diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
index e0e1a65bdd..49cba0d75d 100644
--- a/sbom/cve-bin-tool-py3.12.json
+++ b/sbom/cve-bin-tool-py3.12.json
@@ -2,15 +2,15 @@
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
- "serialNumber": "urn:uuid:d6742e01-bf88-4caa-8f8b-b26631534de5",
+ "serialNumber": "urn:uuid:6dc9412f-58f9-4236-bf90-dbc5372ce05b",
"version": 1,
"metadata": {
- "timestamp": "2024-03-18T00:28:13Z",
+ "timestamp": "2024-04-01T00:29:27Z",
"tools": {
"components": [
{
"name": "sbom4python",
- "version": "0.10.3",
+ "version": "0.10.4",
"type": "application"
}
]
@@ -37,6 +37,12 @@
},
"cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:*",
"description": "CVE Binary Checker Tool",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "c491590aeea36235930d1c6b8480d2489a470ece"
+ }
+ ],
"licenses": [
{
"license": {
@@ -94,10 +100,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -106,6 +108,12 @@
"bom-ref": "3-aiosignal",
"name": "aiosignal",
"version": "1.3.1",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "2b8907dc15f976d3747a16bd65f1681ae54249a3"
+ }
+ ],
"licenses": [
{
"license": {
@@ -130,10 +138,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -167,10 +171,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -223,6 +223,12 @@
},
"cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:*:*:*:*",
"description": "multidict implementation",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a9b281b2ef4ab25d95d6b268aa88c428e75c3696"
+ }
+ ],
"licenses": [
{
"license": {
@@ -247,10 +253,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -269,6 +271,12 @@
},
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:*",
"description": "Yet another URL library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6362ff155ba02964a5e773927412f7cf4ca23cd1"
+ }
+ ],
"licenses": [
{
"license": {
@@ -369,10 +377,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -391,6 +395,12 @@
},
"cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "51ec317ada7e34f70fad6bfddaef8a2cfac1aebd"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/soupsieve/2.5",
@@ -425,6 +435,12 @@
},
"cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "c637e63a16b7411c6135b5ae8bb5408d06d89b41"
+ }
+ ],
"licenses": [
{
"license": {
@@ -449,10 +465,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -471,6 +483,12 @@
},
"cpe": "cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*",
"description": "XML bomb protection for Python stdlib modules",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ebff1b493751e2f0775314bdd4188d64f07ea184"
+ }
+ ],
"licenses": [
{
"license": {
@@ -495,10 +513,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -541,10 +555,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -563,6 +573,12 @@
},
"cpe": "cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:*",
"description": "Infer file type and MIME type of any file/buffer. No external dependencies.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4e247fe2184c692e3b05fb5aafbe3d83cffc7585"
+ }
+ ],
"licenses": [
{
"license": {
@@ -629,10 +645,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -675,10 +687,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -734,6 +742,12 @@
},
"cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*",
"description": "A python package that provides useful locks",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "06c3f06cab4e135b8d921932019a231c180eb9f4"
+ }
+ ],
"licenses": [
{
"license": {
@@ -800,10 +814,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -822,6 +832,12 @@
},
"cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*",
"description": "Amazon Web Services Library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "8fac1878734c5ac085b781f619c70ea4b6e913c3"
+ }
+ ],
"licenses": [
{
"license": {
@@ -864,6 +880,12 @@
},
"cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
"description": "Google Reauth Library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b"
+ }
+ ],
"licenses": [
{
"license": {
@@ -888,10 +910,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -910,6 +928,12 @@
},
"cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
"description": "U2F host library for interacting with a U2F device over USB.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe"
+ }
+ ],
"licenses": [
{
"license": {
@@ -934,10 +958,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -956,6 +976,12 @@
},
"cpe": "cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*",
"description": "Python 2 and 3 compatibility utilities",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "65486e4383f9f411da95937451205d3c7b61b9e1"
+ }
+ ],
"licenses": [
{
"license": {
@@ -998,6 +1024,12 @@
},
"cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*",
"description": "A comprehensive HTTP client library.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1040,6 +1072,12 @@
},
"cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*",
"description": "pyparsing module - Classes and methods to define and execute parsing grammars",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "7d4bda2743ebc04f68d2594bc4fffc70cd65848f"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/pyparsing/3.1.2",
@@ -1074,6 +1112,12 @@
},
"cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
"description": "OAuth 2.0 client library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "50d20532a748f18e53f7d24ccbe6647132c979a9"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1098,10 +1142,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1109,7 +1149,7 @@
"type": "library",
"bom-ref": "27-pyasn1",
"name": "pyasn1",
- "version": "0.5.1",
+ "version": "0.6.0",
"supplier": {
"name": "Ilya Etingof",
"contact": [
@@ -1118,7 +1158,7 @@
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.5.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*",
"description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
"licenses": [
{
@@ -1130,12 +1170,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/pyasn1/0.5.1",
+ "url": "https://pypi.org/project/pyasn1/0.6.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1@0.5.1",
+ "purl": "pkg:pypi/pyasn1@0.6.0",
"properties": [
{
"name": "language",
@@ -1151,7 +1191,7 @@
"type": "library",
"bom-ref": "28-pyasn1-modules",
"name": "pyasn1-modules",
- "version": "0.3.0",
+ "version": "0.4.0",
"supplier": {
"name": "Ilya Etingof",
"contact": [
@@ -1160,7 +1200,7 @@
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.3.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*",
"description": "A collection of ASN.1-based protocols modules",
"licenses": [
{
@@ -1172,12 +1212,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/pyasn1-modules/0.3.0",
+ "url": "https://pypi.org/project/pyasn1_modules/0.4.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1-modules@0.3.0",
+ "purl": "pkg:pypi/pyasn1-modules@0.4.0",
"properties": [
{
"name": "language",
@@ -1186,10 +1226,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1208,6 +1244,12 @@
},
"cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
"description": "Pure-Python RSA implementation",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1232,10 +1274,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1254,6 +1292,12 @@
},
"cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.1.0:*:*:*:*:*:*:*",
"description": "Python wrapper module around the OpenSSL library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d9f2c46de70c1aee20a4309424d9f506b7aae68e"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1278,10 +1322,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1339,6 +1379,12 @@
},
"cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:*:*:*:*:*:*:*",
"description": "Foreign Function Interface for Python calling C code.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ba44abd69cf6f0f1cc90db34cd067275dc10fc71"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1370,7 +1416,7 @@
"type": "library",
"bom-ref": "33-pycparser",
"name": "pycparser",
- "version": "2.21",
+ "version": "2.22",
"supplier": {
"name": "Eli Bendersky",
"contact": [
@@ -1379,7 +1425,7 @@
}
]
},
- "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.21:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
"description": "C parser in Python",
"licenses": [
{
@@ -1391,12 +1437,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/pycparser/2.21",
+ "url": "https://pypi.org/project/pycparser/2.22",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pycparser@2.21",
+ "purl": "pkg:pypi/pycparser@2.22",
"properties": [
{
"name": "language",
@@ -1405,10 +1451,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "pycparser declares BSD which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1427,6 +1469,12 @@
},
"cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*",
"description": "Retry Decorator",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1469,6 +1517,12 @@
},
"cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*",
"description": "client libraries for humans",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "816fb1ff4425e765c5e4e53b7ca648107ca714d1"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1493,10 +1547,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1504,7 +1554,7 @@
"type": "library",
"bom-ref": "36-google-auth",
"name": "google-auth",
- "version": "2.28.2",
+ "version": "2.29.0",
"supplier": {
"name": "Google Cloud Platform",
"contact": [
@@ -1513,7 +1563,7 @@
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.28.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:*",
"description": "Google Authentication Library",
"licenses": [
{
@@ -1525,12 +1575,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/google-auth/2.28.2",
+ "url": "https://pypi.org/project/google-auth/2.29.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth@2.28.2",
+ "purl": "pkg:pypi/google-auth@2.29.0",
"properties": [
{
"name": "language",
@@ -1539,10 +1589,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1603,6 +1649,12 @@
},
"cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*",
"description": "An implementation of time.monotonic() for Python 2 & < 3.3",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "80681f6604e136e513550342f977edb98f5fc5ad"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1627,10 +1679,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "monotonic declares Apache which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1640,6 +1688,12 @@
"name": "jinja2",
"version": "3.1.3",
"description": "A very fast and expressive template engine.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d9de4bb215fd1cc8092a410fb834c7c4060b1fc1"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1673,6 +1727,12 @@
"name": "markupsafe",
"version": "2.1.5",
"description": "Safely add untrusted strings to HTML/XML markup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "fbba4acd0312826cec9cfe18371c7df07962cb65"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1747,6 +1807,12 @@
},
"cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*",
"description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "544e0ff86850af1c6d9e533c4b58b76c59542a76"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1844,7 +1910,7 @@
"type": "library",
"bom-ref": "45-lib4sbom",
"name": "lib4sbom",
- "version": "0.6.2",
+ "version": "0.7.0",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -1853,7 +1919,7 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.6.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"licenses": [
{
@@ -1865,12 +1931,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/lib4sbom/0.6.2",
+ "url": "https://pypi.org/project/lib4sbom/0.7.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.6.2",
+ "purl": "pkg:pypi/lib4sbom@0.7.0",
"properties": [
{
"name": "language",
@@ -1897,6 +1963,12 @@
},
"cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:*",
"description": "YAML parser and emitter for Python",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "c42fa3bff1eabdb64763bb1526d9ea1ccb708479"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1939,6 +2011,12 @@
},
"cpe": "cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*",
"description": "A library implementing the 'SemVer' scheme.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e49b5b065b845cd7798c0219e0fa8986c75f6a4a"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1963,10 +2041,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "semantic-version declares BSD which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1980,6 +2054,12 @@
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a46d42493bbb7ae1a227be7bbd6b180a149ad3b1"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2056,6 +2136,12 @@
},
"cpe": "cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*",
"description": "An open-source, interactive data visualization library for Python",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9335a34ca77399a597a72420f73e947217d3d410"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2098,6 +2184,12 @@
},
"cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*",
"description": "Retry code until it succeeds",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "41ed2420cda8ab7650a39900451099f4730266c3"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2122,10 +2214,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -2144,6 +2232,12 @@
},
"cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:*:*:*:*",
"description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "cda862f8b31c2678d5691ee55797a1cf6d44fe42"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2168,10 +2262,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -2190,6 +2280,12 @@
},
"cpe": "cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:*",
"description": "Python HTTP for Humans.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "147c8511ddbfa5e8f71bbf5c18ede0c4ceb3bba4"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2214,10 +2310,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -2278,6 +2370,12 @@
},
"cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*",
"description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "79dce4857914fead2ffe55eb787cad6d5cf14643"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2396,6 +2494,12 @@
},
"cpe": "cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*",
"description": "Python port of markdown-it. Markdown parsing, done right!",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "bee6d1953be75717a3f2f6a917da6f464bed421d"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/markdown-it-py/3.0.0",
@@ -2430,6 +2534,12 @@
},
"cpe": "cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*",
"description": "Markdown URL utilities",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/mdurl/0.1.2",
@@ -2464,6 +2574,12 @@
},
"cpe": "cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*",
"description": "Pygments is a syntax highlighting package written in Python.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ee30ce132ae252bd72f3a74c86d9314a2214d0b4"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2537,7 +2653,7 @@
"type": "library",
"bom-ref": "62-xmlschema",
"name": "xmlschema",
- "version": "3.1.0",
+ "version": "3.2.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -2546,7 +2662,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.1.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.2.0:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -2558,12 +2674,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/xmlschema/3.1.0",
+ "url": "https://pypi.org/project/xmlschema/3.2.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@3.1.0",
+ "purl": "pkg:pypi/xmlschema@3.2.0",
"properties": [
{
"name": "language",
@@ -2632,6 +2748,12 @@
},
"cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.22.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "255b579735f26c2d0e08257f632de75d2ab882cf"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2656,10 +2778,6 @@
{
"name": "python_version",
"value": "3.12.2"
- },
- {
- "name": "License Comments",
- "value": "zstandard declares BSD which is not currently a valid SPDX License identifier or expression."
}
]
}
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
index dbc837c513..f24477b33b 100644
--- a/sbom/cve-bin-tool-py3.12.spdx
+++ b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c793249f-eefd-4410-9bef-aae22d313531
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4137f958-709e-4f44-940e-f477ded25cbd
LicenseListVersion: 3.22
-Creator: Tool: sbom4python-0.10.3
-Created: 2024-03-18T00:26:33Z
+Creator: Tool: sbom4python-0.10.4
+Created: 2024-04-01T00:28:13Z
CreatorComment: This document has been automatically generated.
#####
@@ -16,11 +16,12 @@ PrimaryPackagePurpose: APPLICATION
PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3rc2
FilesAnalyzed: false
+PackageChecksum: SHA1: c491590aeea36235930d1c6b8480d2489a470ece
PackageLicenseDeclared: GPL-3.0-or-later
PackageLicenseConcluded: GPL-3.0-or-later
PackageCopyrightText: NOASSERTION
PackageSummary: CVE Binary Checker Tool
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.3rc2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.3rc2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:*
#####
@@ -36,7 +37,7 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.9.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.3
#####
PackageName: aiosignal
@@ -46,11 +47,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1
FilesAnalyzed: false
+PackageChecksum: SHA1: 2b8907dc15f976d3747a16bd65f1681ae54249a3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.3.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1
#####
PackageName: frozenlist
@@ -65,7 +67,7 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.4.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1
#####
PackageName: attrs
@@ -79,7 +81,7 @@ PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Classes Without Boilerplate
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@23.2.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@23.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*
#####
@@ -90,12 +92,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/multidict/6.0.5
FilesAnalyzed: false
+PackageChecksum: SHA1: a9b281b2ef4ab25d95d6b268aa88c428e75c3696
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: multidict implementation
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/multidict@6.0.5
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.0.5
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:*:*:*:*
#####
@@ -106,11 +109,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/yarl/1.9.4
FilesAnalyzed: false
+PackageChecksum: SHA1: 6362ff155ba02964a5e773927412f7cf4ca23cd1
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.4
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.9.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:*
#####
@@ -125,7 +129,7 @@ PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Internationalized Domain Names in Applications (IDNA)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/idna@3.6
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:*
#####
@@ -141,7 +145,7 @@ PackageLicenseConcluded: MIT
PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Screen-scraping library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.12.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/beautifulsoup4@4.12.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*
#####
@@ -152,11 +156,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Isaac Muse (use@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.5
FilesAnalyzed: false
+PackageChecksum: SHA1: 51ec317ada7e34f70fad6bfddaef8a2cfac1aebd
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A modern CSS selector implementation for Beautiful Soup.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.5
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.5
ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*
#####
@@ -167,12 +172,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
PackageDownloadLocation: https://pypi.org/project/cvss/3.0
FilesAnalyzed: false
+PackageChecksum: SHA1: c637e63a16b7411c6135b5ae8bb5408d06d89b41
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@3.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:*
#####
@@ -183,12 +189,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Christian Heimes (christian@python.org)
PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1
FilesAnalyzed: false
+PackageChecksum: SHA1: ebff1b493751e2f0775314bdd4188d64f07ea184
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: PSF-2.0
PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: XML bomb protection for Python stdlib modules
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/defusedxml@0.7.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/defusedxml@0.7.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*
#####
@@ -204,7 +211,7 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Distro - an OS platform information API
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/distro@1.9.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/distro@1.9.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*
#####
@@ -215,11 +222,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me)
PackageDownloadLocation: https://pypi.org/project/filetype/1.2.0
FilesAnalyzed: false
+PackageChecksum: SHA1: 4e247fe2184c692e3b05fb5aafbe3d83cffc7585
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/filetype@1.2.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/filetype@1.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:*
#####
@@ -235,7 +243,7 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A command line tool for interacting with cloud storage services.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.27
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.27
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*
#####
@@ -251,7 +259,7 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.2.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.2.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.3:*:*:*:*:*:*:*
#####
@@ -266,7 +274,7 @@ PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CRC Generator
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/crcmod@1.7
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/crcmod@1.7
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
#####
@@ -277,11 +285,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joshua Harlow
PackageDownloadLocation: https://pypi.org/project/fasteners/0.19
FilesAnalyzed: false
+PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: A python package that provides useful locks
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.19
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/fasteners@0.19
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*
#####
@@ -297,7 +306,7 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*
#####
@@ -308,11 +317,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
PackageDownloadLocation: https://pypi.org/project/boto/2.49.0
FilesAnalyzed: false
+PackageChecksum: SHA1: 8fac1878734c5ac085b781f619c70ea4b6e913c3
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Amazon Web Services Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/boto@2.49.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
#####
@@ -323,12 +333,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google (googleapis-publisher@google.com)
PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1
FilesAnalyzed: false
+PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Google Reauth Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-reauth@0.1.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
#####
@@ -339,12 +350,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5
FilesAnalyzed: false
+PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: U2F host library for interacting with a U2F device over USB.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyu2f@0.1.5
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
#####
@@ -355,11 +367,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Benjamin Peterson (benjamin@python.org)
PackageDownloadLocation: https://pypi.org/project/six/1.16.0
FilesAnalyzed: false
+PackageChecksum: SHA1: 65486e4383f9f411da95937451205d3c7b61b9e1
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python 2 and 3 compatibility utilities
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/six@1.16.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*
#####
@@ -370,11 +383,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joe Gregorio (joe@bitworking.org)
PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4
FilesAnalyzed: false
+PackageChecksum: SHA1: 9d4501760c8ac66326d672ab5c94737d3d690ca4
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A comprehensive HTTP client library.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/httplib2@0.20.4
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/httplib2@0.20.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*
#####
@@ -385,11 +399,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.2
FilesAnalyzed: false
+PackageChecksum: SHA1: 7d4bda2743ebc04f68d2594bc4fffc70cd65848f
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*
#####
@@ -400,44 +415,45 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com)
PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3
FilesAnalyzed: false
+PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: OAuth 2.0 client library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/oauth2client@4.1.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*
#####
PackageName: pyasn1
SPDXID: SPDXRef-Package-27-pyasn1
-PackageVersion: 0.5.1
+PackageVersion: 0.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1/0.5.1
+PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0
FilesAnalyzed: false
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.5.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.5.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*
#####
PackageName: pyasn1-modules
SPDXID: SPDXRef-Package-28-pyasn1-modules
-PackageVersion: 0.3.0
+PackageVersion: 0.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.3.0
+PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A collection of ASN.1-based protocols modules
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1-modules@0.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*
#####
PackageName: rsa
@@ -447,12 +463,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2
FilesAnalyzed: false
+PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Pure-Python RSA implementation
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rsa@4.7.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
#####
@@ -463,12 +480,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/24.1.0
FilesAnalyzed: false
+PackageChecksum: SHA1: d9f2c46de70c1aee20a4309424d9f506b7aae68e
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@24.1.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.1.0:*:*:*:*:*:*:*
#####
@@ -483,7 +501,7 @@ PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@42.0.5
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.5
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:*
#####
@@ -494,28 +512,28 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com)
PackageDownloadLocation: https://pypi.org/project/cffi/1.16.0
FilesAnalyzed: false
+PackageChecksum: SHA1: ba44abd69cf6f0f1cc90db34cd067275dc10fc71
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Foreign Function Interface for Python calling C code.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@1.16.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.16.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:*:*:*:*:*:*:*
#####
PackageName: pycparser
SPDXID: SPDXRef-Package-33-pycparser
-PackageVersion: 2.21
+PackageVersion: 2.22
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pycparser/2.21
+PackageDownloadLocation: https://pypi.org/project/pycparser/2.22
FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
+PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pycparser declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: C parser in Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pycparser@2.21
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.21:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pycparser@2.22
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*
#####
PackageName: retry-decorator
@@ -525,11 +543,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com)
PackageDownloadLocation: https://pypi.org/project/retry_decorator/1.1.1
FilesAnalyzed: false
+PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Retry Decorator
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/retry-decorator@1.1.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/retry-decorator@1.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*
#####
@@ -540,29 +559,30 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Craig Citro (craigcitro@google.com)
PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32
FilesAnalyzed: false
+PackageChecksum: SHA1: 816fb1ff4425e765c5e4e53b7ca648107ca714d1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: client libraries for humans
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-apitools@0.5.32
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32
ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
#####
PackageName: google-auth
SPDXID: SPDXRef-Package-36-google-auth
-PackageVersion: 2.28.2
+PackageVersion: 2.29.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.28.2
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.29.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.28.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.28.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.29.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:*
#####
PackageName: cachetools
@@ -576,7 +596,7 @@ PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Extensible memoizing collections and decorators
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*
#####
@@ -587,12 +607,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ori Livneh (ori@wikimedia.org)
PackageDownloadLocation: https://pypi.org/project/monotonic/1.6
FilesAnalyzed: false
+PackageChecksum: SHA1: 80681f6604e136e513550342f977edb98f5fc5ad
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/monotonic@1.6
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/monotonic@1.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
#####
@@ -603,11 +624,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.3
FilesAnalyzed: false
+PackageChecksum: SHA1: d9de4bb215fd1cc8092a410fb834c7c4060b1fc1
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: A very fast and expressive template engine.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.1.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.3
#####
PackageName: markupsafe
@@ -617,11 +639,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.5
FilesAnalyzed: false
+PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Safely add untrusted strings to HTML/XML markup.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.5
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5
#####
PackageName: jsonschema
@@ -635,7 +658,7 @@ PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.21.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.21.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*
#####
@@ -646,11 +669,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.12.1
FilesAnalyzed: false
+PackageChecksum: SHA1: 544e0ff86850af1c6d9e533c4b58b76c59542a76
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*
#####
@@ -665,7 +689,7 @@ PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.34.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.34.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*
#####
@@ -680,23 +704,23 @@ PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.18.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.18.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
SPDXID: SPDXRef-Package-45-lib4sbom
-PackageVersion: 0.6.2
+PackageVersion: 0.7.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.6.2
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.0
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.6.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.6.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -706,11 +730,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0.1
FilesAnalyzed: false
+PackageChecksum: SHA1: c42fa3bff1eabdb64763bb1526d9ea1ccb708479
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: YAML parser and emitter for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:*
#####
@@ -721,12 +746,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org)
PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0
FilesAnalyzed: false
+PackageChecksum: SHA1: e49b5b065b845cd7798c0219e0fa8986c75f6a4a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A library implementing the 'SemVer' scheme.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/semantic-version@2.10.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*
#####
@@ -737,11 +763,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.0
FilesAnalyzed: false
+PackageChecksum: SHA1: a46d42493bbb7ae1a227be7bbd6b180a149ad3b1
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.15.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.0:*:*:*:*:*:*:*
#####
@@ -756,7 +783,7 @@ PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packaging@24.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:*:*:*
#####
@@ -767,11 +794,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
PackageDownloadLocation: https://pypi.org/project/plotly/5.20.0
FilesAnalyzed: false
+PackageChecksum: SHA1: 9335a34ca77399a597a72420f73e947217d3d410
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source, interactive data visualization library for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.20.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.20.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*
#####
@@ -782,12 +810,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.3
FilesAnalyzed: false
+PackageChecksum: SHA1: 41ed2420cda8ab7650a39900451099f4730266c3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Retry code until it succeeds
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.2.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*
#####
@@ -798,12 +827,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.2
FilesAnalyzed: false
+PackageChecksum: SHA1: cda862f8b31c2678d5691ee55797a1cf6d44fe42
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:*:*:*:*
#####
@@ -814,12 +844,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
PackageDownloadLocation: https://pypi.org/project/requests/2.31.0
FilesAnalyzed: false
+PackageChecksum: SHA1: 147c8511ddbfa5e8f71bbf5c18ede0c4ceb3bba4
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python HTTP for Humans.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.31.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.31.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:*
#####
@@ -834,7 +865,7 @@ PackageLicenseDeclared: MPL-2.0
PackageLicenseConcluded: MPL-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python package for providing Mozilla's CA Bundle.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2024.2.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.2.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.2.2:*:*:*:*:*:*:*
#####
@@ -845,11 +876,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev)
PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.3.2
FilesAnalyzed: false
+PackageChecksum: SHA1: 79dce4857914fead2ffe55eb787cad6d5cf14643
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.3.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*
#####
@@ -864,7 +896,7 @@ PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@2.2.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.1:*:*:*:*:*:*:*
#####
@@ -879,7 +911,7 @@ PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.7.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.7.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:*
#####
@@ -890,11 +922,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0
FilesAnalyzed: false
+PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python port of markdown-it. Markdown parsing, done right!
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markdown-it-py@3.0.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*
#####
@@ -905,11 +938,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2
FilesAnalyzed: false
+PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Markdown URL utilities
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/mdurl@0.1.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*
#####
@@ -920,11 +954,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
PackageDownloadLocation: https://pypi.org/project/Pygments/2.17.2
FilesAnalyzed: false
+PackageChecksum: SHA1: ee30ce132ae252bd72f3a74c86d9314a2214d0b4
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.17.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.17.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*
#####
@@ -939,23 +974,23 @@ PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Read rpm archive files
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@2.0.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*
#####
PackageName: xmlschema
SPDXID: SPDXRef-Package-62-xmlschema
-PackageVersion: 3.1.0
+PackageVersion: 3.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.1.0
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.2.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.2.0:*:*:*:*:*:*:*
#####
PackageName: elementpath
@@ -969,7 +1004,7 @@ PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.4.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.4.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*:*:*:*:*
#####
@@ -980,12 +1015,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
PackageDownloadLocation: https://pypi.org/project/zstandard/0.22.0
FilesAnalyzed: false
+PackageChecksum: SHA1: 255b579735f26c2d0e08257f632de75d2ab882cf
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Zstandard bindings for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.22.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.22.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.22.0:*:*:*:*:*:*:*
#####