diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index 90c8c7ead9..a47c07f950 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -2,14 +2,14 @@
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.4",
- "serialNumber": "urn:uuidc622e7f7-75f7-40a5-b47d-5314167e1f63",
+ "serialNumber": "urn:uuidcdb5d154-1019-4f77-8d62-696f147b2314",
"version": 1,
"metadata": {
- "timestamp": "2023-04-10T00:25:45Z",
+ "timestamp": "2023-04-24T01:38:06Z",
"tools": [
{
"name": "sbom4python",
- "version": "0.9.0"
+ "version": "0.9.1"
}
],
"component": {
@@ -20,7 +20,7 @@
},
"components": [
{
- "type": "library",
+ "type": "application",
"bom-ref": "1-cve-bin-tool",
"name": "cve-bin-tool",
"version": "3.2.1.dev0",
@@ -45,8 +45,13 @@
"externalReferences": [
{
"url": "https://github.com/intel/cve-bin-tool",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/cve-bin-tool/3.2.1.dev0",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/cve-bin-tool@3.2.1.dev0"
@@ -68,11 +73,22 @@
"externalReferences": [
{
"url": "https://github.com/aio-libs/aiohttp",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/aiohttp/3.8.4",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohttp@3.8.4"
+ "purl": "pkg:pypi/aiohttp@3.8.4",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -91,11 +107,22 @@
"externalReferences": [
{
"url": "https://github.com/aio-libs/aiosignal",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/aiosignal/1.3.1",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiosignal@1.3.1"
+ "purl": "pkg:pypi/aiosignal@1.3.1",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -114,11 +141,22 @@
"externalReferences": [
{
"url": "https://github.com/aio-libs/frozenlist",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/frozenlist/1.3.3",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/frozenlist@1.3.3"
+ "purl": "pkg:pypi/frozenlist@1.3.3",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -146,17 +184,28 @@
"externalReferences": [
{
"url": "https://github.com/aio-libs/async-timeout",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/async-timeout/4.0.2",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/async-timeout@4.0.2"
+ "purl": "pkg:pypi/async-timeout@4.0.2",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
"bom-ref": "6-attrs",
"name": "attrs",
- "version": "22.2.0",
+ "version": "23.1.0",
"supplier": {
"name": "Hynek Schlawack",
"contact": [
@@ -165,24 +214,16 @@
}
]
},
- "cpe": "cpe:2.3:a:hynek_schlawack:attrs:22.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
"externalReferences": [
{
- "url": "https://www.attrs.org/",
- "type": "other",
- "comment": "Home page for project"
+ "url": "https://pypi.org/project/attrs/23.1.0",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/attrs@22.2.0"
+ "purl": "pkg:pypi/attrs@23.1.0"
},
{
"type": "library",
@@ -210,8 +251,13 @@
"externalReferences": [
{
"url": "https://github.com/Ousret/charset_normalizer",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/charset-normalizer/3.1.0",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/charset-normalizer@3.1.0"
@@ -242,17 +288,28 @@
"externalReferences": [
{
"url": "https://github.com/aio-libs/multidict",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/multidict/6.0.4",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/multidict@6.0.4"
+ "purl": "pkg:pypi/multidict@6.0.4",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
"bom-ref": "9-yarl",
"name": "yarl",
- "version": "1.8.2",
+ "version": "1.9.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -261,7 +318,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.8.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.1:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -274,11 +331,16 @@
"externalReferences": [
{
"url": "https://github.com/aio-libs/yarl/",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/yarl/1.9.1",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.8.2"
+ "purl": "pkg:pypi/yarl@1.9.1"
},
{
"type": "library",
@@ -295,6 +357,13 @@
},
"cpe": "cpe:2.3:a:kim_davies:idna:3.4:*:*:*:*:*:*:*",
"description": "Internationalized Domain Names in Applications (IDNA)",
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/idna/3.4",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
"purl": "pkg:pypi/idna@3.4"
},
{
@@ -312,13 +381,20 @@
},
"cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.2:*:*:*:*:*:*:*",
"description": "Screen-scraping library",
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/beautifulsoup4/4.12.2",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
"purl": "pkg:pypi/beautifulsoup4@4.12.2"
},
{
"type": "library",
"bom-ref": "12-soupsieve",
"name": "soupsieve",
- "version": "2.4",
+ "version": "2.4.1",
"supplier": {
"name": "Isaac Muse",
"contact": [
@@ -327,9 +403,16 @@
}
]
},
- "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.4:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.4.1:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
- "purl": "pkg:pypi/soupsieve@2.4"
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/soupsieve/2.4.1",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/soupsieve@2.4.1"
},
{
"type": "library",
@@ -357,11 +440,22 @@
"externalReferences": [
{
"url": "https://github.com/RedHatProductSecurity/cvss",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/cvss/2.6",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cvss@2.6"
+ "purl": "pkg:pypi/cvss@2.6",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -389,11 +483,22 @@
"externalReferences": [
{
"url": "https://github.com/tiran/defusedxml",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/defusedxml/0.7.1",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/defusedxml@0.7.1"
+ "purl": "pkg:pypi/defusedxml@0.7.1",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -421,17 +526,28 @@
"externalReferences": [
{
"url": "https://github.com/python-distro/distro",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/distro/1.8.0",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/distro@1.8.0"
+ "purl": "pkg:pypi/distro@1.8.0",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
"bom-ref": "16-gsutil",
"name": "gsutil",
- "version": "5.21",
+ "version": "5.23",
"supplier": {
"name": "Google Inc.",
"contact": [
@@ -440,7 +556,7 @@
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:gsutil:5.21:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_inc.:gsutil:5.23:*:*:*:*:*:*:*",
"description": "A command line tool for interacting with cloud storage services.",
"licenses": [
{
@@ -453,17 +569,28 @@
"externalReferences": [
{
"url": "https://cloud.google.com/storage/docs/gsutil",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/gsutil/5.23",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/gsutil@5.21"
+ "purl": "pkg:pypi/gsutil@5.23",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
"bom-ref": "17-argcomplete",
"name": "argcomplete",
- "version": "3.0.5",
+ "version": "3.0.8",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
@@ -472,7 +599,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.8:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
"licenses": [
{
@@ -485,11 +612,22 @@
"externalReferences": [
{
"url": "https://github.com/kislyuk/argcomplete",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/argcomplete/3.0.8",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/argcomplete@3.0.5"
+ "purl": "pkg:pypi/argcomplete@3.0.8",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -517,8 +655,13 @@
"externalReferences": [
{
"url": "http://crcmod.sourceforge.net/",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/crcmod/1.7",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/crcmod@1.7"
@@ -544,11 +687,22 @@
"externalReferences": [
{
"url": "https://github.com/harlowja/fasteners",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/fasteners/0.18",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/fasteners@0.18"
+ "purl": "pkg:pypi/fasteners@0.18",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -576,11 +730,22 @@
"externalReferences": [
{
"url": "https://developers.google.com/storage/docs/gspythonlibrary",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.0",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.0"
+ "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.0",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -608,8 +773,13 @@
"externalReferences": [
{
"url": "https://github.com/boto/boto/",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/boto/2.49.0",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/boto@2.49.0"
@@ -640,11 +810,22 @@
"externalReferences": [
{
"url": "https://github.com/Google/google-reauth-python",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/google-reauth/0.1.1",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-reauth@0.1.1"
+ "purl": "pkg:pypi/google-reauth@0.1.1",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -672,11 +853,22 @@
"externalReferences": [
{
"url": "https://github.com/google/pyu2f/",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/pyu2f/0.1.5",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyu2f@0.1.5"
+ "purl": "pkg:pypi/pyu2f@0.1.5",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -704,8 +896,13 @@
"externalReferences": [
{
"url": "https://github.com/benjaminp/six",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/six/1.16.0",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/six@1.16.0"
@@ -736,8 +933,13 @@
"externalReferences": [
{
"url": "https://github.com/httplib2/httplib2",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/httplib2/0.20.4",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/httplib2@0.20.4"
@@ -757,6 +959,13 @@
},
"cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.0.9:*:*:*:*:*:*:*",
"description": "pyparsing module - Classes and methods to define and execute parsing grammars",
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/pyparsing/3.0.9",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
"purl": "pkg:pypi/pyparsing@3.0.9"
},
{
@@ -785,17 +994,28 @@
"externalReferences": [
{
"url": "http://github.com/google/oauth2client/",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/oauth2client/4.1.3",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/oauth2client@4.1.3"
+ "purl": "pkg:pypi/oauth2client@4.1.3",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
"bom-ref": "28-pyasn1",
"name": "pyasn1",
- "version": "0.4.8",
+ "version": "0.5.0",
"supplier": {
"name": "Ilya Etingof",
"contact": [
@@ -804,30 +1024,35 @@
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.4.8:*:*:*:*:*:*:*",
- "description": "ASN.1 types and codecs",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.5.0:*:*:*:*:*:*:*",
+ "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
+ "id": "BSD-2-Clause",
+ "url": "https://opensource.org/licenses/BSD-2-Clause"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/etingof/pyasn1",
- "type": "other",
+ "url": "https://github.com/pyasn1/pyasn1",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/pyasn1/0.5.0",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1@0.4.8"
+ "purl": "pkg:pypi/pyasn1@0.5.0"
},
{
"type": "library",
"bom-ref": "29-pyasn1-modules",
"name": "pyasn1-modules",
- "version": "0.2.8",
+ "version": "0.3.0",
"supplier": {
"name": "Ilya Etingof",
"contact": [
@@ -836,24 +1061,35 @@
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.2.8:*:*:*:*:*:*:*",
- "description": "A collection of ASN.1-based protocols modules.",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.3.0:*:*:*:*:*:*:*",
+ "description": "A collection of ASN.1-based protocols modules",
"licenses": [
{
"license": {
- "id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause"
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/etingof/pyasn1-modules",
- "type": "other",
+ "url": "https://github.com/pyasn1/pyasn1-modules",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/pyasn1-modules/0.3.0",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1-modules@0.2.8"
+ "purl": "pkg:pypi/pyasn1-modules@0.3.0",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -881,11 +1117,22 @@
"externalReferences": [
{
"url": "https://stuvel.eu/rsa",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/rsa/4.7.2",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rsa@4.7.2"
+ "purl": "pkg:pypi/rsa@4.7.2",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -913,17 +1160,28 @@
"externalReferences": [
{
"url": "https://pyopenssl.org/",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/pyOpenSSL/23.1.1",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyopenssl@23.1.1"
+ "purl": "pkg:pypi/pyopenssl@23.1.1",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
"bom-ref": "32-cryptography",
"name": "cryptography",
- "version": "40.0.1",
+ "version": "40.0.2",
"supplier": {
"name": "The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -932,7 +1190,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:40.0.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:40.0.2:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
@@ -944,11 +1202,16 @@
"externalReferences": [
{
"url": "https://github.com/pyca/cryptography",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/cryptography/40.0.2",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@40.0.1"
+ "purl": "pkg:pypi/cryptography@40.0.2"
},
{
"type": "library",
@@ -976,8 +1239,13 @@
"externalReferences": [
{
"url": "http://cffi.readthedocs.org",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/cffi/1.15.1",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/cffi@1.15.1"
@@ -1008,11 +1276,22 @@
"externalReferences": [
{
"url": "https://github.com/eliben/pycparser",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/pycparser/2.21",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pycparser@2.21"
+ "purl": "pkg:pypi/pycparser@2.21",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "pycparser declares BSD which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -1040,8 +1319,13 @@
"externalReferences": [
{
"url": "https://github.com/pnpnpn/retry-decorator",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/retry-decorator/1.1.1",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/retry-decorator@1.1.1"
@@ -1072,17 +1356,28 @@
"externalReferences": [
{
"url": "http://github.com/google/apitools",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/google-apitools/0.5.32",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-apitools@0.5.32"
+ "purl": "pkg:pypi/google-apitools@0.5.32",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
"bom-ref": "37-google-auth",
"name": "google-auth",
- "version": "2.17.2",
+ "version": "2.17.3",
"supplier": {
"name": "Google Cloud Platform",
"contact": [
@@ -1091,7 +1386,7 @@
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.3:*:*:*:*:*:*:*",
"description": "Google Authentication Library",
"licenses": [
{
@@ -1104,11 +1399,22 @@
"externalReferences": [
{
"url": "https://github.com/googleapis/google-auth-library-python",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/google-auth/2.17.3",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth@2.17.2"
+ "purl": "pkg:pypi/google-auth@2.17.3",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -1136,8 +1442,13 @@
"externalReferences": [
{
"url": "https://github.com/tkem/cachetools/",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/cachetools/5.3.0",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/cachetools@5.3.0"
@@ -1168,11 +1479,22 @@
"externalReferences": [
{
"url": "https://github.com/atdt/monotonic",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/monotonic/1.6",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/monotonic@1.6"
+ "purl": "pkg:pypi/monotonic@1.6",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "monotonic declares Apache which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -1200,8 +1522,13 @@
"externalReferences": [
{
"url": "https://palletsprojects.com/p/jinja/",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/Jinja2/3.1.2",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/jinja2@3.1.2"
@@ -1232,8 +1559,13 @@
"externalReferences": [
{
"url": "https://palletsprojects.com/p/markupsafe/",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/MarkupSafe/2.1.2",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/markupsafe@2.1.2"
@@ -1256,6 +1588,13 @@
}
}
],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/jsonschema/4.17.3",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
"purl": "pkg:pypi/jsonschema@4.17.3"
},
{
@@ -1284,8 +1623,13 @@
"externalReferences": [
{
"url": "https://github.com/tobgu/pyrsistent/",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/pyrsistent/0.19.3",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/pyrsistent@0.19.3"
@@ -1294,7 +1638,7 @@
"type": "library",
"bom-ref": "44-lib4sbom",
"name": "lib4sbom",
- "version": "0.3.0",
+ "version": "0.3.1",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -1303,7 +1647,7 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.3.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"licenses": [
{
@@ -1316,11 +1660,16 @@
"externalReferences": [
{
"url": "https://github.com/anthonyharrison/lib4sbom",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/lib4sbom/0.3.1",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.3.0"
+ "purl": "pkg:pypi/lib4sbom@0.3.1"
},
{
"type": "library",
@@ -1348,8 +1697,13 @@
"externalReferences": [
{
"url": "https://pyyaml.org/",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/PyYAML/6.0",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/pyyaml@6.0"
@@ -1380,11 +1734,22 @@
"externalReferences": [
{
"url": "https://github.com/rbarrois/python-semanticversion",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/semantic-version/2.10.0",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/semantic-version@2.10.0"
+ "purl": "pkg:pypi/semantic-version@2.10.0",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "semantic-version declares BSD which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -1404,18 +1769,29 @@
"licenses": [
{
"license": {
- "expression": "BSD-2-Clause or Apache-2.0"
+ "expression": "BSD-2-Clause OR Apache-2.0"
}
}
],
"externalReferences": [
{
"url": "https://github.com/pypa/packaging",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/packaging/21.3",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packaging@21.3"
+ "purl": "pkg:pypi/packaging@21.3",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "packaging declares BSD-2-Clause or Apache-2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -1443,8 +1819,13 @@
"externalReferences": [
{
"url": "https://plotly.com/python/",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/plotly/5.14.1",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/plotly@5.14.1"
@@ -1475,11 +1856,22 @@
"externalReferences": [
{
"url": "https://github.com/jd/tenacity",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/tenacity/8.2.2",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/tenacity@8.2.2"
+ "purl": "pkg:pypi/tenacity@8.2.2",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -1507,11 +1899,22 @@
"externalReferences": [
{
"url": "https://requests.readthedocs.io",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/requests/2.28.2",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/requests@2.28.2"
+ "purl": "pkg:pypi/requests@2.28.2",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -1539,8 +1942,13 @@
"externalReferences": [
{
"url": "https://github.com/certifi/python-certifi",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/certifi/2022.12.7",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/certifi@2022.12.7"
@@ -1571,8 +1979,13 @@
"externalReferences": [
{
"url": "https://urllib3.readthedocs.io/",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/urllib3/1.26.15",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/urllib3@1.26.15"
@@ -1581,7 +1994,7 @@
"type": "library",
"bom-ref": "53-rich",
"name": "rich",
- "version": "13.3.3",
+ "version": "13.3.4",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -1590,7 +2003,7 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.4:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"licenses": [
{
@@ -1603,11 +2016,16 @@
"externalReferences": [
{
"url": "https://github.com/Textualize/rich",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/rich/13.3.4",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.3.3"
+ "purl": "pkg:pypi/rich@13.3.4"
},
{
"type": "library",
@@ -1624,6 +2042,13 @@
},
"cpe": "cpe:2.3:a:chris_sewell:markdown-it-py:2.2.0:*:*:*:*:*:*:*",
"description": "Python port of markdown-it. Markdown parsing, done right!",
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/markdown-it-py/2.2.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
"purl": "pkg:pypi/markdown-it-py@2.2.0"
},
{
@@ -1641,13 +2066,20 @@
},
"cpe": "cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*",
"description": "Markdown URL utilities",
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/mdurl/0.1.2",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
"purl": "pkg:pypi/mdurl@0.1.2"
},
{
"type": "library",
"bom-ref": "56-pygments",
"name": "pygments",
- "version": "2.14.0",
+ "version": "2.15.1",
"supplier": {
"name": "Georg Brandl",
"contact": [
@@ -1656,7 +2088,7 @@
}
]
},
- "cpe": "cpe:2.3:a:georg_brandl:pygments:2.14.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*",
"description": "Pygments is a syntax highlighting package written in Python.",
"licenses": [
{
@@ -1668,12 +2100,12 @@
],
"externalReferences": [
{
- "url": "https://pygments.org/",
- "type": "other",
- "comment": "Home page for project"
+ "url": "https://pypi.org/project/Pygments/2.15.1",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pygments@2.14.0"
+ "purl": "pkg:pypi/pygments@2.15.1"
},
{
"type": "library",
@@ -1701,8 +2133,13 @@
"externalReferences": [
{
"url": "https://github.com/srossross/rpmfile",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/rpmfile/1.1.1",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/rpmfile@1.1.1"
@@ -1733,8 +2170,13 @@
"externalReferences": [
{
"url": "https://github.com/uiri/toml",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/toml/0.10.2",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
"purl": "pkg:pypi/toml@0.10.2"
@@ -1743,7 +2185,7 @@
"type": "library",
"bom-ref": "59-xmlschema",
"name": "xmlschema",
- "version": "2.2.2",
+ "version": "2.2.3",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -1752,7 +2194,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.2.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.2.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -1765,17 +2207,22 @@
"externalReferences": [
{
"url": "https://github.com/sissaschool/xmlschema",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/xmlschema/2.2.3",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@2.2.2"
+ "purl": "pkg:pypi/xmlschema@2.2.3"
},
{
"type": "library",
"bom-ref": "60-elementpath",
"name": "elementpath",
- "version": "4.1.0",
+ "version": "4.1.1",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -1784,7 +2231,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.1:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
"licenses": [
{
@@ -1797,17 +2244,22 @@
"externalReferences": [
{
"url": "https://github.com/sissaschool/elementpath",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/elementpath/4.1.1",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/elementpath@4.1.0"
+ "purl": "pkg:pypi/elementpath@4.1.1"
},
{
"type": "library",
"bom-ref": "61-zstandard",
"name": "zstandard",
- "version": "0.20.0",
+ "version": "0.21.0",
"supplier": {
"name": "Gregory Szorc",
"contact": [
@@ -1816,7 +2268,7 @@
}
]
},
- "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.20.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
"licenses": [
{
@@ -1829,11 +2281,22 @@
"externalReferences": [
{
"url": "https://github.com/indygreg/python-zstandard",
- "type": "other",
+ "type": "website",
"comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/zstandard/0.21.0",
+ "type": "distribution",
+ "comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zstandard@0.20.0"
+ "purl": "pkg:pypi/zstandard@0.21.0",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "zstandard declares BSD which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
}
],
"dependencies": [
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index 36ec4fdf75..1682943a2f 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,16 +2,17 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-695dad51-445c-4b1e-a26e-5fdae2230ca5
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-65d13e73-df6f-4785-800e-1f7a9ecc8c28
LicenseListVersion: 3.20
-Creator: Tool: sbom4python-0.9.0
-Created: 2023-04-10T00:24:35Z
+Creator: Tool: sbom4python-0.9.1
+Created: 2023-04-24T01:36:57Z
CreatorComment: This document has been automatically generated.
#####
PackageName: cve-bin-tool
SPDXID: SPDXRef-Package-1-cve-bin-tool
PackageVersion: 3.2.1.dev0
+PrimaryPackagePurpose: APPLICATION
PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.2.1.dev0
FilesAnalyzed: false
@@ -19,7 +20,7 @@ PackageHomePage: https://github.com/intel/cve-bin-tool
PackageLicenseDeclared: GPL-3.0-or-later
PackageLicenseConcluded: GPL-3.0-or-later
PackageCopyrightText: NOASSERTION
-PackageSummary: CVE Binary Checker Tool
+PackageSummary: CVE Binary Checker Tool
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.2.1.dev0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.1.dev0:*:*:*:*:*:*:*
#####
@@ -27,82 +28,87 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.1.dev0:*:*:
PackageName: aiohttp
SPDXID: SPDXRef-Package-2-aiohttp
PackageVersion: 3.8.4
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/aiohttp/3.8.4
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: aiohttp declares Apache 2 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Async http client/server framework (asyncio)
+PackageSummary: Async http client/server framework (asyncio)
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.4
#####
PackageName: aiosignal
SPDXID: SPDXRef-Package-3-aiosignal
PackageVersion: 1.3.1
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiosignal
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: aiosignal declares Apache 2.0 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: aiosignal: a list of registered asynchronous callbacks
+PackageSummary: aiosignal: a list of registered asynchronous callbacks
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.3.1
#####
PackageName: frozenlist
SPDXID: SPDXRef-Package-4-frozenlist
PackageVersion: 1.3.3
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/frozenlist/1.3.3
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: frozenlist declares Apache 2 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: A list-like structure which implements collections.abc.MutableSequence
+PackageSummary: A list-like structure which implements collections.abc.MutableSequence
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.3.3
#####
PackageName: async-timeout
SPDXID: SPDXRef-Package-5-async-timeout
PackageVersion: 4.0.2
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.2
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/async-timeout
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: async-timeout declares Apache 2 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Timeout context manager for asyncio programs
+PackageSummary: Timeout context manager for asyncio programs
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/async-timeout@4.0.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:*
#####
PackageName: attrs
SPDXID: SPDXRef-Package-6-attrs
-PackageVersion: 22.2.0
+PackageVersion: 23.1.0
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
-PackageDownloadLocation: https://pypi.org/project/attrs/22.2.0
+PackageDownloadLocation: https://pypi.org/project/attrs/23.1.0
FilesAnalyzed: false
-PackageHomePage: https://www.attrs.org/
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
-PackageSummary: Classes Without Boilerplate
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@22.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:22.2.0:*:*:*:*:*:*:*
+PackageSummary: Classes Without Boilerplate
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@23.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*:*:*
#####
PackageName: charset-normalizer
SPDXID: SPDXRef-Package-7-charset-normalizer
PackageVersion: 3.1.0
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev)
PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.1.0
FilesAnalyzed: false
@@ -110,7 +116,7 @@ PackageHomePage: https://github.com/Ousret/charset_normalizer
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
+PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.1.0:*:*:*:*:*:*:*
#####
@@ -118,45 +124,47 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.1.0:*
PackageName: multidict
SPDXID: SPDXRef-Package-8-multidict
PackageVersion: 6.0.4
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/multidict/6.0.4
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/multidict
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: multidict declares Apache 2 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: multidict implementation
+PackageSummary: multidict implementation
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/multidict@6.0.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:*:*:*:*
#####
PackageName: yarl
SPDXID: SPDXRef-Package-9-yarl
-PackageVersion: 1.8.2
+PackageVersion: 1.9.1
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.8.2
+PackageDownloadLocation: https://pypi.org/project/yarl/1.9.1
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl/
-PackageLicenseDeclared: NOASSERTION
+PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: yarl declares Apache 2 which is not a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Yet another URL library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.8.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.8.2:*:*:*:*:*:*:*
+PackageSummary: Yet another URL library
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.1:*:*:*:*:*:*:*
#####
PackageName: idna
SPDXID: SPDXRef-Package-10-idna
PackageVersion: 3.4
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim@cynosure.com.au)
PackageDownloadLocation: https://pypi.org/project/idna/3.4
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
-PackageSummary: Internationalized Domain Names in Applications (IDNA)
+PackageSummary: Internationalized Domain Names in Applications (IDNA)
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/idna@3.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.4:*:*:*:*:*:*:*
#####
@@ -164,43 +172,46 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.4:*:*:*:*:*:*:*
PackageName: beautifulsoup4
SPDXID: SPDXRef-Package-11-beautifulsoup4
PackageVersion: 4.12.2
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.2
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
-PackageSummary: Screen-scraping library
+PackageSummary: Screen-scraping library
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.12.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.2:*:*:*:*:*:*:*
#####
PackageName: soupsieve
SPDXID: SPDXRef-Package-12-soupsieve
-PackageVersion: 2.4
+PackageVersion: 2.4.1
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Isaac Muse (use@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/soupsieve/2.4
+PackageDownloadLocation: https://pypi.org/project/soupsieve/2.4.1
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
-PackageSummary: A modern CSS selector implementation for Beautiful Soup.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.4:*:*:*:*:*:*:*
+PackageSummary: A modern CSS selector implementation for Beautiful Soup.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.4.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.4.1:*:*:*:*:*:*:*
#####
PackageName: cvss
SPDXID: SPDXRef-Package-13-cvss
PackageVersion: 2.6
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
PackageDownloadLocation: https://pypi.org/project/cvss/2.6
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: LGPL-3.0-or-later
-PackageLicenseComments: cvss declares LGPLv3+ which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: CVSS2/3 library with interactive calculator for Python 2 and Python 3
+PackageSummary: CVSS2/3 library with interactive calculator for Python 2 and Python 3
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@2.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:2.6:*:*:*:*:*:*:*
#####
@@ -208,15 +219,16 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvs
PackageName: defusedxml
SPDXID: SPDXRef-Package-14-defusedxml
PackageVersion: 0.7.1
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Christian Heimes (christian@python.org)
PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1
FilesAnalyzed: false
PackageHomePage: https://github.com/tiran/defusedxml
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: PSF-2.0
-PackageLicenseComments: defusedxml declares PSFL which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: XML bomb protection for Python stdlib modules
+PackageSummary: XML bomb protection for Python stdlib modules
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/defusedxml@0.7.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*
#####
@@ -224,54 +236,58 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:
PackageName: distro
SPDXID: SPDXRef-Package-15-distro
PackageVersion: 1.8.0
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Nir Cohen (nir36g@gmail.com)
PackageDownloadLocation: https://pypi.org/project/distro/1.8.0
FilesAnalyzed: false
PackageHomePage: https://github.com/python-distro/distro
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: distro declares Apache License, Version 2.0 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Distro - an OS platform information API
+PackageSummary: Distro - an OS platform information API
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/distro@1.8.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:*
#####
PackageName: gsutil
SPDXID: SPDXRef-Package-16-gsutil
-PackageVersion: 5.21
+PackageVersion: 5.23
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.21
+PackageDownloadLocation: https://pypi.org/project/gsutil/5.23
FilesAnalyzed: false
PackageHomePage: https://cloud.google.com/storage/docs/gsutil
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: gsutil declares Apache 2.0 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: A command line tool for interacting with cloud storage services.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.21
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.21:*:*:*:*:*:*:*
+PackageSummary: A command line tool for interacting with cloud storage services.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.23
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.23:*:*:*:*:*:*:*
#####
PackageName: argcomplete
SPDXID: SPDXRef-Package-17-argcomplete
-PackageVersion: 3.0.5
+PackageVersion: 3.0.8
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.0.5
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.0.8
FilesAnalyzed: false
PackageHomePage: https://github.com/kislyuk/argcomplete
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: argcomplete declares Apache Software License which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.0.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.5:*:*:*:*:*:*:*
+PackageSummary: Bash tab completion for argparse
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.0.8
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.8:*:*:*:*:*:*:*
#####
PackageName: crcmod
SPDXID: SPDXRef-Package-18-crcmod
PackageVersion: 1.7
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com)
PackageDownloadLocation: https://pypi.org/project/crcmod/1.7
FilesAnalyzed: false
@@ -279,7 +295,7 @@ PackageHomePage: http://crcmod.sourceforge.net/
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: CRC Generator
+PackageSummary: CRC Generator
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/crcmod@1.7
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
#####
@@ -287,15 +303,16 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
PackageName: fasteners
SPDXID: SPDXRef-Package-19-fasteners
PackageVersion: 0.18
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joshua Harlow
PackageDownloadLocation: https://pypi.org/project/fasteners/0.18
FilesAnalyzed: false
PackageHomePage: https://github.com/harlowja/fasteners
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: fasteners declares ASL 2.0 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: A python package that provides useful locks
+PackageSummary: A python package that provides useful locks
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.18
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:*
#####
@@ -303,15 +320,16 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*
PackageName: gcs-oauth2-boto-plugin
SPDXID: SPDXRef-Package-20-gcs-oauth2-boto-plugin
PackageVersion: 3.0
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (gs-team@google.com)
PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.0
FilesAnalyzed: false
PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.
+PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*
#####
@@ -319,6 +337,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0
PackageName: boto
SPDXID: SPDXRef-Package-21-boto
PackageVersion: 2.49.0
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
PackageDownloadLocation: https://pypi.org/project/boto/2.49.0
FilesAnalyzed: false
@@ -326,7 +345,7 @@ PackageHomePage: https://github.com/boto/boto/
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: Amazon Web Services Library
+PackageSummary: Amazon Web Services Library
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/boto@2.49.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
#####
@@ -334,15 +353,16 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:
PackageName: google-reauth
SPDXID: SPDXRef-Package-22-google-reauth
PackageVersion: 0.1.1
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google (googleapis-publisher@google.com)
PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1
FilesAnalyzed: false
PackageHomePage: https://github.com/Google/google-reauth-python
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-reauth declares Apache 2.0 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Google Reauth Library
+PackageSummary: Google Reauth Library
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-reauth@0.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
#####
@@ -350,15 +370,16 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*
PackageName: pyu2f
SPDXID: SPDXRef-Package-23-pyu2f
PackageVersion: 0.1.5
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5
FilesAnalyzed: false
PackageHomePage: https://github.com/google/pyu2f/
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: pyu2f declares Apache 2.0 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: U2F host library for interacting with a U2F device over USB.
+PackageSummary: U2F host library for interacting with a U2F device over USB.
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyu2f@0.1.5
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
#####
@@ -366,6 +387,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
PackageName: six
SPDXID: SPDXRef-Package-24-six
PackageVersion: 1.16.0
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Benjamin Peterson (benjamin@python.org)
PackageDownloadLocation: https://pypi.org/project/six/1.16.0
FilesAnalyzed: false
@@ -373,7 +395,7 @@ PackageHomePage: https://github.com/benjaminp/six
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: Python 2 and 3 compatibility utilities
+PackageSummary: Python 2 and 3 compatibility utilities
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/six@1.16.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*
#####
@@ -381,6 +403,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*
PackageName: httplib2
SPDXID: SPDXRef-Package-25-httplib2
PackageVersion: 0.20.4
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joe Gregorio (joe@bitworking.org)
PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4
FilesAnalyzed: false
@@ -388,7 +411,7 @@ PackageHomePage: https://github.com/httplib2/httplib2
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: A comprehensive HTTP client library.
+PackageSummary: A comprehensive HTTP client library.
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/httplib2@0.20.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*
#####
@@ -396,13 +419,14 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*
PackageName: pyparsing
SPDXID: SPDXRef-Package-26-pyparsing
PackageVersion: 3.0.9
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pyparsing/3.0.9
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
-PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
+PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.0.9
ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.0.9:*:*:*:*:*:*:*
#####
@@ -410,62 +434,66 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.0.9:*:*:*:*:*
PackageName: oauth2client
SPDXID: SPDXRef-Package-27-oauth2client
PackageVersion: 4.1.3
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com)
PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3
FilesAnalyzed: false
PackageHomePage: http://github.com/google/oauth2client/
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: oauth2client declares Apache 2.0 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: OAuth 2.0 client library
+PackageSummary: OAuth 2.0 client library
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/oauth2client@4.1.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*
#####
PackageName: pyasn1
SPDXID: SPDXRef-Package-28-pyasn1
-PackageVersion: 0.4.8
+PackageVersion: 0.5.0
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1/0.4.8
+PackageDownloadLocation: https://pypi.org/project/pyasn1/0.5.0
FilesAnalyzed: false
-PackageHomePage: https://github.com/etingof/pyasn1
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pyasn1 declares BSD which is not a valid SPDX License identifier or expression.
+PackageHomePage: https://github.com/pyasn1/pyasn1
+PackageLicenseDeclared: BSD-2-Clause
+PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
-PackageSummary: ASN.1 types and codecs
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.4.8
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.4.8:*:*:*:*:*:*:*
+PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.5.0:*:*:*:*:*:*:*
#####
PackageName: pyasn1-modules
SPDXID: SPDXRef-Package-29-pyasn1-modules
-PackageVersion: 0.2.8
+PackageVersion: 0.3.0
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.2.8
+PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.3.0
FilesAnalyzed: false
-PackageHomePage: https://github.com/etingof/pyasn1-modules
-PackageLicenseDeclared: BSD-2-Clause
-PackageLicenseConcluded: BSD-2-Clause
+PackageHomePage: https://github.com/pyasn1/pyasn1-modules
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: A collection of ASN.1-based protocols modules.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1-modules@0.2.8
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.2.8:*:*:*:*:*:*:*
+PackageSummary: A collection of ASN.1-based protocols modules
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1-modules@0.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.3.0:*:*:*:*:*:*:*
#####
PackageName: rsa
SPDXID: SPDXRef-Package-30-rsa
PackageVersion: 4.7.2
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2
FilesAnalyzed: false
PackageHomePage: https://stuvel.eu/rsa
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: rsa declares ASL 2 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python RSA implementation
+PackageSummary: Pure-Python RSA implementation
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rsa@4.7.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
#####
@@ -473,37 +501,40 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*
PackageName: pyopenssl
SPDXID: SPDXRef-Package-31-pyopenssl
PackageVersion: 23.1.1
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.1.1
FilesAnalyzed: false
PackageHomePage: https://pyopenssl.org/
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Python wrapper module around the OpenSSL library
+PackageSummary: Python wrapper module around the OpenSSL library
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.1.1:*:*:*:*:*:*:*
#####
PackageName: cryptography
SPDXID: SPDXRef-Package-32-cryptography
-PackageVersion: 40.0.1
+PackageVersion: 40.0.2
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/40.0.1
+PackageDownloadLocation: https://pypi.org/project/cryptography/40.0.2
FilesAnalyzed: false
PackageHomePage: https://github.com/pyca/cryptography
PackageLicenseDeclared: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0
PackageLicenseConcluded: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0
PackageCopyrightText: NOASSERTION
-PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@40.0.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:40.0.1:*:*:*:*:*:*:*
+PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@40.0.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:40.0.2:*:*:*:*:*:*:*
#####
PackageName: cffi
SPDXID: SPDXRef-Package-33-cffi
PackageVersion: 1.15.1
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com)
PackageDownloadLocation: https://pypi.org/project/cffi/1.15.1
FilesAnalyzed: false
@@ -511,7 +542,7 @@ PackageHomePage: http://cffi.readthedocs.org
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: Foreign Function Interface for Python calling C code.
+PackageSummary: Foreign Function Interface for Python calling C code.
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@1.15.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.15.1:*:*:*:*:*:*:*
#####
@@ -519,15 +550,16 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.15.1:*
PackageName: pycparser
SPDXID: SPDXRef-Package-34-pycparser
PackageVersion: 2.21
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pycparser/2.21
FilesAnalyzed: false
PackageHomePage: https://github.com/eliben/pycparser
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pycparser declares BSD which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: pycparser declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: C parser in Python
+PackageSummary: C parser in Python
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pycparser@2.21
ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.21:*:*:*:*:*:*:*
#####
@@ -535,6 +567,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.21:*:*:*:*:*
PackageName: retry-decorator
SPDXID: SPDXRef-Package-35-retry-decorator
PackageVersion: 1.1.1
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com)
PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1
FilesAnalyzed: false
@@ -542,7 +575,7 @@ PackageHomePage: https://github.com/pnpnpn/retry-decorator
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: Retry Decorator
+PackageSummary: Retry Decorator
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/retry-decorator@1.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*
#####
@@ -550,38 +583,41 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*
PackageName: google-apitools
SPDXID: SPDXRef-Package-36-google-apitools
PackageVersion: 0.5.32
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Craig Citro (craigcitro@google.com)
PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32
FilesAnalyzed: false
PackageHomePage: http://github.com/google/apitools
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-apitools declares Apache 2.0 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: client libraries for humans
+PackageSummary: client libraries for humans
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-apitools@0.5.32
ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
#####
PackageName: google-auth
SPDXID: SPDXRef-Package-37-google-auth
-PackageVersion: 2.17.2
+PackageVersion: 2.17.3
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.2
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.3
FilesAnalyzed: false
PackageHomePage: https://github.com/googleapis/google-auth-library-python
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth declares Apache 2.0 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.17.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.2:*:*:*:*:*:*:*
+PackageSummary: Google Authentication Library
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.17.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.3:*:*:*:*:*:*:*
#####
PackageName: cachetools
SPDXID: SPDXRef-Package-38-cachetools
PackageVersion: 5.3.0
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.0
FilesAnalyzed: false
@@ -589,7 +625,7 @@ PackageHomePage: https://github.com/tkem/cachetools/
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: Extensible memoizing collections and decorators
+PackageSummary: Extensible memoizing collections and decorators
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.0:*:*:*:*:*:*:*
#####
@@ -597,15 +633,16 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.0:*:*:*:*
PackageName: monotonic
SPDXID: SPDXRef-Package-39-monotonic
PackageVersion: 1.6
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ori Livneh (ori@wikimedia.org)
PackageDownloadLocation: https://pypi.org/project/monotonic/1.6
FilesAnalyzed: false
PackageHomePage: https://github.com/atdt/monotonic
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: monotonic declares Apache which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3
+PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/monotonic@1.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
#####
@@ -613,6 +650,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
PackageName: jinja2
SPDXID: SPDXRef-Package-40-jinja2
PackageVersion: 3.1.2
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)
PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.2
FilesAnalyzed: false
@@ -620,7 +658,7 @@ PackageHomePage: https://palletsprojects.com/p/jinja/
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
-PackageSummary: A very fast and expressive template engine.
+PackageSummary: A very fast and expressive template engine.
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*:*:*
#####
@@ -628,6 +666,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*:
PackageName: markupsafe
SPDXID: SPDXRef-Package-41-markupsafe
PackageVersion: 2.1.2
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)
PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.2
FilesAnalyzed: false
@@ -635,7 +674,7 @@ PackageHomePage: https://palletsprojects.com/p/markupsafe/
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
-PackageSummary: Safely add untrusted strings to HTML/XML markup.
+PackageSummary: Safely add untrusted strings to HTML/XML markup.
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:markupsafe:2.1.2:*:*:*:*:*:*:*
#####
@@ -643,13 +682,14 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:markupsafe:2.1.2:*:*:*:
PackageName: jsonschema
SPDXID: SPDXRef-Package-42-jsonschema
PackageVersion: 4.17.3
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
PackageDownloadLocation: https://pypi.org/project/jsonschema/4.17.3
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: An implementation of JSON Schema validation for Python
+PackageSummary: An implementation of JSON Schema validation for Python
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.17.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.17.3:*:*:*:*:*:*:*
#####
@@ -657,6 +697,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.17.3:*:*:*:
PackageName: pyrsistent
SPDXID: SPDXRef-Package-43-pyrsistent
PackageVersion: 0.19.3
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Tobias Gustafsson (tobias.l.gustafsson@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pyrsistent/0.19.3
FilesAnalyzed: false
@@ -664,29 +705,31 @@ PackageHomePage: https://github.com/tobgu/pyrsistent/
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: Persistent/Functional/Immutable data structures
+PackageSummary: Persistent/Functional/Immutable data structures
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyrsistent@0.19.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:tobias_gustafsson:pyrsistent:0.19.3:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
SPDXID: SPDXRef-Package-44-lib4sbom
-PackageVersion: 0.3.0
+PackageVersion: 0.3.1
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.3.0
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.3.1
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4sbom
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
-PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.3.0:*:*:*:*:*:*:*
+PackageSummary: Software Bill of Material (SBOM) generator and consumer library
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.3.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:*
#####
PackageName: pyyaml
SPDXID: SPDXRef-Package-45-pyyaml
PackageVersion: 6.0
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0
FilesAnalyzed: false
@@ -694,7 +737,7 @@ PackageHomePage: https://pyyaml.org/
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: YAML parser and emitter for Python
+PackageSummary: YAML parser and emitter for Python
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:*
#####
@@ -702,15 +745,16 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:
PackageName: semantic-version
SPDXID: SPDXRef-Package-46-semantic-version
PackageVersion: 2.10.0
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org)
PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0
FilesAnalyzed: false
PackageHomePage: https://github.com/rbarrois/python-semanticversion
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: semantic-version declares BSD which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: A library implementing the 'SemVer' scheme.
+PackageSummary: A library implementing the 'SemVer' scheme.
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/semantic-version@2.10.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*
#####
@@ -718,14 +762,16 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.
PackageName: packaging
SPDXID: SPDXRef-Package-47-packaging
PackageVersion: 21.3
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Donald Stufft and individual contributors (donald@stufft.io)
PackageDownloadLocation: https://pypi.org/project/packaging/21.3
FilesAnalyzed: false
PackageHomePage: https://github.com/pypa/packaging
-PackageLicenseDeclared: BSD-2-Clause or Apache-2.0
-PackageLicenseConcluded: BSD-2-Clause or Apache-2.0
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-2-Clause OR Apache-2.0
+PackageLicenseComments: packaging declares BSD-2-Clause or Apache-2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Core utilities for Python packages
+PackageSummary: Core utilities for Python packages
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packaging@21.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contributors:packaging:21.3:*:*:*:*:*:*:*
#####
@@ -733,6 +779,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut
PackageName: plotly
SPDXID: SPDXRef-Package-48-plotly
PackageVersion: 5.14.1
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
PackageDownloadLocation: https://pypi.org/project/plotly/5.14.1
FilesAnalyzed: false
@@ -740,7 +787,7 @@ PackageHomePage: https://plotly.com/python/
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: An open-source, interactive data visualization library for Python
+PackageSummary: An open-source, interactive data visualization library for Python
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.14.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.14.1:*:*:*:*:*:*:*
#####
@@ -748,15 +795,16 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.14.1:*:*:*:*:*:*:*
PackageName: tenacity
SPDXID: SPDXRef-Package-49-tenacity
PackageVersion: 8.2.2
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.2
FilesAnalyzed: false
PackageHomePage: https://github.com/jd/tenacity
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: tenacity declares Apache 2.0 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Retry code until it succeeds
+PackageSummary: Retry code until it succeeds
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:*
#####
@@ -764,15 +812,16 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*
PackageName: requests
SPDXID: SPDXRef-Package-50-requests
PackageVersion: 2.28.2
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
PackageDownloadLocation: https://pypi.org/project/requests/2.28.2
FilesAnalyzed: false
PackageHomePage: https://requests.readthedocs.io
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: requests declares Apache 2.0 which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Python HTTP for Humans.
+PackageSummary: Python HTTP for Humans.
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.28.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:*
#####
@@ -780,6 +829,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:
PackageName: certifi
SPDXID: SPDXRef-Package-51-certifi
PackageVersion: 2022.12.7
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
PackageDownloadLocation: https://pypi.org/project/certifi/2022.12.7
FilesAnalyzed: false
@@ -787,7 +837,7 @@ PackageHomePage: https://github.com/certifi/python-certifi
PackageLicenseDeclared: MPL-2.0
PackageLicenseConcluded: MPL-2.0
PackageCopyrightText: NOASSERTION
-PackageSummary: Python package for providing Mozilla's CA Bundle.
+PackageSummary: Python package for providing Mozilla's CA Bundle.
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2022.12.7
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:*:*:*:*
#####
@@ -795,6 +845,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:
PackageName: urllib3
SPDXID: SPDXRef-Package-52-urllib3
PackageVersion: 1.26.15
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.15
FilesAnalyzed: false
@@ -802,36 +853,38 @@ PackageHomePage: https://urllib3.readthedocs.io/
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
+PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.15
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:*
#####
PackageName: rich
SPDXID: SPDXRef-Package-53-rich
-PackageVersion: 13.3.3
+PackageVersion: 13.3.4
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.3.3
+PackageDownloadLocation: https://pypi.org/project/rich/13.3.4
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.3:*:*:*:*:*:*:*
+PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.4:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
SPDXID: SPDXRef-Package-54-markdown-it-py
PackageVersion: 2.2.0
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
PackageDownloadLocation: https://pypi.org/project/markdown-it-py/2.2.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
-PackageSummary: Python port of markdown-it. Markdown parsing, done right!
+PackageSummary: Python port of markdown-it. Markdown parsing, done right!
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markdown-it-py@2.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:2.2.0:*:*:*:*:*:*:*
#####
@@ -839,35 +892,37 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:2.2.0:*:*:
PackageName: mdurl
SPDXID: SPDXRef-Package-55-mdurl
PackageVersion: 0.1.2
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
-PackageSummary: Markdown URL utilities
+PackageSummary: Markdown URL utilities
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/mdurl@0.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*
#####
PackageName: pygments
SPDXID: SPDXRef-Package-56-pygments
-PackageVersion: 2.14.0
+PackageVersion: 2.15.1
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
-PackageDownloadLocation: https://pypi.org/project/Pygments/2.14.0
+PackageDownloadLocation: https://pypi.org/project/Pygments/2.15.1
FilesAnalyzed: false
-PackageHomePage: https://pygments.org/
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
-PackageSummary: Pygments is a syntax highlighting package written in Python.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.14.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.14.0:*:*:*:*:*:*:*
+PackageSummary: Pygments is a syntax highlighting package written in Python.
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.15.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*
#####
PackageName: rpmfile
SPDXID: SPDXRef-Package-57-rpmfile
PackageVersion: 1.1.1
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Sean Ross (srossross@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rpmfile/1.1.1
FilesAnalyzed: false
@@ -875,7 +930,7 @@ PackageHomePage: https://github.com/srossross/rpmfile
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: Read rpm archive files
+PackageSummary: Read rpm archive files
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@1.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:*
#####
@@ -883,6 +938,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:*
PackageName: toml
SPDXID: SPDXRef-Package-58-toml
PackageVersion: 0.10.2
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: William Pearson (uiri@xqz.ca)
PackageDownloadLocation: https://pypi.org/project/toml/0.10.2
FilesAnalyzed: false
@@ -890,55 +946,58 @@ PackageHomePage: https://github.com/uiri/toml
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: Python Library for Tom's Obvious, Minimal Language
+PackageSummary: Python Library for Tom's Obvious, Minimal Language
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/toml@0.10.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*
#####
PackageName: xmlschema
SPDXID: SPDXRef-Package-59-xmlschema
-PackageVersion: 2.2.2
+PackageVersion: 2.2.3
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/2.2.2
+PackageDownloadLocation: https://pypi.org/project/xmlschema/2.2.3
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.2.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.2:*:*:*:*:*:*:*
+PackageSummary: An XML Schema validator and decoder
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.2.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
SPDXID: SPDXRef-Package-60-elementpath
-PackageVersion: 4.1.0
+PackageVersion: 4.1.1
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.0
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.1
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.0:*:*:*:*:*:*:*
+PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.1:*:*:*:*:*:*:*
#####
PackageName: zstandard
SPDXID: SPDXRef-Package-61-zstandard
-PackageVersion: 0.20.0
+PackageVersion: 0.21.0
+PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/zstandard/0.20.0
+PackageDownloadLocation: https://pypi.org/project/zstandard/0.21.0
FilesAnalyzed: false
PackageHomePage: https://github.com/indygreg/python-zstandard
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: zstandard declares BSD which is not a valid SPDX License identifier or expression.
+PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Zstandard bindings for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.20.0:*:*:*:*:*:*:*
+PackageSummary: Zstandard bindings for Python
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:*
#####
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool