diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index d07a1a4c06..173fcd564f 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.4",
- "serialNumber": "urn:uuid2e58290a-b8f2-477e-a2d7-da4a11388ac6",
+ "serialNumber": "urn:uuid1adf264d-2ae4-42ee-afc3-10fdab0ab276",
"version": 1,
"metadata": {
- "timestamp": "2023-04-17T00:32:47Z",
+ "timestamp": "2023-05-08T00:52:39Z",
"tools": [
{
"name": "sbom4python",
@@ -309,7 +309,7 @@
"type": "library",
"bom-ref": "9-yarl",
"name": "yarl",
- "version": "1.8.2",
+ "version": "1.9.2",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -318,7 +318,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.8.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -335,18 +335,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.8.2",
+ "url": "https://pypi.org/project/yarl/1.9.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.8.2",
- "properties": [
- {
- "name": "License Comments",
- "value": "yarl declares Apache 2 which is not currently a valid SPDX License identifier or expression."
- }
- ]
+ "purl": "pkg:pypi/yarl@1.9.2"
},
{
"type": "library",
@@ -596,7 +590,7 @@
"type": "library",
"bom-ref": "17-argcomplete",
"name": "argcomplete",
- "version": "3.0.5",
+ "version": "3.0.8",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
@@ -605,7 +599,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.8:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
"licenses": [
{
@@ -622,12 +616,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/argcomplete/3.0.5",
+ "url": "https://pypi.org/project/argcomplete/3.0.8",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/argcomplete@3.0.5",
+ "purl": "pkg:pypi/argcomplete@3.0.8",
"properties": [
{
"name": "License Comments",
@@ -1021,7 +1015,7 @@
"type": "library",
"bom-ref": "28-pyasn1",
"name": "pyasn1",
- "version": "0.4.8",
+ "version": "0.5.0",
"supplier": {
"name": "Ilya Etingof",
"contact": [
@@ -1030,41 +1024,35 @@
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.4.8:*:*:*:*:*:*:*",
- "description": "ASN.1 types and codecs",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.5.0:*:*:*:*:*:*:*",
+ "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
+ "id": "BSD-2-Clause",
+ "url": "https://opensource.org/licenses/BSD-2-Clause"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/etingof/pyasn1",
+ "url": "https://github.com/pyasn1/pyasn1",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyasn1/0.4.8",
+ "url": "https://pypi.org/project/pyasn1/0.5.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1@0.4.8",
- "properties": [
- {
- "name": "License Comments",
- "value": "pyasn1 declares BSD which is not currently a valid SPDX License identifier or expression."
- }
- ]
+ "purl": "pkg:pypi/pyasn1@0.5.0"
},
{
"type": "library",
"bom-ref": "29-pyasn1-modules",
"name": "pyasn1-modules",
- "version": "0.2.8",
+ "version": "0.3.0",
"supplier": {
"name": "Ilya Etingof",
"contact": [
@@ -1073,29 +1061,35 @@
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.2.8:*:*:*:*:*:*:*",
- "description": "A collection of ASN.1-based protocols modules.",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.3.0:*:*:*:*:*:*:*",
+ "description": "A collection of ASN.1-based protocols modules",
"licenses": [
{
"license": {
- "id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause"
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/etingof/pyasn1-modules",
+ "url": "https://github.com/pyasn1/pyasn1-modules",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyasn1-modules/0.2.8",
+ "url": "https://pypi.org/project/pyasn1-modules/0.3.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1-modules@0.2.8"
+ "purl": "pkg:pypi/pyasn1-modules@0.3.0",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -1506,7 +1500,7 @@
"type": "library",
"bom-ref": "40-importlib-metadata",
"name": "importlib-metadata",
- "version": "6.4.1",
+ "version": "6.6.0",
"supplier": {
"name": "Jason R. Coombs",
"contact": [
@@ -1515,7 +1509,7 @@
}
]
},
- "cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:6.4.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:6.6.0:*:*:*:*:*:*:*",
"description": "Read metadata from Python packages",
"externalReferences": [
{
@@ -1524,12 +1518,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/importlib-metadata/6.4.1",
+ "url": "https://pypi.org/project/importlib-metadata/6.6.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/importlib-metadata@6.4.1"
+ "purl": "pkg:pypi/importlib-metadata@6.6.0"
},
{
"type": "library",
@@ -1941,7 +1935,7 @@
"type": "library",
"bom-ref": "52-requests",
"name": "requests",
- "version": "2.28.2",
+ "version": "2.30.0",
"supplier": {
"name": "Kenneth Reitz",
"contact": [
@@ -1950,7 +1944,7 @@
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.30.0:*:*:*:*:*:*:*",
"description": "Python HTTP for Humans.",
"licenses": [
{
@@ -1967,12 +1961,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/requests/2.28.2",
+ "url": "https://pypi.org/project/requests/2.30.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/requests@2.28.2",
+ "purl": "pkg:pypi/requests@2.30.0",
"properties": [
{
"name": "License Comments",
@@ -1984,7 +1978,7 @@
"type": "library",
"bom-ref": "53-certifi",
"name": "certifi",
- "version": "2022.12.7",
+ "version": "2023.5.7",
"supplier": {
"name": "Kenneth Reitz",
"contact": [
@@ -1993,7 +1987,7 @@
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*",
"description": "Python package for providing Mozilla's CA Bundle.",
"licenses": [
{
@@ -2010,18 +2004,18 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/certifi/2022.12.7",
+ "url": "https://pypi.org/project/certifi/2023.5.7",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/certifi@2022.12.7"
+ "purl": "pkg:pypi/certifi@2023.5.7"
},
{
"type": "library",
"bom-ref": "54-urllib3",
"name": "urllib3",
- "version": "1.26.15",
+ "version": "2.0.2",
"supplier": {
"name": "Andrey Petrov",
"contact": [
@@ -2030,35 +2024,22 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.0.2:*:*:*:*:*:*:*",
"description": "HTTP library with thread-safe connection pooling, file post, and more.",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
"externalReferences": [
{
- "url": "https://urllib3.readthedocs.io/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/urllib3/1.26.15",
+ "url": "https://pypi.org/project/urllib3/2.0.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/urllib3@1.26.15"
+ "purl": "pkg:pypi/urllib3@2.0.2"
},
{
"type": "library",
"bom-ref": "55-rich",
"name": "rich",
- "version": "13.3.4",
+ "version": "13.3.5",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -2067,7 +2048,7 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.4:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.5:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"licenses": [
{
@@ -2084,12 +2065,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rich/13.3.4",
+ "url": "https://pypi.org/project/rich/13.3.5",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.3.4"
+ "purl": "pkg:pypi/rich@13.3.5"
},
{
"type": "library",
@@ -2143,7 +2124,7 @@
"type": "library",
"bom-ref": "58-pygments",
"name": "pygments",
- "version": "2.15.0",
+ "version": "2.15.1",
"supplier": {
"name": "Georg Brandl",
"contact": [
@@ -2152,7 +2133,7 @@
}
]
},
- "cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*",
"description": "Pygments is a syntax highlighting package written in Python.",
"licenses": [
{
@@ -2164,12 +2145,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/Pygments/2.15.0",
+ "url": "https://pypi.org/project/Pygments/2.15.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pygments@2.15.0"
+ "purl": "pkg:pypi/pygments@2.15.1"
},
{
"type": "library",
@@ -2286,7 +2267,7 @@
"type": "library",
"bom-ref": "62-elementpath",
"name": "elementpath",
- "version": "4.1.1",
+ "version": "4.1.2",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -2295,7 +2276,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.2:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
"licenses": [
{
@@ -2312,18 +2293,18 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/elementpath/4.1.1",
+ "url": "https://pypi.org/project/elementpath/4.1.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/elementpath@4.1.1"
+ "purl": "pkg:pypi/elementpath@4.1.2"
},
{
"type": "library",
"bom-ref": "63-zstandard",
"name": "zstandard",
- "version": "0.20.0",
+ "version": "0.21.0",
"supplier": {
"name": "Gregory Szorc",
"contact": [
@@ -2332,7 +2313,7 @@
}
]
},
- "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.20.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
"licenses": [
{
@@ -2349,12 +2330,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/zstandard/0.20.0",
+ "url": "https://pypi.org/project/zstandard/0.21.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zstandard@0.20.0",
+ "purl": "pkg:pypi/zstandard@0.21.0",
"properties": [
{
"name": "License Comments",
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index 6bf9241329..a98e06596b 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4fe8deba-4e27-4af1-8f34-ef29c614aede
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-97377d9e-fb2f-4557-b0d4-66e91ff33075
LicenseListVersion: 3.20
Creator: Tool: sbom4python-0.9.1
-Created: 2023-04-17T00:31:34Z
+Created: 2023-05-08T00:51:24Z
CreatorComment: This document has been automatically generated.
#####
@@ -140,19 +140,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:*
PackageName: yarl
SPDXID: SPDXRef-Package-9-yarl
-PackageVersion: 1.8.2
+PackageVersion: 1.9.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.8.2
+PackageDownloadLocation: https://pypi.org/project/yarl/1.9.2
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl/
-PackageLicenseDeclared: NOASSERTION
+PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: yarl declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.8.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.8.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -270,10 +269,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.23:*:*:*:*:*:*:*
PackageName: argcomplete
SPDXID: SPDXRef-Package-17-argcomplete
-PackageVersion: 3.0.5
+PackageVersion: 3.0.8
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.0.5
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.0.8
FilesAnalyzed: false
PackageHomePage: https://github.com/kislyuk/argcomplete
PackageLicenseDeclared: NOASSERTION
@@ -281,8 +280,8 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.0.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.0.8
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.8:*:*:*:*:*:*:*
#####
PackageName: crcmod
@@ -451,35 +450,35 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*
PackageName: pyasn1
SPDXID: SPDXRef-Package-28-pyasn1
-PackageVersion: 0.4.8
+PackageVersion: 0.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1/0.4.8
+PackageDownloadLocation: https://pypi.org/project/pyasn1/0.5.0
FilesAnalyzed: false
-PackageHomePage: https://github.com/etingof/pyasn1
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pyasn1 declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageHomePage: https://github.com/pyasn1/pyasn1
+PackageLicenseDeclared: BSD-2-Clause
+PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
-PackageSummary: ASN.1 types and codecs
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.4.8
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.4.8:*:*:*:*:*:*:*
+PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.5.0:*:*:*:*:*:*:*
#####
PackageName: pyasn1-modules
SPDXID: SPDXRef-Package-29-pyasn1-modules
-PackageVersion: 0.2.8
+PackageVersion: 0.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.2.8
+PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.3.0
FilesAnalyzed: false
-PackageHomePage: https://github.com/etingof/pyasn1-modules
-PackageLicenseDeclared: BSD-2-Clause
-PackageLicenseConcluded: BSD-2-Clause
+PackageHomePage: https://github.com/pyasn1/pyasn1-modules
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: A collection of ASN.1-based protocols modules.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1-modules@0.2.8
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.2.8:*:*:*:*:*:*:*
+PackageSummary: A collection of ASN.1-based protocols modules
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1-modules@0.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.3.0:*:*:*:*:*:*:*
#####
PackageName: rsa
@@ -650,18 +649,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
PackageName: importlib-metadata
SPDXID: SPDXRef-Package-40-importlib-metadata
-PackageVersion: 6.4.1
+PackageVersion: 6.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/importlib-metadata/6.4.1
+PackageDownloadLocation: https://pypi.org/project/importlib-metadata/6.6.0
FilesAnalyzed: false
PackageHomePage: https://github.com/python/importlib_metadata
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Read metadata from Python packages
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-metadata@6.4.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:6.4.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-metadata@6.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:6.6.0:*:*:*:*:*:*:*
#####
PackageName: zipp
@@ -844,10 +843,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*
PackageName: requests
SPDXID: SPDXRef-Package-52-requests
-PackageVersion: 2.28.2
+PackageVersion: 2.30.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
-PackageDownloadLocation: https://pypi.org/project/requests/2.28.2
+PackageDownloadLocation: https://pypi.org/project/requests/2.30.0
FilesAnalyzed: false
PackageHomePage: https://requests.readthedocs.io
PackageLicenseDeclared: NOASSERTION
@@ -855,56 +854,55 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python HTTP for Humans.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.28.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.30.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.30.0:*:*:*:*:*:*:*
#####
PackageName: certifi
SPDXID: SPDXRef-Package-53-certifi
-PackageVersion: 2022.12.7
+PackageVersion: 2023.5.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2022.12.7
+PackageDownloadLocation: https://pypi.org/project/certifi/2023.5.7
FilesAnalyzed: false
PackageHomePage: https://github.com/certifi/python-certifi
PackageLicenseDeclared: MPL-2.0
PackageLicenseConcluded: MPL-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python package for providing Mozilla's CA Bundle.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2022.12.7
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2023.5.7
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*
#####
PackageName: urllib3
SPDXID: SPDXRef-Package-54-urllib3
-PackageVersion: 1.26.15
+PackageVersion: 2.0.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
-PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.15
+PackageDownloadLocation: https://pypi.org/project/urllib3/2.0.2
FilesAnalyzed: false
-PackageHomePage: https://urllib3.readthedocs.io/
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.15
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@2.0.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.0.2:*:*:*:*:*:*:*
#####
PackageName: rich
SPDXID: SPDXRef-Package-55-rich
-PackageVersion: 13.3.4
+PackageVersion: 13.3.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.3.4
+PackageDownloadLocation: https://pypi.org/project/rich/13.3.5
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.5:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -939,17 +937,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:
PackageName: pygments
SPDXID: SPDXRef-Package-58-pygments
-PackageVersion: 2.15.0
+PackageVersion: 2.15.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
-PackageDownloadLocation: https://pypi.org/project/Pygments/2.15.0
+PackageDownloadLocation: https://pypi.org/project/Pygments/2.15.1
FilesAnalyzed: false
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.15.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.15.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*
#####
PackageName: rpmfile
@@ -1002,26 +1000,26 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.3:*:*:*:*
PackageName: elementpath
SPDXID: SPDXRef-Package-62-elementpath
-PackageVersion: 4.1.1
+PackageVersion: 4.1.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.1
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.2
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.2:*:*:*:*:*:*:*
#####
PackageName: zstandard
SPDXID: SPDXRef-Package-63-zstandard
-PackageVersion: 0.20.0
+PackageVersion: 0.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/zstandard/0.20.0
+PackageDownloadLocation: https://pypi.org/project/zstandard/0.21.0
FilesAnalyzed: false
PackageHomePage: https://github.com/indygreg/python-zstandard
PackageLicenseDeclared: NOASSERTION
@@ -1029,8 +1027,8 @@ PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Zstandard bindings for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.20.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:*
#####
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool