version": "4.20.0",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*:*:*:*:*",
"description": "An implementation of JSON Schema validation for Python",
"licenses": [
{
@@ -1504,22 +1667,28 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/jsonschema/4.18.0",
+ "url": "https://pypi.org/project/jsonschema/4.20.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/jsonschema@4.18.0"
+ "purl": "pkg:pypi/jsonschema@4.20.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "47-jsonschema-specifications",
+ "bom-ref": "45-jsonschema-specifications",
"name": "jsonschema-specifications",
- "version": "2023.6.1",
+ "version": "2023.11.2",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.6.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:*",
"description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
"licenses": [
{
@@ -1531,22 +1700,28 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/jsonschema-specifications/2023.6.1",
+ "url": "https://pypi.org/project/jsonschema-specifications/2023.11.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/jsonschema-specifications@2023.6.1"
+ "purl": "pkg:pypi/jsonschema-specifications@2023.11.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "48-referencing",
+ "bom-ref": "46-referencing",
"name": "referencing",
- "version": "0.29.1",
+ "version": "0.31.1",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:referencing:0.29.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:referencing:0.31.1:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
"licenses": [
{
@@ -1558,22 +1733,28 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/referencing/0.29.1",
+ "url": "https://pypi.org/project/referencing/0.31.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/referencing@0.29.1"
+ "purl": "pkg:pypi/referencing@0.31.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "49-rpds-py",
+ "bom-ref": "47-rpds-py",
"name": "rpds-py",
- "version": "0.8.10",
+ "version": "0.13.2",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.8.10:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.13.2:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"licenses": [
{
@@ -1585,16 +1766,22 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/rpds-py/0.8.10",
+ "url": "https://pypi.org/project/rpds-py/0.13.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.8.10"
+ "purl": "pkg:pypi/rpds-py@0.13.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "50-pkgutil-resolve-name",
+ "bom-ref": "48-pkgutil-resolve-name",
"name": "pkgutil-resolve-name",
"version": "1.3.10",
"supplier": {
@@ -1614,13 +1801,19 @@
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pkgutil-resolve-name@1.3.10"
+ "purl": "pkg:pypi/pkgutil-resolve-name@1.3.10",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "51-lib4sbom",
+ "bom-ref": "49-lib4sbom",
"name": "lib4sbom",
- "version": "0.3.1",
+ "version": "0.5.3",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -1629,7 +1822,7 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.5.3:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"licenses": [
{
@@ -1641,18 +1834,24 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/lib4sbom/0.3.1",
+ "url": "https://pypi.org/project/lib4sbom/0.5.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.3.1"
+ "purl": "pkg:pypi/lib4sbom@0.5.3",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "52-pyyaml",
+ "bom-ref": "50-pyyaml",
"name": "pyyaml",
- "version": "6.0",
+ "version": "6.0.1",
"supplier": {
"name": "Kirill Simonov",
"contact": [
@@ -1661,7 +1860,7 @@
}
]
},
- "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:*",
"description": "YAML parser and emitter for Python",
"licenses": [
{
@@ -1673,16 +1872,22 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/PyYAML/6.0",
+ "url": "https://pypi.org/project/PyYAML/6.0.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyyaml@6.0"
+ "purl": "pkg:pypi/pyyaml@6.0.1",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "53-semantic-version",
+ "bom-ref": "51-semantic-version",
"name": "semantic-version",
"version": "2.10.0",
"supplier": {
@@ -1712,6 +1917,10 @@
],
"purl": "pkg:pypi/semantic-version@2.10.0",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "semantic-version declares BSD which is not currently a valid SPDX License identifier or expression."
@@ -1720,7 +1929,7 @@
},
{
"type": "library",
- "bom-ref": "54-packaging",
+ "bom-ref": "52-packaging",
"name": "packaging",
"version": "21.3",
"supplier": {
@@ -1735,9 +1944,7 @@
"description": "Core utilities for Python packages",
"licenses": [
{
- "license": {
- "expression": "BSD-2-Clause OR Apache-2.0"
- }
+ "expression": "BSD-2-Clause OR Apache-2.0"
}
],
"externalReferences": [
@@ -1749,6 +1956,10 @@
],
"purl": "pkg:pypi/packaging@21.3",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "packaging declares BSD-2-Clause or Apache-2.0 which is not currently a valid SPDX License identifier or expression."
@@ -1757,9 +1968,9 @@
},
{
"type": "library",
- "bom-ref": "55-plotly",
+ "bom-ref": "53-plotly",
"name": "plotly",
- "version": "5.15.0",
+ "version": "5.18.0",
"supplier": {
"name": "Chris P",
"contact": [
@@ -1768,7 +1979,7 @@
}
]
},
- "cpe": "cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:chris_p:plotly:5.18.0:*:*:*:*:*:*:*",
"description": "An open-source, interactive data visualization library for Python",
"licenses": [
{
@@ -1780,18 +1991,24 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/plotly/5.15.0",
+ "url": "https://pypi.org/project/plotly/5.18.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/plotly@5.15.0"
+ "purl": "pkg:pypi/plotly@5.18.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
- "bom-ref": "56-tenacity",
+ "bom-ref": "54-tenacity",
"name": "tenacity",
- "version": "8.2.2",
+ "version": "8.2.3",
"supplier": {
"name": "Julien Danjou",
"contact": [
@@ -1800,7 +2017,7 @@
}
]
},
- "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*",
"description": "Retry code until it succeeds",
"licenses": [
{
@@ -1812,13 +2029,17 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/tenacity/8.2.2",
+ "url": "https://pypi.org/project/tenacity/8.2.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/tenacity@8.2.2",
+ "purl": "pkg:pypi/tenacity@8.2.3",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
@@ -1827,9 +2048,9 @@
},
{
"type": "library",
- "bom-ref": "57-python-gnupg",
+ "bom-ref": "55-python-gnupg",
"name": "python-gnupg",
- "version": "0.5.0",
+ "version": "0.5.1",
"supplier": {
"name": "Vinay Sajip",
"contact": [
@@ -1838,7 +2059,7 @@
}
]
},
- "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.1:*:*:*:*:*:*:*",
"description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
"licenses": [
{
@@ -1850,13 +2071,17 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/python-gnupg/0.5.0",
+ "url": "https://pypi.org/project/python-gnupg/0.5.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/python-gnupg@0.5.0",
+ "purl": "pkg:pypi/python-gnupg@0.5.1",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression."
@@ -1865,7 +2090,7 @@
},
{
"type": "library",
- "bom-ref": "58-requests",
+ "bom-ref": "56-requests",
"name": "requests",
"version": "2.31.0",
"supplier": {
@@ -1895,6 +2120,10 @@
],
"purl": "pkg:pypi/requests@2.31.0",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
@@ -1903,9 +2132,9 @@
},
{
"type": "library",
- "bom-ref": "59-certifi",
+ "bom-ref": "57-certifi",
"name": "certifi",
- "version": "2023.5.7",
+ "version": "2023.11.17",
"supplier": {
"name": "Kenneth Reitz",
"contact": [
@@ -1914,7 +2143,7 @@
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2023.11.17:*:*:*:*:*:*:*",
"description": "Python package for providing Mozilla's CA Bundle.",
"licenses": [
{
@@ -1926,18 +2155,92 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/certifi/2023.5.7",
+ "url": "https://pypi.org/project/certifi/2023.11.17",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/certifi@2023.5.7"
+ "purl": "pkg:pypi/certifi@2023.11.17",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "58-charset-normalizer",
+ "name": "charset-normalizer",
+ "version": "3.3.2",
+ "supplier": {
+ "name": "Ahmed TAHRI",
+ "contact": [
+ {
+ "email": "ahmed.tahri@cloudnursery.dev"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*",
+ "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/charset-normalizer/3.3.2",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/charset-normalizer@3.3.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "59-urllib3",
+ "name": "urllib3",
+ "version": "2.1.0",
+ "supplier": {
+ "name": "Andrey Petrov",
+ "contact": [
+ {
+ "email": "andrey.petrov@shazow.net"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.1.0:*:*:*:*:*:*:*",
+ "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/urllib3/2.1.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/urllib3@2.1.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
"bom-ref": "60-rich",
"name": "rich",
- "version": "13.4.2",
+ "version": "13.7.0",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -1946,7 +2249,7 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.7.0:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"licenses": [
{
@@ -1958,12 +2261,18 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/rich/13.4.2",
+ "url": "https://pypi.org/project/rich/13.7.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.4.2"
+ "purl": "pkg:pypi/rich@13.7.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
@@ -1987,7 +2296,13 @@
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/markdown-it-py@3.0.0"
+ "purl": "pkg:pypi/markdown-it-py@3.0.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
@@ -2011,13 +2326,19 @@
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/mdurl@0.1.2"
+ "purl": "pkg:pypi/mdurl@0.1.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
"bom-ref": "63-pygments",
"name": "pygments",
- "version": "2.15.1",
+ "version": "2.17.2",
"supplier": {
"name": "Georg Brandl",
"contact": [
@@ -2026,7 +2347,7 @@
}
]
},
- "cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*",
"description": "Pygments is a syntax highlighting package written in Python.",
"licenses": [
{
@@ -2038,18 +2359,24 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/Pygments/2.15.1",
+ "url": "https://pypi.org/project/Pygments/2.17.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pygments@2.15.1"
+ "purl": "pkg:pypi/pygments@2.17.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
"bom-ref": "64-typing-extensions",
"name": "typing-extensions",
- "version": "4.7.1",
+ "version": "4.8.0",
"supplier": {
"name": "Guido van Jukka ukasz Michael",
"contact": [
@@ -2058,22 +2385,28 @@
}
]
},
- "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.7.1:*:*:*:*:*:*:*",
- "description": "Backported and Experimental Type Hints for Python 3.7+",
+ "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.8.0:*:*:*:*:*:*:*",
+ "description": "Backported and Experimental Type Hints for Python 3.8+",
"externalReferences": [
{
- "url": "https://pypi.org/project/typing_extensions/4.7.1",
+ "url": "https://pypi.org/project/typing_extensions/4.8.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/typing-extensions@4.7.1"
+ "purl": "pkg:pypi/typing-extensions@4.8.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
"bom-ref": "65-rpmfile",
"name": "rpmfile",
- "version": "1.1.1",
+ "version": "2.0.0",
"supplier": {
"name": "Sean Ross",
"contact": [
@@ -2082,7 +2415,7 @@
}
]
},
- "cpe": "cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*",
"description": "Read rpm archive files",
"licenses": [
{
@@ -2094,12 +2427,18 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/rpmfile/1.1.1",
+ "url": "https://pypi.org/project/rpmfile/2.0.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpmfile@1.1.1"
+ "purl": "pkg:pypi/rpmfile@2.0.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
@@ -2131,13 +2470,19 @@
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/toml@0.10.2"
+ "purl": "pkg:pypi/toml@0.10.2",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
"bom-ref": "67-xmlschema",
"name": "xmlschema",
- "version": "2.3.1",
+ "version": "2.5.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -2146,7 +2491,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.5.0:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -2158,18 +2503,24 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/xmlschema/2.3.1",
+ "url": "https://pypi.org/project/xmlschema/2.5.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@2.3.1"
+ "purl": "pkg:pypi/xmlschema@2.5.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
"bom-ref": "68-elementpath",
"name": "elementpath",
- "version": "4.1.4",
+ "version": "4.1.5",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -2178,7 +2529,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
"licenses": [
{
@@ -2190,18 +2541,24 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/elementpath/4.1.4",
+ "url": "https://pypi.org/project/elementpath/4.1.5",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/elementpath@4.1.4"
+ "purl": "pkg:pypi/elementpath@4.1.5",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ }
+ ]
},
{
"type": "library",
"bom-ref": "69-zstandard",
"name": "zstandard",
- "version": "0.21.0",
+ "version": "0.22.0",
"supplier": {
"name": "Gregory Szorc",
"contact": [
@@ -2210,7 +2567,7 @@
}
]
},
- "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.22.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
"licenses": [
{
@@ -2222,13 +2579,17 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/zstandard/0.21.0",
+ "url": "https://pypi.org/project/zstandard/0.22.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zstandard@0.21.0",
+ "purl": "pkg:pypi/zstandard@0.22.0",
"properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
{
"name": "License Comments",
"value": "zstandard declares BSD which is not currently a valid SPDX License identifier or expression."
@@ -2247,25 +2608,25 @@
"ref": "1-cve-bin-tool",
"dependsOn": [
"2-aiohttp",
- "11-beautifulsoup4",
- "13-cvss",
- "14-defusedxml",
- "15-distro",
- "16-gsutil",
- "41-importlib-metadata",
- "43-importlib-resources",
- "44-jinja2",
- "46-jsonschema",
- "51-lib4sbom",
- "54-packaging",
- "55-plotly",
- "57-python-gnupg",
- "52-pyyaml",
- "58-requests",
+ "10-beautifulsoup4",
+ "12-cvss",
+ "13-defusedxml",
+ "14-distro",
+ "15-gsutil",
+ "39-importlib-metadata",
+ "41-importlib-resources",
+ "42-jinja2",
+ "44-jsonschema",
+ "49-lib4sbom",
+ "52-packaging",
+ "53-plotly",
+ "55-python-gnupg",
+ "50-pyyaml",
+ "56-requests",
"60-rich",
"65-rpmfile",
"66-toml",
- "39-urllib3",
+ "59-urllib3",
"67-xmlschema",
"69-zstandard"
]
@@ -2276,10 +2637,9 @@
"3-aiosignal",
"5-async-timeout",
"6-attrs",
- "7-charset-normalizer",
"4-frozenlist",
- "8-multidict",
- "9-yarl"
+ "7-multidict",
+ "8-yarl"
]
},
{
@@ -2289,195 +2649,194 @@
]
},
{
- "ref": "9-yarl",
+ "ref": "8-yarl",
"dependsOn": [
- "10-idna",
- "8-multidict"
+ "9-idna",
+ "7-multidict"
]
},
{
- "ref": "11-beautifulsoup4",
+ "ref": "10-beautifulsoup4",
"dependsOn": [
- "12-soupsieve"
+ "11-soupsieve"
]
},
{
- "ref": "16-gsutil",
+ "ref": "15-gsutil",
"dependsOn": [
- "17-argcomplete",
- "18-crcmod",
- "19-fasteners",
- "20-gcs-oauth2-boto-plugin",
- "36-google-apitools",
- "37-google-auth",
- "22-google-reauth",
- "25-httplib2",
- "40-monotonic",
- "31-pyopenssl",
- "35-retry-decorator",
- "24-six"
- ]
- },
- {
- "ref": "20-gcs-oauth2-boto-plugin",
+ "16-argcomplete",
+ "17-crcmod",
+ "18-fasteners",
+ "19-gcs-oauth2-boto-plugin",
+ "35-google-apitools",
+ "36-google-auth",
+ "21-google-reauth",
+ "24-httplib2",
+ "38-monotonic",
+ "30-pyopenssl",
+ "34-retry-decorator",
+ "23-six"
+ ]
+ },
+ {
+ "ref": "19-gcs-oauth2-boto-plugin",
"dependsOn": [
- "21-boto",
- "22-google-reauth",
- "25-httplib2",
- "27-oauth2client",
- "31-pyopenssl",
- "35-retry-decorator",
- "30-rsa",
- "24-six"
+ "20-boto",
+ "21-google-reauth",
+ "24-httplib2",
+ "26-oauth2client",
+ "30-pyopenssl",
+ "34-retry-decorator",
+ "29-rsa",
+ "23-six"
]
},
{
- "ref": "22-google-reauth",
+ "ref": "21-google-reauth",
"dependsOn": [
- "23-pyu2f"
+ "22-pyu2f"
]
},
{
- "ref": "23-pyu2f",
+ "ref": "22-pyu2f",
"dependsOn": [
- "24-six"
+ "23-six"
]
},
{
- "ref": "25-httplib2",
+ "ref": "24-httplib2",
"dependsOn": [
- "26-pyparsing"
+ "25-pyparsing"
]
},
{
- "ref": "27-oauth2client",
+ "ref": "26-oauth2client",
"dependsOn": [
- "25-httplib2",
- "28-pyasn1",
- "29-pyasn1-modules",
- "30-rsa",
- "24-six"
+ "24-httplib2",
+ "27-pyasn1",
+ "28-pyasn1-modules",
+ "29-rsa",
+ "23-six"
]
},
{
- "ref": "29-pyasn1-modules",
+ "ref": "28-pyasn1-modules",
"dependsOn": [
- "28-pyasn1"
+ "27-pyasn1"
]
},
{
- "ref": "30-rsa",
+ "ref": "29-rsa",
"dependsOn": [
- "28-pyasn1"
+ "27-pyasn1"
]
},
{
- "ref": "31-pyopenssl",
+ "ref": "30-pyopenssl",
"dependsOn": [
- "32-cryptography"
+ "31-cryptography"
]
},
{
- "ref": "32-cryptography",
+ "ref": "31-cryptography",
"dependsOn": [
- "33-cffi"
+ "32-cffi"
]
},
{
- "ref": "33-cffi",
+ "ref": "32-cffi",
"dependsOn": [
- "34-pycparser"
+ "33-pycparser"
]
},
{
- "ref": "36-google-apitools",
+ "ref": "35-google-apitools",
"dependsOn": [
- "19-fasteners",
- "25-httplib2",
- "27-oauth2client",
- "24-six"
+ "18-fasteners",
+ "24-httplib2",
+ "26-oauth2client",
+ "23-six"
]
},
{
- "ref": "37-google-auth",
+ "ref": "36-google-auth",
"dependsOn": [
- "38-cachetools",
- "29-pyasn1-modules",
- "30-rsa",
- "24-six",
- "39-urllib3"
+ "37-cachetools",
+ "28-pyasn1-modules",
+ "29-rsa"
]
},
{
- "ref": "41-importlib-metadata",
+ "ref": "39-importlib-metadata",
"dependsOn": [
- "42-zipp"
+ "40-zipp"
]
},
{
- "ref": "43-importlib-resources",
+ "ref": "41-importlib-resources",
"dependsOn": [
- "42-zipp"
+ "40-zipp"
]
},
{
- "ref": "44-jinja2",
+ "ref": "42-jinja2",
"dependsOn": [
- "45-markupsafe"
+ "43-markupsafe"
]
},
{
- "ref": "46-jsonschema",
+ "ref": "44-jsonschema",
"dependsOn": [
"6-attrs",
- "43-importlib-resources",
- "47-jsonschema-specifications",
- "50-pkgutil-resolve-name",
- "48-referencing",
- "49-rpds-py"
+ "41-importlib-resources",
+ "45-jsonschema-specifications",
+ "48-pkgutil-resolve-name",
+ "46-referencing",
+ "47-rpds-py"
]
},
{
- "ref": "47-jsonschema-specifications",
+ "ref": "45-jsonschema-specifications",
"dependsOn": [
- "43-importlib-resources",
- "48-referencing"
+ "41-importlib-resources",
+ "46-referencing"
]
},
{
- "ref": "48-referencing",
+ "ref": "46-referencing",
"dependsOn": [
"6-attrs",
- "49-rpds-py"
+ "47-rpds-py"
]
},
{
- "ref": "51-lib4sbom",
+ "ref": "49-lib4sbom",
"dependsOn": [
- "52-pyyaml",
- "53-semantic-version"
+ "13-defusedxml",
+ "50-pyyaml",
+ "51-semantic-version"
]
},
{
- "ref": "54-packaging",
+ "ref": "52-packaging",
"dependsOn": [
- "26-pyparsing"
+ "25-pyparsing"
]
},
{
- "ref": "55-plotly",
+ "ref": "53-plotly",
"dependsOn": [
- "54-packaging",
- "56-tenacity"
+ "52-packaging",
+ "54-tenacity"
]
},
{
- "ref": "58-requests",
+ "ref": "56-requests",
"dependsOn": [
- "59-certifi",
- "7-charset-normalizer",
- "10-idna",
- "39-urllib3"
+ "57-certifi",
+ "58-charset-normalizer",
+ "9-idna",
+ "59-urllib3"
]
},
{
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
index 7fa36c2603..e4bc28b3b6 100644
--- a/sbom/cve-bin-tool-py3.8.spdx
+++ b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-ad7dbeb4-29be-41b7-9df6-a373cb966694
-LicenseListVersion: 3.20
-Creator: Tool: sbom4python-0.9.2
-Created: 2023-07-10T00:38:13Z
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-ac9f9e44-d9f1-4548-b52a-0957ef1de890
+LicenseListVersion: 3.22
+Creator: Tool: sbom4python-0.10.1
+Created: 2023-12-04T01:21:54Z
CreatorComment: This document has been automatically generated.
#####
@@ -26,24 +26,24 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.2.dev0:*:*:
PackageName: aiohttp
SPDXID: SPDXRef-Package-2-aiohttp
-PackageVersion: 3.8.4
+PackageVersion: 3.9.1
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.8.4
+PackageSupplier: Organization: NOASSERTION
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.1
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.4
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.9.1
#####
PackageName: aiosignal
SPDXID: SPDXRef-Package-3-aiosignal
PackageVersion: 1.3.1
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: NOASSERTION
+PackageSupplier: Organization: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
@@ -55,33 +55,33 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.3.1
PackageName: frozenlist
SPDXID: SPDXRef-Package-4-frozenlist
-PackageVersion: 1.3.3
+PackageVersion: 1.4.0
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/frozenlist/1.3.3
+PackageSupplier: Organization: NOASSERTION
+PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.3.3
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.4.0
#####
PackageName: async-timeout
SPDXID: SPDXRef-Package-5-async-timeout
-PackageVersion: 4.0.2
+PackageVersion: 4.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.2
+PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Timeout context manager for asyncio programs
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/async-timeout@4.0.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/async-timeout@4.0.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*
#####
PackageName: attrs
@@ -99,23 +99,8 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@23.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*:*:*
#####
-PackageName: charset-normalizer
-SPDXID: SPDXRef-Package-7-charset-normalizer
-PackageVersion: 3.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev)
-PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.2.0
-FilesAnalyzed: false
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.2.0:*:*:*:*:*:*:*
-#####
-
PackageName: multidict
-SPDXID: SPDXRef-Package-8-multidict
+SPDXID: SPDXRef-Package-7-multidict
PackageVersion: 6.0.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
@@ -131,37 +116,37 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:*
#####
PackageName: yarl
-SPDXID: SPDXRef-Package-9-yarl
-PackageVersion: 1.9.2
+SPDXID: SPDXRef-Package-8-yarl
+PackageVersion: 1.9.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.9.2
+PackageDownloadLocation: https://pypi.org/project/yarl/1.9.3
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.3:*:*:*:*:*:*:*
#####
PackageName: idna
-SPDXID: SPDXRef-Package-10-idna
-PackageVersion: 3.4
+SPDXID: SPDXRef-Package-9-idna
+PackageVersion: 3.6
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Kim Davies (kim@cynosure.com.au)
-PackageDownloadLocation: https://pypi.org/project/idna/3.4
+PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
+PackageDownloadLocation: https://pypi.org/project/idna/3.6
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Internationalized Domain Names in Applications (IDNA)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/idna@3.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/idna@3.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:*
#####
PackageName: beautifulsoup4
-SPDXID: SPDXRef-Package-11-beautifulsoup4
+SPDXID: SPDXRef-Package-10-beautifulsoup4
PackageVersion: 4.12.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
@@ -176,22 +161,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12
#####
PackageName: soupsieve
-SPDXID: SPDXRef-Package-12-soupsieve
-PackageVersion: 2.4.1
+SPDXID: SPDXRef-Package-11-soupsieve
+PackageVersion: 2.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Isaac Muse (use@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/soupsieve/2.4.1
+PackageDownloadLocation: https://pypi.org/project/soupsieve/2.5
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A modern CSS selector implementation for Beautiful Soup.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.4.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.4.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*
#####
PackageName: cvss
-SPDXID: SPDXRef-Package-13-cvss
+SPDXID: SPDXRef-Package-12-cvss
PackageVersion: 2.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
@@ -207,7 +192,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvs
#####
PackageName: defusedxml
-SPDXID: SPDXRef-Package-14-defusedxml
+SPDXID: SPDXRef-Package-13-defusedxml
PackageVersion: 0.7.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Christian Heimes (christian@python.org)
@@ -223,7 +208,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:
#####
PackageName: distro
-SPDXID: SPDXRef-Package-15-distro
+SPDXID: SPDXRef-Package-14-distro
PackageVersion: 1.8.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Nir Cohen (nir36g@gmail.com)
@@ -239,39 +224,39 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:*
#####
PackageName: gsutil
-SPDXID: SPDXRef-Package-16-gsutil
-PackageVersion: 5.25
+SPDXID: SPDXRef-Package-15-gsutil
+PackageVersion: 5.27
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.25
+PackageDownloadLocation: https://pypi.org/project/gsutil/5.27
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A command line tool for interacting with cloud storage services.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.25
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.27
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*
#####
PackageName: argcomplete
-SPDXID: SPDXRef-Package-17-argcomplete
-PackageVersion: 3.1.1
+SPDXID: SPDXRef-Package-16-argcomplete
+PackageVersion: 3.1.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.1
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.6
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.1.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.6:*:*:*:*:*:*:*
#####
PackageName: crcmod
-SPDXID: SPDXRef-Package-18-crcmod
+SPDXID: SPDXRef-Package-17-crcmod
PackageVersion: 1.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com)
@@ -286,23 +271,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
#####
PackageName: fasteners
-SPDXID: SPDXRef-Package-19-fasteners
-PackageVersion: 0.18
+SPDXID: SPDXRef-Package-18-fasteners
+PackageVersion: 0.19
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joshua Harlow
-PackageDownloadLocation: https://pypi.org/project/fasteners/0.18
+PackageDownloadLocation: https://pypi.org/project/fasteners/0.19
FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
+PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A python package that provides useful locks
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.18
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.19
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*
#####
PackageName: gcs-oauth2-boto-plugin
-SPDXID: SPDXRef-Package-20-gcs-oauth2-boto-plugin
+SPDXID: SPDXRef-Package-19-gcs-oauth2-boto-plugin
PackageVersion: 3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (gs-team@google.com)
@@ -318,7 +302,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0
#####
PackageName: boto
-SPDXID: SPDXRef-Package-21-boto
+SPDXID: SPDXRef-Package-20-boto
PackageVersion: 2.49.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
@@ -333,7 +317,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:
#####
PackageName: google-reauth
-SPDXID: SPDXRef-Package-22-google-reauth
+SPDXID: SPDXRef-Package-21-google-reauth
PackageVersion: 0.1.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google (googleapis-publisher@google.com)
@@ -349,7 +333,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*
#####
PackageName: pyu2f
-SPDXID: SPDXRef-Package-23-pyu2f
+SPDXID: SPDXRef-Package-22-pyu2f
PackageVersion: 0.1.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
@@ -365,7 +349,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
#####
PackageName: six
-SPDXID: SPDXRef-Package-24-six
+SPDXID: SPDXRef-Package-23-six
PackageVersion: 1.16.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Benjamin Peterson (benjamin@python.org)
@@ -380,7 +364,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*
#####
PackageName: httplib2
-SPDXID: SPDXRef-Package-25-httplib2
+SPDXID: SPDXRef-Package-24-httplib2
PackageVersion: 0.20.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joe Gregorio (joe@bitworking.org)
@@ -395,22 +379,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*
#####
PackageName: pyparsing
-SPDXID: SPDXRef-Package-26-pyparsing
-PackageVersion: 3.1.0
+SPDXID: SPDXRef-Package-25-pyparsing
+PackageVersion: 3.1.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.0
+PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.1
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:*
#####
PackageName: oauth2client
-SPDXID: SPDXRef-Package-27-oauth2client
+SPDXID: SPDXRef-Package-26-oauth2client
PackageVersion: 4.1.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com)
@@ -426,22 +410,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*
#####
PackageName: pyasn1
-SPDXID: SPDXRef-Package-28-pyasn1
-PackageVersion: 0.5.0
+SPDXID: SPDXRef-Package-27-pyasn1
+PackageVersion: 0.5.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1/0.5.0
+PackageDownloadLocation: https://pypi.org/project/pyasn1/0.5.1
FilesAnalyzed: false
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.5.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.5.1:*:*:*:*:*:*:*
#####
PackageName: pyasn1-modules
-SPDXID: SPDXRef-Package-29-pyasn1-modules
+SPDXID: SPDXRef-Package-28-pyasn1-modules
PackageVersion: 0.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
@@ -457,7 +441,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.3.0:*:*:
#####
PackageName: rsa
-SPDXID: SPDXRef-Package-30-rsa
+SPDXID: SPDXRef-Package-29-rsa
PackageVersion: 4.7.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
@@ -473,53 +457,53 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*
#####
PackageName: pyopenssl
-SPDXID: SPDXRef-Package-31-pyopenssl
-PackageVersion: 23.2.0
+SPDXID: SPDXRef-Package-30-pyopenssl
+PackageVersion: 23.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.2.0
+PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.3.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.3.0:*:*:*:*:*:*:*
#####
PackageName: cryptography
-SPDXID: SPDXRef-Package-32-cryptography
-PackageVersion: 41.0.1
+SPDXID: SPDXRef-Package-31-cryptography
+PackageVersion: 41.0.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.1
+PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.7
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.7
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.7:*:*:*:*:*:*:*
#####
PackageName: cffi
-SPDXID: SPDXRef-Package-33-cffi
-PackageVersion: 1.15.1
+SPDXID: SPDXRef-Package-32-cffi
+PackageVersion: 1.16.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com)
-PackageDownloadLocation: https://pypi.org/project/cffi/1.15.1
+PackageDownloadLocation: https://pypi.org/project/cffi/1.16.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Foreign Function Interface for Python calling C code.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@1.15.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.15.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@1.16.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:*:*:*:*:*:*:*
#####
PackageName: pycparser
-SPDXID: SPDXRef-Package-34-pycparser
+SPDXID: SPDXRef-Package-33-pycparser
PackageVersion: 2.21
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
@@ -535,7 +519,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.21:*:*:*:*:*
#####
PackageName: retry-decorator
-SPDXID: SPDXRef-Package-35-retry-decorator
+SPDXID: SPDXRef-Package-34-retry-decorator
PackageVersion: 1.1.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com)
@@ -550,7 +534,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*
#####
PackageName: google-apitools
-SPDXID: SPDXRef-Package-36-google-apitools
+SPDXID: SPDXRef-Package-35-google-apitools
PackageVersion: 0.5.32
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Craig Citro (craigcitro@google.com)
@@ -566,53 +550,38 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
#####
PackageName: google-auth
-SPDXID: SPDXRef-Package-37-google-auth
-PackageVersion: 2.21.0
+SPDXID: SPDXRef-Package-36-google-auth
+PackageVersion: 2.24.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.21.0
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.24.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.21.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.24.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.24.0:*:*:*:*:*:*:*
#####
PackageName: cachetools
-SPDXID: SPDXRef-Package-38-cachetools
-PackageVersion: 5.3.1
+SPDXID: SPDXRef-Package-37-cachetools
+PackageVersion: 5.3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.1
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.2
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Extensible memoizing collections and decorators
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:*
-#####
-
-PackageName: urllib3
-SPDXID: SPDXRef-Package-39-urllib3
-PackageVersion: 1.26.16
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
-PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.16
-FilesAnalyzed: false
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.16
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.16:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.2:*:*:*:*:*:*:*
#####
PackageName: monotonic
-SPDXID: SPDXRef-Package-40-monotonic
+SPDXID: SPDXRef-Package-38-monotonic
PackageVersion: 1.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ori Livneh (ori@wikimedia.org)
@@ -628,52 +597,52 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
#####
PackageName: importlib-metadata
-SPDXID: SPDXRef-Package-41-importlib-metadata
-PackageVersion: 6.8.0
+SPDXID: SPDXRef-Package-39-importlib-metadata
+PackageVersion: 7.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/importlib-metadata/6.8.0
+PackageDownloadLocation: https://pypi.org/project/importlib-metadata/7.0.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Read metadata from Python packages
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-metadata@6.8.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:6.8.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-metadata@7.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:7.0.0:*:*:*:*:*:*:*
#####
PackageName: zipp
-SPDXID: SPDXRef-Package-42-zipp
-PackageVersion: 3.16.0
+SPDXID: SPDXRef-Package-40-zipp
+PackageVersion: 3.17.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.16.0
+PackageDownloadLocation: https://pypi.org/project/zipp/3.17.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.16.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.16.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.17.0:*:*:*:*:*:*:*
#####
PackageName: importlib-resources
-SPDXID: SPDXRef-Package-43-importlib-resources
-PackageVersion: 6.0.0
+SPDXID: SPDXRef-Package-41-importlib-resources
+PackageVersion: 6.1.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Barry Warsaw (barry@python.org)
-PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.0.0
+PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.1.1
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Read resources from Python packages
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-resources@6.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-resources@6.1.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.1.1:*:*:*:*:*:*:*
#####
PackageName: jinja2
-SPDXID: SPDXRef-Package-44-jinja2
+SPDXID: SPDXRef-Package-42-jinja2
PackageVersion: 3.1.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)
@@ -688,10 +657,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*:
#####
PackageName: markupsafe
-SPDXID: SPDXRef-Package-45-markupsafe
+SPDXID: SPDXRef-Package-43-markupsafe
PackageVersion: 2.1.3
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: NOASSERTION
+PackageSupplier: Organization: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.3
FilesAnalyzed: false
PackageLicenseDeclared: BSD-3-Clause
@@ -702,67 +671,67 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3
#####
PackageName: jsonschema
-SPDXID: SPDXRef-Package-46-jsonschema
-PackageVersion: 4.18.0
+SPDXID: SPDXRef-Package-44-jsonschema
+PackageVersion: 4.20.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.0
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.20.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.20.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*:*:*:*:*
#####
PackageName: jsonschema-specifications
-SPDXID: SPDXRef-Package-47-jsonschema-specifications
-PackageVersion: 2023.6.1
+SPDXID: SPDXRef-Package-45-jsonschema-specifications
+PackageVersion: 2023.11.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.6.1
+PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.11.2
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.6.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.6.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.11.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:*
#####
PackageName: referencing
-SPDXID: SPDXRef-Package-48-referencing
-PackageVersion: 0.29.1
+SPDXID: SPDXRef-Package-46-referencing
+PackageVersion: 0.31.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.29.1
+PackageDownloadLocation: https://pypi.org/project/referencing/0.31.1
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.29.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.29.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.31.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.31.1:*:*:*:*:*:*:*
#####
PackageName: rpds-py
-SPDXID: SPDXRef-Package-49-rpds-py
-PackageVersion: 0.8.10
+SPDXID: SPDXRef-Package-47-rpds-py
+PackageVersion: 0.13.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.8.10
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.13.2
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.8.10
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.8.10:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.13.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.13.2:*:*:*:*:*:*:*
#####
PackageName: pkgutil-resolve-name
-SPDXID: SPDXRef-Package-50-pkgutil-resolve-name
+SPDXID: SPDXRef-Package-48-pkgutil-resolve-name
PackageVersion: 1.3.10
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
@@ -777,37 +746,37 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.1
#####
PackageName: lib4sbom
-SPDXID: SPDXRef-Package-51-lib4sbom
-PackageVersion: 0.3.1
+SPDXID: SPDXRef-Package-49-lib4sbom
+PackageVersion: 0.5.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.3.1
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.5.3
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.5.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.5.3:*:*:*:*:*:*:*
#####
PackageName: pyyaml
-SPDXID: SPDXRef-Package-52-pyyaml
-PackageVersion: 6.0
+SPDXID: SPDXRef-Package-50-pyyaml
+PackageVersion: 6.0.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
-PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0
+PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0.1
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: YAML parser and emitter for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:*
#####
PackageName: semantic-version
-SPDXID: SPDXRef-Package-53-semantic-version
+SPDXID: SPDXRef-Package-51-semantic-version
PackageVersion: 2.10.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org)
@@ -823,7 +792,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.
#####
PackageName: packaging
-SPDXID: SPDXRef-Package-54-packaging
+SPDXID: SPDXRef-Package-52-packaging
PackageVersion: 21.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Donald Stufft and individual contributors (donald@stufft.io)
@@ -839,54 +808,54 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut
#####
PackageName: plotly
-SPDXID: SPDXRef-Package-55-plotly
-PackageVersion: 5.15.0
+SPDXID: SPDXRef-Package-53-plotly
+PackageVersion: 5.18.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/5.15.0
+PackageDownloadLocation: https://pypi.org/project/plotly/5.18.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source, interactive data visualization library for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.15.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.18.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.18.0:*:*:*:*:*:*:*
#####
PackageName: tenacity
-SPDXID: SPDXRef-Package-56-tenacity
-PackageVersion: 8.2.2
+SPDXID: SPDXRef-Package-54-tenacity
+PackageVersion: 8.2.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
-PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.2
+PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.3
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Retry code until it succeeds
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*
#####
PackageName: python-gnupg
-SPDXID: SPDXRef-Package-57-python-gnupg
-PackageVersion: 0.5.0
+SPDXID: SPDXRef-Package-55-python-gnupg
+PackageVersion: 0.5.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
-PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.0
+PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.1
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.1:*:*:*:*:*:*:*
#####
PackageName: requests
-SPDXID: SPDXRef-Package-58-requests
+SPDXID: SPDXRef-Package-56-requests
PackageVersion: 2.31.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
@@ -902,33 +871,63 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:
#####
PackageName: certifi
-SPDXID: SPDXRef-Package-59-certifi
-PackageVersion: 2023.5.7
+SPDXID: SPDXRef-Package-57-certifi
+PackageVersion: 2023.11.17
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2023.5.7
+PackageDownloadLocation: https://pypi.org/project/certifi/2023.11.17
FilesAnalyzed: false
PackageLicenseDeclared: MPL-2.0
PackageLicenseConcluded: MPL-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python package for providing Mozilla's CA Bundle.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2023.5.7
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2023.11.17
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.11.17:*:*:*:*:*:*:*
+#####
+
+PackageName: charset-normalizer
+SPDXID: SPDXRef-Package-58-charset-normalizer
+PackageVersion: 3.3.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev)
+PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.3.2
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.3.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*
+#####
+
+PackageName: urllib3
+SPDXID: SPDXRef-Package-59-urllib3
+PackageVersion: 2.1.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
+PackageDownloadLocation: https://pypi.org/project/urllib3/2.1.0
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@2.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.1.0:*:*:*:*:*:*:*
#####
PackageName: rich
SPDXID: SPDXRef-Package-60-rich
-PackageVersion: 13.4.2
+PackageVersion: 13.7.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.4.2
+PackageDownloadLocation: https://pypi.org/project/rich/13.7.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.7.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.0:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -963,47 +962,47 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:
PackageName: pygments
SPDXID: SPDXRef-Package-63-pygments
-PackageVersion: 2.15.1
+PackageVersion: 2.17.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
-PackageDownloadLocation: https://pypi.org/project/Pygments/2.15.1
+PackageDownloadLocation: https://pypi.org/project/Pygments/2.17.2
FilesAnalyzed: false
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.15.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.17.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*
#####
PackageName: typing-extensions
SPDXID: SPDXRef-Package-64-typing-extensions
-PackageVersion: 4.7.1
+PackageVersion: 4.8.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/typing_extensions/4.7.1
+PackageDownloadLocation: https://pypi.org/project/typing_extensions/4.8.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
-PackageSummary: Backported and Experimental Type Hints for Python 3.7+
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.7.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.7.1:*:*:*:*:*:*:*
+PackageSummary: Backported and Experimental Type Hints for Python 3.8+
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.8.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.8.0:*:*:*:*:*:*:*
#####
PackageName: rpmfile
SPDXID: SPDXRef-Package-65-rpmfile
-PackageVersion: 1.1.1
+PackageVersion: 2.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Sean Ross (srossross@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rpmfile/1.1.1
+PackageDownloadLocation: https://pypi.org/project/rpmfile/2.0.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Read rpm archive files
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@1.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@2.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*
#####
PackageName: toml
@@ -1023,150 +1022,148 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
PackageName: xmlschema
SPDXID: SPDXRef-Package-67-xmlschema
-PackageVersion: 2.3.1
+PackageVersion: 2.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/2.3.1
+PackageDownloadLocation: https://pypi.org/project/xmlschema/2.5.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.5.0:*:*:*:*:*:*:*
#####
PackageName: elementpath
SPDXID: SPDXRef-Package-68-elementpath
-PackageVersion: 4.1.4
+PackageVersion: 4.1.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.4
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.5
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*:*:*:*:*
#####
PackageName: zstandard
SPDXID: SPDXRef-Package-69-zstandard
-PackageVersion: 0.21.0
+PackageVersion: 0.22.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/zstandard/0.21.0
+PackageDownloadLocation: https://pypi.org/project/zstandard/0.22.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Zstandard bindings for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.22.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.22.0:*:*:*:*:*:*:*
#####
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-11-beautifulsoup4
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-cvss
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-defusedxml
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-distro
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-gsutil
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-10-beautifulsoup4
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-12-cvss
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-defusedxml
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-distro
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-gsutil
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-39-urllib3
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-importlib-metadata
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-importlib-resources
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-jinja2
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-jsonschema
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-lib4sbom
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-pyyaml
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-packaging
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-plotly
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-python-gnupg
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-requests
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-39-importlib-metadata
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-importlib-resources
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-jinja2
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-jsonschema
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-lib4sbom
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-pyyaml
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-packaging
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-plotly
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-python-gnupg
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-requests
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-urllib3
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-rich
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-rpmfile
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-toml
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-xmlschema
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-zstandard
-Relationship: SPDXRef-Package-11-beautifulsoup4 DEPENDS_ON SPDXRef-Package-12-soupsieve
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-19-fasteners
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-20-gcs-oauth2-boto-plugin
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-reauth
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-24-six
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-25-httplib2
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-pyopenssl
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-35-retry-decorator
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-36-google-apitools
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-37-google-auth
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-40-monotonic
+Relationship: SPDXRef-Package-10-beautifulsoup4 DEPENDS_ON SPDXRef-Package-11-soupsieve
+Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-16-argcomplete
+Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-17-crcmod
+Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-18-fasteners
+Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-19-gcs-oauth2-boto-plugin
+Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-21-google-reauth
+Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-23-six
+Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-24-httplib2
+Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-30-pyopenssl
+Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-34-retry-decorator
+Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-35-google-apitools
+Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-36-google-auth
+Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-38-monotonic
+Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-20-boto
+Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-google-reauth
+Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-23-six
+Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-24-httplib2
+Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-oauth2client
+Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-rsa
+Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-pyopenssl
+Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-retry-decorator
Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal
Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist
Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-async-timeout
Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-attrs
-Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-charset-normalizer
-Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-multidict
-Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-9-yarl
-Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-boto
-Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-reauth
-Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-24-six
-Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-25-httplib2
-Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-oauth2client
-Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-rsa
-Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-pyopenssl
-Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-35-retry-decorator
-Relationship: SPDXRef-Package-22-google-reauth DEPENDS_ON SPDXRef-Package-23-pyu2f
-Relationship: SPDXRef-Package-23-pyu2f DEPENDS_ON SPDXRef-Package-24-six
-Relationship: SPDXRef-Package-25-httplib2 DEPENDS_ON SPDXRef-Package-26-pyparsing
-Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-24-six
-Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-25-httplib2
-Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-28-pyasn1
-Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-29-pyasn1-modules
-Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-30-rsa
-Relationship: SPDXRef-Package-29-pyasn1-modules DEPENDS_ON SPDXRef-Package-28-pyasn1
+Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-multidict
+Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-yarl
+Relationship: SPDXRef-Package-21-google-reauth DEPENDS_ON SPDXRef-Package-22-pyu2f
+Relationship: SPDXRef-Package-22-pyu2f DEPENDS_ON SPDXRef-Package-23-six
+Relationship: SPDXRef-Package-24-httplib2 DEPENDS_ON SPDXRef-Package-25-pyparsing
+Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-23-six
+Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-24-httplib2
+Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-27-pyasn1
+Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-28-pyasn1-modules
+Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-29-rsa
+Relationship: SPDXRef-Package-28-pyasn1-modules DEPENDS_ON SPDXRef-Package-27-pyasn1
+Relationship: SPDXRef-Package-29-rsa DEPENDS_ON SPDXRef-Package-27-pyasn1
Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist
-Relationship: SPDXRef-Package-30-rsa DEPENDS_ON SPDXRef-Package-28-pyasn1
-Relationship: SPDXRef-Package-31-pyopenssl DEPENDS_ON SPDXRef-Package-32-cryptography
-Relationship: SPDXRef-Package-32-cryptography DEPENDS_ON SPDXRef-Package-33-cffi
-Relationship: SPDXRef-Package-33-cffi DEPENDS_ON SPDXRef-Package-34-pycparser
-Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners
-Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-24-six
-Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-25-httplib2
-Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-27-oauth2client
-Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-24-six
-Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-29-pyasn1-modules
-Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-30-rsa
-Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-38-cachetools
-Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-39-urllib3
-Relationship: SPDXRef-Package-41-importlib-metadata DEPENDS_ON SPDXRef-Package-42-zipp
-Relationship: SPDXRef-Package-43-importlib-resources DEPENDS_ON SPDXRef-Package-42-zipp
-Relationship: SPDXRef-Package-44-jinja2 DEPENDS_ON SPDXRef-Package-45-markupsafe
-Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-43-importlib-resources
-Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-47-jsonschema-specifications
-Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-48-referencing
-Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-49-rpds-py
-Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-50-pkgutil-resolve-name
-Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs
-Relationship: SPDXRef-Package-47-jsonschema-specifications DEPENDS_ON SPDXRef-Package-43-importlib-resources
-Relationship: SPDXRef-Package-47-jsonschema-specifications DEPENDS_ON SPDXRef-Package-48-referencing
-Relationship: SPDXRef-Package-48-referencing DEPENDS_ON SPDXRef-Package-49-rpds-py
-Relationship: SPDXRef-Package-48-referencing DEPENDS_ON SPDXRef-Package-6-attrs
-Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-52-pyyaml
-Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-53-semantic-version
-Relationship: SPDXRef-Package-54-packaging DEPENDS_ON SPDXRef-Package-26-pyparsing
-Relationship: SPDXRef-Package-55-plotly DEPENDS_ON SPDXRef-Package-54-packaging
-Relationship: SPDXRef-Package-55-plotly DEPENDS_ON SPDXRef-Package-56-tenacity
-Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-10-idna
-Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-39-urllib3
-Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-59-certifi
-Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer
+Relationship: SPDXRef-Package-30-pyopenssl DEPENDS_ON SPDXRef-Package-31-cryptography
+Relationship: SPDXRef-Package-31-cryptography DEPENDS_ON SPDXRef-Package-32-cffi
+Relationship: SPDXRef-Package-32-cffi DEPENDS_ON SPDXRef-Package-33-pycparser
+Relationship: SPDXRef-Package-35-google-apitools DEPENDS_ON SPDXRef-Package-18-fasteners
+Relationship: SPDXRef-Package-35-google-apitools DEPENDS_ON SPDXRef-Package-23-six
+Relationship: SPDXRef-Package-35-google-apitools DEPENDS_ON SPDXRef-Package-24-httplib2
+Relationship: SPDXRef-Package-35-google-apitools DEPENDS_ON SPDXRef-Package-26-oauth2client
+Relationship: SPDXRef-Package-36-google-auth DEPENDS_ON SPDXRef-Package-28-pyasn1-modules
+Relationship: SPDXRef-Package-36-google-auth DEPENDS_ON SPDXRef-Package-29-rsa
+Relationship: SPDXRef-Package-36-google-auth DEPENDS_ON SPDXRef-Package-37-cachetools
+Relationship: SPDXRef-Package-39-importlib-metadata DEPENDS_ON SPDXRef-Package-40-zipp
+Relationship: SPDXRef-Package-41-importlib-resources DEPENDS_ON SPDXRef-Package-40-zipp
+Relationship: SPDXRef-Package-42-jinja2 DEPENDS_ON SPDXRef-Package-43-markupsafe
+Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-41-importlib-resources
+Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-45-jsonschema-specifications
+Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-46-referencing
+Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-47-rpds-py
+Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-48-pkgutil-resolve-name
+Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs
+Relationship: SPDXRef-Package-45-jsonschema-specifications DEPENDS_ON SPDXRef-Package-41-importlib-resources
+Relationship: SPDXRef-Package-45-jsonschema-specifications DEPENDS_ON SPDXRef-Package-46-referencing
+Relationship: SPDXRef-Package-46-referencing DEPENDS_ON SPDXRef-Package-47-rpds-py
+Relationship: SPDXRef-Package-46-referencing DEPENDS_ON SPDXRef-Package-6-attrs
+Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml
+Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-50-pyyaml
+Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-51-semantic-version
+Relationship: SPDXRef-Package-52-packaging DEPENDS_ON SPDXRef-Package-25-pyparsing
+Relationship: SPDXRef-Package-53-plotly DEPENDS_ON SPDXRef-Package-52-packaging
+Relationship: SPDXRef-Package-53-plotly DEPENDS_ON SPDXRef-Package-54-tenacity
+Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-57-certifi
+Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-58-charset-normalizer
+Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-59-urllib3
+Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-9-idna
Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-61-markdown-it-py
Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-63-pygments
Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-64-typing-extensions
Relationship: SPDXRef-Package-61-markdown-it-py DEPENDS_ON SPDXRef-Package-62-mdurl
Relationship: SPDXRef-Package-67-xmlschema DEPENDS_ON SPDXRef-Package-68-elementpath
-Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-10-idna
-Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-8-multidict
+Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-7-multidict
+Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-9-idna