From f11a27fe47f0e8371b8f42fbf19bdb26c640adda Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 5 Jun 2023 00:29:31 +0000 Subject: [PATCH] chore: update SBOM for Python 3.9 --- sbom/cve-bin-tool-py3.9.json | 162 +++++++++++++++++++++-------------- sbom/cve-bin-tool-py3.9.spdx | 126 +++++++++++++++------------ 2 files changed, 167 insertions(+), 121 deletions(-) diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index d79b140ad3..c626e9ea5c 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4", - "serialNumber": "urn:uuid7bbf99d3-1651-4953-b3e2-836f89535bd3", + "serialNumber": "urn:uuid8f51dfa5-b68d-48d3-8313-993ea8c3ba1a", "version": 1, "metadata": { - "timestamp": "2023-05-29T00:27:11Z", + "timestamp": "2023-06-05T00:29:30Z", "tools": [ { "name": "sbom4python", @@ -23,7 +23,7 @@ "type": "application", "bom-ref": "1-cve-bin-tool", "name": "cve-bin-tool", - "version": "3.2.1", + "version": "3.2.2.dev0", "supplier": { "name": "Terri Oda", "contact": [ @@ -32,7 +32,7 @@ } ] }, - "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.2.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.2.2.dev0:*:*:*:*:*:*:*", "description": "CVE Binary Checker Tool", "licenses": [ { @@ -49,12 +49,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cve-bin-tool/3.2.1", + "url": "https://pypi.org/project/cve-bin-tool/3.2.2.dev0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cve-bin-tool@3.2.1" + "purl": "pkg:pypi/cve-bin-tool@3.2.2.dev0" }, { "type": "library", @@ -1138,7 +1138,7 @@ "type": "library", "bom-ref": "31-pyopenssl", "name": "pyopenssl", - "version": "23.1.1", + "version": "23.2.0", "supplier": { "name": "The pyOpenSSL developers", "contact": [ @@ -1147,7 +1147,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.1.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.2.0:*:*:*:*:*:*:*", "description": "Python wrapper module around the OpenSSL library", "licenses": [ { @@ -1164,12 +1164,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyOpenSSL/23.1.1", + "url": "https://pypi.org/project/pyOpenSSL/23.2.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyopenssl@23.1.1", + "purl": "pkg:pypi/pyopenssl@23.2.0", "properties": [ { "name": "License Comments", @@ -1181,7 +1181,7 @@ "type": "library", "bom-ref": "32-cryptography", "name": "cryptography", - "version": "40.0.2", + "version": "41.0.1", "supplier": { "name": "The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1190,28 +1190,23 @@ } ] }, - "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:40.0.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { "license": { - "expression": "(Apache-2.0 OR BSD-3-Clause) AND PSF-2.0" + "expression": "Apache-2.0 OR BSD-3-Clause" } } ], "externalReferences": [ { - "url": "https://github.com/pyca/cryptography", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/cryptography/40.0.2", + "url": "https://pypi.org/project/cryptography/41.0.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@40.0.2" + "purl": "pkg:pypi/cryptography@41.0.1" }, { "type": "library", @@ -1377,7 +1372,7 @@ "type": "library", "bom-ref": "37-google-auth", "name": "google-auth", - "version": "2.19.0", + "version": "2.19.1", "supplier": { "name": "Google Cloud Platform", "contact": [ @@ -1386,7 +1381,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.19.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.19.1:*:*:*:*:*:*:*", "description": "Google Authentication Library", "licenses": [ { @@ -1403,12 +1398,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-auth/2.19.0", + "url": "https://pypi.org/project/google-auth/2.19.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-auth@2.19.0", + "purl": "pkg:pypi/google-auth@2.19.1", "properties": [ { "name": "License Comments", @@ -1632,16 +1627,7 @@ "type": "library", "bom-ref": "44-markupsafe", "name": "markupsafe", - "version": "2.1.2", - "supplier": { - "name": "Armin Ronacher", - "contact": [ - { - "email": "armin.ronacher@active-4.com" - } - ] - }, - "cpe": "cpe:2.3:a:armin_ronacher:markupsafe:2.1.2:*:*:*:*:*:*:*", + "version": "2.1.3", "description": "Safely add untrusted strings to HTML/XML markup.", "licenses": [ { @@ -1658,12 +1644,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/MarkupSafe/2.1.2", + "url": "https://pypi.org/project/MarkupSafe/2.1.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/markupsafe@2.1.2" + "purl": "pkg:pypi/markupsafe@2.1.3" }, { "type": "library", @@ -1970,7 +1956,50 @@ }, { "type": "library", - "bom-ref": "53-requests", + "bom-ref": "53-python-gnupg", + "name": "python-gnupg", + "version": "0.5.0", + "supplier": { + "name": "Vinay Sajip", + "contact": [ + { + "email": "vinay_sajip@yahoo.co.uk" + } + ] + }, + "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.0:*:*:*:*:*:*:*", + "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/vsajip/python-gnupg", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/python-gnupg/0.5.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/python-gnupg@0.5.0", + "properties": [ + { + "name": "License Comments", + "value": "python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression." + } + ] + }, + { + "type": "library", + "bom-ref": "54-requests", "name": "requests", "version": "2.31.0", "supplier": { @@ -2013,7 +2042,7 @@ }, { "type": "library", - "bom-ref": "54-certifi", + "bom-ref": "55-certifi", "name": "certifi", "version": "2023.5.7", "supplier": { @@ -2050,9 +2079,9 @@ }, { "type": "library", - "bom-ref": "55-rich", + "bom-ref": "56-rich", "name": "rich", - "version": "13.3.5", + "version": "13.4.1", "supplier": { "name": "Will McGugan", "contact": [ @@ -2061,7 +2090,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.4.1:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -2078,16 +2107,16 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rich/13.3.5", + "url": "https://pypi.org/project/rich/13.4.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.3.5" + "purl": "pkg:pypi/rich@13.4.1" }, { "type": "library", - "bom-ref": "56-markdown-it-py", + "bom-ref": "57-markdown-it-py", "name": "markdown-it-py", "version": "2.2.0", "supplier": { @@ -2111,7 +2140,7 @@ }, { "type": "library", - "bom-ref": "57-mdurl", + "bom-ref": "58-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2135,7 +2164,7 @@ }, { "type": "library", - "bom-ref": "58-pygments", + "bom-ref": "59-pygments", "name": "pygments", "version": "2.15.1", "supplier": { @@ -2167,7 +2196,7 @@ }, { "type": "library", - "bom-ref": "59-rpmfile", + "bom-ref": "60-rpmfile", "name": "rpmfile", "version": "1.1.1", "supplier": { @@ -2204,7 +2233,7 @@ }, { "type": "library", - "bom-ref": "60-toml", + "bom-ref": "61-toml", "name": "toml", "version": "0.10.2", "supplier": { @@ -2241,7 +2270,7 @@ }, { "type": "library", - "bom-ref": "61-xmlschema", + "bom-ref": "62-xmlschema", "name": "xmlschema", "version": "2.3.0", "supplier": { @@ -2278,7 +2307,7 @@ }, { "type": "library", - "bom-ref": "62-elementpath", + "bom-ref": "63-elementpath", "name": "elementpath", "version": "4.1.2", "supplier": { @@ -2315,7 +2344,7 @@ }, { "type": "library", - "bom-ref": "63-zstandard", + "bom-ref": "64-zstandard", "name": "zstandard", "version": "0.21.0", "supplier": { @@ -2379,14 +2408,15 @@ "47-lib4sbom", "50-packaging", "51-plotly", + "53-python-gnupg", "48-pyyaml", - "53-requests", - "55-rich", - "59-rpmfile", - "60-toml", + "54-requests", + "56-rich", + "60-rpmfile", + "61-toml", "39-urllib3", - "61-xmlschema", - "63-zstandard" + "62-xmlschema", + "64-zstandard" ] }, { @@ -2567,31 +2597,31 @@ ] }, { - "ref": "53-requests", + "ref": "54-requests", "dependsOn": [ - "54-certifi", + "55-certifi", "7-charset-normalizer", "10-idna", "39-urllib3" ] }, { - "ref": "55-rich", + "ref": "56-rich", "dependsOn": [ - "56-markdown-it-py", - "58-pygments" + "57-markdown-it-py", + "59-pygments" ] }, { - "ref": "56-markdown-it-py", + "ref": "57-markdown-it-py", "dependsOn": [ - "57-mdurl" + "58-mdurl" ] }, { - "ref": "61-xmlschema", + "ref": "62-xmlschema", "dependsOn": [ - "62-elementpath" + "63-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index 9d7d89b6f3..b4da61b75c 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,27 +2,27 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c3a21b8b-1e5e-4f6d-a597-daf2fddd9ed0 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9c630289-bd5c-4717-b310-ddc6131fb6b7 LicenseListVersion: 3.20 Creator: Tool: sbom4python-0.9.1 -Created: 2023-05-29T00:25:52Z +Created: 2023-06-05T00:28:16Z CreatorComment: This document has been automatically generated. ##### PackageName: cve-bin-tool SPDXID: SPDXRef-Package-1-cve-bin-tool -PackageVersion: 3.2.1 +PackageVersion: 3.2.2.dev0 PrimaryPackagePurpose: APPLICATION PackageSupplier: Person: Terri Oda (terri.oda@intel.com) -PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.2.1 +PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.2.2.dev0 FilesAnalyzed: false PackageHomePage: https://github.com/intel/cve-bin-tool PackageLicenseDeclared: GPL-3.0-or-later PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION PackageSummary: CVE Binary Checker Tool -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.2.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.2.2.dev0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.2.dev0:*:*:*:*:*:*:* ##### PackageName: aiohttp @@ -500,10 +500,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* PackageName: pyopenssl SPDXID: SPDXRef-Package-31-pyopenssl -PackageVersion: 23.1.1 +PackageVersion: 23.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.1.1 +PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.2.0 FilesAnalyzed: false PackageHomePage: https://pyopenssl.org/ PackageLicenseDeclared: NOASSERTION @@ -511,24 +511,23 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.1.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.2.0:*:*:*:*:*:*:* ##### PackageName: cryptography SPDXID: SPDXRef-Package-32-cryptography -PackageVersion: 40.0.2 +PackageVersion: 41.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/40.0.2 +PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.1 FilesAnalyzed: false -PackageHomePage: https://github.com/pyca/cryptography -PackageLicenseDeclared: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 -PackageLicenseConcluded: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 +PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause +PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@40.0.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:40.0.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:* ##### PackageName: cffi @@ -599,10 +598,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* PackageName: google-auth SPDXID: SPDXRef-Package-37-google-auth -PackageVersion: 2.19.0 +PackageVersion: 2.19.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.19.0 +PackageDownloadLocation: https://pypi.org/project/google-auth/2.19.1 FilesAnalyzed: false PackageHomePage: https://github.com/googleapis/google-auth-library-python PackageLicenseDeclared: NOASSERTION @@ -610,8 +609,8 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Google Authentication Library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.19.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.19.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.19.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.19.1:*:*:*:*:*:*:* ##### PackageName: cachetools @@ -713,18 +712,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*: PackageName: markupsafe SPDXID: SPDXRef-Package-44-markupsafe -PackageVersion: 2.1.2 +PackageVersion: 2.1.3 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com) -PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.2 +PackageSupplier: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.3 FilesAnalyzed: false PackageHomePage: https://palletsprojects.com/p/markupsafe/ PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: Safely add untrusted strings to HTML/XML markup. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:markupsafe:2.1.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3 ##### PackageName: jsonschema @@ -857,8 +855,25 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:* ##### +PackageName: python-gnupg +SPDXID: SPDXRef-Package-53-python-gnupg +PackageVersion: 0.5.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) +PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.0 +FilesAnalyzed: false +PackageHomePage: https://github.com/vsajip/python-gnupg +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.0:*:*:*:*:*:*:* +##### + PackageName: requests -SPDXID: SPDXRef-Package-53-requests +SPDXID: SPDXRef-Package-54-requests PackageVersion: 2.31.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -875,7 +890,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-54-certifi +SPDXID: SPDXRef-Package-55-certifi PackageVersion: 2023.5.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -891,23 +906,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:* ##### PackageName: rich -SPDXID: SPDXRef-Package-55-rich -PackageVersion: 13.3.5 +SPDXID: SPDXRef-Package-56-rich +PackageVersion: 13.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.3.5 +PackageDownloadLocation: https://pypi.org/project/rich/13.4.1 FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.5:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.4.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.4.1:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-56-markdown-it-py +SPDXID: SPDXRef-Package-57-markdown-it-py PackageVersion: 2.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -922,7 +937,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:2.2.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-57-mdurl +SPDXID: SPDXRef-Package-58-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -937,7 +952,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-58-pygments +SPDXID: SPDXRef-Package-59-pygments PackageVersion: 2.15.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) @@ -952,7 +967,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:* ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-59-rpmfile +SPDXID: SPDXRef-Package-60-rpmfile PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -968,7 +983,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:* ##### PackageName: toml -SPDXID: SPDXRef-Package-60-toml +SPDXID: SPDXRef-Package-61-toml PackageVersion: 0.10.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: William Pearson (uiri@xqz.ca) @@ -984,7 +999,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: ##### PackageName: xmlschema -SPDXID: SPDXRef-Package-61-xmlschema +SPDXID: SPDXRef-Package-62-xmlschema PackageVersion: 2.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1000,7 +1015,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.3.0:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-62-elementpath +SPDXID: SPDXRef-Package-63-elementpath PackageVersion: 4.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1016,7 +1031,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.2:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-63-zstandard +SPDXID: SPDXRef-Package-64-zstandard PackageVersion: 0.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1047,12 +1062,13 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-lib4s Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-pyyaml Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-packaging Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-toml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-zstandard +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-toml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-zstandard Relationship: SPDXRef-Package-11-beautifulsoup4 DEPENDS_ON SPDXRef-Package-12-soupsieve Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod @@ -1113,13 +1129,13 @@ Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-49-semantic Relationship: SPDXRef-Package-50-packaging DEPENDS_ON SPDXRef-Package-26-pyparsing Relationship: SPDXRef-Package-51-plotly DEPENDS_ON SPDXRef-Package-50-packaging Relationship: SPDXRef-Package-51-plotly DEPENDS_ON SPDXRef-Package-52-tenacity -Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-10-idna -Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-39-urllib3 -Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-54-certifi -Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer -Relationship: SPDXRef-Package-55-rich DEPENDS_ON SPDXRef-Package-56-markdown-it-py -Relationship: SPDXRef-Package-55-rich DEPENDS_ON SPDXRef-Package-58-pygments -Relationship: SPDXRef-Package-56-markdown-it-py DEPENDS_ON SPDXRef-Package-57-mdurl -Relationship: SPDXRef-Package-61-xmlschema DEPENDS_ON SPDXRef-Package-62-elementpath +Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-10-idna +Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-39-urllib3 +Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-55-certifi +Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer +Relationship: SPDXRef-Package-56-rich DEPENDS_ON SPDXRef-Package-57-markdown-it-py +Relationship: SPDXRef-Package-56-rich DEPENDS_ON SPDXRef-Package-59-pygments +Relationship: SPDXRef-Package-57-markdown-it-py DEPENDS_ON SPDXRef-Package-58-mdurl +Relationship: SPDXRef-Package-62-xmlschema DEPENDS_ON SPDXRef-Package-63-elementpath Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-10-idna Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-8-multidict