diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index 4e9a691b30..4ca0da31cf 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -2,15 +2,15 @@
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
- "serialNumber": "urn:uuid:a850efaa-f94c-4756-a68c-7040461dd1f2",
+ "serialNumber": "urn:uuid:bee998e6-50e3-4181-9567-e5950eff0b06",
"version": 1,
"metadata": {
- "timestamp": "2024-03-18T00:27:27Z",
+ "timestamp": "2024-04-01T00:29:13Z",
"tools": {
"components": [
{
"name": "sbom4python",
- "version": "0.10.3",
+ "version": "0.10.4",
"type": "application"
}
]
@@ -37,6 +37,12 @@
},
"cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:*",
"description": "CVE Binary Checker Tool",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "c491590aeea36235930d1c6b8480d2489a470ece"
+ }
+ ],
"licenses": [
{
"license": {
@@ -60,7 +66,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -93,11 +99,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -106,6 +108,12 @@
"bom-ref": "3-aiosignal",
"name": "aiosignal",
"version": "1.3.1",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "2b8907dc15f976d3747a16bd65f1681ae54249a3"
+ }
+ ],
"licenses": [
{
"license": {
@@ -129,11 +137,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -166,11 +170,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -189,6 +189,12 @@
},
"cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*",
"description": "Timeout context manager for asyncio programs",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a48974404c746593f78c116faceb56a0db50309e"
+ }
+ ],
"licenses": [
{
"license": {
@@ -212,11 +218,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -250,7 +252,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -269,6 +271,12 @@
},
"cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:*:*:*:*",
"description": "multidict implementation",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a9b281b2ef4ab25d95d6b268aa88c428e75c3696"
+ }
+ ],
"licenses": [
{
"license": {
@@ -292,11 +300,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -315,6 +319,12 @@
},
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:*",
"description": "Yet another URL library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6362ff155ba02964a5e773927412f7cf4ca23cd1"
+ }
+ ],
"licenses": [
{
"license": {
@@ -338,7 +348,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -372,7 +382,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -414,11 +424,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -437,6 +443,12 @@
},
"cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "51ec317ada7e34f70fad6bfddaef8a2cfac1aebd"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/soupsieve/2.5",
@@ -452,7 +464,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -471,6 +483,12 @@
},
"cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "c637e63a16b7411c6135b5ae8bb5408d06d89b41"
+ }
+ ],
"licenses": [
{
"license": {
@@ -494,11 +512,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -517,6 +531,12 @@
},
"cpe": "cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*",
"description": "XML bomb protection for Python stdlib modules",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ebff1b493751e2f0775314bdd4188d64f07ea184"
+ }
+ ],
"licenses": [
{
"license": {
@@ -540,11 +560,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -586,11 +602,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -609,6 +621,12 @@
},
"cpe": "cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:*",
"description": "Infer file type and MIME type of any file/buffer. No external dependencies.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4e247fe2184c692e3b05fb5aafbe3d83cffc7585"
+ }
+ ],
"licenses": [
{
"license": {
@@ -632,7 +650,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -674,11 +692,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -720,11 +734,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -766,7 +776,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -780,6 +790,12 @@
},
"cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*",
"description": "A python package that provides useful locks",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "06c3f06cab4e135b8d921932019a231c180eb9f4"
+ }
+ ],
"licenses": [
{
"license": {
@@ -803,7 +819,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -845,11 +861,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -868,6 +880,12 @@
},
"cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*",
"description": "Amazon Web Services Library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "8fac1878734c5ac085b781f619c70ea4b6e913c3"
+ }
+ ],
"licenses": [
{
"license": {
@@ -891,7 +909,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -910,6 +928,12 @@
},
"cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
"description": "Google Reauth Library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b"
+ }
+ ],
"licenses": [
{
"license": {
@@ -933,11 +957,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -956,6 +976,12 @@
},
"cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
"description": "U2F host library for interacting with a U2F device over USB.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe"
+ }
+ ],
"licenses": [
{
"license": {
@@ -979,11 +1005,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -1002,6 +1024,12 @@
},
"cpe": "cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*",
"description": "Python 2 and 3 compatibility utilities",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "65486e4383f9f411da95937451205d3c7b61b9e1"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1025,7 +1053,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -1044,6 +1072,12 @@
},
"cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*",
"description": "A comprehensive HTTP client library.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1067,7 +1101,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -1086,6 +1120,12 @@
},
"cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*",
"description": "pyparsing module - Classes and methods to define and execute parsing grammars",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "7d4bda2743ebc04f68d2594bc4fffc70cd65848f"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/pyparsing/3.1.2",
@@ -1101,7 +1141,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -1120,6 +1160,12 @@
},
"cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
"description": "OAuth 2.0 client library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "50d20532a748f18e53f7d24ccbe6647132c979a9"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1143,11 +1189,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -1155,7 +1197,7 @@
"type": "library",
"bom-ref": "28-pyasn1",
"name": "pyasn1",
- "version": "0.5.1",
+ "version": "0.6.0",
"supplier": {
"name": "Ilya Etingof",
"contact": [
@@ -1164,7 +1206,7 @@
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.5.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*",
"description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
"licenses": [
{
@@ -1176,12 +1218,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/pyasn1/0.5.1",
+ "url": "https://pypi.org/project/pyasn1/0.6.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1@0.5.1",
+ "purl": "pkg:pypi/pyasn1@0.6.0",
"properties": [
{
"name": "language",
@@ -1189,7 +1231,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -1197,7 +1239,7 @@
"type": "library",
"bom-ref": "29-pyasn1-modules",
"name": "pyasn1-modules",
- "version": "0.3.0",
+ "version": "0.4.0",
"supplier": {
"name": "Ilya Etingof",
"contact": [
@@ -1206,7 +1248,7 @@
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.3.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*",
"description": "A collection of ASN.1-based protocols modules",
"licenses": [
{
@@ -1218,12 +1260,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/pyasn1-modules/0.3.0",
+ "url": "https://pypi.org/project/pyasn1_modules/0.4.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1-modules@0.3.0",
+ "purl": "pkg:pypi/pyasn1-modules@0.4.0",
"properties": [
{
"name": "language",
@@ -1231,11 +1273,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -1254,6 +1292,12 @@
},
"cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
"description": "Pure-Python RSA implementation",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1277,11 +1321,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -1300,6 +1340,12 @@
},
"cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.1.0:*:*:*:*:*:*:*",
"description": "Python wrapper module around the OpenSSL library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d9f2c46de70c1aee20a4309424d9f506b7aae68e"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1323,11 +1369,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -1366,7 +1408,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -1385,6 +1427,12 @@
},
"cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:*:*:*:*:*:*:*",
"description": "Foreign Function Interface for Python calling C code.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ba44abd69cf6f0f1cc90db34cd067275dc10fc71"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1408,7 +1456,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -1416,7 +1464,7 @@
"type": "library",
"bom-ref": "34-pycparser",
"name": "pycparser",
- "version": "2.21",
+ "version": "2.22",
"supplier": {
"name": "Eli Bendersky",
"contact": [
@@ -1425,7 +1473,7 @@
}
]
},
- "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.21:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
"description": "C parser in Python",
"licenses": [
{
@@ -1437,12 +1485,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/pycparser/2.21",
+ "url": "https://pypi.org/project/pycparser/2.22",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pycparser@2.21",
+ "purl": "pkg:pypi/pycparser@2.22",
"properties": [
{
"name": "language",
@@ -1450,11 +1498,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "pycparser declares BSD which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -1473,6 +1517,12 @@
},
"cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*",
"description": "Retry Decorator",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1483,7 +1533,7 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/retry-decorator/1.1.1",
+ "url": "https://pypi.org/project/retry_decorator/1.1.1",
"type": "distribution",
"comment": "Download location for component"
}
@@ -1496,7 +1546,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -1515,6 +1565,12 @@
},
"cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*",
"description": "client libraries for humans",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "816fb1ff4425e765c5e4e53b7ca648107ca714d1"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1538,11 +1594,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -1550,7 +1602,7 @@
"type": "library",
"bom-ref": "37-google-auth",
"name": "google-auth",
- "version": "2.28.2",
+ "version": "2.29.0",
"supplier": {
"name": "Google Cloud Platform",
"contact": [
@@ -1559,7 +1611,7 @@
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.28.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:*",
"description": "Google Authentication Library",
"licenses": [
{
@@ -1571,12 +1623,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/google-auth/2.28.2",
+ "url": "https://pypi.org/project/google-auth/2.29.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth@2.28.2",
+ "purl": "pkg:pypi/google-auth@2.29.0",
"properties": [
{
"name": "language",
@@ -1584,11 +1636,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -1630,7 +1678,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -1649,6 +1697,12 @@
},
"cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*",
"description": "An implementation of time.monotonic() for Python 2 & < 3.3",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "80681f6604e136e513550342f977edb98f5fc5ad"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1672,11 +1726,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "monotonic declares Apache which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -1686,6 +1736,12 @@
"name": "jinja2",
"version": "3.1.3",
"description": "A very fast and expressive template engine.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d9de4bb215fd1cc8092a410fb834c7c4060b1fc1"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1709,7 +1765,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -1719,6 +1775,12 @@
"name": "markupsafe",
"version": "2.1.5",
"description": "Safely add untrusted strings to HTML/XML markup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "fbba4acd0312826cec9cfe18371c7df07962cb65"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1742,7 +1804,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -1779,7 +1841,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -1793,6 +1855,12 @@
},
"cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*",
"description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "544e0ff86850af1c6d9e533c4b58b76c59542a76"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1816,7 +1884,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -1845,7 +1913,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -1882,7 +1950,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -1890,7 +1958,7 @@
"type": "library",
"bom-ref": "46-lib4sbom",
"name": "lib4sbom",
- "version": "0.6.2",
+ "version": "0.7.0",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -1899,7 +1967,7 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.6.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"licenses": [
{
@@ -1911,12 +1979,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/lib4sbom/0.6.2",
+ "url": "https://pypi.org/project/lib4sbom/0.7.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.6.2",
+ "purl": "pkg:pypi/lib4sbom@0.7.0",
"properties": [
{
"name": "language",
@@ -1924,7 +1992,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -1943,6 +2011,12 @@
},
"cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:*",
"description": "YAML parser and emitter for Python",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "c42fa3bff1eabdb64763bb1526d9ea1ccb708479"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1966,7 +2040,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -1985,6 +2059,12 @@
},
"cpe": "cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*",
"description": "A library implementing the 'SemVer' scheme.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e49b5b065b845cd7798c0219e0fa8986c75f6a4a"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2008,11 +2088,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "semantic-version declares BSD which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -2026,6 +2102,12 @@
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a46d42493bbb7ae1a227be7bbd6b180a149ad3b1"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2049,7 +2131,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -2083,7 +2165,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -2102,6 +2184,12 @@
},
"cpe": "cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*",
"description": "An open-source, interactive data visualization library for Python",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9335a34ca77399a597a72420f73e947217d3d410"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2125,7 +2213,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -2144,6 +2232,12 @@
},
"cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*",
"description": "Retry code until it succeeds",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "41ed2420cda8ab7650a39900451099f4730266c3"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2167,11 +2261,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -2190,6 +2280,12 @@
},
"cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:*:*:*:*",
"description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "cda862f8b31c2678d5691ee55797a1cf6d44fe42"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2213,11 +2309,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -2236,6 +2328,12 @@
},
"cpe": "cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:*",
"description": "Python HTTP for Humans.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "147c8511ddbfa5e8f71bbf5c18ede0c4ceb3bba4"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2259,11 +2357,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
},
@@ -2305,7 +2399,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -2324,6 +2418,12 @@
},
"cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*",
"description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "79dce4857914fead2ffe55eb787cad6d5cf14643"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2347,7 +2447,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -2381,7 +2481,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -2423,7 +2523,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -2442,6 +2542,12 @@
},
"cpe": "cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*",
"description": "Python port of markdown-it. Markdown parsing, done right!",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "bee6d1953be75717a3f2f6a917da6f464bed421d"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/markdown-it-py/3.0.0",
@@ -2457,7 +2563,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -2476,6 +2582,12 @@
},
"cpe": "cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*",
"description": "Markdown URL utilities",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/mdurl/0.1.2",
@@ -2491,7 +2603,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -2510,6 +2622,12 @@
},
"cpe": "cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*",
"description": "Pygments is a syntax highlighting package written in Python.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ee30ce132ae252bd72f3a74c86d9314a2214d0b4"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2533,7 +2651,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -2575,7 +2693,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -2594,6 +2712,12 @@
},
"cpe": "cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*",
"description": "Python Library for Tom's Obvious, Minimal Language",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "3f637dba5f68db63d4b30967fedda51c82459471"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2617,7 +2741,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -2625,7 +2749,7 @@
"type": "library",
"bom-ref": "64-xmlschema",
"name": "xmlschema",
- "version": "3.1.0",
+ "version": "3.2.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -2634,7 +2758,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.1.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.2.0:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -2646,12 +2770,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/xmlschema/3.1.0",
+ "url": "https://pypi.org/project/xmlschema/3.2.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@3.1.0",
+ "purl": "pkg:pypi/xmlschema@3.2.0",
"properties": [
{
"name": "language",
@@ -2659,7 +2783,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -2701,7 +2825,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
+ "value": "3.10.14"
}
]
},
@@ -2720,6 +2844,12 @@
},
"cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.22.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "255b579735f26c2d0e08257f632de75d2ab882cf"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2743,11 +2873,7 @@
},
{
"name": "python_version",
- "value": "3.10.13"
- },
- {
- "name": "License Comments",
- "value": "zstandard declares BSD which is not currently a valid SPDX License identifier or expression."
+ "value": "3.10.14"
}
]
}
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index b20aa29add..a7a8e5511b 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a873fb7c-bf1e-4dcc-ac24-c2ea5a569735
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a69f4d32-407d-461c-972b-a9a711747efa
LicenseListVersion: 3.22
-Creator: Tool: sbom4python-0.10.3
-Created: 2024-03-18T00:25:56Z
+Creator: Tool: sbom4python-0.10.4
+Created: 2024-04-01T00:28:03Z
CreatorComment: This document has been automatically generated.
#####
@@ -16,11 +16,12 @@ PrimaryPackagePurpose: APPLICATION
PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3rc2
FilesAnalyzed: false
+PackageChecksum: SHA1: c491590aeea36235930d1c6b8480d2489a470ece
PackageLicenseDeclared: GPL-3.0-or-later
PackageLicenseConcluded: GPL-3.0-or-later
PackageCopyrightText: NOASSERTION
PackageSummary: CVE Binary Checker Tool
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.3rc2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.3rc2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:*
#####
@@ -36,7 +37,7 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.9.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.3
#####
PackageName: aiosignal
@@ -46,11 +47,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1
FilesAnalyzed: false
+PackageChecksum: SHA1: 2b8907dc15f976d3747a16bd65f1681ae54249a3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.3.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1
#####
PackageName: frozenlist
@@ -65,7 +67,7 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.4.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1
#####
PackageName: async-timeout
@@ -75,12 +77,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3
FilesAnalyzed: false
+PackageChecksum: SHA1: a48974404c746593f78c116faceb56a0db50309e
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Timeout context manager for asyncio programs
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/async-timeout@4.0.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@4.0.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*
#####
@@ -95,7 +98,7 @@ PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Classes Without Boilerplate
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@23.2.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@23.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*
#####
@@ -106,12 +109,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/multidict/6.0.5
FilesAnalyzed: false
+PackageChecksum: SHA1: a9b281b2ef4ab25d95d6b268aa88c428e75c3696
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: multidict implementation
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/multidict@6.0.5
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.0.5
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:*:*:*:*
#####
@@ -122,11 +126,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/yarl/1.9.4
FilesAnalyzed: false
+PackageChecksum: SHA1: 6362ff155ba02964a5e773927412f7cf4ca23cd1
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.4
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.9.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:*
#####
@@ -141,7 +146,7 @@ PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Internationalized Domain Names in Applications (IDNA)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/idna@3.6
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:*
#####
@@ -157,7 +162,7 @@ PackageLicenseConcluded: MIT
PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Screen-scraping library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.12.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/beautifulsoup4@4.12.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*
#####
@@ -168,11 +173,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Isaac Muse (use@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.5
FilesAnalyzed: false
+PackageChecksum: SHA1: 51ec317ada7e34f70fad6bfddaef8a2cfac1aebd
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A modern CSS selector implementation for Beautiful Soup.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.5
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.5
ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*
#####
@@ -183,12 +189,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
PackageDownloadLocation: https://pypi.org/project/cvss/3.0
FilesAnalyzed: false
+PackageChecksum: SHA1: c637e63a16b7411c6135b5ae8bb5408d06d89b41
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@3.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:*
#####
@@ -199,12 +206,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Christian Heimes (christian@python.org)
PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1
FilesAnalyzed: false
+PackageChecksum: SHA1: ebff1b493751e2f0775314bdd4188d64f07ea184
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: PSF-2.0
PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: XML bomb protection for Python stdlib modules
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/defusedxml@0.7.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/defusedxml@0.7.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*
#####
@@ -220,7 +228,7 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Distro - an OS platform information API
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/distro@1.9.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/distro@1.9.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*
#####
@@ -231,11 +239,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me)
PackageDownloadLocation: https://pypi.org/project/filetype/1.2.0
FilesAnalyzed: false
+PackageChecksum: SHA1: 4e247fe2184c692e3b05fb5aafbe3d83cffc7585
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/filetype@1.2.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/filetype@1.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:*
#####
@@ -251,7 +260,7 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A command line tool for interacting with cloud storage services.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.27
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.27
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*
#####
@@ -267,7 +276,7 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.2.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.2.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.3:*:*:*:*:*:*:*
#####
@@ -282,7 +291,7 @@ PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CRC Generator
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/crcmod@1.7
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/crcmod@1.7
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
#####
@@ -293,11 +302,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joshua Harlow
PackageDownloadLocation: https://pypi.org/project/fasteners/0.19
FilesAnalyzed: false
+PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: A python package that provides useful locks
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.19
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/fasteners@0.19
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*
#####
@@ -313,7 +323,7 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*
#####
@@ -324,11 +334,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
PackageDownloadLocation: https://pypi.org/project/boto/2.49.0
FilesAnalyzed: false
+PackageChecksum: SHA1: 8fac1878734c5ac085b781f619c70ea4b6e913c3
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Amazon Web Services Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/boto@2.49.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
#####
@@ -339,12 +350,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google (googleapis-publisher@google.com)
PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1
FilesAnalyzed: false
+PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Google Reauth Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-reauth@0.1.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
#####
@@ -355,12 +367,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5
FilesAnalyzed: false
+PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: U2F host library for interacting with a U2F device over USB.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyu2f@0.1.5
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
#####
@@ -371,11 +384,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Benjamin Peterson (benjamin@python.org)
PackageDownloadLocation: https://pypi.org/project/six/1.16.0
FilesAnalyzed: false
+PackageChecksum: SHA1: 65486e4383f9f411da95937451205d3c7b61b9e1
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python 2 and 3 compatibility utilities
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/six@1.16.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*
#####
@@ -386,11 +400,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joe Gregorio (joe@bitworking.org)
PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4
FilesAnalyzed: false
+PackageChecksum: SHA1: 9d4501760c8ac66326d672ab5c94737d3d690ca4
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A comprehensive HTTP client library.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/httplib2@0.20.4
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/httplib2@0.20.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*
#####
@@ -401,11 +416,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.2
FilesAnalyzed: false
+PackageChecksum: SHA1: 7d4bda2743ebc04f68d2594bc4fffc70cd65848f
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*
#####
@@ -416,44 +432,45 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com)
PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3
FilesAnalyzed: false
+PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: OAuth 2.0 client library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/oauth2client@4.1.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*
#####
PackageName: pyasn1
SPDXID: SPDXRef-Package-28-pyasn1
-PackageVersion: 0.5.1
+PackageVersion: 0.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1/0.5.1
+PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0
FilesAnalyzed: false
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.5.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.5.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*
#####
PackageName: pyasn1-modules
SPDXID: SPDXRef-Package-29-pyasn1-modules
-PackageVersion: 0.3.0
+PackageVersion: 0.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.3.0
+PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A collection of ASN.1-based protocols modules
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1-modules@0.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*
#####
PackageName: rsa
@@ -463,12 +480,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2
FilesAnalyzed: false
+PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Pure-Python RSA implementation
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rsa@4.7.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
#####
@@ -479,12 +497,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/24.1.0
FilesAnalyzed: false
+PackageChecksum: SHA1: d9f2c46de70c1aee20a4309424d9f506b7aae68e
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@24.1.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.1.0:*:*:*:*:*:*:*
#####
@@ -499,7 +518,7 @@ PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@42.0.5
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.5
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:*
#####
@@ -510,28 +529,28 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com)
PackageDownloadLocation: https://pypi.org/project/cffi/1.16.0
FilesAnalyzed: false
+PackageChecksum: SHA1: ba44abd69cf6f0f1cc90db34cd067275dc10fc71
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Foreign Function Interface for Python calling C code.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@1.16.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.16.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:*:*:*:*:*:*:*
#####
PackageName: pycparser
SPDXID: SPDXRef-Package-34-pycparser
-PackageVersion: 2.21
+PackageVersion: 2.22
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pycparser/2.21
+PackageDownloadLocation: https://pypi.org/project/pycparser/2.22
FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
+PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pycparser declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: C parser in Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pycparser@2.21
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.21:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pycparser@2.22
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*
#####
PackageName: retry-decorator
@@ -539,13 +558,14 @@ SPDXID: SPDXRef-Package-35-retry-decorator
PackageVersion: 1.1.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1
+PackageDownloadLocation: https://pypi.org/project/retry_decorator/1.1.1
FilesAnalyzed: false
+PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Retry Decorator
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/retry-decorator@1.1.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/retry-decorator@1.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*
#####
@@ -556,29 +576,30 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Craig Citro (craigcitro@google.com)
PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32
FilesAnalyzed: false
+PackageChecksum: SHA1: 816fb1ff4425e765c5e4e53b7ca648107ca714d1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: client libraries for humans
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-apitools@0.5.32
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32
ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
#####
PackageName: google-auth
SPDXID: SPDXRef-Package-37-google-auth
-PackageVersion: 2.28.2
+PackageVersion: 2.29.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.28.2
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.29.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.28.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.28.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.29.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:*
#####
PackageName: cachetools
@@ -592,7 +613,7 @@ PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Extensible memoizing collections and decorators
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*
#####
@@ -603,12 +624,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ori Livneh (ori@wikimedia.org)
PackageDownloadLocation: https://pypi.org/project/monotonic/1.6
FilesAnalyzed: false
+PackageChecksum: SHA1: 80681f6604e136e513550342f977edb98f5fc5ad
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/monotonic@1.6
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/monotonic@1.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
#####
@@ -619,11 +641,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.3
FilesAnalyzed: false
+PackageChecksum: SHA1: d9de4bb215fd1cc8092a410fb834c7c4060b1fc1
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: A very fast and expressive template engine.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.1.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.3
#####
PackageName: markupsafe
@@ -633,11 +656,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.5
FilesAnalyzed: false
+PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Safely add untrusted strings to HTML/XML markup.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.5
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5
#####
PackageName: jsonschema
@@ -651,7 +675,7 @@ PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.21.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.21.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*
#####
@@ -662,11 +686,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.12.1
FilesAnalyzed: false
+PackageChecksum: SHA1: 544e0ff86850af1c6d9e533c4b58b76c59542a76
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*
#####
@@ -681,7 +706,7 @@ PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.34.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.34.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*
#####
@@ -696,23 +721,23 @@ PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.18.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.18.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
SPDXID: SPDXRef-Package-46-lib4sbom
-PackageVersion: 0.6.2
+PackageVersion: 0.7.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.6.2
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.0
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.6.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.6.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -722,11 +747,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0.1
FilesAnalyzed: false
+PackageChecksum: SHA1: c42fa3bff1eabdb64763bb1526d9ea1ccb708479
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: YAML parser and emitter for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:*
#####
@@ -737,12 +763,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org)
PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0
FilesAnalyzed: false
+PackageChecksum: SHA1: e49b5b065b845cd7798c0219e0fa8986c75f6a4a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A library implementing the 'SemVer' scheme.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/semantic-version@2.10.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*
#####
@@ -753,11 +780,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.0
FilesAnalyzed: false
+PackageChecksum: SHA1: a46d42493bbb7ae1a227be7bbd6b180a149ad3b1
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.15.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.0:*:*:*:*:*:*:*
#####
@@ -772,7 +800,7 @@ PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packaging@24.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:*:*:*
#####
@@ -783,11 +811,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
PackageDownloadLocation: https://pypi.org/project/plotly/5.20.0
FilesAnalyzed: false
+PackageChecksum: SHA1: 9335a34ca77399a597a72420f73e947217d3d410
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source, interactive data visualization library for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.20.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.20.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*
#####
@@ -798,12 +827,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.3
FilesAnalyzed: false
+PackageChecksum: SHA1: 41ed2420cda8ab7650a39900451099f4730266c3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Retry code until it succeeds
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.2.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*
#####
@@ -814,12 +844,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.2
FilesAnalyzed: false
+PackageChecksum: SHA1: cda862f8b31c2678d5691ee55797a1cf6d44fe42
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:*:*:*:*
#####
@@ -830,12 +861,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
PackageDownloadLocation: https://pypi.org/project/requests/2.31.0
FilesAnalyzed: false
+PackageChecksum: SHA1: 147c8511ddbfa5e8f71bbf5c18ede0c4ceb3bba4
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python HTTP for Humans.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.31.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.31.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:*
#####
@@ -850,7 +882,7 @@ PackageLicenseDeclared: MPL-2.0
PackageLicenseConcluded: MPL-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python package for providing Mozilla's CA Bundle.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2024.2.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.2.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.2.2:*:*:*:*:*:*:*
#####
@@ -861,11 +893,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev)
PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.3.2
FilesAnalyzed: false
+PackageChecksum: SHA1: 79dce4857914fead2ffe55eb787cad6d5cf14643
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.3.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*
#####
@@ -880,7 +913,7 @@ PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@2.2.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.1:*:*:*:*:*:*:*
#####
@@ -895,7 +928,7 @@ PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.7.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.7.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:*
#####
@@ -906,11 +939,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0
FilesAnalyzed: false
+PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python port of markdown-it. Markdown parsing, done right!
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markdown-it-py@3.0.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*
#####
@@ -921,11 +955,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2
FilesAnalyzed: false
+PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Markdown URL utilities
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/mdurl@0.1.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*
#####
@@ -936,11 +971,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
PackageDownloadLocation: https://pypi.org/project/Pygments/2.17.2
FilesAnalyzed: false
+PackageChecksum: SHA1: ee30ce132ae252bd72f3a74c86d9314a2214d0b4
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.17.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.17.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*
#####
@@ -955,7 +991,7 @@ PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Read rpm archive files
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@2.0.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*
#####
@@ -966,27 +1002,28 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: William Pearson (uiri@xqz.ca)
PackageDownloadLocation: https://pypi.org/project/toml/0.10.2
FilesAnalyzed: false
+PackageChecksum: SHA1: 3f637dba5f68db63d4b30967fedda51c82459471
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python Library for Tom's Obvious, Minimal Language
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/toml@0.10.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/toml@0.10.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*
#####
PackageName: xmlschema
SPDXID: SPDXRef-Package-64-xmlschema
-PackageVersion: 3.1.0
+PackageVersion: 3.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.1.0
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.2.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.2.0:*:*:*:*:*:*:*
#####
PackageName: elementpath
@@ -1000,7 +1037,7 @@ PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.4.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.4.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*:*:*:*:*
#####
@@ -1011,12 +1048,13 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
PackageDownloadLocation: https://pypi.org/project/zstandard/0.22.0
FilesAnalyzed: false
+PackageChecksum: SHA1: 255b579735f26c2d0e08257f632de75d2ab882cf
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Zstandard bindings for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.22.0
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.22.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.22.0:*:*:*:*:*:*:*
#####