From 14713e25f253f95faf31f66b6c362c0aae3d97b1 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 5 Aug 2024 00:35:46 +0000 Subject: [PATCH] chore: update SBOM for Python 3.11 --- sbom/cve-bin-tool-py3.11.json | 532 ++++++++++++++++++++-------------- sbom/cve-bin-tool-py3.11.spdx | 420 ++++++++++++++------------- 2 files changed, 534 insertions(+), 418 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index 9675fa0c38..3e8b018e6e 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,15 +2,20 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:8f0dea29-eb99-43e5-9ff2-de0ff4515bd6", + "serialNumber": "urn:uuid:ce44f268-ce23-443b-95c9-c3bffd9fe217", "version": 1, "metadata": { - "timestamp": "2024-07-29T00:29:53Z", + "timestamp": "2024-08-05T00:35:43Z", + "lifecycles": [ + { + "phase": "build" + } + ], "tools": { "components": [ { "name": "sbom4python", - "version": "0.10.4", + "version": "0.11.0", "type": "application" } ] @@ -69,7 +74,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.9.5", + "version": "3.10.1", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -82,12 +87,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/aiohttp/3.9.5", + "url": "https://pypi.org/project/aiohttp/3.10.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.9.5", + "purl": "pkg:pypi/aiohttp@3.10.1", "properties": [ { "name": "language", @@ -101,7 +106,50 @@ }, { "type": "library", - "bom-ref": "3-aiosignal", + "bom-ref": "3-aiohappyeyeballs", + "name": "aiohappyeyeballs", + "version": "2.3.4", + "supplier": { + "name": "J. Nick Koston", + "contact": [ + { + "email": "nick@koston.org" + } + ] + }, + "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.4:*:*:*:*:*:*:*", + "description": "Happy Eyeballs for asyncio", + "licenses": [ + { + "license": { + "id": "PSF-2.0", + "url": "https://opensource.org/licenses/Python-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/aiohappyeyeballs/2.3.4", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/aiohappyeyeballs@2.3.4", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.11.9" + } + ] + }, + { + "type": "library", + "bom-ref": "4-aiosignal", "name": "aiosignal", "version": "1.3.1", "hashes": [ @@ -140,7 +188,7 @@ }, { "type": "library", - "bom-ref": "4-frozenlist", + "bom-ref": "5-frozenlist", "name": "frozenlist", "version": "1.4.1", "description": "A list-like structure which implements collections.abc.MutableSequence", @@ -174,9 +222,9 @@ }, { "type": "library", - "bom-ref": "5-attrs", + "bom-ref": "6-attrs", "name": "attrs", - "version": "23.2.0", + "version": "24.1.0", "supplier": { "name": "Hynek Schlawack", "contact": [ @@ -185,16 +233,16 @@ } ] }, - "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.1.0:*:*:*:*:*:*:*", "description": "Classes Without Boilerplate", "externalReferences": [ { - "url": "https://pypi.org/project/attrs/23.2.0", + "url": "https://pypi.org/project/attrs/24.1.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/attrs@23.2.0", + "purl": "pkg:pypi/attrs@24.1.0", "properties": [ { "name": "language", @@ -208,7 +256,7 @@ }, { "type": "library", - "bom-ref": "6-multidict", + "bom-ref": "7-multidict", "name": "multidict", "version": "6.0.5", "supplier": { @@ -257,7 +305,7 @@ }, { "type": "library", - "bom-ref": "7-yarl", + "bom-ref": "8-yarl", "name": "yarl", "version": "1.9.4", "supplier": { @@ -306,7 +354,7 @@ }, { "type": "library", - "bom-ref": "8-idna", + "bom-ref": "9-idna", "name": "idna", "version": "3.7", "supplier": { @@ -346,7 +394,7 @@ }, { "type": "library", - "bom-ref": "9-beautifulsoup4", + "bom-ref": "10-beautifulsoup4", "name": "beautifulsoup4", "version": "4.12.3", "supplier": { @@ -389,7 +437,7 @@ }, { "type": "library", - "bom-ref": "10-soupsieve", + "bom-ref": "11-soupsieve", "name": "soupsieve", "version": "2.5", "supplier": { @@ -429,7 +477,7 @@ }, { "type": "library", - "bom-ref": "11-cvss", + "bom-ref": "12-cvss", "name": "cvss", "version": "3.1", "supplier": { @@ -478,7 +526,7 @@ }, { "type": "library", - "bom-ref": "12-defusedxml", + "bom-ref": "13-defusedxml", "name": "defusedxml", "version": "0.7.1", "supplier": { @@ -527,7 +575,7 @@ }, { "type": "library", - "bom-ref": "13-distro", + "bom-ref": "14-distro", "name": "distro", "version": "1.9.0", "supplier": { @@ -570,7 +618,7 @@ }, { "type": "library", - "bom-ref": "14-filetype", + "bom-ref": "15-filetype", "name": "filetype", "version": "1.2.0", "supplier": { @@ -619,7 +667,7 @@ }, { "type": "library", - "bom-ref": "15-gsutil", + "bom-ref": "16-gsutil", "name": "gsutil", "version": "5.30", "supplier": { @@ -662,7 +710,7 @@ }, { "type": "library", - "bom-ref": "16-argcomplete", + "bom-ref": "17-argcomplete", "name": "argcomplete", "version": "3.4.0", "supplier": { @@ -705,7 +753,7 @@ }, { "type": "library", - "bom-ref": "17-crcmod", + "bom-ref": "18-crcmod", "name": "crcmod", "version": "1.7", "supplier": { @@ -748,7 +796,7 @@ }, { "type": "library", - "bom-ref": "18-fasteners", + "bom-ref": "19-fasteners", "name": "fasteners", "version": "0.19", "supplier": { @@ -792,7 +840,7 @@ }, { "type": "library", - "bom-ref": "19-gcs-oauth2-boto-plugin", + "bom-ref": "20-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.2", "supplier": { @@ -835,7 +883,7 @@ }, { "type": "library", - "bom-ref": "20-boto", + "bom-ref": "21-boto", "name": "boto", "version": "2.49.0", "supplier": { @@ -884,7 +932,7 @@ }, { "type": "library", - "bom-ref": "21-google-auth", + "bom-ref": "22-google-auth", "name": "google-auth", "version": "2.17.0", "supplier": { @@ -933,7 +981,7 @@ }, { "type": "library", - "bom-ref": "22-cachetools", + "bom-ref": "23-cachetools", "name": "cachetools", "version": "5.4.0", "supplier": { @@ -976,7 +1024,7 @@ }, { "type": "library", - "bom-ref": "23-pyasn1-modules", + "bom-ref": "24-pyasn1-modules", "name": "pyasn1-modules", "version": "0.4.0", "supplier": { @@ -1000,7 +1048,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "url": "https://pypi.org/project/pyasn1-modules/0.4.0", "type": "distribution", "comment": "Download location for component" } @@ -1019,7 +1067,7 @@ }, { "type": "library", - "bom-ref": "24-pyasn1", + "bom-ref": "25-pyasn1", "name": "pyasn1", "version": "0.6.0", "supplier": { @@ -1062,7 +1110,7 @@ }, { "type": "library", - "bom-ref": "25-rsa", + "bom-ref": "26-rsa", "name": "rsa", "version": "4.7.2", "supplier": { @@ -1111,7 +1159,7 @@ }, { "type": "library", - "bom-ref": "26-six", + "bom-ref": "27-six", "name": "six", "version": "1.16.0", "supplier": { @@ -1160,7 +1208,7 @@ }, { "type": "library", - "bom-ref": "27-google-auth-httplib2", + "bom-ref": "28-google-auth-httplib2", "name": "google-auth-httplib2", "version": "0.2.0", "supplier": { @@ -1208,7 +1256,7 @@ }, { "type": "library", - "bom-ref": "28-httplib2", + "bom-ref": "29-httplib2", "name": "httplib2", "version": "0.20.4", "supplier": { @@ -1257,7 +1305,7 @@ }, { "type": "library", - "bom-ref": "29-pyparsing", + "bom-ref": "30-pyparsing", "name": "pyparsing", "version": "3.1.2", "supplier": { @@ -1297,7 +1345,7 @@ }, { "type": "library", - "bom-ref": "30-google-reauth", + "bom-ref": "31-google-reauth", "name": "google-reauth", "version": "0.1.1", "supplier": { @@ -1346,7 +1394,7 @@ }, { "type": "library", - "bom-ref": "31-pyu2f", + "bom-ref": "32-pyu2f", "name": "pyu2f", "version": "0.1.5", "supplier": { @@ -1395,7 +1443,7 @@ }, { "type": "library", - "bom-ref": "32-oauth2client", + "bom-ref": "33-oauth2client", "name": "oauth2client", "version": "4.1.3", "supplier": { @@ -1444,7 +1492,7 @@ }, { "type": "library", - "bom-ref": "33-pyopenssl", + "bom-ref": "34-pyopenssl", "name": "pyopenssl", "version": "24.2.1", "supplier": { @@ -1468,7 +1516,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyOpenSSL/24.2.1", + "url": "https://pypi.org/project/pyopenssl/24.2.1", "type": "distribution", "comment": "Download location for component" } @@ -1487,7 +1535,7 @@ }, { "type": "library", - "bom-ref": "34-cryptography", + "bom-ref": "35-cryptography", "name": "cryptography", "version": "43.0.0", "supplier": { @@ -1526,7 +1574,7 @@ }, { "type": "library", - "bom-ref": "35-cffi", + "bom-ref": "36-cffi", "name": "cffi", "version": "1.16.0", "supplier": { @@ -1575,7 +1623,7 @@ }, { "type": "library", - "bom-ref": "36-pycparser", + "bom-ref": "37-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -1624,7 +1672,7 @@ }, { "type": "library", - "bom-ref": "37-retry-decorator", + "bom-ref": "38-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -1654,7 +1702,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/retry_decorator/1.1.1", + "url": "https://pypi.org/project/retry-decorator/1.1.1", "type": "distribution", "comment": "Download location for component" } @@ -1673,7 +1721,7 @@ }, { "type": "library", - "bom-ref": "38-google-apitools", + "bom-ref": "39-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -1722,7 +1770,7 @@ }, { "type": "library", - "bom-ref": "39-monotonic", + "bom-ref": "40-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1771,13 +1819,13 @@ }, { "type": "library", - "bom-ref": "40-jinja2", + "bom-ref": "41-jinja2", "name": "jinja2", "version": "3.1.4", "description": "A very fast and expressive template engine.", "externalReferences": [ { - "url": "https://pypi.org/project/Jinja2/3.1.4", + "url": "https://pypi.org/project/jinja2/3.1.4", "type": "distribution", "comment": "Download location for component" } @@ -1796,7 +1844,7 @@ }, { "type": "library", - "bom-ref": "41-markupsafe", + "bom-ref": "42-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", @@ -1817,7 +1865,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/MarkupSafe/2.1.5", + "url": "https://pypi.org/project/markupsafe/2.1.5", "type": "distribution", "comment": "Download location for component" } @@ -1836,7 +1884,7 @@ }, { "type": "library", - "bom-ref": "42-jsonschema", + "bom-ref": "43-jsonschema", "name": "jsonschema", "version": "4.23.0", "supplier": { @@ -1874,7 +1922,7 @@ }, { "type": "library", - "bom-ref": "43-jsonschema-specifications", + "bom-ref": "44-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2023.12.1", "supplier": { @@ -1918,7 +1966,7 @@ }, { "type": "library", - "bom-ref": "44-referencing", + "bom-ref": "45-referencing", "name": "referencing", "version": "0.35.1", "supplier": { @@ -1947,7 +1995,7 @@ }, { "type": "library", - "bom-ref": "45-rpds-py", + "bom-ref": "46-rpds-py", "name": "rpds-py", "version": "0.19.1", "supplier": { @@ -1985,7 +2033,7 @@ }, { "type": "library", - "bom-ref": "46-lib4sbom", + "bom-ref": "47-lib4sbom", "name": "lib4sbom", "version": "0.7.2", "supplier": { @@ -2028,7 +2076,7 @@ }, { "type": "library", - "bom-ref": "47-pyyaml", + "bom-ref": "48-pyyaml", "name": "pyyaml", "version": "6.0.1", "supplier": { @@ -2058,7 +2106,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/PyYAML/6.0.1", + "url": "https://pypi.org/project/pyyaml/6.0.1", "type": "distribution", "comment": "Download location for component" } @@ -2077,7 +2125,7 @@ }, { "type": "library", - "bom-ref": "48-semantic-version", + "bom-ref": "49-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2126,7 +2174,7 @@ }, { "type": "library", - "bom-ref": "49-lib4vex", + "bom-ref": "50-lib4vex", "name": "lib4vex", "version": "0.1.0", "supplier": { @@ -2175,7 +2223,7 @@ }, { "type": "library", - "bom-ref": "50-csaf-tool", + "bom-ref": "51-csaf-tool", "name": "csaf-tool", "version": "0.3.2", "supplier": { @@ -2224,7 +2272,7 @@ }, { "type": "library", - "bom-ref": "51-packageurl-python", + "bom-ref": "52-packageurl-python", "name": "packageurl-python", "version": "0.15.6", "supplier": { @@ -2262,7 +2310,7 @@ }, { "type": "library", - "bom-ref": "52-rich", + "bom-ref": "53-rich", "name": "rich", "version": "13.7.1", "supplier": { @@ -2305,7 +2353,7 @@ }, { "type": "library", - "bom-ref": "53-markdown-it-py", + "bom-ref": "54-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2345,7 +2393,7 @@ }, { "type": "library", - "bom-ref": "54-mdurl", + "bom-ref": "55-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2385,7 +2433,7 @@ }, { "type": "library", - "bom-ref": "55-pygments", + "bom-ref": "56-pygments", "name": "pygments", "version": "2.18.0", "supplier": { @@ -2415,7 +2463,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.18.0", + "url": "https://pypi.org/project/pygments/2.18.0", "type": "distribution", "comment": "Download location for component" } @@ -2434,7 +2482,7 @@ }, { "type": "library", - "bom-ref": "56-packaging", + "bom-ref": "57-packaging", "name": "packaging", "version": "24.1", "supplier": { @@ -2468,7 +2516,7 @@ }, { "type": "library", - "bom-ref": "57-plotly", + "bom-ref": "58-plotly", "name": "plotly", "version": "5.23.0", "supplier": { @@ -2511,9 +2559,9 @@ }, { "type": "library", - "bom-ref": "58-tenacity", + "bom-ref": "59-tenacity", "name": "tenacity", - "version": "8.5.0", + "version": "9.0.0", "supplier": { "name": "Julien Danjou", "contact": [ @@ -2522,7 +2570,7 @@ } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*", "description": "Retry code until it succeeds", "licenses": [ { @@ -2535,12 +2583,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/tenacity/8.5.0", + "url": "https://pypi.org/project/tenacity/9.0.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/tenacity@8.5.0", + "purl": "pkg:pypi/tenacity@9.0.0", "properties": [ { "name": "language", @@ -2554,7 +2602,7 @@ }, { "type": "library", - "bom-ref": "59-python-gnupg", + "bom-ref": "60-python-gnupg", "name": "python-gnupg", "version": "0.5.2", "supplier": { @@ -2603,7 +2651,7 @@ }, { "type": "library", - "bom-ref": "60-requests", + "bom-ref": "61-requests", "name": "requests", "version": "2.32.3", "supplier": { @@ -2652,7 +2700,7 @@ }, { "type": "library", - "bom-ref": "61-certifi", + "bom-ref": "62-certifi", "name": "certifi", "version": "2024.7.4", "supplier": { @@ -2695,7 +2743,7 @@ }, { "type": "library", - "bom-ref": "62-charset-normalizer", + "bom-ref": "63-charset-normalizer", "name": "charset-normalizer", "version": "3.3.2", "supplier": { @@ -2744,7 +2792,7 @@ }, { "type": "library", - "bom-ref": "63-urllib3", + "bom-ref": "64-urllib3", "name": "urllib3", "version": "2.2.2", "supplier": { @@ -2778,7 +2826,7 @@ }, { "type": "library", - "bom-ref": "64-rpmfile", + "bom-ref": "65-rpmfile", "name": "rpmfile", "version": "2.1.0", "supplier": { @@ -2827,9 +2875,43 @@ }, { "type": "library", - "bom-ref": "65-xmlschema", + "bom-ref": "66-setuptools", + "name": "setuptools", + "version": "72.1.0", + "supplier": { + "name": "Python Packaging Authority", + "contact": [ + { + "email": "distutils-sig@python.org" + } + ] + }, + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:*", + "description": "Easily download, build, install, upgrade, and uninstall Python packages", + "externalReferences": [ + { + "url": "https://pypi.org/project/setuptools/72.1.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/setuptools@72.1.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.11.9" + } + ] + }, + { + "type": "library", + "bom-ref": "67-xmlschema", "name": "xmlschema", - "version": "3.3.1", + "version": "3.3.2", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2838,7 +2920,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.2:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -2851,12 +2933,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/xmlschema/3.3.1", + "url": "https://pypi.org/project/xmlschema/3.3.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.3.1", + "purl": "pkg:pypi/xmlschema@3.3.2", "properties": [ { "name": "language", @@ -2870,7 +2952,7 @@ }, { "type": "library", - "bom-ref": "66-elementpath", + "bom-ref": "68-elementpath", "name": "elementpath", "version": "4.4.0", "supplier": { @@ -2919,7 +3001,7 @@ }, { "type": "library", - "bom-ref": "67-zstandard", + "bom-ref": "69-zstandard", "name": "zstandard", "version": "0.23.0", "supplier": { @@ -2972,258 +3054,260 @@ "ref": "1-cve-bin-tool", "dependsOn": [ "2-aiohttp", - "9-beautifulsoup4", - "11-cvss", - "12-defusedxml", - "13-distro", - "14-filetype", - "15-gsutil", - "40-jinja2", - "42-jsonschema", - "46-lib4sbom", - "49-lib4vex", - "51-packageurl-python", - "56-packaging", - "57-plotly", - "59-python-gnupg", - "47-pyyaml", - "60-requests", - "52-rich", - "64-rpmfile", - "63-urllib3", - "65-xmlschema", - "67-zstandard" + "10-beautifulsoup4", + "12-cvss", + "13-defusedxml", + "14-distro", + "15-filetype", + "16-gsutil", + "41-jinja2", + "43-jsonschema", + "47-lib4sbom", + "50-lib4vex", + "52-packageurl-python", + "57-packaging", + "58-plotly", + "60-python-gnupg", + "48-pyyaml", + "61-requests", + "53-rich", + "65-rpmfile", + "66-setuptools", + "64-urllib3", + "67-xmlschema", + "69-zstandard" ] }, { "ref": "2-aiohttp", "dependsOn": [ - "3-aiosignal", - "5-attrs", - "4-frozenlist", - "6-multidict", - "7-yarl" + "3-aiohappyeyeballs", + "4-aiosignal", + "6-attrs", + "5-frozenlist", + "7-multidict", + "8-yarl" ] }, { - "ref": "3-aiosignal", + "ref": "4-aiosignal", "dependsOn": [ - "4-frozenlist" + "5-frozenlist" ] }, { - "ref": "7-yarl", + "ref": "8-yarl", "dependsOn": [ - "8-idna", - "6-multidict" + "9-idna", + "7-multidict" ] }, { - "ref": "9-beautifulsoup4", + "ref": "10-beautifulsoup4", "dependsOn": [ - "10-soupsieve" + "11-soupsieve" ] }, { - "ref": "15-gsutil", + "ref": "16-gsutil", "dependsOn": [ - "16-argcomplete", - "17-crcmod", - "18-fasteners", - "19-gcs-oauth2-boto-plugin", - "38-google-apitools", - "21-google-auth", - "27-google-auth-httplib2", - "30-google-reauth", - "28-httplib2", - "39-monotonic", - "33-pyopenssl", - "37-retry-decorator", - "26-six" - ] - }, - { - "ref": "19-gcs-oauth2-boto-plugin", + "17-argcomplete", + "18-crcmod", + "19-fasteners", + "20-gcs-oauth2-boto-plugin", + "39-google-apitools", + "22-google-auth", + "28-google-auth-httplib2", + "31-google-reauth", + "29-httplib2", + "40-monotonic", + "34-pyopenssl", + "38-retry-decorator", + "27-six" + ] + }, + { + "ref": "20-gcs-oauth2-boto-plugin", "dependsOn": [ - "20-boto", - "21-google-auth", - "27-google-auth-httplib2", - "30-google-reauth", - "28-httplib2", - "32-oauth2client", - "33-pyopenssl", - "37-retry-decorator", - "25-rsa", - "26-six" + "21-boto", + "22-google-auth", + "28-google-auth-httplib2", + "31-google-reauth", + "29-httplib2", + "33-oauth2client", + "34-pyopenssl", + "38-retry-decorator", + "26-rsa", + "27-six" ] }, { - "ref": "21-google-auth", + "ref": "22-google-auth", "dependsOn": [ - "22-cachetools", - "23-pyasn1-modules", - "25-rsa", - "26-six" + "23-cachetools", + "24-pyasn1-modules", + "26-rsa", + "27-six" ] }, { - "ref": "23-pyasn1-modules", + "ref": "24-pyasn1-modules", "dependsOn": [ - "24-pyasn1" + "25-pyasn1" ] }, { - "ref": "25-rsa", + "ref": "26-rsa", "dependsOn": [ - "24-pyasn1" + "25-pyasn1" ] }, { - "ref": "27-google-auth-httplib2", + "ref": "28-google-auth-httplib2", "dependsOn": [ - "21-google-auth", - "28-httplib2" + "22-google-auth", + "29-httplib2" ] }, { - "ref": "28-httplib2", + "ref": "29-httplib2", "dependsOn": [ - "29-pyparsing" + "30-pyparsing" ] }, { - "ref": "30-google-reauth", + "ref": "31-google-reauth", "dependsOn": [ - "31-pyu2f" + "32-pyu2f" ] }, { - "ref": "31-pyu2f", + "ref": "32-pyu2f", "dependsOn": [ - "26-six" + "27-six" ] }, { - "ref": "32-oauth2client", + "ref": "33-oauth2client", "dependsOn": [ - "28-httplib2", - "24-pyasn1", - "23-pyasn1-modules", - "25-rsa", - "26-six" + "29-httplib2", + "25-pyasn1", + "24-pyasn1-modules", + "26-rsa", + "27-six" ] }, { - "ref": "33-pyopenssl", + "ref": "34-pyopenssl", "dependsOn": [ - "34-cryptography" + "35-cryptography" ] }, { - "ref": "34-cryptography", + "ref": "35-cryptography", "dependsOn": [ - "35-cffi" + "36-cffi" ] }, { - "ref": "35-cffi", + "ref": "36-cffi", "dependsOn": [ - "36-pycparser" + "37-pycparser" ] }, { - "ref": "38-google-apitools", + "ref": "39-google-apitools", "dependsOn": [ - "18-fasteners", - "28-httplib2", - "32-oauth2client", - "26-six" + "19-fasteners", + "29-httplib2", + "33-oauth2client", + "27-six" ] }, { - "ref": "40-jinja2", + "ref": "41-jinja2", "dependsOn": [ - "41-markupsafe" + "42-markupsafe" ] }, { - "ref": "42-jsonschema", + "ref": "43-jsonschema", "dependsOn": [ - "5-attrs", - "43-jsonschema-specifications", - "44-referencing", - "45-rpds-py" + "6-attrs", + "44-jsonschema-specifications", + "45-referencing", + "46-rpds-py" ] }, { - "ref": "43-jsonschema-specifications", + "ref": "44-jsonschema-specifications", "dependsOn": [ - "44-referencing" + "45-referencing" ] }, { - "ref": "44-referencing", + "ref": "45-referencing", "dependsOn": [ - "5-attrs", - "45-rpds-py" + "6-attrs", + "46-rpds-py" ] }, { - "ref": "46-lib4sbom", + "ref": "47-lib4sbom", "dependsOn": [ - "12-defusedxml", - "47-pyyaml", - "48-semantic-version" + "13-defusedxml", + "48-pyyaml", + "49-semantic-version" ] }, { - "ref": "49-lib4vex", + "ref": "50-lib4vex", "dependsOn": [ - "50-csaf-tool", - "46-lib4sbom", - "51-packageurl-python" + "51-csaf-tool", + "47-lib4sbom", + "52-packageurl-python" ] }, { - "ref": "50-csaf-tool", + "ref": "51-csaf-tool", "dependsOn": [ - "51-packageurl-python", - "52-rich" + "52-packageurl-python", + "53-rich" ] }, { - "ref": "52-rich", + "ref": "53-rich", "dependsOn": [ - "53-markdown-it-py", - "55-pygments" + "54-markdown-it-py", + "56-pygments" ] }, { - "ref": "53-markdown-it-py", + "ref": "54-markdown-it-py", "dependsOn": [ - "54-mdurl" + "55-mdurl" ] }, { - "ref": "57-plotly", + "ref": "58-plotly", "dependsOn": [ - "56-packaging", - "58-tenacity" + "57-packaging", + "59-tenacity" ] }, { - "ref": "60-requests", + "ref": "61-requests", "dependsOn": [ - "61-certifi", - "62-charset-normalizer", - "8-idna", - "63-urllib3" + "62-certifi", + "63-charset-normalizer", + "9-idna", + "64-urllib3" ] }, { - "ref": "65-xmlschema", + "ref": "67-xmlschema", "dependsOn": [ - "66-elementpath" + "68-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index 002625b688..c1bf230717 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-6b27a946-5082-45b5-85ac-67a98438db13 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-1def56df-3f82-414b-9f3a-e2bb56f8db7d LicenseListVersion: 3.22 -Creator: Tool: sbom4python-0.10.4 -Created: 2024-07-29T00:29:03Z +Creator: Tool: sbom4python-0.11.0 +Created: 2024-08-05T00:34:25Z CreatorComment: This document has been automatically generated. ##### @@ -26,21 +26,36 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*: PackageName: aiohttp SPDXID: SPDXRef-Package-2-aiohttp -PackageVersion: 3.9.5 +PackageVersion: 3.10.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.5 +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.5 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.1 +##### + +PackageName: aiohappyeyeballs +SPDXID: SPDXRef-Package-3-aiohappyeyeballs +PackageVersion: 2.3.4 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: J. Nick Koston (nick@koston.org) +PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.3.4 +FilesAnalyzed: false +PackageLicenseDeclared: PSF-2.0 +PackageLicenseConcluded: PSF-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Happy Eyeballs for asyncio +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.3.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.4:*:*:*:*:*:*:* ##### PackageName: aiosignal -SPDXID: SPDXRef-Package-3-aiosignal +SPDXID: SPDXRef-Package-4-aiosignal PackageVersion: 1.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -55,7 +70,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 ##### PackageName: frozenlist -SPDXID: SPDXRef-Package-4-frozenlist +SPDXID: SPDXRef-Package-5-frozenlist PackageVersion: 1.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -70,22 +85,22 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1 ##### PackageName: attrs -SPDXID: SPDXRef-Package-5-attrs -PackageVersion: 23.2.0 +SPDXID: SPDXRef-Package-6-attrs +PackageVersion: 24.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) -PackageDownloadLocation: https://pypi.org/project/attrs/23.2.0 +PackageDownloadLocation: https://pypi.org/project/attrs/24.1.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Classes Without Boilerplate -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@23.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.1.0:*:*:*:*:*:*:* ##### PackageName: multidict -SPDXID: SPDXRef-Package-6-multidict +SPDXID: SPDXRef-Package-7-multidict PackageVersion: 6.0.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -102,7 +117,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:* ##### PackageName: yarl -SPDXID: SPDXRef-Package-7-yarl +SPDXID: SPDXRef-Package-8-yarl PackageVersion: 1.9.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -118,7 +133,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*: ##### PackageName: idna -SPDXID: SPDXRef-Package-8-idna +SPDXID: SPDXRef-Package-9-idna PackageVersion: 3.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) @@ -134,7 +149,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 -SPDXID: SPDXRef-Package-9-beautifulsoup4 +SPDXID: SPDXRef-Package-10-beautifulsoup4 PackageVersion: 4.12.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) @@ -150,7 +165,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12 ##### PackageName: soupsieve -SPDXID: SPDXRef-Package-10-soupsieve +SPDXID: SPDXRef-Package-11-soupsieve PackageVersion: 2.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (use@gmail.com) @@ -166,7 +181,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-Package-11-cvss +SPDXID: SPDXRef-Package-12-cvss PackageVersion: 3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) @@ -183,7 +198,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvs ##### PackageName: defusedxml -SPDXID: SPDXRef-Package-12-defusedxml +SPDXID: SPDXRef-Package-13-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) @@ -200,7 +215,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*: ##### PackageName: distro -SPDXID: SPDXRef-Package-13-distro +SPDXID: SPDXRef-Package-14-distro PackageVersion: 1.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) @@ -216,7 +231,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* ##### PackageName: filetype -SPDXID: SPDXRef-Package-14-filetype +SPDXID: SPDXRef-Package-15-filetype PackageVersion: 1.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me) @@ -232,7 +247,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: ##### PackageName: gsutil -SPDXID: SPDXRef-Package-15-gsutil +SPDXID: SPDXRef-Package-16-gsutil PackageVersion: 5.30 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) @@ -248,7 +263,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.30:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-Package-16-argcomplete +SPDXID: SPDXRef-Package-17-argcomplete PackageVersion: 3.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) @@ -264,7 +279,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.4.0:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-Package-17-crcmod +SPDXID: SPDXRef-Package-18-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) @@ -279,7 +294,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-Package-18-fasteners +SPDXID: SPDXRef-Package-19-fasteners PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow @@ -295,7 +310,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-Package-19-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-Package-20-gcs-oauth2-boto-plugin PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) @@ -311,7 +326,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2 ##### PackageName: boto -SPDXID: SPDXRef-Package-20-boto +SPDXID: SPDXRef-Package-21-boto PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) @@ -327,7 +342,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*: ##### PackageName: google-auth -SPDXID: SPDXRef-Package-21-google-auth +SPDXID: SPDXRef-Package-22-google-auth PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -344,7 +359,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17 ##### PackageName: cachetools -SPDXID: SPDXRef-Package-22-cachetools +SPDXID: SPDXRef-Package-23-cachetools PackageVersion: 5.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) @@ -359,15 +374,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.4.0:*:*:*:* ##### PackageName: pyasn1-modules -SPDXID: SPDXRef-Package-23-pyasn1-modules +SPDXID: SPDXRef-Package-24-pyasn1-modules PackageVersion: 0.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 +PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A collection of ASN.1-based protocols modules ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 @@ -375,7 +390,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*: ##### PackageName: pyasn1 -SPDXID: SPDXRef-Package-24-pyasn1 +SPDXID: SPDXRef-Package-25-pyasn1 PackageVersion: 0.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) @@ -390,7 +405,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*: ##### PackageName: rsa -SPDXID: SPDXRef-Package-25-rsa +SPDXID: SPDXRef-Package-26-rsa PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) @@ -407,7 +422,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-Package-26-six +SPDXID: SPDXRef-Package-27-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -423,7 +438,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:* ##### PackageName: google-auth-httplib2 -SPDXID: SPDXRef-Package-27-google-auth-httplib2 +SPDXID: SPDXRef-Package-28-google-auth-httplib2 PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -439,7 +454,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-http ##### PackageName: httplib2 -SPDXID: SPDXRef-Package-28-httplib2 +SPDXID: SPDXRef-Package-29-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -455,7 +470,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-Package-29-pyparsing +SPDXID: SPDXRef-Package-30-pyparsing PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) @@ -471,7 +486,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:* ##### PackageName: google-reauth -SPDXID: SPDXRef-Package-30-google-reauth +SPDXID: SPDXRef-Package-31-google-reauth PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google (googleapis-publisher@google.com) @@ -488,7 +503,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:* ##### PackageName: pyu2f -SPDXID: SPDXRef-Package-31-pyu2f +SPDXID: SPDXRef-Package-32-pyu2f PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) @@ -505,7 +520,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: oauth2client -SPDXID: SPDXRef-Package-32-oauth2client +SPDXID: SPDXRef-Package-33-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) @@ -522,15 +537,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-Package-33-pyopenssl +SPDXID: SPDXRef-Package-34-pyopenssl PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/24.2.1 +PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 @@ -538,7 +553,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. ##### PackageName: cryptography -SPDXID: SPDXRef-Package-34-cryptography +SPDXID: SPDXRef-Package-35-cryptography PackageVersion: 43.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) @@ -553,7 +568,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python ##### PackageName: cffi -SPDXID: SPDXRef-Package-35-cffi +SPDXID: SPDXRef-Package-36-cffi PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) @@ -569,7 +584,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:* ##### PackageName: pycparser -SPDXID: SPDXRef-Package-36-pycparser +SPDXID: SPDXRef-Package-37-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) @@ -585,11 +600,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-Package-37-retry-decorator +SPDXID: SPDXRef-Package-38-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) -PackageDownloadLocation: https://pypi.org/project/retry_decorator/1.1.1 +PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1 FilesAnalyzed: false PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349 PackageLicenseDeclared: MIT @@ -601,7 +616,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-Package-38-google-apitools +SPDXID: SPDXRef-Package-39-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -618,7 +633,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-Package-39-monotonic +SPDXID: SPDXRef-Package-40-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -635,11 +650,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-40-jinja2 +SPDXID: SPDXRef-Package-41-jinja2 PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.4 +PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -649,11 +664,11 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-41-markupsafe +SPDXID: SPDXRef-Package-42-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.5 +PackageDownloadLocation: https://pypi.org/project/markupsafe/2.1.5 FilesAnalyzed: false PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65 PackageLicenseDeclared: BSD-3-Clause @@ -664,7 +679,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-42-jsonschema +SPDXID: SPDXRef-Package-43-jsonschema PackageVersion: 4.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -679,7 +694,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*: ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-Package-43-jsonschema-specifications +SPDXID: SPDXRef-Package-44-jsonschema-specifications PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -695,7 +710,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification ##### PackageName: referencing -SPDXID: SPDXRef-Package-44-referencing +SPDXID: SPDXRef-Package-45-referencing PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -710,7 +725,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-Package-45-rpds-py +SPDXID: SPDXRef-Package-46-rpds-py PackageVersion: 0.19.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -725,7 +740,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.19.1:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-46-lib4sbom +SPDXID: SPDXRef-Package-47-lib4sbom PackageVersion: 0.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -740,11 +755,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.2:*:*:*: ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-47-pyyaml +SPDXID: SPDXRef-Package-48-pyyaml PackageVersion: 6.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) -PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0.1 +PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.1 FilesAnalyzed: false PackageChecksum: SHA1: c42fa3bff1eabdb64763bb1526d9ea1ccb708479 PackageLicenseDeclared: MIT @@ -756,7 +771,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-48-semantic-version +SPDXID: SPDXRef-Package-49-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -773,7 +788,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: lib4vex -SPDXID: SPDXRef-Package-49-lib4vex +SPDXID: SPDXRef-Package-50-lib4vex PackageVersion: 0.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -789,7 +804,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.1.0:*:*:*:* ##### PackageName: csaf-tool -SPDXID: SPDXRef-Package-50-csaf-tool +SPDXID: SPDXRef-Package-51-csaf-tool PackageVersion: 0.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -805,7 +820,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:* ##### PackageName: packageurl-python -SPDXID: SPDXRef-Package-51-packageurl-python +SPDXID: SPDXRef-Package-52-packageurl-python PackageVersion: 0.15.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -820,7 +835,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: rich -SPDXID: SPDXRef-Package-52-rich +SPDXID: SPDXRef-Package-53-rich PackageVersion: 13.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -835,7 +850,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-53-markdown-it-py +SPDXID: SPDXRef-Package-54-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -851,7 +866,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-54-mdurl +SPDXID: SPDXRef-Package-55-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -867,11 +882,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-55-pygments +SPDXID: SPDXRef-Package-56-pygments PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0 +PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0 FilesAnalyzed: false PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb PackageLicenseDeclared: BSD-2-Clause @@ -883,7 +898,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* ##### PackageName: packaging -SPDXID: SPDXRef-Package-56-packaging +SPDXID: SPDXRef-Package-57-packaging PackageVersion: 24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -898,7 +913,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-Package-57-plotly +SPDXID: SPDXRef-Package-58-plotly PackageVersion: 5.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) @@ -913,23 +928,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.23.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-58-tenacity -PackageVersion: 8.5.0 +SPDXID: SPDXRef-Package-59-tenacity +PackageVersion: 9.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageDownloadLocation: https://pypi.org/project/tenacity/8.5.0 +PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-59-python-gnupg +SPDXID: SPDXRef-Package-60-python-gnupg PackageVersion: 0.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -946,7 +961,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-60-requests +SPDXID: SPDXRef-Package-61-requests PackageVersion: 2.32.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -962,7 +977,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-61-certifi +SPDXID: SPDXRef-Package-62-certifi PackageVersion: 2024.7.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -977,7 +992,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.7.4:*:*:*:* ##### PackageName: charset-normalizer -SPDXID: SPDXRef-Package-62-charset-normalizer +SPDXID: SPDXRef-Package-63-charset-normalizer PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) @@ -993,7 +1008,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:* ##### PackageName: urllib3 -SPDXID: SPDXRef-Package-63-urllib3 +SPDXID: SPDXRef-Package-64-urllib3 PackageVersion: 2.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) @@ -1008,7 +1023,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.2:*:*:*:*:*: ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-64-rpmfile +SPDXID: SPDXRef-Package-65-rpmfile PackageVersion: 2.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -1023,23 +1038,38 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* ##### +PackageName: setuptools +SPDXID: SPDXRef-Package-66-setuptools +PackageVersion: 72.1.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) +PackageDownloadLocation: https://pypi.org/project/setuptools/72.1.0 +FilesAnalyzed: false +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@72.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:* +##### + PackageName: xmlschema -SPDXID: SPDXRef-Package-65-xmlschema -PackageVersion: 3.3.1 +SPDXID: SPDXRef-Package-67-xmlschema +PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.1 +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.2 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.2:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-66-elementpath +SPDXID: SPDXRef-Package-68-elementpath PackageVersion: 4.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1055,7 +1085,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-67-zstandard +SPDXID: SPDXRef-Package-69-zstandard PackageVersion: 0.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1071,106 +1101,108 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:* ##### Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-11-cvss -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-12-defusedxml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-distro -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-filetype -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-gsutil +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-10-beautifulsoup4 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-12-cvss +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-defusedxml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-distro +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-filetype +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-40-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-lib4vex -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-packageurl-python -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-zstandard -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-9-beautifulsoup4 -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-16-argcomplete -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-17-crcmod -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-18-fasteners -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-19-gcs-oauth2-boto-plugin -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-21-google-auth -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-27-google-auth-httplib2 -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-28-httplib2 -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-30-google-reauth -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-33-pyopenssl -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-37-retry-decorator -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-38-google-apitools -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-39-monotonic -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-20-boto -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-google-auth -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-25-rsa -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-google-auth-httplib2 -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-httplib2 -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-google-reauth -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-32-oauth2client -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-pyopenssl -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-37-retry-decorator -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-attrs -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-multidict -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-yarl -Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-22-cachetools -Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-23-pyasn1-modules -Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-25-rsa -Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-23-pyasn1-modules DEPENDS_ON SPDXRef-Package-24-pyasn1 -Relationship: SPDXRef-Package-25-rsa DEPENDS_ON SPDXRef-Package-24-pyasn1 -Relationship: SPDXRef-Package-27-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-21-google-auth -Relationship: SPDXRef-Package-27-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-28-httplib2 -Relationship: SPDXRef-Package-28-httplib2 DEPENDS_ON SPDXRef-Package-29-pyparsing -Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-30-google-reauth DEPENDS_ON SPDXRef-Package-31-pyu2f -Relationship: SPDXRef-Package-31-pyu2f DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-23-pyasn1-modules -Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-24-pyasn1 -Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-25-rsa -Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-28-httplib2 -Relationship: SPDXRef-Package-33-pyopenssl DEPENDS_ON SPDXRef-Package-34-cryptography -Relationship: SPDXRef-Package-34-cryptography DEPENDS_ON SPDXRef-Package-35-cffi -Relationship: SPDXRef-Package-35-cffi DEPENDS_ON SPDXRef-Package-36-pycparser -Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-18-fasteners -Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-28-httplib2 -Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-32-oauth2client -Relationship: SPDXRef-Package-40-jinja2 DEPENDS_ON SPDXRef-Package-41-markupsafe -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-43-jsonschema-specifications -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-44-referencing -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-45-rpds-py -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-5-attrs -Relationship: SPDXRef-Package-43-jsonschema-specifications DEPENDS_ON SPDXRef-Package-44-referencing -Relationship: SPDXRef-Package-44-referencing DEPENDS_ON SPDXRef-Package-45-rpds-py -Relationship: SPDXRef-Package-44-referencing DEPENDS_ON SPDXRef-Package-5-attrs -Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-12-defusedxml -Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-47-pyyaml -Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-48-semantic-version -Relationship: SPDXRef-Package-49-lib4vex DEPENDS_ON SPDXRef-Package-46-lib4sbom -Relationship: SPDXRef-Package-49-lib4vex DEPENDS_ON SPDXRef-Package-50-csaf-tool -Relationship: SPDXRef-Package-49-lib4vex DEPENDS_ON SPDXRef-Package-51-packageurl-python -Relationship: SPDXRef-Package-50-csaf-tool DEPENDS_ON SPDXRef-Package-51-packageurl-python -Relationship: SPDXRef-Package-50-csaf-tool DEPENDS_ON SPDXRef-Package-52-rich -Relationship: SPDXRef-Package-52-rich DEPENDS_ON SPDXRef-Package-53-markdown-it-py -Relationship: SPDXRef-Package-52-rich DEPENDS_ON SPDXRef-Package-55-pygments -Relationship: SPDXRef-Package-53-markdown-it-py DEPENDS_ON SPDXRef-Package-54-mdurl -Relationship: SPDXRef-Package-57-plotly DEPENDS_ON SPDXRef-Package-56-packaging -Relationship: SPDXRef-Package-57-plotly DEPENDS_ON SPDXRef-Package-58-tenacity -Relationship: SPDXRef-Package-60-requests DEPENDS_ON SPDXRef-Package-61-certifi -Relationship: SPDXRef-Package-60-requests DEPENDS_ON SPDXRef-Package-62-charset-normalizer -Relationship: SPDXRef-Package-60-requests DEPENDS_ON SPDXRef-Package-63-urllib3 -Relationship: SPDXRef-Package-60-requests DEPENDS_ON SPDXRef-Package-8-idna -Relationship: SPDXRef-Package-65-xmlschema DEPENDS_ON SPDXRef-Package-66-elementpath -Relationship: SPDXRef-Package-7-yarl DEPENDS_ON SPDXRef-Package-6-multidict -Relationship: SPDXRef-Package-7-yarl DEPENDS_ON SPDXRef-Package-8-idna -Relationship: SPDXRef-Package-9-beautifulsoup4 DEPENDS_ON SPDXRef-Package-10-soupsieve +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-lib4vex +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-packageurl-python +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-urllib3 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-setuptools +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-zstandard +Relationship: SPDXRef-Package-10-beautifulsoup4 DEPENDS_ON SPDXRef-Package-11-soupsieve +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-19-fasteners +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-20-gcs-oauth2-boto-plugin +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-google-reauth +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-34-pyopenssl +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-38-retry-decorator +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-google-apitools +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-40-monotonic +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiohappyeyeballs +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-aiosignal +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-frozenlist +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-multidict +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-yarl +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-boto +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-google-reauth +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-oauth2client +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-pyopenssl +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-38-retry-decorator +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-23-cachetools +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-24-pyasn1-modules +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-24-pyasn1-modules DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-26-rsa DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-29-httplib2 DEPENDS_ON SPDXRef-Package-30-pyparsing +Relationship: SPDXRef-Package-31-google-reauth DEPENDS_ON SPDXRef-Package-32-pyu2f +Relationship: SPDXRef-Package-32-pyu2f DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-24-pyasn1-modules +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-34-pyopenssl DEPENDS_ON SPDXRef-Package-35-cryptography +Relationship: SPDXRef-Package-35-cryptography DEPENDS_ON SPDXRef-Package-36-cffi +Relationship: SPDXRef-Package-36-cffi DEPENDS_ON SPDXRef-Package-37-pycparser +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-33-oauth2client +Relationship: SPDXRef-Package-4-aiosignal DEPENDS_ON SPDXRef-Package-5-frozenlist +Relationship: SPDXRef-Package-41-jinja2 DEPENDS_ON SPDXRef-Package-42-markupsafe +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-44-jsonschema-specifications +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-45-referencing +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-46-rpds-py +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-44-jsonschema-specifications DEPENDS_ON SPDXRef-Package-45-referencing +Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-46-rpds-py +Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml +Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-48-pyyaml +Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-49-semantic-version +Relationship: SPDXRef-Package-50-lib4vex DEPENDS_ON SPDXRef-Package-47-lib4sbom +Relationship: SPDXRef-Package-50-lib4vex DEPENDS_ON SPDXRef-Package-51-csaf-tool +Relationship: SPDXRef-Package-50-lib4vex DEPENDS_ON SPDXRef-Package-52-packageurl-python +Relationship: SPDXRef-Package-51-csaf-tool DEPENDS_ON SPDXRef-Package-52-packageurl-python +Relationship: SPDXRef-Package-51-csaf-tool DEPENDS_ON SPDXRef-Package-53-rich +Relationship: SPDXRef-Package-53-rich DEPENDS_ON SPDXRef-Package-54-markdown-it-py +Relationship: SPDXRef-Package-53-rich DEPENDS_ON SPDXRef-Package-56-pygments +Relationship: SPDXRef-Package-54-markdown-it-py DEPENDS_ON SPDXRef-Package-55-mdurl +Relationship: SPDXRef-Package-58-plotly DEPENDS_ON SPDXRef-Package-57-packaging +Relationship: SPDXRef-Package-58-plotly DEPENDS_ON SPDXRef-Package-59-tenacity +Relationship: SPDXRef-Package-61-requests DEPENDS_ON SPDXRef-Package-62-certifi +Relationship: SPDXRef-Package-61-requests DEPENDS_ON SPDXRef-Package-63-charset-normalizer +Relationship: SPDXRef-Package-61-requests DEPENDS_ON SPDXRef-Package-64-urllib3 +Relationship: SPDXRef-Package-61-requests DEPENDS_ON SPDXRef-Package-9-idna +Relationship: SPDXRef-Package-67-xmlschema DEPENDS_ON SPDXRef-Package-68-elementpath +Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-7-multidict +Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-9-idna