From 4764c8ee5a3bef66a767a59beb2e746d178773da Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 10 Jul 2023 01:07:41 +0000 Subject: [PATCH] chore: update SBOM for Python 3.11 --- sbom/cve-bin-tool-py3.11.json | 200 ++++++++++++++++++++++------------ sbom/cve-bin-tool-py3.11.spdx | 157 +++++++++++++++----------- 2 files changed, 228 insertions(+), 129 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index 29580582c6..e2ee22a79d 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4", - "serialNumber": "urn:uuid05c548a8-68b3-40fb-928e-e09beab3ae1f", + "serialNumber": "urn:uuid3cd1cff1-a0d3-4baa-a932-03e564772701", "version": 1, "metadata": { - "timestamp": "2023-07-03T00:31:56Z", + "timestamp": "2023-07-10T01:07:40Z", "tools": [ { "name": "sbom4python", @@ -203,7 +203,7 @@ "type": "library", "bom-ref": "7-charset-normalizer", "name": "charset-normalizer", - "version": "3.1.0", + "version": "3.2.0", "supplier": { "name": "Ahmed TAHRI", "contact": [ @@ -212,7 +212,7 @@ } ] }, - "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.1.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.2.0:*:*:*:*:*:*:*", "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", "licenses": [ { @@ -224,12 +224,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/charset-normalizer/3.1.0", + "url": "https://pypi.org/project/charset-normalizer/3.2.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/charset-normalizer@3.1.0" + "purl": "pkg:pypi/charset-normalizer@3.2.0" }, { "type": "library", @@ -1416,11 +1416,11 @@ "type": "library", "bom-ref": "43-jsonschema", "name": "jsonschema", - "version": "4.17.3", + "version": "4.18.0", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.17.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.0:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", "licenses": [ { @@ -1432,28 +1432,50 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema/4.17.3", + "url": "https://pypi.org/project/jsonschema/4.18.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema@4.17.3" + "purl": "pkg:pypi/jsonschema@4.18.0" }, { "type": "library", - "bom-ref": "44-pyrsistent", - "name": "pyrsistent", - "version": "0.19.3", + "bom-ref": "44-jsonschema-specifications", + "name": "jsonschema-specifications", + "version": "2023.6.1", "supplier": { - "name": "Tobias Gustafsson", - "contact": [ - { - "email": "tobias.l.gustafsson@gmail.com" + "name": "Julian Berman" + }, + "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.6.1:*:*:*:*:*:*:*", + "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" } - ] + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/jsonschema-specifications/2023.6.1", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/jsonschema-specifications@2023.6.1" + }, + { + "type": "library", + "bom-ref": "45-referencing", + "name": "referencing", + "version": "0.29.1", + "supplier": { + "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:tobias_gustafsson:pyrsistent:0.19.3:*:*:*:*:*:*:*", - "description": "Persistent/Functional/Immutable data structures", + "cpe": "cpe:2.3:a:julian_berman:referencing:0.29.1:*:*:*:*:*:*:*", + "description": "JSON Referencing + Python", "licenses": [ { "license": { @@ -1464,16 +1486,43 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyrsistent/0.19.3", + "url": "https://pypi.org/project/referencing/0.29.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyrsistent@0.19.3" + "purl": "pkg:pypi/referencing@0.29.1" }, { "type": "library", - "bom-ref": "45-lib4sbom", + "bom-ref": "46-rpds-py", + "name": "rpds-py", + "version": "0.8.10", + "supplier": { + "name": "Julian Berman" + }, + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.8.10:*:*:*:*:*:*:*", + "description": "Python bindings to Rust's persistent data structures (rpds)", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/rpds-py/0.8.10", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/rpds-py@0.8.10" + }, + { + "type": "library", + "bom-ref": "47-lib4sbom", "name": "lib4sbom", "version": "0.3.1", "supplier": { @@ -1505,7 +1554,7 @@ }, { "type": "library", - "bom-ref": "46-pyyaml", + "bom-ref": "48-pyyaml", "name": "pyyaml", "version": "6.0", "supplier": { @@ -1537,7 +1586,7 @@ }, { "type": "library", - "bom-ref": "47-semantic-version", + "bom-ref": "49-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -1575,7 +1624,7 @@ }, { "type": "library", - "bom-ref": "48-packaging", + "bom-ref": "50-packaging", "name": "packaging", "version": "21.3", "supplier": { @@ -1612,7 +1661,7 @@ }, { "type": "library", - "bom-ref": "49-plotly", + "bom-ref": "51-plotly", "name": "plotly", "version": "5.15.0", "supplier": { @@ -1644,7 +1693,7 @@ }, { "type": "library", - "bom-ref": "50-tenacity", + "bom-ref": "52-tenacity", "name": "tenacity", "version": "8.2.2", "supplier": { @@ -1682,7 +1731,7 @@ }, { "type": "library", - "bom-ref": "51-python-gnupg", + "bom-ref": "53-python-gnupg", "name": "python-gnupg", "version": "0.5.0", "supplier": { @@ -1720,7 +1769,7 @@ }, { "type": "library", - "bom-ref": "52-requests", + "bom-ref": "54-requests", "name": "requests", "version": "2.31.0", "supplier": { @@ -1758,7 +1807,7 @@ }, { "type": "library", - "bom-ref": "53-certifi", + "bom-ref": "55-certifi", "name": "certifi", "version": "2023.5.7", "supplier": { @@ -1790,7 +1839,7 @@ }, { "type": "library", - "bom-ref": "54-rich", + "bom-ref": "56-rich", "name": "rich", "version": "13.4.2", "supplier": { @@ -1822,7 +1871,7 @@ }, { "type": "library", - "bom-ref": "55-markdown-it-py", + "bom-ref": "57-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -1846,7 +1895,7 @@ }, { "type": "library", - "bom-ref": "56-mdurl", + "bom-ref": "58-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -1870,7 +1919,7 @@ }, { "type": "library", - "bom-ref": "57-pygments", + "bom-ref": "59-pygments", "name": "pygments", "version": "2.15.1", "supplier": { @@ -1902,7 +1951,7 @@ }, { "type": "library", - "bom-ref": "58-rpmfile", + "bom-ref": "60-rpmfile", "name": "rpmfile", "version": "1.1.1", "supplier": { @@ -1934,7 +1983,7 @@ }, { "type": "library", - "bom-ref": "59-toml", + "bom-ref": "61-toml", "name": "toml", "version": "0.10.2", "supplier": { @@ -1966,7 +2015,7 @@ }, { "type": "library", - "bom-ref": "60-xmlschema", + "bom-ref": "62-xmlschema", "name": "xmlschema", "version": "2.3.1", "supplier": { @@ -1998,7 +2047,7 @@ }, { "type": "library", - "bom-ref": "61-elementpath", + "bom-ref": "63-elementpath", "name": "elementpath", "version": "4.1.4", "supplier": { @@ -2030,7 +2079,7 @@ }, { "type": "library", - "bom-ref": "62-zstandard", + "bom-ref": "64-zstandard", "name": "zstandard", "version": "0.21.0", "supplier": { @@ -2085,18 +2134,18 @@ "16-gsutil", "41-jinja2", "43-jsonschema", - "45-lib4sbom", - "48-packaging", - "49-plotly", - "51-python-gnupg", - "46-pyyaml", - "52-requests", - "54-rich", - "58-rpmfile", - "59-toml", + "47-lib4sbom", + "50-packaging", + "51-plotly", + "53-python-gnupg", + "48-pyyaml", + "54-requests", + "56-rich", + "60-rpmfile", + "61-toml", "39-urllib3", - "60-xmlschema", - "62-zstandard" + "62-xmlschema", + "64-zstandard" ] }, { @@ -2247,55 +2296,70 @@ "ref": "43-jsonschema", "dependsOn": [ "6-attrs", - "44-pyrsistent" + "44-jsonschema-specifications", + "45-referencing", + "46-rpds-py" + ] + }, + { + "ref": "44-jsonschema-specifications", + "dependsOn": [ + "45-referencing" + ] + }, + { + "ref": "45-referencing", + "dependsOn": [ + "6-attrs", + "46-rpds-py" ] }, { - "ref": "45-lib4sbom", + "ref": "47-lib4sbom", "dependsOn": [ - "46-pyyaml", - "47-semantic-version" + "48-pyyaml", + "49-semantic-version" ] }, { - "ref": "48-packaging", + "ref": "50-packaging", "dependsOn": [ "26-pyparsing" ] }, { - "ref": "49-plotly", + "ref": "51-plotly", "dependsOn": [ - "48-packaging", - "50-tenacity" + "50-packaging", + "52-tenacity" ] }, { - "ref": "52-requests", + "ref": "54-requests", "dependsOn": [ - "53-certifi", + "55-certifi", "7-charset-normalizer", "10-idna", "39-urllib3" ] }, { - "ref": "54-rich", + "ref": "56-rich", "dependsOn": [ - "55-markdown-it-py", - "57-pygments" + "57-markdown-it-py", + "59-pygments" ] }, { - "ref": "55-markdown-it-py", + "ref": "57-markdown-it-py", "dependsOn": [ - "56-mdurl" + "58-mdurl" ] }, { - "ref": "60-xmlschema", + "ref": "62-xmlschema", "dependsOn": [ - "61-elementpath" + "63-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index e5a1598247..52326477e8 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-845f86fd-59b3-42c3-8d33-f405c1baadd4 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0ad20e5e-1cb2-4c7d-bc9e-b49ba9a9f787 LicenseListVersion: 3.20 Creator: Tool: sbom4python-0.9.2 -Created: 2023-07-03T00:30:41Z +Created: 2023-07-10T01:06:25Z CreatorComment: This document has been automatically generated. ##### @@ -101,17 +101,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:* PackageName: charset-normalizer SPDXID: SPDXRef-Package-7-charset-normalizer -PackageVersion: 3.1.0 +PackageVersion: 3.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) -PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.1.0 +PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.2.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.2.0:*:*:*:*:*:*:* ##### PackageName: multidict @@ -658,36 +658,66 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3 PackageName: jsonschema SPDXID: SPDXRef-Package-43-jsonschema -PackageVersion: 4.17.3 +PackageVersion: 4.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema/4.17.3 +PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.17.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.17.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.0:*:*:*:*:*:*:* +##### + +PackageName: jsonschema-specifications +SPDXID: SPDXRef-Package-44-jsonschema-specifications +PackageVersion: 2023.6.1 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Julian Berman +PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.6.1 +FilesAnalyzed: false +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.6.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.6.1:*:*:*:*:*:*:* ##### -PackageName: pyrsistent -SPDXID: SPDXRef-Package-44-pyrsistent -PackageVersion: 0.19.3 +PackageName: referencing +SPDXID: SPDXRef-Package-45-referencing +PackageVersion: 0.29.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Tobias Gustafsson (tobias.l.gustafsson@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyrsistent/0.19.3 +PackageSupplier: Person: Julian Berman +PackageDownloadLocation: https://pypi.org/project/referencing/0.29.1 +FilesAnalyzed: false +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: JSON Referencing + Python +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.29.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.29.1:*:*:*:*:*:*:* +##### + +PackageName: rpds-py +SPDXID: SPDXRef-Package-46-rpds-py +PackageVersion: 0.8.10 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Julian Berman +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.8.10 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION -PackageSummary: Persistent/Functional/Immutable data structures -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyrsistent@0.19.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:tobias_gustafsson:pyrsistent:0.19.3:*:*:*:*:*:*:* +PackageSummary: Python bindings to Rust's persistent data structures (rpds) +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.8.10 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.8.10:*:*:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-45-lib4sbom +SPDXID: SPDXRef-Package-47-lib4sbom PackageVersion: 0.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -702,7 +732,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*: ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-46-pyyaml +SPDXID: SPDXRef-Package-48-pyyaml PackageVersion: 6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) @@ -717,7 +747,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-47-semantic-version +SPDXID: SPDXRef-Package-49-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -733,7 +763,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: packaging -SPDXID: SPDXRef-Package-48-packaging +SPDXID: SPDXRef-Package-50-packaging PackageVersion: 21.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Donald Stufft and individual contributors (donald@stufft.io) @@ -749,7 +779,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut ##### PackageName: plotly -SPDXID: SPDXRef-Package-49-plotly +SPDXID: SPDXRef-Package-51-plotly PackageVersion: 5.15.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) @@ -764,7 +794,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-50-tenacity +SPDXID: SPDXRef-Package-52-tenacity PackageVersion: 8.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) @@ -780,7 +810,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-51-python-gnupg +SPDXID: SPDXRef-Package-53-python-gnupg PackageVersion: 0.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -796,7 +826,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.0:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-52-requests +SPDXID: SPDXRef-Package-54-requests PackageVersion: 2.31.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -812,7 +842,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-53-certifi +SPDXID: SPDXRef-Package-55-certifi PackageVersion: 2023.5.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -827,7 +857,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:* ##### PackageName: rich -SPDXID: SPDXRef-Package-54-rich +SPDXID: SPDXRef-Package-56-rich PackageVersion: 13.4.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -842,7 +872,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-55-markdown-it-py +SPDXID: SPDXRef-Package-57-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -857,7 +887,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-56-mdurl +SPDXID: SPDXRef-Package-58-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -872,7 +902,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-57-pygments +SPDXID: SPDXRef-Package-59-pygments PackageVersion: 2.15.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) @@ -887,7 +917,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:* ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-58-rpmfile +SPDXID: SPDXRef-Package-60-rpmfile PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -902,7 +932,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:* ##### PackageName: toml -SPDXID: SPDXRef-Package-59-toml +SPDXID: SPDXRef-Package-61-toml PackageVersion: 0.10.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: William Pearson (uiri@xqz.ca) @@ -917,7 +947,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: ##### PackageName: xmlschema -SPDXID: SPDXRef-Package-60-xmlschema +SPDXID: SPDXRef-Package-62-xmlschema PackageVersion: 2.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -932,7 +962,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-61-elementpath +SPDXID: SPDXRef-Package-63-elementpath PackageVersion: 4.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -947,7 +977,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-62-zstandard +SPDXID: SPDXRef-Package-64-zstandard PackageVersion: 0.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -972,17 +1002,17 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohtt Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-39-urllib3 Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-jinja2 Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-toml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-zstandard +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-toml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-zstandard Relationship: SPDXRef-Package-11-beautifulsoup4 DEPENDS_ON SPDXRef-Package-12-soupsieve Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod @@ -1035,20 +1065,25 @@ Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-30-rsa Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-38-cachetools Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-39-urllib3 Relationship: SPDXRef-Package-41-jinja2 DEPENDS_ON SPDXRef-Package-42-markupsafe -Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-44-pyrsistent +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-44-jsonschema-specifications +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-45-referencing +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-46-rpds-py Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-45-lib4sbom DEPENDS_ON SPDXRef-Package-46-pyyaml -Relationship: SPDXRef-Package-45-lib4sbom DEPENDS_ON SPDXRef-Package-47-semantic-version -Relationship: SPDXRef-Package-48-packaging DEPENDS_ON SPDXRef-Package-26-pyparsing -Relationship: SPDXRef-Package-49-plotly DEPENDS_ON SPDXRef-Package-48-packaging -Relationship: SPDXRef-Package-49-plotly DEPENDS_ON SPDXRef-Package-50-tenacity -Relationship: SPDXRef-Package-52-requests DEPENDS_ON SPDXRef-Package-10-idna -Relationship: SPDXRef-Package-52-requests DEPENDS_ON SPDXRef-Package-39-urllib3 -Relationship: SPDXRef-Package-52-requests DEPENDS_ON SPDXRef-Package-53-certifi -Relationship: SPDXRef-Package-52-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer -Relationship: SPDXRef-Package-54-rich DEPENDS_ON SPDXRef-Package-55-markdown-it-py -Relationship: SPDXRef-Package-54-rich DEPENDS_ON SPDXRef-Package-57-pygments -Relationship: SPDXRef-Package-55-markdown-it-py DEPENDS_ON SPDXRef-Package-56-mdurl -Relationship: SPDXRef-Package-60-xmlschema DEPENDS_ON SPDXRef-Package-61-elementpath +Relationship: SPDXRef-Package-44-jsonschema-specifications DEPENDS_ON SPDXRef-Package-45-referencing +Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-46-rpds-py +Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-48-pyyaml +Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-49-semantic-version +Relationship: SPDXRef-Package-50-packaging DEPENDS_ON SPDXRef-Package-26-pyparsing +Relationship: SPDXRef-Package-51-plotly DEPENDS_ON SPDXRef-Package-50-packaging +Relationship: SPDXRef-Package-51-plotly DEPENDS_ON SPDXRef-Package-52-tenacity +Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-10-idna +Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-39-urllib3 +Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-55-certifi +Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer +Relationship: SPDXRef-Package-56-rich DEPENDS_ON SPDXRef-Package-57-markdown-it-py +Relationship: SPDXRef-Package-56-rich DEPENDS_ON SPDXRef-Package-59-pygments +Relationship: SPDXRef-Package-57-markdown-it-py DEPENDS_ON SPDXRef-Package-58-mdurl +Relationship: SPDXRef-Package-62-xmlschema DEPENDS_ON SPDXRef-Package-63-elementpath Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-10-idna Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-8-multidict