From f5e2f1602241bb2a89050a03a90efa6b4373c353 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 27 Mar 2023 01:37:15 +0000 Subject: [PATCH] chore: update SBOM for Python 3.7 --- sbom/cve-bin-tool-py3.7.json | 1322 +++++++++++++++++++++++++++++----- sbom/cve-bin-tool-py3.7.spdx | 590 ++++++++------- 2 files changed, 1474 insertions(+), 438 deletions(-) diff --git a/sbom/cve-bin-tool-py3.7.json b/sbom/cve-bin-tool-py3.7.json index 079eac9b38..864f881fa6 100644 --- a/sbom/cve-bin-tool-py3.7.json +++ b/sbom/cve-bin-tool-py3.7.json @@ -2,25 +2,38 @@ "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4", - "serialNumber": "urn:uuid69d552e0-dae3-429f-9ee6-864c1f737fed", + "serialNumber": "urn:uuid1dc61fd9-b3b3-4971-9c38-8f229cd64458", "version": 1, "metadata": { - "timestamp": "2023-01-30T00:30:29Z", + "timestamp": "2023-03-27T01:37:13Z", "tools": [ { "name": "sbom4python", - "version": "0.7.0" + "version": "0.8.0" } - ] + ], + "component": { + "type": "application", + "bom-ref": "CDXRef-DOCUMENT", + "name": "Python-cve-bin-tool" + } }, "components": [ { - "type": "application", + "type": "library", "bom-ref": "1-cve-bin-tool", "name": "cve-bin-tool", "version": "3.2.1.dev0", - "author": "Terri Oda", - "cpe": "cpe:/a:terri_oda:cve-bin-tool:3.2.1.dev0", + "supplier": { + "name": "Terri Oda", + "contact": [ + { + "email": "terri.oda@intel.com" + } + ] + }, + "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.2.1.dev0:*:*:*:*:*:*:*", + "description": "CVE Binary Checker Tool", "licenses": [ { "license": { @@ -29,13 +42,21 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/intel/cve-bin-tool", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/cve-bin-tool@3.2.1.dev0" }, { "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.8.3", + "version": "3.8.4", + "description": "Async http client/server framework (asyncio)", "licenses": [ { "license": { @@ -44,13 +65,21 @@ } } ], - "purl": "pkg:pypi/aiohttp@3.8.3" + "externalReferences": [ + { + "url": "https://github.com/aio-libs/aiohttp", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/aiohttp@3.8.4" }, { "type": "library", "bom-ref": "3-aiosignal", "name": "aiosignal", "version": "1.3.1", + "description": "aiosignal: a list of registered asynchronous callbacks", "licenses": [ { "license": { @@ -59,6 +88,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/aiosignal", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/aiosignal@1.3.1" }, { @@ -66,6 +102,7 @@ "bom-ref": "4-frozenlist", "name": "frozenlist", "version": "1.3.3", + "description": "A list-like structure which implements collections.abc.MutableSequence", "licenses": [ { "license": { @@ -74,6 +111,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/frozenlist", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/frozenlist@1.3.3" }, { @@ -81,8 +125,16 @@ "bom-ref": "5-async-timeout", "name": "async-timeout", "version": "4.0.2", - "author": "Andrew Svetlov", - "cpe": "cpe:/a:andrew_svetlov:async-timeout:4.0.2", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:*", + "description": "Timeout context manager for asyncio programs", "licenses": [ { "license": { @@ -91,24 +143,47 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/async-timeout", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/async-timeout@4.0.2" }, { "type": "library", "bom-ref": "6-typing-extensions", "name": "typing-extensions", - "version": "4.4.0", - "author": "Guido van Jukka ukasz Michael", - "cpe": "cpe:/a:guido_van_jukka_ukasz_michael:typing-extensions:4.4.0", - "purl": "pkg:pypi/typing-extensions@4.4.0" + "version": "4.5.0", + "supplier": { + "name": "Guido van Jukka ukasz Michael", + "contact": [ + { + "email": "levkivskyi@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.5.0:*:*:*:*:*:*:*", + "description": "Backported and Experimental Type Hints for Python 3.7+", + "purl": "pkg:pypi/typing-extensions@4.5.0" }, { "type": "library", "bom-ref": "7-asynctest", "name": "asynctest", "version": "0.13.0", - "author": "Martin Richard", - "cpe": "cpe:/a:martin_richard:asynctest:0.13.0", + "supplier": { + "name": "Martin Richard", + "contact": [ + { + "email": "martius@martiusweb.net" + } + ] + }, + "cpe": "cpe:2.3:a:martin_richard:asynctest:0.13.0:*:*:*:*:*:*:*", + "description": "Enhance the standard unittest package with features for testing asyncio libraries", "licenses": [ { "license": { @@ -117,6 +192,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/Martiusweb/asynctest/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/asynctest@0.13.0" }, { @@ -124,8 +206,16 @@ "bom-ref": "8-attrs", "name": "attrs", "version": "22.2.0", - "author": "Hynek Schlawack", - "cpe": "cpe:/a:hynek_schlawack:attrs:22.2.0", + "supplier": { + "name": "Hynek Schlawack", + "contact": [ + { + "email": "hs@ox.cx" + } + ] + }, + "cpe": "cpe:2.3:a:hynek_schlawack:attrs:22.2.0:*:*:*:*:*:*:*", + "description": "Classes Without Boilerplate", "licenses": [ { "license": { @@ -134,15 +224,30 @@ } } ], + "externalReferences": [ + { + "url": "https://www.attrs.org/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/attrs@22.2.0" }, { "type": "library", "bom-ref": "9-charset-normalizer", "name": "charset-normalizer", - "version": "2.1.1", - "author": "Ahmed TAHRI Ousret", - "cpe": "cpe:/a:ahmed_tahri_ousret:charset-normalizer:2.1.1", + "version": "3.1.0", + "supplier": { + "name": "Ahmed TAHRI", + "contact": [ + { + "email": "ahmed.tahri@cloudnursery.dev" + } + ] + }, + "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.1.0:*:*:*:*:*:*:*", + "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", "licenses": [ { "license": { @@ -151,15 +256,30 @@ } } ], - "purl": "pkg:pypi/charset-normalizer@2.1.1" + "externalReferences": [ + { + "url": "https://github.com/Ousret/charset_normalizer", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/charset-normalizer@3.1.0" }, { "type": "library", "bom-ref": "10-multidict", "name": "multidict", "version": "6.0.4", - "author": "Andrew Svetlov", - "cpe": "cpe:/a:andrew_svetlov:multidict:6.0.4", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:*:*:*:*", + "description": "multidict implementation", "licenses": [ { "license": { @@ -168,6 +288,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/multidict", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/multidict@6.0.4" }, { @@ -175,8 +302,16 @@ "bom-ref": "11-yarl", "name": "yarl", "version": "1.8.2", - "author": "Andrew Svetlov", - "cpe": "cpe:/a:andrew_svetlov:yarl:1.8.2", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.8.2:*:*:*:*:*:*:*", + "description": "Yet another URL library", "licenses": [ { "license": { @@ -185,6 +320,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/yarl/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/yarl@1.8.2" }, { @@ -192,17 +334,33 @@ "bom-ref": "12-idna", "name": "idna", "version": "3.4", - "author": "Kim Davies", - "cpe": "cpe:/a:kim_davies:idna:3.4", + "supplier": { + "name": "Kim Davies", + "contact": [ + { + "email": "kim@cynosure.com.au" + } + ] + }, + "cpe": "cpe:2.3:a:kim_davies:idna:3.4:*:*:*:*:*:*:*", + "description": "Internationalized Domain Names in Applications (IDNA)", "purl": "pkg:pypi/idna@3.4" }, { "type": "library", "bom-ref": "13-beautifulsoup4", "name": "beautifulsoup4", - "version": "4.11.1", - "author": "Leonard Richardson", - "cpe": "cpe:/a:leonard_richardson:beautifulsoup4:4.11.1", + "version": "4.12.0", + "supplier": { + "name": "Leonard Richardson", + "contact": [ + { + "email": "leonardr@segfault.org" + } + ] + }, + "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.0:*:*:*:*:*:*:*", + "description": "Screen-scraping library", "licenses": [ { "license": { @@ -211,24 +369,61 @@ } } ], - "purl": "pkg:pypi/beautifulsoup4@4.11.1" + "externalReferences": [ + { + "url": "https://www.crummy.com/software/BeautifulSoup/bs4/", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/beautifulsoup4@4.12.0" }, { "type": "library", "bom-ref": "14-soupsieve", "name": "soupsieve", - "version": "2.3.2.post1", - "author": "Isaac Muse", - "cpe": "cpe:/a:isaac_muse:soupsieve:2.3.2.post1", - "purl": "pkg:pypi/soupsieve@2.3.2.post1" + "version": "2.4", + "supplier": { + "name": "Isaac Muse", + "contact": [ + { + "email": "use@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.4:*:*:*:*:*:*:*", + "description": "A modern CSS selector implementation for Beautiful Soup.", + "purl": "pkg:pypi/soupsieve@2.4" }, { "type": "library", "bom-ref": "15-cvss", "name": "cvss", "version": "2.6", - "author": "Stanislav Red Hat Product Security", - "cpe": "cpe:/a:stanislav_red_hat_product_security:cvss:2.6", + "supplier": { + "name": "Stanislav Red Hat Product Security", + "contact": [ + { + "email": "skontar@redhat.com" + } + ] + }, + "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:2.6:*:*:*:*:*:*:*", + "description": "CVSS2/3 library with interactive calculator for Python 2 and Python 3", + "licenses": [ + { + "license": { + "name": "LGPLv3+" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/RedHatProductSecurity/cvss", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/cvss@2.6" }, { @@ -236,8 +431,30 @@ "bom-ref": "16-defusedxml", "name": "defusedxml", "version": "0.7.1", - "author": "Christian Heimes", - "cpe": "cpe:/a:christian_heimes:defusedxml:0.7.1", + "supplier": { + "name": "Christian Heimes", + "contact": [ + { + "email": "christian@python.org" + } + ] + }, + "cpe": "cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*", + "description": "XML bomb protection for Python stdlib modules", + "licenses": [ + { + "license": { + "name": "PSFL" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/tiran/defusedxml", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/defusedxml@0.7.1" }, { @@ -245,8 +462,16 @@ "bom-ref": "17-distro", "name": "distro", "version": "1.8.0", - "author": "Nir Cohen", - "cpe": "cpe:/a:nir_cohen:distro:1.8.0", + "supplier": { + "name": "Nir Cohen", + "contact": [ + { + "email": "nir36g@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:*", + "description": "Distro - an OS platform information API", "licenses": [ { "license": { @@ -255,15 +480,30 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/python-distro/distro", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/distro@1.8.0" }, { "type": "library", "bom-ref": "18-gsutil", "name": "gsutil", - "version": "5.19", - "author": "Google Inc.", - "cpe": "cpe:/a:google_inc.:gsutil:5.19", + "version": "5.21", + "supplier": { + "name": "Google Inc.", + "contact": [ + { + "email": "buganizer-system+187143@google.com" + } + ] + }, + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.21:*:*:*:*:*:*:*", + "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { "license": { @@ -272,15 +512,30 @@ } } ], - "purl": "pkg:pypi/gsutil@5.19" + "externalReferences": [ + { + "url": "https://cloud.google.com/storage/docs/gsutil", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/gsutil@5.21" }, { "type": "library", "bom-ref": "19-argcomplete", "name": "argcomplete", - "version": "2.0.0", - "author": "Andrey Kislyuk", - "cpe": "cpe:/a:andrey_kislyuk:argcomplete:2.0.0", + "version": "3.0.5", + "supplier": { + "name": "Andrey Kislyuk", + "contact": [ + { + "email": "kislyuk@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.5:*:*:*:*:*:*:*", + "description": "Bash tab completion for argparse", "licenses": [ { "license": { @@ -289,33 +544,78 @@ } } ], - "purl": "pkg:pypi/argcomplete@2.0.0" + "externalReferences": [ + { + "url": "https://github.com/kislyuk/argcomplete", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/argcomplete@3.0.5" }, { "type": "library", "bom-ref": "20-importlib-metadata", "name": "importlib-metadata", - "version": "4.13.0", - "author": "Jason R. Coombs", - "cpe": "cpe:/a:jason_r._coombs:importlib-metadata:4.13.0", - "purl": "pkg:pypi/importlib-metadata@4.13.0" + "version": "5.2.0", + "supplier": { + "name": "Jason R. Coombs", + "contact": [ + { + "email": "jaraco@jaraco.com" + } + ] + }, + "cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:5.2.0:*:*:*:*:*:*:*", + "description": "Read metadata from Python packages", + "externalReferences": [ + { + "url": "https://github.com/python/importlib_metadata", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/importlib-metadata@5.2.0" }, { "type": "library", "bom-ref": "21-zipp", "name": "zipp", - "version": "3.12.0", - "author": "Jason R. Coombs", - "cpe": "cpe:/a:jason_r._coombs:zipp:3.12.0", - "purl": "pkg:pypi/zipp@3.12.0" + "version": "3.15.0", + "supplier": { + "name": "Jason R. Coombs", + "contact": [ + { + "email": "jaraco@jaraco.com" + } + ] + }, + "cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.15.0:*:*:*:*:*:*:*", + "description": "Backport of pathlib-compatible object wrapper for zip files", + "externalReferences": [ + { + "url": "https://github.com/jaraco/zipp", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/zipp@3.15.0" }, { "type": "library", "bom-ref": "22-crcmod", "name": "crcmod", "version": "1.7", - "author": "Ray Buvel", - "cpe": "cpe:/a:ray_buvel:crcmod:1.7", + "supplier": { + "name": "Ray Buvel", + "contact": [ + { + "email": "rlbuvel@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*", + "description": "CRC Generator", "licenses": [ { "license": { @@ -324,6 +624,13 @@ } } ], + "externalReferences": [ + { + "url": "http://crcmod.sourceforge.net/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/crcmod@1.7" }, { @@ -331,8 +638,25 @@ "bom-ref": "23-fasteners", "name": "fasteners", "version": "0.18", - "author": "Joshua Harlow", - "cpe": "cpe:/a:joshua_harlow:fasteners:0.18", + "supplier": { + "name": "Joshua Harlow" + }, + "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:*", + "description": "A python package that provides useful locks", + "licenses": [ + { + "license": { + "name": "ASL 2.0" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/harlowja/fasteners", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/fasteners@0.18" }, { @@ -340,8 +664,16 @@ "bom-ref": "24-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.0", - "author": "Google Inc.", - "cpe": "cpe:/a:google_inc.:gcs-oauth2-boto-plugin:3.0", + "supplier": { + "name": "Google Inc.", + "contact": [ + { + "email": "gs-team@google.com" + } + ] + }, + "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*", + "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.", "licenses": [ { "license": { @@ -350,6 +682,13 @@ } } ], + "externalReferences": [ + { + "url": "https://developers.google.com/storage/docs/gspythonlibrary", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.0" }, { @@ -357,8 +696,16 @@ "bom-ref": "25-boto", "name": "boto", "version": "2.49.0", - "author": "Mitch Garnaat", - "cpe": "cpe:/a:mitch_garnaat:boto:2.49.0", + "supplier": { + "name": "Mitch Garnaat", + "contact": [ + { + "email": "mitch@garnaat.com" + } + ] + }, + "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*", + "description": "Amazon Web Services Library", "licenses": [ { "license": { @@ -367,6 +714,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/boto/boto/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/boto@2.49.0" }, { @@ -374,8 +728,16 @@ "bom-ref": "26-google-reauth", "name": "google-reauth", "version": "0.1.1", - "author": "Google", - "cpe": "cpe:/a:google:google-reauth:0.1.1", + "supplier": { + "name": "Google", + "contact": [ + { + "email": "googleapis-publisher@google.com" + } + ] + }, + "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", + "description": "Google Reauth Library", "licenses": [ { "license": { @@ -384,6 +746,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/Google/google-reauth-python", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/google-reauth@0.1.1" }, { @@ -391,8 +760,16 @@ "bom-ref": "27-pyu2f", "name": "pyu2f", "version": "0.1.5", - "author": "Google Inc.", - "cpe": "cpe:/a:google_inc.:pyu2f:0.1.5", + "supplier": { + "name": "Google Inc.", + "contact": [ + { + "email": "pyu2f-team@google.com" + } + ] + }, + "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", + "description": "U2F host library for interacting with a U2F device over USB.", "licenses": [ { "license": { @@ -401,6 +778,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/google/pyu2f/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/pyu2f@0.1.5" }, { @@ -408,8 +792,16 @@ "bom-ref": "28-six", "name": "six", "version": "1.16.0", - "author": "Benjamin Peterson", - "cpe": "cpe:/a:benjamin_peterson:six:1.16.0", + "supplier": { + "name": "Benjamin Peterson", + "contact": [ + { + "email": "benjamin@python.org" + } + ] + }, + "cpe": "cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*", + "description": "Python 2 and 3 compatibility utilities", "licenses": [ { "license": { @@ -418,6 +810,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/benjaminp/six", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/six@1.16.0" }, { @@ -425,8 +824,16 @@ "bom-ref": "29-httplib2", "name": "httplib2", "version": "0.20.4", - "author": "Joe Gregorio", - "cpe": "cpe:/a:joe_gregorio:httplib2:0.20.4", + "supplier": { + "name": "Joe Gregorio", + "contact": [ + { + "email": "joe@bitworking.org" + } + ] + }, + "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", + "description": "A comprehensive HTTP client library.", "licenses": [ { "license": { @@ -435,6 +842,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/httplib2/httplib2", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/httplib2@0.20.4" }, { @@ -442,8 +856,16 @@ "bom-ref": "30-pyparsing", "name": "pyparsing", "version": "3.0.9", - "author": "Paul McGuire", - "cpe": "cpe:/a:paul_mcguire:pyparsing:3.0.9", + "supplier": { + "name": "Paul McGuire", + "contact": [ + { + "email": "ptmcg.gm+pyparsing@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.0.9:*:*:*:*:*:*:*", + "description": "pyparsing module - Classes and methods to define and execute parsing grammars", "purl": "pkg:pypi/pyparsing@3.0.9" }, { @@ -451,8 +873,16 @@ "bom-ref": "31-oauth2client", "name": "oauth2client", "version": "4.1.3", - "author": "Google Inc.", - "cpe": "cpe:/a:google_inc.:oauth2client:4.1.3", + "supplier": { + "name": "Google Inc.", + "contact": [ + { + "email": "jonwayne+oauth2client@google.com" + } + ] + }, + "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", + "description": "OAuth 2.0 client library", "licenses": [ { "license": { @@ -461,6 +891,13 @@ } } ], + "externalReferences": [ + { + "url": "http://github.com/google/oauth2client/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/oauth2client@4.1.3" }, { @@ -468,8 +905,30 @@ "bom-ref": "32-pyasn1", "name": "pyasn1", "version": "0.4.8", - "author": "Ilya Etingof", - "cpe": "cpe:/a:ilya_etingof:pyasn1:0.4.8", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.4.8:*:*:*:*:*:*:*", + "description": "ASN.1 types and codecs", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/etingof/pyasn1", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/pyasn1@0.4.8" }, { @@ -477,8 +936,16 @@ "bom-ref": "33-pyasn1-modules", "name": "pyasn1-modules", "version": "0.2.8", - "author": "Ilya Etingof", - "cpe": "cpe:/a:ilya_etingof:pyasn1-modules:0.2.8", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.2.8:*:*:*:*:*:*:*", + "description": "A collection of ASN.1-based protocols modules.", "licenses": [ { "license": { @@ -487,6 +954,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/etingof/pyasn1-modules", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/pyasn1-modules@0.2.8" }, { @@ -494,17 +968,47 @@ "bom-ref": "34-rsa", "name": "rsa", "version": "4.7.2", - "author": "Sybren A. Stuvel", - "cpe": "cpe:/a:sybren_a._stuvel:rsa:4.7.2", + "supplier": { + "name": "Sybren A. Stuvel", + "contact": [ + { + "email": "sybren@stuvel.eu" + } + ] + }, + "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", + "description": "Pure-Python RSA implementation", + "licenses": [ + { + "license": { + "name": "ASL 2" + } + } + ], + "externalReferences": [ + { + "url": "https://stuvel.eu/rsa", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/rsa@4.7.2" }, { "type": "library", "bom-ref": "35-pyopenssl", "name": "pyopenssl", - "version": "23.0.0", - "author": "The pyOpenSSL developers", - "cpe": "cpe:/a:the_pyopenssl_developers:pyopenssl:23.0.0", + "version": "23.1.0", + "supplier": { + "name": "The pyOpenSSL developers", + "contact": [ + { + "email": "cryptography-dev@python.org" + } + ] + }, + "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.1.0:*:*:*:*:*:*:*", + "description": "Python wrapper module around the OpenSSL library", "licenses": [ { "license": { @@ -513,24 +1017,61 @@ } } ], - "purl": "pkg:pypi/pyopenssl@23.0.0" + "externalReferences": [ + { + "url": "https://pyopenssl.org/", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/pyopenssl@23.1.0" }, { "type": "library", "bom-ref": "36-cryptography", "name": "cryptography", - "version": "39.0.0", - "author": "The Python Cryptographic Authority and individual contributors", - "cpe": "cpe:/a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.0", - "purl": "pkg:pypi/cryptography@39.0.0" + "version": "40.0.1", + "supplier": { + "name": "The Python Cryptographic Authority and individual contributors", + "contact": [ + { + "email": "cryptography-dev@python.org" + } + ] + }, + "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:40.0.1:*:*:*:*:*:*:*", + "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", + "licenses": [ + { + "license": { + "name": "(Apache-2.0 OR BSD-3-Clause) AND PSF-2.0" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/pyca/cryptography", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/cryptography@40.0.1" }, { "type": "library", "bom-ref": "37-cffi", "name": "cffi", "version": "1.15.1", - "author": "Armin Maciej Fijalkowski", - "cpe": "cpe:/a:armin_maciej_fijalkowski:cffi:1.15.1", + "supplier": { + "name": "Armin Maciej Fijalkowski", + "contact": [ + { + "email": "python-cffi@googlegroups.com" + } + ] + }, + "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.15.1:*:*:*:*:*:*:*", + "description": "Foreign Function Interface for Python calling C code.", "licenses": [ { "license": { @@ -539,6 +1080,13 @@ } } ], + "externalReferences": [ + { + "url": "http://cffi.readthedocs.org", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/cffi@1.15.1" }, { @@ -546,8 +1094,30 @@ "bom-ref": "38-pycparser", "name": "pycparser", "version": "2.21", - "author": "Eli Bendersky", - "cpe": "cpe:/a:eli_bendersky:pycparser:2.21", + "supplier": { + "name": "Eli Bendersky", + "contact": [ + { + "email": "eliben@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.21:*:*:*:*:*:*:*", + "description": "C parser in Python", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/eliben/pycparser", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/pycparser@2.21" }, { @@ -555,8 +1125,16 @@ "bom-ref": "39-retry-decorator", "name": "retry-decorator", "version": "1.1.1", - "author": "Patrick Ng", - "cpe": "cpe:/a:patrick_ng:retry-decorator:1.1.1", + "supplier": { + "name": "Patrick Ng", + "contact": [ + { + "email": "pn.appdev@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*", + "description": "Retry Decorator", "licenses": [ { "license": { @@ -565,6 +1143,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/pnpnpn/retry-decorator", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/retry-decorator@1.1.1" }, { @@ -572,8 +1157,16 @@ "bom-ref": "40-google-apitools", "name": "google-apitools", "version": "0.5.32", - "author": "Craig Citro", - "cpe": "cpe:/a:craig_citro:google-apitools:0.5.32", + "supplier": { + "name": "Craig Citro", + "contact": [ + { + "email": "craigcitro@google.com" + } + ] + }, + "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*", + "description": "client libraries for humans", "licenses": [ { "license": { @@ -582,15 +1175,30 @@ } } ], + "externalReferences": [ + { + "url": "http://github.com/google/apitools", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/google-apitools@0.5.32" }, { "type": "library", "bom-ref": "41-google-auth", "name": "google-auth", - "version": "2.16.0", - "author": "Google Cloud Platform", - "cpe": "cpe:/a:google_cloud_platform:google-auth:2.16.0", + "version": "2.16.3", + "supplier": { + "name": "Google Cloud Platform", + "contact": [ + { + "email": "googleapis-packages@google.com" + } + ] + }, + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.16.3:*:*:*:*:*:*:*", + "description": "Google Authentication Library", "licenses": [ { "license": { @@ -599,15 +1207,30 @@ } } ], - "purl": "pkg:pypi/google-auth@2.16.0" + "externalReferences": [ + { + "url": "https://github.com/googleapis/google-auth-library-python", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/google-auth@2.16.3" }, { "type": "library", "bom-ref": "42-cachetools", "name": "cachetools", "version": "5.3.0", - "author": "Thomas Kemmer", - "cpe": "cpe:/a:thomas_kemmer:cachetools:5.3.0", + "supplier": { + "name": "Thomas Kemmer", + "contact": [ + { + "email": "tkemmer@computer.org" + } + ] + }, + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.0:*:*:*:*:*:*:*", + "description": "Extensible memoizing collections and decorators", "licenses": [ { "license": { @@ -616,6 +1239,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/tkem/cachetools/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/cachetools@5.3.0" }, { @@ -623,26 +1253,71 @@ "bom-ref": "43-monotonic", "name": "monotonic", "version": "1.6", - "author": "Ori Livneh", - "cpe": "cpe:/a:ori_livneh:monotonic:1.6", + "supplier": { + "name": "Ori Livneh", + "contact": [ + { + "email": "ori@wikimedia.org" + } + ] + }, + "cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*", + "description": "An implementation of time.monotonic() for Python 2 & < 3.3", + "licenses": [ + { + "license": { + "name": "Apache" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/atdt/monotonic", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/monotonic@1.6" }, { "type": "library", "bom-ref": "44-importlib-resources", "name": "importlib-resources", - "version": "5.10.2", - "author": "Barry Warsaw", - "cpe": "cpe:/a:barry_warsaw:importlib-resources:5.10.2", - "purl": "pkg:pypi/importlib-resources@5.10.2" + "version": "5.12.0", + "supplier": { + "name": "Barry Warsaw", + "contact": [ + { + "email": "barry@python.org" + } + ] + }, + "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:5.12.0:*:*:*:*:*:*:*", + "description": "Read resources from Python packages", + "externalReferences": [ + { + "url": "https://github.com/python/importlib_resources", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/importlib-resources@5.12.0" }, { "type": "library", "bom-ref": "45-jinja2", "name": "jinja2", "version": "3.1.2", - "author": "Armin Ronacher", - "cpe": "cpe:/a:armin_ronacher:jinja2:3.1.2", + "supplier": { + "name": "Armin Ronacher", + "contact": [ + { + "email": "armin.ronacher@active-4.com" + } + ] + }, + "cpe": "cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*:*:*", + "description": "A very fast and expressive template engine.", "licenses": [ { "license": { @@ -651,6 +1326,13 @@ } } ], + "externalReferences": [ + { + "url": "https://palletsprojects.com/p/jinja/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/jinja2@3.1.2" }, { @@ -658,8 +1340,16 @@ "bom-ref": "46-markupsafe", "name": "markupsafe", "version": "2.1.2", - "author": "Armin Ronacher", - "cpe": "cpe:/a:armin_ronacher:markupsafe:2.1.2", + "supplier": { + "name": "Armin Ronacher", + "contact": [ + { + "email": "armin.ronacher@active-4.com" + } + ] + }, + "cpe": "cpe:2.3:a:armin_ronacher:markupsafe:2.1.2:*:*:*:*:*:*:*", + "description": "Safely add untrusted strings to HTML/XML markup.", "licenses": [ { "license": { @@ -668,6 +1358,13 @@ } } ], + "externalReferences": [ + { + "url": "https://palletsprojects.com/p/markupsafe/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/markupsafe@2.1.2" }, { @@ -675,8 +1372,11 @@ "bom-ref": "47-jsonschema", "name": "jsonschema", "version": "4.17.3", - "author": "Julian Berman", - "cpe": "cpe:/a:julian_berman:jsonschema:4.17.3", + "supplier": { + "name": "Julian Berman" + }, + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.17.3:*:*:*:*:*:*:*", + "description": "An implementation of JSON Schema validation for Python", "licenses": [ { "license": { @@ -692,8 +1392,23 @@ "bom-ref": "48-pkgutil-resolve-name", "name": "pkgutil-resolve-name", "version": "1.3.10", - "author": "Vinay Sajip", - "cpe": "cpe:/a:vinay_sajip:pkgutil-resolve-name:1.3.10", + "supplier": { + "name": "Vinay Sajip", + "contact": [ + { + "email": "vinay_sajip@yahoo.co.uk" + } + ] + }, + "cpe": "cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.10:*:*:*:*:*:*:*", + "description": "Resolve a name to an object.", + "externalReferences": [ + { + "url": "https://github.com/graingert/pkgutil-resolve-name", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/pkgutil-resolve-name@1.3.10" }, { @@ -701,8 +1416,16 @@ "bom-ref": "49-pyrsistent", "name": "pyrsistent", "version": "0.19.3", - "author": "Tobias Gustafsson", - "cpe": "cpe:/a:tobias_gustafsson:pyrsistent:0.19.3", + "supplier": { + "name": "Tobias Gustafsson", + "contact": [ + { + "email": "tobias.l.gustafsson@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:tobias_gustafsson:pyrsistent:0.19.3:*:*:*:*:*:*:*", + "description": "Persistent/Functional/Immutable data structures", "licenses": [ { "license": { @@ -711,6 +1434,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/tobgu/pyrsistent/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/pyrsistent@0.19.3" }, { @@ -718,17 +1448,47 @@ "bom-ref": "50-packaging", "name": "packaging", "version": "21.3", - "author": "Donald Stufft and individual contributors", - "cpe": "cpe:/a:donald_stufft_and_individual_contributors:packaging:21.3", + "supplier": { + "name": "Donald Stufft and individual contributors", + "contact": [ + { + "email": "donald@stufft.io" + } + ] + }, + "cpe": "cpe:2.3:a:donald_stufft_and_individual_contributors:packaging:21.3:*:*:*:*:*:*:*", + "description": "Core utilities for Python packages", + "licenses": [ + { + "license": { + "name": "BSD-2-Clause or Apache-2.0" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/pypa/packaging", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/packaging@21.3" }, { "type": "library", "bom-ref": "51-plotly", "name": "plotly", - "version": "5.13.0", - "author": "Chris P", - "cpe": "cpe:/a:chris_p:plotly:5.13.0", + "version": "5.13.1", + "supplier": { + "name": "Chris P", + "contact": [ + { + "email": "chris@plot.ly" + } + ] + }, + "cpe": "cpe:2.3:a:chris_p:plotly:5.13.1:*:*:*:*:*:*:*", + "description": "An open-source, interactive data visualization library for Python", "licenses": [ { "license": { @@ -737,15 +1497,30 @@ } } ], - "purl": "pkg:pypi/plotly@5.13.0" + "externalReferences": [ + { + "url": "https://plotly.com/python/", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/plotly@5.13.1" }, { "type": "library", "bom-ref": "52-tenacity", "name": "tenacity", - "version": "8.1.0", - "author": "Julien Danjou", - "cpe": "cpe:/a:julien_danjou:tenacity:8.1.0", + "version": "8.2.2", + "supplier": { + "name": "Julien Danjou", + "contact": [ + { + "email": "julien@danjou.info" + } + ] + }, + "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:*", + "description": "Retry code until it succeeds", "licenses": [ { "license": { @@ -754,15 +1529,30 @@ } } ], - "purl": "pkg:pypi/tenacity@8.1.0" + "externalReferences": [ + { + "url": "https://github.com/jd/tenacity", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/tenacity@8.2.2" }, { "type": "library", "bom-ref": "53-pyyaml", "name": "pyyaml", "version": "6.0", - "author": "Kirill Simonov", - "cpe": "cpe:/a:kirill_simonov:pyyaml:6.0", + "supplier": { + "name": "Kirill Simonov", + "contact": [ + { + "email": "xi@resolvent.net" + } + ] + }, + "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:*", + "description": "YAML parser and emitter for Python", "licenses": [ { "license": { @@ -771,6 +1561,13 @@ } } ], + "externalReferences": [ + { + "url": "https://pyyaml.org/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/pyyaml@6.0" }, { @@ -778,8 +1575,16 @@ "bom-ref": "54-requests", "name": "requests", "version": "2.28.2", - "author": "Kenneth Reitz", - "cpe": "cpe:/a:kenneth_reitz:requests:2.28.2", + "supplier": { + "name": "Kenneth Reitz", + "contact": [ + { + "email": "me@kennethreitz.org" + } + ] + }, + "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:*", + "description": "Python HTTP for Humans.", "licenses": [ { "license": { @@ -788,6 +1593,13 @@ } } ], + "externalReferences": [ + { + "url": "https://requests.readthedocs.io", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/requests@2.28.2" }, { @@ -795,8 +1607,16 @@ "bom-ref": "55-certifi", "name": "certifi", "version": "2022.12.7", - "author": "Kenneth Reitz", - "cpe": "cpe:/a:kenneth_reitz:certifi:2022.12.7", + "supplier": { + "name": "Kenneth Reitz", + "contact": [ + { + "email": "me@kennethreitz.com" + } + ] + }, + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:*:*:*:*", + "description": "Python package for providing Mozilla's CA Bundle.", "licenses": [ { "license": { @@ -805,15 +1625,30 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/certifi/python-certifi", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/certifi@2022.12.7" }, { "type": "library", "bom-ref": "56-urllib3", "name": "urllib3", - "version": "1.26.14", - "author": "Andrey Petrov", - "cpe": "cpe:/a:andrey_petrov:urllib3:1.26.14", + "version": "1.26.15", + "supplier": { + "name": "Andrey Petrov", + "contact": [ + { + "email": "andrey.petrov@shazow.net" + } + ] + }, + "cpe": "cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:*", + "description": "HTTP library with thread-safe connection pooling, file post, and more.", "licenses": [ { "license": { @@ -822,15 +1657,30 @@ } } ], - "purl": "pkg:pypi/urllib3@1.26.14" + "externalReferences": [ + { + "url": "https://urllib3.readthedocs.io/", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/urllib3@1.26.15" }, { "type": "library", "bom-ref": "57-rich", "name": "rich", - "version": "13.3.1", - "author": "Will McGugan", - "cpe": "cpe:/a:will_mcgugan:rich:13.3.1", + "version": "13.3.2", + "supplier": { + "name": "Will McGugan", + "contact": [ + { + "email": "willmcgugan@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.2:*:*:*:*:*:*:*", + "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { "license": { @@ -839,24 +1689,47 @@ } } ], - "purl": "pkg:pypi/rich@13.3.1" + "externalReferences": [ + { + "url": "https://github.com/Textualize/rich", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/rich@13.3.2" }, { "type": "library", "bom-ref": "58-markdown-it-py", "name": "markdown-it-py", - "version": "2.1.0", - "author": "Chris Sewell", - "cpe": "cpe:/a:chris_sewell:markdown-it-py:2.1.0", - "purl": "pkg:pypi/markdown-it-py@2.1.0" + "version": "2.2.0", + "supplier": { + "name": "Chris Sewell", + "contact": [ + { + "email": "chrisj_sewell@hotmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:chris_sewell:markdown-it-py:2.2.0:*:*:*:*:*:*:*", + "description": "Python port of markdown-it. Markdown parsing, done right!", + "purl": "pkg:pypi/markdown-it-py@2.2.0" }, { "type": "library", "bom-ref": "59-mdurl", "name": "mdurl", "version": "0.1.2", - "author": "Taneli Hukkinen", - "cpe": "cpe:/a:taneli_hukkinen:mdurl:0.1.2", + "supplier": { + "name": "Taneli Hukkinen", + "contact": [ + { + "email": "hukkin@users.noreply.github.com" + } + ] + }, + "cpe": "cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*", + "description": "Markdown URL utilities", "purl": "pkg:pypi/mdurl@0.1.2" }, { @@ -864,8 +1737,16 @@ "bom-ref": "60-pygments", "name": "pygments", "version": "2.14.0", - "author": "Georg Brandl", - "cpe": "cpe:/a:georg_brandl:pygments:2.14.0", + "supplier": { + "name": "Georg Brandl", + "contact": [ + { + "email": "georg@python.org" + } + ] + }, + "cpe": "cpe:2.3:a:georg_brandl:pygments:2.14.0:*:*:*:*:*:*:*", + "description": "Pygments is a syntax highlighting package written in Python.", "licenses": [ { "license": { @@ -874,15 +1755,30 @@ } } ], + "externalReferences": [ + { + "url": "https://pygments.org/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/pygments@2.14.0" }, { "type": "library", "bom-ref": "61-rpmfile", "name": "rpmfile", - "version": "1.0.8", - "author": "Sean Ross", - "cpe": "cpe:/a:sean_ross:rpmfile:1.0.8", + "version": "1.1.1", + "supplier": { + "name": "Sean Ross", + "contact": [ + { + "email": "srossross@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:*", + "description": "Read rpm archive files", "licenses": [ { "license": { @@ -891,15 +1787,30 @@ } } ], - "purl": "pkg:pypi/rpmfile@1.0.8" + "externalReferences": [ + { + "url": "https://github.com/srossross/rpmfile", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/rpmfile@1.1.1" }, { "type": "library", "bom-ref": "62-toml", "name": "toml", "version": "0.10.2", - "author": "William Pearson", - "cpe": "cpe:/a:william_pearson:toml:0.10.2", + "supplier": { + "name": "William Pearson", + "contact": [ + { + "email": "uiri@xqz.ca" + } + ] + }, + "cpe": "cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*", + "description": "Python Library for Tom's Obvious, Minimal Language", "licenses": [ { "license": { @@ -908,15 +1819,30 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/uiri/toml", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/toml@0.10.2" }, { "type": "library", "bom-ref": "63-xmlschema", "name": "xmlschema", - "version": "2.1.1", - "author": "Davide Brunato", - "cpe": "cpe:/a:davide_brunato:xmlschema:2.1.1", + "version": "2.2.2", + "supplier": { + "name": "Davide Brunato", + "contact": [ + { + "email": "brunato@sissa.it" + } + ] + }, + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.2.2:*:*:*:*:*:*:*", + "description": "An XML Schema validator and decoder", "licenses": [ { "license": { @@ -925,15 +1851,30 @@ } } ], - "purl": "pkg:pypi/xmlschema@2.1.1" + "externalReferences": [ + { + "url": "https://github.com/sissaschool/xmlschema", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/xmlschema@2.2.2" }, { "type": "library", "bom-ref": "64-elementpath", "name": "elementpath", - "version": "3.0.2", - "author": "Davide Brunato", - "cpe": "cpe:/a:davide_brunato:elementpath:3.0.2", + "version": "4.1.0", + "supplier": { + "name": "Davide Brunato", + "contact": [ + { + "email": "brunato@sissa.it" + } + ] + }, + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.0:*:*:*:*:*:*:*", + "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", "licenses": [ { "license": { @@ -942,19 +1883,54 @@ } } ], - "purl": "pkg:pypi/elementpath@3.0.2" + "externalReferences": [ + { + "url": "https://github.com/sissaschool/elementpath", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/elementpath@4.1.0" }, { "type": "library", "bom-ref": "65-zstandard", "name": "zstandard", - "version": "0.19.0", - "author": "Gregory Szorc", - "cpe": "cpe:/a:gregory_szorc:zstandard:0.19.0", - "purl": "pkg:pypi/zstandard@0.19.0" + "version": "0.20.0", + "supplier": { + "name": "Gregory Szorc", + "contact": [ + { + "email": "gregory.szorc@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.20.0:*:*:*:*:*:*:*", + "description": "Zstandard bindings for Python", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/indygreg/python-zstandard", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/zstandard@0.20.0" } ], "dependencies": [ + { + "ref": "CDXRef-DOCUMENT", + "dependsOn": [ + "1-cve-bin-tool" + ] + }, { "ref": "1-cve-bin-tool", "dependsOn": [ diff --git a/sbom/cve-bin-tool-py3.7.spdx b/sbom/cve-bin-tool-py3.7.spdx index 22844b00ff..bde11f0d8c 100644 --- a/sbom/cve-bin-tool-py3.7.spdx +++ b/sbom/cve-bin-tool-py3.7.spdx @@ -1,919 +1,979 @@ -SPDXVersion: SPDX-2.2 +SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT -DocumentName: cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-92f90c95-1e13-4d19-8a0a-7fcc95cf4327 -LicenseListVersion: 3.18 -Creator: Tool: sbom4python-0.7.0 -Created: 2023-01-30T00:29:00Z +DocumentName: Python-cve-bin-tool +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3485ed6d-66a8-44f0-bb1c-65fba872eaac +LicenseListVersion: 3.20 +Creator: Tool: sbom4python-0.8.0 +Created: 2023-03-27T01:35:40Z CreatorComment: This document has been automatically generated. ##### PackageName: cve-bin-tool SPDXID: SPDXRef-Package-1-cve-bin-tool -PackageSupplier: Person: Terri Oda (terri.oda@intel.com) PackageVersion: 3.2.1.dev0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Terri Oda (terri.oda@intel.com) +PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.2.1.dev0 FilesAnalyzed: false -##### Reported license GPL-3.0-or-later +PackageHomePage: https://github.com/intel/cve-bin-tool PackageLicenseConcluded: GPL-3.0-or-later PackageLicenseDeclared: GPL-3.0-or-later PackageCopyrightText: NOASSERTION +PackageSummary: CVE Binary Checker Tool ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.2.1.dev0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.1.dev0:*:*:*:*:*:*:* ##### PackageName: aiohttp SPDXID: SPDXRef-Package-2-aiohttp +PackageVersion: 3.8.4 PackageSupplier: NOASSERTION -PackageVersion: 3.8.3 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.8.4 FilesAnalyzed: false -##### Reported license Apache 2 +PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.3 +PackageSummary: Async http client/server framework (asyncio) +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.4 ##### PackageName: aiosignal SPDXID: SPDXRef-Package-3-aiosignal -PackageSupplier: NOASSERTION PackageVersion: 1.3.1 -PackageDownloadLocation: NOASSERTION +PackageSupplier: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: https://github.com/aio-libs/aiosignal PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: aiosignal: a list of registered asynchronous callbacks ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.3.1 ##### PackageName: frozenlist SPDXID: SPDXRef-Package-4-frozenlist -PackageSupplier: NOASSERTION PackageVersion: 1.3.3 -PackageDownloadLocation: NOASSERTION +PackageSupplier: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/frozenlist/1.3.3 FilesAnalyzed: false -##### Reported license Apache 2 +PackageHomePage: https://github.com/aio-libs/frozenlist PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: A list-like structure which implements collections.abc.MutableSequence ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.3.3 ##### PackageName: async-timeout SPDXID: SPDXRef-Package-5-async-timeout -PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) PackageVersion: 4.0.2 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.2 FilesAnalyzed: false -##### Reported license Apache 2 +PackageHomePage: https://github.com/aio-libs/async-timeout PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: Timeout context manager for asyncio programs ExternalRef: PACKAGE-MANAGER purl pkg:pypi/async-timeout@4.0.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:* ##### PackageName: typing-extensions SPDXID: SPDXRef-Package-6-typing-extensions +PackageVersion: 4.5.0 PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) -PackageVersion: 4.4.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/typing_extensions/4.5.0 FilesAnalyzed: false -##### Reported license PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.4.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.4.0:*:*:*:*:*:*:* +PackageSummary: Backported and Experimental Type Hints for Python 3.7+ +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.5.0:*:*:*:*:*:*:* ##### PackageName: asynctest SPDXID: SPDXRef-Package-7-asynctest -PackageSupplier: Person: Martin Richard (martius@martiusweb.net) PackageVersion: 0.13.0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Martin Richard (martius@martiusweb.net) +PackageDownloadLocation: https://pypi.org/project/asynctest/0.13.0 FilesAnalyzed: false -##### Reported license Apache 2 +PackageHomePage: https://github.com/Martiusweb/asynctest/ PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: Enhance the standard unittest package with features for testing asyncio libraries ExternalRef: PACKAGE-MANAGER purl pkg:pypi/asynctest@0.13.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:martin_richard:asynctest:0.13.0:*:*:*:*:*:*:* ##### PackageName: attrs SPDXID: SPDXRef-Package-8-attrs -PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) PackageVersion: 22.2.0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) +PackageDownloadLocation: https://pypi.org/project/attrs/22.2.0 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://www.attrs.org/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: Classes Without Boilerplate ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@22.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:22.2.0:*:*:*:*:*:*:* ##### PackageName: charset-normalizer SPDXID: SPDXRef-Package-9-charset-normalizer -PackageSupplier: Organization: Ahmed TAHRI Ousret (ahmed.tahri@cloudnursery.dev) -PackageVersion: 2.1.1 -PackageDownloadLocation: NOASSERTION +PackageVersion: 3.1.0 +PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) +PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.1.0 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/Ousret/charset_normalizer PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@2.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri_ousret:charset-normalizer:2.1.1:*:*:*:*:*:*:* +PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet. +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.1.0:*:*:*:*:*:*:* ##### PackageName: multidict SPDXID: SPDXRef-Package-10-multidict -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageVersion: 6.0.4 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/multidict/6.0.4 FilesAnalyzed: false -##### Reported license Apache 2 +PackageHomePage: https://github.com/aio-libs/multidict PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: multidict implementation ExternalRef: PACKAGE-MANAGER purl pkg:pypi/multidict@6.0.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:*:*:*:* ##### PackageName: yarl SPDXID: SPDXRef-Package-11-yarl -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageVersion: 1.8.2 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/yarl/1.8.2 FilesAnalyzed: false -##### Reported license Apache 2 +PackageHomePage: https://github.com/aio-libs/yarl/ PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: Yet another URL library ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.8.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.8.2:*:*:*:*:*:*:* ##### PackageName: idna SPDXID: SPDXRef-Package-12-idna -PackageSupplier: Person: Kim Davies (kim@cynosure.com.au) PackageVersion: 3.4 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Kim Davies (kim@cynosure.com.au) +PackageDownloadLocation: https://pypi.org/project/idna/3.4 FilesAnalyzed: false -##### Reported license PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION +PackageSummary: Internationalized Domain Names in Applications (IDNA) ExternalRef: PACKAGE-MANAGER purl pkg:pypi/idna@3.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.4:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 SPDXID: SPDXRef-Package-13-beautifulsoup4 +PackageVersion: 4.12.0 PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) -PackageVersion: 4.11.1 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.0 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.11.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.11.1:*:*:*:*:*:*:* +PackageSummary: Screen-scraping library +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.12.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.0:*:*:*:*:*:*:* ##### PackageName: soupsieve SPDXID: SPDXRef-Package-14-soupsieve +PackageVersion: 2.4 PackageSupplier: Person: Isaac Muse (use@gmail.com) -PackageVersion: 2.3.2.post1 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/soupsieve/2.4 FilesAnalyzed: false -##### Reported license PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.3.2.post1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.3.2.post1:*:*:*:*:*:*:* +PackageSummary: A modern CSS selector implementation for Beautiful Soup. +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.4:*:*:*:*:*:*:* ##### PackageName: cvss SPDXID: SPDXRef-Package-15-cvss -PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) PackageVersion: 2.6 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) +PackageDownloadLocation: https://pypi.org/project/cvss/2.6 FilesAnalyzed: false -##### Reported license LGPLv3+ -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/RedHatProductSecurity/cvss +PackageLicenseConcluded: LGPLv3+ +PackageLicenseDeclared: LGPLv3+ PackageCopyrightText: NOASSERTION +PackageSummary: CVSS2/3 library with interactive calculator for Python 2 and Python 3 ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@2.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:2.6:*:*:*:*:*:*:* ##### PackageName: defusedxml SPDXID: SPDXRef-Package-16-defusedxml -PackageSupplier: Person: Christian Heimes (christian@python.org) PackageVersion: 0.7.1 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Christian Heimes (christian@python.org) +PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1 FilesAnalyzed: false -##### Reported license PSFL -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/tiran/defusedxml +PackageLicenseConcluded: PSFL +PackageLicenseDeclared: PSFL PackageCopyrightText: NOASSERTION +PackageSummary: XML bomb protection for Python stdlib modules ExternalRef: PACKAGE-MANAGER purl pkg:pypi/defusedxml@0.7.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:* ##### PackageName: distro SPDXID: SPDXRef-Package-17-distro -PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) PackageVersion: 1.8.0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) +PackageDownloadLocation: https://pypi.org/project/distro/1.8.0 FilesAnalyzed: false -##### Reported license Apache License, Version 2.0 +PackageHomePage: https://github.com/python-distro/distro PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: Distro - an OS platform information API ExternalRef: PACKAGE-MANAGER purl pkg:pypi/distro@1.8.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:* ##### PackageName: gsutil SPDXID: SPDXRef-Package-18-gsutil +PackageVersion: 5.21 PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageVersion: 5.19 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/gsutil/5.21 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: https://cloud.google.com/storage/docs/gsutil PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.19 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.19:*:*:*:*:*:*:* +PackageSummary: A command line tool for interacting with cloud storage services. +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.21 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.21:*:*:*:*:*:*:* ##### PackageName: argcomplete SPDXID: SPDXRef-Package-19-argcomplete +PackageVersion: 3.0.5 PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageVersion: 2.0.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.0.5 FilesAnalyzed: false -##### Reported license Apache Software License +PackageHomePage: https://github.com/kislyuk/argcomplete PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@2.0.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:2.0.0:*:*:*:*:*:*:* +PackageSummary: Bash tab completion for argparse +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.0.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.5:*:*:*:*:*:*:* ##### PackageName: importlib-metadata SPDXID: SPDXRef-Package-20-importlib-metadata +PackageVersion: 5.2.0 PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com) -PackageVersion: 4.13.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/importlib-metadata/5.2.0 FilesAnalyzed: false -##### Reported license +PackageHomePage: https://github.com/python/importlib_metadata PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-metadata@4.13.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:4.13.0:*:*:*:*:*:*:* +PackageSummary: Read metadata from Python packages +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-metadata@5.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:5.2.0:*:*:*:*:*:*:* ##### PackageName: zipp SPDXID: SPDXRef-Package-21-zipp +PackageVersion: 3.15.0 PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com) -PackageVersion: 3.12.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/zipp/3.15.0 FilesAnalyzed: false -##### Reported license +PackageHomePage: https://github.com/jaraco/zipp PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.12.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.12.0:*:*:*:*:*:*:* +PackageSummary: Backport of pathlib-compatible object wrapper for zip files +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.15.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.15.0:*:*:*:*:*:*:* ##### PackageName: crcmod SPDXID: SPDXRef-Package-22-crcmod -PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) PackageVersion: 1.7 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) +PackageDownloadLocation: https://pypi.org/project/crcmod/1.7 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: http://crcmod.sourceforge.net/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: CRC Generator ExternalRef: PACKAGE-MANAGER purl pkg:pypi/crcmod@1.7 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners SPDXID: SPDXRef-Package-23-fasteners -PackageSupplier: Person: Joshua Harlow PackageVersion: 0.18 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Joshua Harlow +PackageDownloadLocation: https://pypi.org/project/fasteners/0.18 FilesAnalyzed: false -##### Reported license ASL 2.0 -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/harlowja/fasteners +PackageLicenseConcluded: ASL 2.0 +PackageLicenseDeclared: ASL 2.0 PackageCopyrightText: NOASSERTION +PackageSummary: A python package that provides useful locks ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.18 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin SPDXID: SPDXRef-Package-24-gcs-oauth2-boto-plugin -PackageSupplier: Person: Google Inc. (gs-team@google.com) PackageVersion: 3.0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Google Inc. (gs-team@google.com) +PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.0 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:* ##### PackageName: boto SPDXID: SPDXRef-Package-25-boto -PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) PackageVersion: 2.49.0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) +PackageDownloadLocation: https://pypi.org/project/boto/2.49.0 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/boto/boto/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: Amazon Web Services Library ExternalRef: PACKAGE-MANAGER purl pkg:pypi/boto@2.49.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* ##### PackageName: google-reauth SPDXID: SPDXRef-Package-26-google-reauth -PackageSupplier: Person: Google (googleapis-publisher@google.com) PackageVersion: 0.1.1 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Google (googleapis-publisher@google.com) +PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: https://github.com/Google/google-reauth-python PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: Google Reauth Library ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-reauth@0.1.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* ##### PackageName: pyu2f SPDXID: SPDXRef-Package-27-pyu2f -PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) PackageVersion: 0.1.5 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) +PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: https://github.com/google/pyu2f/ PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: U2F host library for interacting with a U2F device over USB. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyu2f@0.1.5 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: six SPDXID: SPDXRef-Package-28-six -PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) PackageVersion: 1.16.0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) +PackageDownloadLocation: https://pypi.org/project/six/1.16.0 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/benjaminp/six PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: Python 2 and 3 compatibility utilities ExternalRef: PACKAGE-MANAGER purl pkg:pypi/six@1.16.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:* ##### PackageName: httplib2 SPDXID: SPDXRef-Package-29-httplib2 -PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) PackageVersion: 0.20.4 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) +PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/httplib2/httplib2 PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: A comprehensive HTTP client library. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/httplib2@0.20.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:* ##### PackageName: pyparsing SPDXID: SPDXRef-Package-30-pyparsing -PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) PackageVersion: 3.0.9 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyparsing/3.0.9 FilesAnalyzed: false -##### Reported license PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION +PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.0.9 ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.0.9:*:*:*:*:*:*:* ##### PackageName: oauth2client SPDXID: SPDXRef-Package-31-oauth2client -PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) PackageVersion: 4.1.3 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) +PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: http://github.com/google/oauth2client/ PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: OAuth 2.0 client library ExternalRef: PACKAGE-MANAGER purl pkg:pypi/oauth2client@4.1.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* ##### PackageName: pyasn1 SPDXID: SPDXRef-Package-32-pyasn1 -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) PackageVersion: 0.4.8 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1/0.4.8 FilesAnalyzed: false -##### Reported license BSD -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/etingof/pyasn1 +PackageLicenseConcluded: BSD +PackageLicenseDeclared: BSD PackageCopyrightText: NOASSERTION +PackageSummary: ASN.1 types and codecs ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.4.8 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.4.8:*:*:*:*:*:*:* ##### PackageName: pyasn1-modules SPDXID: SPDXRef-Package-33-pyasn1-modules -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) PackageVersion: 0.2.8 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.2.8 FilesAnalyzed: false -##### Reported license BSD-2-Clause +PackageHomePage: https://github.com/etingof/pyasn1-modules PackageLicenseConcluded: BSD-2-Clause PackageLicenseDeclared: BSD-2-Clause PackageCopyrightText: NOASSERTION +PackageSummary: A collection of ASN.1-based protocols modules. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1-modules@0.2.8 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.2.8:*:*:*:*:*:*:* ##### PackageName: rsa SPDXID: SPDXRef-Package-34-rsa -PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) PackageVersion: 4.7.2 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) +PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 FilesAnalyzed: false -##### Reported license ASL 2 -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://stuvel.eu/rsa +PackageLicenseConcluded: ASL 2 +PackageLicenseDeclared: ASL 2 PackageCopyrightText: NOASSERTION +PackageSummary: Pure-Python RSA implementation ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rsa@4.7.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* ##### PackageName: pyopenssl SPDXID: SPDXRef-Package-35-pyopenssl +PackageVersion: 23.1.0 PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageVersion: 23.0.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.1.0 FilesAnalyzed: false -##### Reported license Apache License, Version 2.0 +PackageHomePage: https://pyopenssl.org/ PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.0.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.0.0:*:*:*:*:*:*:* +PackageSummary: Python wrapper module around the OpenSSL library +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.1.0:*:*:*:*:*:*:* ##### PackageName: cryptography SPDXID: SPDXRef-Package-36-cryptography +PackageVersion: 40.0.1 PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageVersion: 39.0.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/cryptography/40.0.1 FilesAnalyzed: false -##### Reported license (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/pyca/cryptography +PackageLicenseConcluded: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 +PackageLicenseDeclared: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@39.0.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.0:*:*:*:*:*:*:* +PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@40.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:40.0.1:*:*:*:*:*:*:* ##### PackageName: cffi SPDXID: SPDXRef-Package-37-cffi -PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) PackageVersion: 1.15.1 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) +PackageDownloadLocation: https://pypi.org/project/cffi/1.15.1 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: http://cffi.readthedocs.org PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: Foreign Function Interface for Python calling C code. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@1.15.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.15.1:*:*:*:*:*:*:* ##### PackageName: pycparser SPDXID: SPDXRef-Package-38-pycparser -PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) PackageVersion: 2.21 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pycparser/2.21 FilesAnalyzed: false -##### Reported license BSD -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/eliben/pycparser +PackageLicenseConcluded: BSD +PackageLicenseDeclared: BSD PackageCopyrightText: NOASSERTION +PackageSummary: C parser in Python ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pycparser@2.21 ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.21:*:*:*:*:*:*:* ##### PackageName: retry-decorator SPDXID: SPDXRef-Package-39-retry-decorator -PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) PackageVersion: 1.1.1 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) +PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/pnpnpn/retry-decorator PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: Retry Decorator ExternalRef: PACKAGE-MANAGER purl pkg:pypi/retry-decorator@1.1.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:* ##### PackageName: google-apitools SPDXID: SPDXRef-Package-40-google-apitools -PackageSupplier: Person: Craig Citro (craigcitro@google.com) PackageVersion: 0.5.32 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Craig Citro (craigcitro@google.com) +PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: http://github.com/google/apitools PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: client libraries for humans ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-apitools@0.5.32 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:* ##### PackageName: google-auth SPDXID: SPDXRef-Package-41-google-auth +PackageVersion: 2.16.3 PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageVersion: 2.16.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/google-auth/2.16.3 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: https://github.com/googleapis/google-auth-library-python PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.16.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.16.0:*:*:*:*:*:*:* +PackageSummary: Google Authentication Library +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.16.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.16.3:*:*:*:*:*:*:* ##### PackageName: cachetools SPDXID: SPDXRef-Package-42-cachetools -PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) PackageVersion: 5.3.0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) +PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.0 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/tkem/cachetools/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: Extensible memoizing collections and decorators ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.0:*:*:*:*:*:*:* ##### PackageName: monotonic SPDXID: SPDXRef-Package-43-monotonic -PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) PackageVersion: 1.6 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) +PackageDownloadLocation: https://pypi.org/project/monotonic/1.6 FilesAnalyzed: false -##### Reported license Apache -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/atdt/monotonic +PackageLicenseConcluded: Apache +PackageLicenseDeclared: Apache PackageCopyrightText: NOASSERTION +PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3 ExternalRef: PACKAGE-MANAGER purl pkg:pypi/monotonic@1.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: importlib-resources SPDXID: SPDXRef-Package-44-importlib-resources +PackageVersion: 5.12.0 PackageSupplier: Person: Barry Warsaw (barry@python.org) -PackageVersion: 5.10.2 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/importlib-resources/5.12.0 FilesAnalyzed: false -##### Reported license +PackageHomePage: https://github.com/python/importlib_resources PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-resources@5.10.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:5.10.2:*:*:*:*:*:*:* +PackageSummary: Read resources from Python packages +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-resources@5.12.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:5.12.0:*:*:*:*:*:*:* ##### PackageName: jinja2 SPDXID: SPDXRef-Package-45-jinja2 -PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com) PackageVersion: 3.1.2 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com) +PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.2 FilesAnalyzed: false -##### Reported license BSD-3-Clause +PackageHomePage: https://palletsprojects.com/p/jinja/ PackageLicenseConcluded: BSD-3-Clause PackageLicenseDeclared: BSD-3-Clause PackageCopyrightText: NOASSERTION +PackageSummary: A very fast and expressive template engine. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*:*:* ##### PackageName: markupsafe SPDXID: SPDXRef-Package-46-markupsafe -PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com) PackageVersion: 2.1.2 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com) +PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.2 FilesAnalyzed: false -##### Reported license BSD-3-Clause +PackageHomePage: https://palletsprojects.com/p/markupsafe/ PackageLicenseConcluded: BSD-3-Clause PackageLicenseDeclared: BSD-3-Clause PackageCopyrightText: NOASSERTION +PackageSummary: Safely add untrusted strings to HTML/XML markup. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:markupsafe:2.1.2:*:*:*:*:*:*:* ##### PackageName: jsonschema SPDXID: SPDXRef-Package-47-jsonschema -PackageSupplier: Person: Julian Berman PackageVersion: 4.17.3 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Julian Berman +PackageDownloadLocation: https://pypi.org/project/jsonschema/4.17.3 FilesAnalyzed: false -##### Reported license MIT PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: An implementation of JSON Schema validation for Python ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.17.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.17.3:*:*:*:*:*:*:* ##### PackageName: pkgutil-resolve-name SPDXID: SPDXRef-Package-48-pkgutil-resolve-name -PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) PackageVersion: 1.3.10 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) +PackageDownloadLocation: https://pypi.org/project/pkgutil_resolve_name/1.3.10 FilesAnalyzed: false -##### Reported license +PackageHomePage: https://github.com/graingert/pkgutil-resolve-name PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION +PackageSummary: Resolve a name to an object. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pkgutil-resolve-name@1.3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.10:*:*:*:*:*:*:* ##### PackageName: pyrsistent SPDXID: SPDXRef-Package-49-pyrsistent -PackageSupplier: Person: Tobias Gustafsson (tobias.l.gustafsson@gmail.com) PackageVersion: 0.19.3 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Tobias Gustafsson (tobias.l.gustafsson@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyrsistent/0.19.3 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/tobgu/pyrsistent/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: Persistent/Functional/Immutable data structures ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyrsistent@0.19.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:tobias_gustafsson:pyrsistent:0.19.3:*:*:*:*:*:*:* ##### PackageName: packaging SPDXID: SPDXRef-Package-50-packaging -PackageSupplier: Organization: Donald Stufft and individual contributors (donald@stufft.io) PackageVersion: 21.3 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Organization: Donald Stufft and individual contributors (donald@stufft.io) +PackageDownloadLocation: https://pypi.org/project/packaging/21.3 FilesAnalyzed: false -##### Reported license BSD-2-Clause or Apache-2.0 -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/pypa/packaging +PackageLicenseConcluded: BSD-2-Clause or Apache-2.0 +PackageLicenseDeclared: BSD-2-Clause or Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: Core utilities for Python packages ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packaging@21.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contributors:packaging:21.3:*:*:*:*:*:*:* ##### PackageName: plotly SPDXID: SPDXRef-Package-51-plotly +PackageVersion: 5.13.1 PackageSupplier: Person: Chris P (chris@plot.ly) -PackageVersion: 5.13.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/plotly/5.13.1 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://plotly.com/python/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.13.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.13.0:*:*:*:*:*:*:* +PackageSummary: An open-source, interactive data visualization library for Python +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.13.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.13.1:*:*:*:*:*:*:* ##### PackageName: tenacity SPDXID: SPDXRef-Package-52-tenacity +PackageVersion: 8.2.2 PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageVersion: 8.1.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.2 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: https://github.com/jd/tenacity PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.1.0:*:*:*:*:*:*:* +PackageSummary: Retry code until it succeeds +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:* ##### PackageName: pyyaml SPDXID: SPDXRef-Package-53-pyyaml -PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) PackageVersion: 6.0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) +PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://pyyaml.org/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: YAML parser and emitter for Python ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:* ##### PackageName: requests SPDXID: SPDXRef-Package-54-requests -PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) PackageVersion: 2.28.2 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) +PackageDownloadLocation: https://pypi.org/project/requests/2.28.2 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: https://requests.readthedocs.io PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: Python HTTP for Humans. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.28.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:* ##### PackageName: certifi SPDXID: SPDXRef-Package-55-certifi -PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) PackageVersion: 2022.12.7 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) +PackageDownloadLocation: https://pypi.org/project/certifi/2022.12.7 FilesAnalyzed: false -##### Reported license MPL-2.0 +PackageHomePage: https://github.com/certifi/python-certifi PackageLicenseConcluded: MPL-2.0 PackageLicenseDeclared: MPL-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: Python package for providing Mozilla's CA Bundle. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2022.12.7 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:*:*:*:* ##### PackageName: urllib3 SPDXID: SPDXRef-Package-56-urllib3 +PackageVersion: 1.26.15 PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) -PackageVersion: 1.26.14 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.15 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://urllib3.readthedocs.io/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.14 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.14:*:*:*:*:*:*:* +PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.15 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:* ##### PackageName: rich SPDXID: SPDXRef-Package-57-rich +PackageVersion: 13.3.2 PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageVersion: 13.3.1 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/rich/13.3.2 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/Textualize/rich PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.1:*:*:*:*:*:*:* +PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.2:*:*:*:*:*:*:* ##### PackageName: markdown-it-py SPDXID: SPDXRef-Package-58-markdown-it-py +PackageVersion: 2.2.0 PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) -PackageVersion: 2.1.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/markdown-it-py/2.2.0 FilesAnalyzed: false -##### Reported license PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markdown-it-py@2.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:2.1.0:*:*:*:*:*:*:* +PackageSummary: Python port of markdown-it. Markdown parsing, done right! +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markdown-it-py@2.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:2.2.0:*:*:*:*:*:*:* ##### PackageName: mdurl SPDXID: SPDXRef-Package-59-mdurl -PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) PackageVersion: 0.1.2 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) +PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2 FilesAnalyzed: false -##### Reported license PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION +PackageSummary: Markdown URL utilities ExternalRef: PACKAGE-MANAGER purl pkg:pypi/mdurl@0.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:* ##### PackageName: pygments SPDXID: SPDXRef-Package-60-pygments -PackageSupplier: Person: Georg Brandl (georg@python.org) PackageVersion: 2.14.0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Georg Brandl (georg@python.org) +PackageDownloadLocation: https://pypi.org/project/Pygments/2.14.0 FilesAnalyzed: false -##### Reported license BSD-2-Clause +PackageHomePage: https://pygments.org/ PackageLicenseConcluded: BSD-2-Clause PackageLicenseDeclared: BSD-2-Clause PackageCopyrightText: NOASSERTION +PackageSummary: Pygments is a syntax highlighting package written in Python. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.14.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.14.0:*:*:*:*:*:*:* ##### PackageName: rpmfile SPDXID: SPDXRef-Package-61-rpmfile +PackageVersion: 1.1.1 PackageSupplier: Person: Sean Ross (srossross@gmail.com) -PackageVersion: 1.0.8 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/rpmfile/1.1.1 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/srossross/rpmfile PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@1.0.8 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.0.8:*:*:*:*:*:*:* +PackageSummary: Read rpm archive files +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@1.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:* ##### PackageName: toml SPDXID: SPDXRef-Package-62-toml -PackageSupplier: Person: William Pearson (uiri@xqz.ca) PackageVersion: 0.10.2 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: William Pearson (uiri@xqz.ca) +PackageDownloadLocation: https://pypi.org/project/toml/0.10.2 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/uiri/toml PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: Python Library for Tom's Obvious, Minimal Language ExternalRef: PACKAGE-MANAGER purl pkg:pypi/toml@0.10.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:* ##### PackageName: xmlschema SPDXID: SPDXRef-Package-63-xmlschema +PackageVersion: 2.2.2 PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageVersion: 2.1.1 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/xmlschema/2.2.2 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/sissaschool/xmlschema PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.1.1:*:*:*:*:*:*:* +PackageSummary: An XML Schema validator and decoder +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.2.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.2:*:*:*:*:*:*:* ##### PackageName: elementpath SPDXID: SPDXRef-Package-64-elementpath +PackageVersion: 4.1.0 PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageVersion: 3.0.2 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.0 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/sissaschool/elementpath PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@3.0.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:3.0.2:*:*:*:*:*:*:* +PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.0:*:*:*:*:*:*:* ##### PackageName: zstandard SPDXID: SPDXRef-Package-65-zstandard +PackageVersion: 0.20.0 PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) -PackageVersion: 0.19.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/zstandard/0.20.0 FilesAnalyzed: false -##### Reported license BSD -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/indygreg/python-zstandard +PackageLicenseConcluded: BSD +PackageLicenseDeclared: BSD PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.19.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.19.0:*:*:*:*:*:*:* +PackageSummary: Zstandard bindings for Python +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.20.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.20.0:*:*:*:*:*:*:* +##### + Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-beautifulsoup4 Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-cvss