From 463d951d75cf878dadeff0f74dbc2290db75d574 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 3 Jul 2023 01:09:57 +0000 Subject: [PATCH] chore: update SBOM for Python 3.9 --- sbom/cve-bin-tool-py3.9.json | 301 ++--------------------------------- sbom/cve-bin-tool-py3.9.spdx | 85 ++-------- 2 files changed, 30 insertions(+), 356 deletions(-) diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index 87f159539d..eb0972db6b 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,14 +2,14 @@ "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4", - "serialNumber": "urn:uuid40decac7-5d7f-440a-8055-51db467c8db2", + "serialNumber": "urn:uuidae2a08de-c39a-4f4a-9aa8-d19e5145d938", "version": 1, "metadata": { - "timestamp": "2023-06-19T00:29:40Z", + "timestamp": "2023-07-03T01:09:55Z", "tools": [ { "name": "sbom4python", - "version": "0.9.1" + "version": "0.9.2" } ], "component": { @@ -43,11 +43,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/intel/cve-bin-tool", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/cve-bin-tool/3.2.2.dev0", "type": "distribution", @@ -71,11 +66,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/aio-libs/aiohttp", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/aiohttp/3.8.4", "type": "distribution", @@ -95,7 +85,6 @@ "bom-ref": "3-aiosignal", "name": "aiosignal", "version": "1.3.1", - "description": "aiosignal: a list of registered asynchronous callbacks", "licenses": [ { "license": { @@ -105,11 +94,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/aio-libs/aiosignal", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/aiosignal/1.3.1", "type": "distribution", @@ -139,11 +123,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/aio-libs/frozenlist", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/frozenlist/1.3.3", "type": "distribution", @@ -182,11 +161,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/aio-libs/async-timeout", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/async-timeout/4.0.2", "type": "distribution", @@ -249,11 +223,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/Ousret/charset_normalizer", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/charset-normalizer/3.1.0", "type": "distribution", @@ -286,11 +255,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/aio-libs/multidict", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/multidict/6.0.4", "type": "distribution", @@ -329,11 +293,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/aio-libs/yarl/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/yarl/1.9.2", "type": "distribution", @@ -438,11 +397,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/RedHatProductSecurity/cvss", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/cvss/2.6", "type": "distribution", @@ -481,11 +435,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/tiran/defusedxml", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/defusedxml/0.7.1", "type": "distribution", @@ -524,11 +473,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/python-distro/distro", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/distro/1.8.0", "type": "distribution", @@ -547,7 +491,7 @@ "type": "library", "bom-ref": "16-gsutil", "name": "gsutil", - "version": "5.24", + "version": "5.25", "supplier": { "name": "Google Inc.", "contact": [ @@ -556,7 +500,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.24:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -568,17 +512,12 @@ ], "externalReferences": [ { - "url": "https://cloud.google.com/storage/docs/gsutil", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/gsutil/5.24", + "url": "https://pypi.org/project/gsutil/5.25", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.24", + "purl": "pkg:pypi/gsutil@5.25", "properties": [ { "name": "License Comments", @@ -610,11 +549,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/kislyuk/argcomplete", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/argcomplete/3.1.1", "type": "distribution", @@ -653,11 +587,6 @@ } ], "externalReferences": [ - { - "url": "http://crcmod.sourceforge.net/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/crcmod/1.7", "type": "distribution", @@ -685,11 +614,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/harlowja/fasteners", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/fasteners/0.18", "type": "distribution", @@ -728,11 +652,6 @@ } ], "externalReferences": [ - { - "url": "https://developers.google.com/storage/docs/gspythonlibrary", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.0", "type": "distribution", @@ -771,11 +690,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/boto/boto/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/boto/2.49.0", "type": "distribution", @@ -808,11 +722,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/Google/google-reauth-python", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/google-reauth/0.1.1", "type": "distribution", @@ -851,11 +760,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/google/pyu2f/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/pyu2f/0.1.5", "type": "distribution", @@ -894,11 +798,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/benjaminp/six", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/six/1.16.0", "type": "distribution", @@ -931,11 +830,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/httplib2/httplib2", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/httplib2/0.20.4", "type": "distribution", @@ -992,11 +886,6 @@ } ], "externalReferences": [ - { - "url": "http://github.com/google/oauth2client/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/oauth2client/4.1.3", "type": "distribution", @@ -1035,11 +924,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/pyasn1/pyasn1", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/pyasn1/0.5.0", "type": "distribution", @@ -1072,11 +956,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/pyasn1/pyasn1-modules", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/pyasn1-modules/0.3.0", "type": "distribution", @@ -1115,11 +994,6 @@ } ], "externalReferences": [ - { - "url": "https://stuvel.eu/rsa", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/rsa/4.7.2", "type": "distribution", @@ -1158,11 +1032,6 @@ } ], "externalReferences": [ - { - "url": "https://pyopenssl.org/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/pyOpenSSL/23.2.0", "type": "distribution", @@ -1232,11 +1101,6 @@ } ], "externalReferences": [ - { - "url": "http://cffi.readthedocs.org", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/cffi/1.15.1", "type": "distribution", @@ -1269,11 +1133,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/eliben/pycparser", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/pycparser/2.21", "type": "distribution", @@ -1312,11 +1171,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/pnpnpn/retry-decorator", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/retry-decorator/1.1.1", "type": "distribution", @@ -1349,11 +1203,6 @@ } ], "externalReferences": [ - { - "url": "http://github.com/google/apitools", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/google-apitools/0.5.32", "type": "distribution", @@ -1372,7 +1221,7 @@ "type": "library", "bom-ref": "37-google-auth", "name": "google-auth", - "version": "2.20.0", + "version": "2.21.0", "supplier": { "name": "Google Cloud Platform", "contact": [ @@ -1381,7 +1230,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.20.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.21.0:*:*:*:*:*:*:*", "description": "Google Authentication Library", "licenses": [ { @@ -1393,17 +1242,12 @@ ], "externalReferences": [ { - "url": "https://github.com/googleapis/google-auth-library-python", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/google-auth/2.20.0", + "url": "https://pypi.org/project/google-auth/2.21.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-auth@2.20.0", + "purl": "pkg:pypi/google-auth@2.21.0", "properties": [ { "name": "License Comments", @@ -1435,11 +1279,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/tkem/cachetools/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/cachetools/5.3.1", "type": "distribution", @@ -1472,11 +1311,6 @@ } ], "externalReferences": [ - { - "url": "https://urllib3.readthedocs.io/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/urllib3/1.26.16", "type": "distribution", @@ -1509,11 +1343,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/atdt/monotonic", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/monotonic/1.6", "type": "distribution", @@ -1544,11 +1373,6 @@ "cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:6.7.0:*:*:*:*:*:*:*", "description": "Read metadata from Python packages", "externalReferences": [ - { - "url": "https://github.com/python/importlib_metadata", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/importlib-metadata/6.7.0", "type": "distribution", @@ -1573,11 +1397,6 @@ "cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.15.0:*:*:*:*:*:*:*", "description": "Backport of pathlib-compatible object wrapper for zip files", "externalReferences": [ - { - "url": "https://github.com/jaraco/zipp", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/zipp/3.15.0", "type": "distribution", @@ -1610,11 +1429,6 @@ } ], "externalReferences": [ - { - "url": "https://palletsprojects.com/p/jinja/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/Jinja2/3.1.2", "type": "distribution", @@ -1638,11 +1452,6 @@ } ], "externalReferences": [ - { - "url": "https://palletsprojects.com/p/markupsafe/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/MarkupSafe/2.1.3", "type": "distribution", @@ -1702,11 +1511,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/tobgu/pyrsistent/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/pyrsistent/0.19.3", "type": "distribution", @@ -1739,11 +1543,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/anthonyharrison/lib4sbom", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/lib4sbom/0.3.1", "type": "distribution", @@ -1776,11 +1575,6 @@ } ], "externalReferences": [ - { - "url": "https://pyyaml.org/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/PyYAML/6.0", "type": "distribution", @@ -1813,11 +1607,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/rbarrois/python-semanticversion", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/semantic-version/2.10.0", "type": "distribution", @@ -1855,11 +1644,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/pypa/packaging", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/packaging/21.3", "type": "distribution", @@ -1898,11 +1682,6 @@ } ], "externalReferences": [ - { - "url": "https://plotly.com/python/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/plotly/5.15.0", "type": "distribution", @@ -1935,11 +1714,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/jd/tenacity", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/tenacity/8.2.2", "type": "distribution", @@ -1978,11 +1752,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/vsajip/python-gnupg", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/python-gnupg/0.5.0", "type": "distribution", @@ -2021,11 +1790,6 @@ } ], "externalReferences": [ - { - "url": "https://requests.readthedocs.io", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/requests/2.31.0", "type": "distribution", @@ -2064,11 +1828,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/certifi/python-certifi", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/certifi/2023.5.7", "type": "distribution", @@ -2101,11 +1860,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/Textualize/rich", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/rich/13.4.2", "type": "distribution", @@ -2218,11 +1972,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/srossross/rpmfile", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/rpmfile/1.1.1", "type": "distribution", @@ -2255,11 +2004,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/uiri/toml", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/toml/0.10.2", "type": "distribution", @@ -2292,11 +2036,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/sissaschool/xmlschema", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/xmlschema/2.3.1", "type": "distribution", @@ -2309,7 +2048,7 @@ "type": "library", "bom-ref": "63-elementpath", "name": "elementpath", - "version": "4.1.3", + "version": "4.1.4", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2318,7 +2057,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", "licenses": [ { @@ -2330,17 +2069,12 @@ ], "externalReferences": [ { - "url": "https://github.com/sissaschool/elementpath", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/elementpath/4.1.3", + "url": "https://pypi.org/project/elementpath/4.1.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/elementpath@4.1.3" + "purl": "pkg:pypi/elementpath@4.1.4" }, { "type": "library", @@ -2366,11 +2100,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/indygreg/python-zstandard", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/zstandard/0.21.0", "type": "distribution", diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index a8ca4a417a..b787bbd4d8 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4ddbb3e1-9d22-46da-bf11-26e59449ffe1 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4cdd4b13-8ebd-4b76-a809-8cfb8a05adae LicenseListVersion: 3.20 -Creator: Tool: sbom4python-0.9.1 -Created: 2023-06-19T00:28:21Z +Creator: Tool: sbom4python-0.9.2 +Created: 2023-07-03T01:08:08Z CreatorComment: This document has been automatically generated. ##### @@ -16,7 +16,6 @@ PrimaryPackagePurpose: APPLICATION PackageSupplier: Person: Terri Oda (terri.oda@intel.com) PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.2.2.dev0 FilesAnalyzed: false -PackageHomePage: https://github.com/intel/cve-bin-tool PackageLicenseDeclared: GPL-3.0-or-later PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION @@ -32,7 +31,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/aiohttp/3.8.4 FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. @@ -48,12 +46,10 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1 FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/aiosignal PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: aiosignal: a list of registered asynchronous callbacks ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.3.1 ##### @@ -64,7 +60,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/frozenlist/1.3.3 FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/frozenlist PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression. @@ -80,7 +75,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.2 FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/async-timeout PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression. @@ -112,7 +106,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.1.0 FilesAnalyzed: false -PackageHomePage: https://github.com/Ousret/charset_normalizer PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -128,7 +121,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/multidict/6.0.4 FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/multidict PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. @@ -145,7 +137,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/yarl/1.9.2 FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/yarl/ PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION @@ -206,7 +197,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) PackageDownloadLocation: https://pypi.org/project/cvss/2.6 FilesAnalyzed: false -PackageHomePage: https://github.com/RedHatProductSecurity/cvss PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. @@ -223,7 +213,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1 FilesAnalyzed: false -PackageHomePage: https://github.com/tiran/defusedxml PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: PSF-2.0 PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression. @@ -240,7 +229,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) PackageDownloadLocation: https://pypi.org/project/distro/1.8.0 FilesAnalyzed: false -PackageHomePage: https://github.com/python-distro/distro PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. @@ -252,19 +240,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:* PackageName: gsutil SPDXID: SPDXRef-Package-16-gsutil -PackageVersion: 5.24 +PackageVersion: 5.25 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.24 +PackageDownloadLocation: https://pypi.org/project/gsutil/5.25 FilesAnalyzed: false -PackageHomePage: https://cloud.google.com/storage/docs/gsutil PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.24 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.24:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.25 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:* ##### PackageName: argcomplete @@ -274,7 +261,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.1 FilesAnalyzed: false -PackageHomePage: https://github.com/kislyuk/argcomplete PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. @@ -291,7 +277,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) PackageDownloadLocation: https://pypi.org/project/crcmod/1.7 FilesAnalyzed: false -PackageHomePage: http://crcmod.sourceforge.net/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -307,7 +292,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow PackageDownloadLocation: https://pypi.org/project/fasteners/0.18 FilesAnalyzed: false -PackageHomePage: https://github.com/harlowja/fasteners PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression. @@ -324,7 +308,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.0 FilesAnalyzed: false -PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. @@ -341,7 +324,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) PackageDownloadLocation: https://pypi.org/project/boto/2.49.0 FilesAnalyzed: false -PackageHomePage: https://github.com/boto/boto/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -357,7 +339,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google (googleapis-publisher@google.com) PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 FilesAnalyzed: false -PackageHomePage: https://github.com/Google/google-reauth-python PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. @@ -374,7 +355,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 FilesAnalyzed: false -PackageHomePage: https://github.com/google/pyu2f/ PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. @@ -391,7 +371,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) PackageDownloadLocation: https://pypi.org/project/six/1.16.0 FilesAnalyzed: false -PackageHomePage: https://github.com/benjaminp/six PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -407,7 +386,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4 FilesAnalyzed: false -PackageHomePage: https://github.com/httplib2/httplib2 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -438,7 +416,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 FilesAnalyzed: false -PackageHomePage: http://github.com/google/oauth2client/ PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. @@ -455,7 +432,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) PackageDownloadLocation: https://pypi.org/project/pyasn1/0.5.0 FilesAnalyzed: false -PackageHomePage: https://github.com/pyasn1/pyasn1 PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION @@ -471,7 +447,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.3.0 FilesAnalyzed: false -PackageHomePage: https://github.com/pyasn1/pyasn1-modules PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. @@ -488,7 +463,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 FilesAnalyzed: false -PackageHomePage: https://stuvel.eu/rsa PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. @@ -505,7 +479,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.2.0 FilesAnalyzed: false -PackageHomePage: https://pyopenssl.org/ PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. @@ -537,7 +510,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) PackageDownloadLocation: https://pypi.org/project/cffi/1.15.1 FilesAnalyzed: false -PackageHomePage: http://cffi.readthedocs.org PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -553,7 +525,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) PackageDownloadLocation: https://pypi.org/project/pycparser/2.21 FilesAnalyzed: false -PackageHomePage: https://github.com/eliben/pycparser PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: pycparser declares BSD which is not currently a valid SPDX License identifier or expression. @@ -570,7 +541,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1 FilesAnalyzed: false -PackageHomePage: https://github.com/pnpnpn/retry-decorator PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -586,7 +556,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32 FilesAnalyzed: false -PackageHomePage: http://github.com/google/apitools PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. @@ -598,19 +567,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* PackageName: google-auth SPDXID: SPDXRef-Package-37-google-auth -PackageVersion: 2.20.0 +PackageVersion: 2.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.20.0 +PackageDownloadLocation: https://pypi.org/project/google-auth/2.21.0 FilesAnalyzed: false -PackageHomePage: https://github.com/googleapis/google-auth-library-python PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Google Authentication Library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.20.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.20.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.21.0:*:*:*:*:*:*:* ##### PackageName: cachetools @@ -620,7 +588,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.1 FilesAnalyzed: false -PackageHomePage: https://github.com/tkem/cachetools/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -636,7 +603,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.16 FilesAnalyzed: false -PackageHomePage: https://urllib3.readthedocs.io/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -652,7 +618,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) PackageDownloadLocation: https://pypi.org/project/monotonic/1.6 FilesAnalyzed: false -PackageHomePage: https://github.com/atdt/monotonic PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression. @@ -669,7 +634,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com) PackageDownloadLocation: https://pypi.org/project/importlib-metadata/6.7.0 FilesAnalyzed: false -PackageHomePage: https://github.com/python/importlib_metadata PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -685,7 +649,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com) PackageDownloadLocation: https://pypi.org/project/zipp/3.15.0 FilesAnalyzed: false -PackageHomePage: https://github.com/jaraco/zipp PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -701,7 +664,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com) PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.2 FilesAnalyzed: false -PackageHomePage: https://palletsprojects.com/p/jinja/ PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION @@ -717,7 +679,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.3 FilesAnalyzed: false -PackageHomePage: https://palletsprojects.com/p/markupsafe/ PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION @@ -747,7 +708,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tobias Gustafsson (tobias.l.gustafsson@gmail.com) PackageDownloadLocation: https://pypi.org/project/pyrsistent/0.19.3 FilesAnalyzed: false -PackageHomePage: https://github.com/tobgu/pyrsistent/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -763,7 +723,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.3.1 FilesAnalyzed: false -PackageHomePage: https://github.com/anthonyharrison/lib4sbom PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION @@ -779,7 +738,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0 FilesAnalyzed: false -PackageHomePage: https://pyyaml.org/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -795,7 +753,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0 FilesAnalyzed: false -PackageHomePage: https://github.com/rbarrois/python-semanticversion PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression. @@ -812,7 +769,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Donald Stufft and individual contributors (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/21.3 FilesAnalyzed: false -PackageHomePage: https://github.com/pypa/packaging PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-2-Clause OR Apache-2.0 PackageLicenseComments: packaging declares BSD-2-Clause or Apache-2.0 which is not currently a valid SPDX License identifier or expression. @@ -829,7 +785,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) PackageDownloadLocation: https://pypi.org/project/plotly/5.15.0 FilesAnalyzed: false -PackageHomePage: https://plotly.com/python/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -845,7 +800,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.2 FilesAnalyzed: false -PackageHomePage: https://github.com/jd/tenacity PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. @@ -862,7 +816,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.0 FilesAnalyzed: false -PackageHomePage: https://github.com/vsajip/python-gnupg PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. @@ -879,7 +832,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) PackageDownloadLocation: https://pypi.org/project/requests/2.31.0 FilesAnalyzed: false -PackageHomePage: https://requests.readthedocs.io PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. @@ -896,7 +848,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) PackageDownloadLocation: https://pypi.org/project/certifi/2023.5.7 FilesAnalyzed: false -PackageHomePage: https://github.com/certifi/python-certifi PackageLicenseDeclared: MPL-2.0 PackageLicenseConcluded: MPL-2.0 PackageCopyrightText: NOASSERTION @@ -912,7 +863,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) PackageDownloadLocation: https://pypi.org/project/rich/13.4.2 FilesAnalyzed: false -PackageHomePage: https://github.com/Textualize/rich PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -973,7 +923,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) PackageDownloadLocation: https://pypi.org/project/rpmfile/1.1.1 FilesAnalyzed: false -PackageHomePage: https://github.com/srossross/rpmfile PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -989,7 +938,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: William Pearson (uiri@xqz.ca) PackageDownloadLocation: https://pypi.org/project/toml/0.10.2 FilesAnalyzed: false -PackageHomePage: https://github.com/uiri/toml PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -1005,7 +953,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) PackageDownloadLocation: https://pypi.org/project/xmlschema/2.3.1 FilesAnalyzed: false -PackageHomePage: https://github.com/sissaschool/xmlschema PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -1016,18 +963,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:* PackageName: elementpath SPDXID: SPDXRef-Package-63-elementpath -PackageVersion: 4.1.3 +PackageVersion: 4.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.3 +PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.4 FilesAnalyzed: false -PackageHomePage: https://github.com/sissaschool/elementpath PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:* ##### PackageName: zstandard @@ -1037,7 +983,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) PackageDownloadLocation: https://pypi.org/project/zstandard/0.21.0 FilesAnalyzed: false -PackageHomePage: https://github.com/indygreg/python-zstandard PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.