diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 4f89320b05..d936d2c4fc 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -26,7 +26,7 @@ repos:
hooks:
- id: pyupgrade
exclude: ^fuzz/generated/
- args: ["--py38-plus"]
+ args: ["--py39-plus"]
- repo: https://github.com/pycqa/flake8
rev: 7.3.0
diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py
index b3da5a7a28..d890334aa6 100644
--- a/cve_bin_tool/checkers/__init__.py
+++ b/cve_bin_tool/checkers/__init__.py
@@ -15,10 +15,7 @@
from importlib import metadata as importlib_metadata
else:
import importlib_metadata
-if sys.version_info >= (3, 9):
- import importlib.resources as resources
-else:
- import importlib_resources as resources
+import importlib.resources as resources
__all__ = [
"Checker",
diff --git a/cve_bin_tool/cli.py b/cve_bin_tool/cli.py
index 95074e65cc..fdb35d53f5 100644
--- a/cve_bin_tool/cli.py
+++ b/cve_bin_tool/cli.py
@@ -94,12 +94,18 @@ def __call__(self, parser, namespace, values, option_string=None):
setattr(namespace, self.dest, values)
-def main(argv=None):
- """Scan a binary file for certain open source libraries that may have CVEs"""
- if sys.version_info < (3, 8):
+def check_python_version() -> None:
+ """Check if the current Python version is supported. Raise OSError if not."""
+ if sys.version_info < (3, 9):
raise OSError(
- "Python no longer provides security updates for version 3.7 as of June 2023. Please upgrade to python 3.8+ to use CVE Binary Tool."
+ "Python no longer provides security updates for version 3.8 as of October 2024. "
+ "Please upgrade to Python 3.9+ to use CVE Binary Tool."
)
+
+
+def main(argv=None):
+ """Scan a binary file for certain open source libraries that may have CVEs"""
+ check_python_version()
argv = argv or sys.argv
# Reset logger level to info
diff --git a/cve_bin_tool/config.py b/cve_bin_tool/config.py
index e9f6e647a3..d8d3304efc 100644
--- a/cve_bin_tool/config.py
+++ b/cve_bin_tool/config.py
@@ -5,9 +5,9 @@
import sys
from collections import ChainMap
+from collections.abc import Mapping
from logging import Logger
from pathlib import Path
-from typing import Mapping
if sys.version_info >= (3, 11):
import tomllib as toml
diff --git a/cve_bin_tool/csv2cve.py b/cve_bin_tool/csv2cve.py
index dee8ef1a90..30b92ac5e8 100644
--- a/cve_bin_tool/csv2cve.py
+++ b/cve_bin_tool/csv2cve.py
@@ -16,10 +16,7 @@
def main(argv: list[str] | None = None):
"""Used to scan a .csv file that lists the dependencies."""
- if sys.version_info < (3, 8):
- raise OSError(
- "Python no longer provides security updates for version 3.7 as of June 2023. Please upgrade to python 3.8+ to use CVE Binary Tool."
- )
+ cli.check_python_version()
logger: logging.Logger = LOGGER.getChild("CSV2CVE")
argv = argv or sys.argv
if len(argv) < 2:
diff --git a/cve_bin_tool/cve_scanner.py b/cve_bin_tool/cve_scanner.py
index 3669058bb4..3758a0c33c 100644
--- a/cve_bin_tool/cve_scanner.py
+++ b/cve_bin_tool/cve_scanner.py
@@ -7,7 +7,7 @@
from logging import Logger
from pathlib import Path
from string import ascii_lowercase
-from typing import DefaultDict, Dict, List
+from typing import DefaultDict
from rich.console import Console
@@ -28,12 +28,12 @@ class CVEScanner:
products_with_cve: int
products_without_cve: int
all_cve_data: DefaultDict[ProductInfo, CVEData]
- all_cve_version_info: Dict[str, VersionInfo]
+ all_cve_version_info: dict[str, VersionInfo]
RANGE_UNSET: str = ""
dbname: str = str(Path(DISK_LOCATION_DEFAULT) / DBNAME)
CONSOLE: Console = Console(file=sys.stderr, theme=cve_theme)
- ALPHA_TO_NUM: Dict[str, int] = dict(zip(ascii_lowercase, range(26)))
+ ALPHA_TO_NUM: dict[str, int] = dict(zip(ascii_lowercase, range(26)))
def __init__(
self,
@@ -44,8 +44,8 @@ def __init__(
logger: Logger = None,
error_mode: ErrorMode = ErrorMode.TruncTrace,
check_exploits: bool = False,
- exploits_list: List[str] = [],
- disabled_sources: List[str] = [],
+ exploits_list: list[str] = [],
+ disabled_sources: list[str] = [],
no_scan: bool = False,
):
self.score = score
@@ -230,10 +230,10 @@ def get_cves(self, product_info: ProductInfo, triage_data: TriageData):
)
product_info_data: CVEData | None = self.all_cve_data.get(product_info)
- prev_cves: List[CVE] = (
+ prev_cves: list[CVE] = (
product_info_data.get("cves", []) if product_info_data is not None else [] # type: ignore
)
- cves: List[CVE] = []
+ cves: list[CVE] = []
# Go through and get all the severities
if cve_list:
@@ -407,7 +407,7 @@ def filter_triage_data(self):
Filter out triage data that is not relevant to the CVEs found,
specifically those marked as NotAffected or FalsePositives.
"""
- to_delete: List[ProductInfo] = []
+ to_delete: list[ProductInfo] = []
for product_info, cve_data in self.all_cve_data.items():
original_cves = cve_data["cves"]
diff --git a/cve_bin_tool/data_sources/__init__.py b/cve_bin_tool/data_sources/__init__.py
index bb2b186c30..87d046f967 100644
--- a/cve_bin_tool/data_sources/__init__.py
+++ b/cve_bin_tool/data_sources/__init__.py
@@ -3,14 +3,9 @@
from __future__ import annotations
-import sys
+import importlib.resources as resources
from abc import ABC, abstractmethod
-if sys.version_info >= (3, 9):
- import importlib.resources as resources
-else:
- import importlib_resources as resources
-
class Data_Source(ABC):
@abstractmethod
diff --git a/cve_bin_tool/helper_script.py b/cve_bin_tool/helper_script.py
index c3f51f454a..c0a9182be8 100644
--- a/cve_bin_tool/helper_script.py
+++ b/cve_bin_tool/helper_script.py
@@ -8,9 +8,9 @@
import sys
import textwrap
from collections import ChainMap
+from collections.abc import MutableMapping
from logging import Logger
from pathlib import Path
-from typing import MutableMapping
from rich import print as rprint
from rich.console import Console
diff --git a/cve_bin_tool/input_engine.py b/cve_bin_tool/input_engine.py
index 3a90f959b4..3a944dc017 100644
--- a/cve_bin_tool/input_engine.py
+++ b/cve_bin_tool/input_engine.py
@@ -11,9 +11,10 @@
import csv
import json
from collections import defaultdict
+from collections.abc import Iterable
from logging import Logger
from pathlib import Path
-from typing import Any, DefaultDict, Dict, Iterable, Set, Union
+from typing import Any, DefaultDict, Union
from cve_bin_tool.cvedb import CVEDB
from cve_bin_tool.error_handler import (
@@ -27,7 +28,7 @@
from cve_bin_tool.util import ProductInfo, Remarks
# TriageData is dictionary of cve_number mapped to dictionary of remarks, comments and custom severity
-TriageData = Dict[str, Union[Dict[str, Any], Set[str]]]
+TriageData = dict[str, Union[dict[str, Any], set[str]]]
class InputEngine:
@@ -135,7 +136,7 @@ def input_json(self) -> None:
self.parse_data(set(json_data[0].keys()), json_data)
- def parse_data(self, fields: Set[str], data: Iterable) -> None:
+ def parse_data(self, fields: set[str], data: Iterable) -> None:
"""
Parses common data structure for CSV and JSON input formats.
diff --git a/cve_bin_tool/package_list_parser.py b/cve_bin_tool/package_list_parser.py
index d2f7b206bd..d63f5e34f1 100644
--- a/cve_bin_tool/package_list_parser.py
+++ b/cve_bin_tool/package_list_parser.py
@@ -7,7 +7,7 @@
from logging import Logger
from pathlib import Path
from subprocess import PIPE, run
-from typing import Any, Dict, List
+from typing import Any
import distro
@@ -69,10 +69,10 @@ def __init__(
self.logger = logger
self.error_mode = error_mode
- self.parsed_data_without_vendor: Dict[Any, Any] = defaultdict(dict)
- self.parsed_data_with_vendor: Dict[Any, Any] = defaultdict(dict)
- self.package_names_with_vendor: List[Any] = []
- self.package_names_without_vendor: List[Any] = []
+ self.parsed_data_without_vendor: dict[Any, Any] = defaultdict(dict)
+ self.parsed_data_with_vendor: dict[Any, Any] = defaultdict(dict)
+ self.package_names_with_vendor: list[Any] = []
+ self.package_names_without_vendor: list[Any] = []
def parse_list(self):
"""
diff --git a/cve_bin_tool/parsers/parse.py b/cve_bin_tool/parsers/parse.py
index 343d30cfc4..e679da7f28 100644
--- a/cve_bin_tool/parsers/parse.py
+++ b/cve_bin_tool/parsers/parse.py
@@ -10,10 +10,7 @@
from importlib import metadata as importlib_metadata
else:
import importlib_metadata
-if sys.version_info >= (3, 9):
- import importlib.resources as resources
-else:
- import importlib_resources as resources
+import importlib.resources as resources
from cve_bin_tool.parsers import Parser
diff --git a/cve_bin_tool/strings.py b/cve_bin_tool/strings.py
index 7ae84b8d36..61e0987f3d 100644
--- a/cve_bin_tool/strings.py
+++ b/cve_bin_tool/strings.py
@@ -8,7 +8,7 @@
"""
import subprocess
-from typing import ClassVar, List, Set
+from typing import ClassVar
from cve_bin_tool.async_utils import FileIO, run_coroutine
from cve_bin_tool.util import inpath
@@ -18,7 +18,7 @@ class Strings:
"""Utility class for parsing files and extracting printable characters."""
# printable characters
- PRINTABLE: ClassVar[Set[int]] = set(range(32, 128))
+ PRINTABLE: ClassVar[set[int]] = set(range(32, 128))
# add tab to the printable character
PRINTABLE.add(9)
@@ -35,7 +35,7 @@ async def aio_parse(self) -> str:
str: The acuumulated printable characters from the file.
"""
async with FileIO(self.filename, "rb") as f:
- tmp: List[str] = []
+ tmp: list[str] = []
async for line in f:
for char in line:
# remove all unprintable characters
diff --git a/cve_bin_tool/util.py b/cve_bin_tool/util.py
index 11ee0533f4..3a106508a8 100644
--- a/cve_bin_tool/util.py
+++ b/cve_bin_tool/util.py
@@ -9,9 +9,11 @@
import os
import re
import sys
+from collections.abc import Iterator
from enum import Enum
from pathlib import Path
-from typing import DefaultDict, Iterator, List, NamedTuple, Pattern, Set, Union
+from re import Pattern
+from typing import DefaultDict, NamedTuple, Union
import requests
from packageurl import PackageURL
@@ -248,7 +250,7 @@ class VersionInfo(NamedTuple):
end_excluding: str
-class CVEData(DefaultDict[str, Union[List[CVE], Set[str]]]):
+class CVEData(DefaultDict[str, Union[list[CVE], set[str]]]):
"""
A Class representing a dictionary of CVEs and paths
"""
diff --git a/cve_bin_tool/version_scanner.py b/cve_bin_tool/version_scanner.py
index 4d7ba2489d..3ddc46e4ec 100644
--- a/cve_bin_tool/version_scanner.py
+++ b/cve_bin_tool/version_scanner.py
@@ -4,9 +4,9 @@
import subprocess
import sys
+from collections.abc import Iterator
from logging import Logger
from pathlib import Path
-from typing import Iterator
from cve_bin_tool.checkers import BUILTIN_CHECKERS, Checker
from cve_bin_tool.cvedb import CVEDB
diff --git a/cve_bin_tool/vex_manager/generate.py b/cve_bin_tool/vex_manager/generate.py
index 543faa7d56..2dc3611116 100644
--- a/cve_bin_tool/vex_manager/generate.py
+++ b/cve_bin_tool/vex_manager/generate.py
@@ -3,7 +3,7 @@
from logging import Logger
from pathlib import Path
-from typing import Dict, List, Optional
+from typing import Optional
from lib4sbom.data.vulnerability import Vulnerability
from lib4vex.generator import VEXGenerator
@@ -67,7 +67,7 @@ def __init__(
vendor: str,
filename: str,
vextype: str,
- all_cve_data: Dict[ProductInfo, CVEData],
+ all_cve_data: dict[ProductInfo, CVEData],
revision_reason: str = "",
sbom_serial_number: str = "",
sbom: Optional[str] = None,
@@ -154,7 +154,7 @@ def __generate_vex_filename(self) -> str:
)
return str(filename)
- def __get_metadata(self) -> Dict:
+ def __get_metadata(self) -> dict:
"""
Generates metadata for the VEX document based on the specified VEX type, product, release,
and vendor information.
@@ -183,7 +183,7 @@ def __get_metadata(self) -> Dict:
return metadata
- def __get_vulnerabilities(self) -> List[Vulnerability]:
+ def __get_vulnerabilities(self) -> list[Vulnerability]:
"""
Retrieves and constructs a list of vulnerability objects based on the current CVE data.
diff --git a/cve_bin_tool/vex_manager/parse.py b/cve_bin_tool/vex_manager/parse.py
index b58d1fe1e0..150eb9174b 100644
--- a/cve_bin_tool/vex_manager/parse.py
+++ b/cve_bin_tool/vex_manager/parse.py
@@ -1,14 +1,14 @@
# Copyright (C) 2024 Intel Corporation
# SPDX-License-Identifier: GPL-3.0-or-later
-from typing import Any, DefaultDict, Dict, Set, Union
+from typing import Any, DefaultDict, Union
from lib4vex.parser import VEXParser
from cve_bin_tool.log import LOGGER
from cve_bin_tool.util import ProductInfo, Remarks, decode_bom_ref, decode_purl
-TriageData = Dict[str, Union[Dict[str, Any], Set[str]]]
+TriageData = dict[str, Union[dict[str, Any], set[str]]]
class VEXParse:
diff --git a/dev-requirements.txt b/dev-requirements.txt
index 64de1a9dcb..ffba12c8ab 100644
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@@ -1,15 +1,10 @@
-bandit; python_version <= "3.8"
-bandit==1.8.6; python_version > "3.8"
-black==25.1.0; python_version > "3.8"
-black; python_version <= "3.8"
+bandit==1.8.6
+black==25.1.0
build
-isort; python_version < "3.8"
-isort==6.0.1; python_version >= "3.8"
-pre-commit; python_version <= "3.8"
-pre-commit==4.3.0; python_version > "3.8"
+isort==6.0.1
+pre-commit==4.3.0
codespell==v2.4.1
-flake8; python_version < "3.8"
-flake8==7.3.0; python_version >= "3.8"
+flake8==7.3.0
gitlint==v0.19.1
interrogate
jsonschema
diff --git a/doc/MANUAL.md b/doc/MANUAL.md
index 05362a5272..5f1810f2e5 100644
--- a/doc/MANUAL.md
+++ b/doc/MANUAL.md
@@ -550,7 +550,7 @@ This data source provides the CVEs for the CURL product.
## Limitations
The last release of this tool to support python 2.7 is 0.3.1. Please use
-python 3.8+ for development and future versions. Linux and Windows are
+currently supported Python for development and future versions. Linux and Windows are
supported, as is usage within cygwin on windows.
This tool does not scan for all possible known public vulnerabilities, it only
diff --git a/requirements.txt b/requirements.txt
index 75eb865f34..06711a6933 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,7 +6,6 @@ distro
filetype>=1.2.0
gsutil
importlib_metadata>=3.6; python_version < "3.10"
-importlib_resources; python_version < "3.9"
jinja2>=2.11.3
jsonschema>=3.0.2
lib4sbom>=0.9.0
diff --git a/sbom/cve-bin-tool-py3.7.json b/sbom/cve-bin-tool-py3.7.json
deleted file mode 100644
index 9e0b0cee89..0000000000
--- a/sbom/cve-bin-tool-py3.7.json
+++ /dev/null
@@ -1,2788 +0,0 @@
-{
- "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
- "bomFormat": "CycloneDX",
- "specVersion": "1.4",
- "serialNumber": "urn:uuid55620d4a-2c4b-45f1-94ca-9ee004e63077",
- "version": 1,
- "metadata": {
- "timestamp": "2023-06-26T00:33:45Z",
- "tools": [
- {
- "name": "sbom4python",
- "version": "0.9.1"
- }
- ],
- "component": {
- "type": "application",
- "bom-ref": "CDXRef-DOCUMENT",
- "name": "Python-cve-bin-tool"
- }
- },
- "components": [
- {
- "type": "application",
- "bom-ref": "1-cve-bin-tool",
- "name": "cve-bin-tool",
- "version": "3.2.2.dev0",
- "supplier": {
- "name": "Terri Oda",
- "contact": [
- {
- "email": "terri.oda@intel.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.2.2.dev0:*:*:*:*:*:*:*",
- "description": "CVE Binary Checker Tool",
- "licenses": [
- {
- "license": {
- "id": "GPL-3.0-or-later",
- "url": "https://www.gnu.org/licenses/gpl-3.0-standalone.html"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/intel/cve-bin-tool",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/cve-bin-tool/3.2.2.dev0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/cve-bin-tool@3.2.2.dev0"
- },
- {
- "type": "library",
- "bom-ref": "2-aiohttp",
- "name": "aiohttp",
- "version": "3.8.4",
- "description": "Async http client/server framework (asyncio)",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/aio-libs/aiohttp",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/aiohttp/3.8.4",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/aiohttp@3.8.4",
- "properties": [
- {
- "name": "License Comments",
- "value": "aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "3-aiosignal",
- "name": "aiosignal",
- "version": "1.3.1",
- "description": "aiosignal: a list of registered asynchronous callbacks",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/aio-libs/aiosignal",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/aiosignal/1.3.1",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/aiosignal@1.3.1",
- "properties": [
- {
- "name": "License Comments",
- "value": "aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "4-frozenlist",
- "name": "frozenlist",
- "version": "1.3.3",
- "description": "A list-like structure which implements collections.abc.MutableSequence",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/aio-libs/frozenlist",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/frozenlist/1.3.3",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/frozenlist@1.3.3",
- "properties": [
- {
- "name": "License Comments",
- "value": "frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "5-async-timeout",
- "name": "async-timeout",
- "version": "4.0.2",
- "supplier": {
- "name": "Andrew Svetlov",
- "contact": [
- {
- "email": "andrew.svetlov@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:*",
- "description": "Timeout context manager for asyncio programs",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/aio-libs/async-timeout",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/async-timeout/4.0.2",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/async-timeout@4.0.2",
- "properties": [
- {
- "name": "License Comments",
- "value": "async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "6-typing-extensions",
- "name": "typing-extensions",
- "version": "4.6.3",
- "supplier": {
- "name": "Guido van Jukka ukasz Michael",
- "contact": [
- {
- "email": "levkivskyi@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.6.3:*:*:*:*:*:*:*",
- "description": "Backported and Experimental Type Hints for Python 3.7+",
- "externalReferences": [
- {
- "url": "https://pypi.org/project/typing_extensions/4.6.3",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/typing-extensions@4.6.3"
- },
- {
- "type": "library",
- "bom-ref": "7-asynctest",
- "name": "asynctest",
- "version": "0.13.0",
- "supplier": {
- "name": "Martin Richard",
- "contact": [
- {
- "email": "martius@martiusweb.net"
- }
- ]
- },
- "cpe": "cpe:2.3:a:martin_richard:asynctest:0.13.0:*:*:*:*:*:*:*",
- "description": "Enhance the standard unittest package with features for testing asyncio libraries",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/Martiusweb/asynctest/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/asynctest/0.13.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/asynctest@0.13.0",
- "properties": [
- {
- "name": "License Comments",
- "value": "asynctest declares Apache 2 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "8-attrs",
- "name": "attrs",
- "version": "23.1.0",
- "supplier": {
- "name": "Hynek Schlawack",
- "contact": [
- {
- "email": "hs@ox.cx"
- }
- ]
- },
- "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*:*:*",
- "description": "Classes Without Boilerplate",
- "externalReferences": [
- {
- "url": "https://pypi.org/project/attrs/23.1.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/attrs@23.1.0"
- },
- {
- "type": "library",
- "bom-ref": "9-importlib-metadata",
- "name": "importlib-metadata",
- "version": "6.7.0",
- "supplier": {
- "name": "Jason R. Coombs",
- "contact": [
- {
- "email": "jaraco@jaraco.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:6.7.0:*:*:*:*:*:*:*",
- "description": "Read metadata from Python packages",
- "externalReferences": [
- {
- "url": "https://github.com/python/importlib_metadata",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/importlib-metadata/6.7.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/importlib-metadata@6.7.0"
- },
- {
- "type": "library",
- "bom-ref": "10-zipp",
- "name": "zipp",
- "version": "3.15.0",
- "supplier": {
- "name": "Jason R. Coombs",
- "contact": [
- {
- "email": "jaraco@jaraco.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.15.0:*:*:*:*:*:*:*",
- "description": "Backport of pathlib-compatible object wrapper for zip files",
- "externalReferences": [
- {
- "url": "https://github.com/jaraco/zipp",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/zipp/3.15.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/zipp@3.15.0"
- },
- {
- "type": "library",
- "bom-ref": "11-charset-normalizer",
- "name": "charset-normalizer",
- "version": "3.1.0",
- "supplier": {
- "name": "Ahmed TAHRI",
- "contact": [
- {
- "email": "ahmed.tahri@cloudnursery.dev"
- }
- ]
- },
- "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.1.0:*:*:*:*:*:*:*",
- "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/Ousret/charset_normalizer",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/charset-normalizer/3.1.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/charset-normalizer@3.1.0"
- },
- {
- "type": "library",
- "bom-ref": "12-multidict",
- "name": "multidict",
- "version": "6.0.4",
- "supplier": {
- "name": "Andrew Svetlov",
- "contact": [
- {
- "email": "andrew.svetlov@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:*:*:*:*",
- "description": "multidict implementation",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/aio-libs/multidict",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/multidict/6.0.4",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/multidict@6.0.4",
- "properties": [
- {
- "name": "License Comments",
- "value": "multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "13-yarl",
- "name": "yarl",
- "version": "1.9.2",
- "supplier": {
- "name": "Andrew Svetlov",
- "contact": [
- {
- "email": "andrew.svetlov@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:*",
- "description": "Yet another URL library",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/aio-libs/yarl/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/yarl/1.9.2",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/yarl@1.9.2"
- },
- {
- "type": "library",
- "bom-ref": "14-idna",
- "name": "idna",
- "version": "3.4",
- "supplier": {
- "name": "Kim Davies",
- "contact": [
- {
- "email": "kim@cynosure.com.au"
- }
- ]
- },
- "cpe": "cpe:2.3:a:kim_davies:idna:3.4:*:*:*:*:*:*:*",
- "description": "Internationalized Domain Names in Applications (IDNA)",
- "externalReferences": [
- {
- "url": "https://pypi.org/project/idna/3.4",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/idna@3.4"
- },
- {
- "type": "library",
- "bom-ref": "15-beautifulsoup4",
- "name": "beautifulsoup4",
- "version": "4.12.2",
- "supplier": {
- "name": "Leonard Richardson",
- "contact": [
- {
- "email": "leonardr@segfault.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.2:*:*:*:*:*:*:*",
- "description": "Screen-scraping library",
- "externalReferences": [
- {
- "url": "https://pypi.org/project/beautifulsoup4/4.12.2",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/beautifulsoup4@4.12.2"
- },
- {
- "type": "library",
- "bom-ref": "16-soupsieve",
- "name": "soupsieve",
- "version": "2.4.1",
- "supplier": {
- "name": "Isaac Muse",
- "contact": [
- {
- "email": "use@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.4.1:*:*:*:*:*:*:*",
- "description": "A modern CSS selector implementation for Beautiful Soup.",
- "externalReferences": [
- {
- "url": "https://pypi.org/project/soupsieve/2.4.1",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/soupsieve@2.4.1"
- },
- {
- "type": "library",
- "bom-ref": "17-cvss",
- "name": "cvss",
- "version": "2.6",
- "supplier": {
- "name": "Stanislav Red Hat Product Security",
- "contact": [
- {
- "email": "skontar@redhat.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:2.6:*:*:*:*:*:*:*",
- "description": "CVSS2/3 library with interactive calculator for Python 2 and Python 3",
- "licenses": [
- {
- "license": {
- "id": "LGPL-3.0-or-later",
- "url": "https://www.gnu.org/licenses/lgpl-3.0-standalone.html"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/RedHatProductSecurity/cvss",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/cvss/2.6",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/cvss@2.6",
- "properties": [
- {
- "name": "License Comments",
- "value": "cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "18-defusedxml",
- "name": "defusedxml",
- "version": "0.7.1",
- "supplier": {
- "name": "Christian Heimes",
- "contact": [
- {
- "email": "christian@python.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*",
- "description": "XML bomb protection for Python stdlib modules",
- "licenses": [
- {
- "license": {
- "id": "PSF-2.0",
- "url": "https://opensource.org/licenses/Python-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/tiran/defusedxml",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/defusedxml/0.7.1",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/defusedxml@0.7.1",
- "properties": [
- {
- "name": "License Comments",
- "value": "defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "19-distro",
- "name": "distro",
- "version": "1.8.0",
- "supplier": {
- "name": "Nir Cohen",
- "contact": [
- {
- "email": "nir36g@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:*",
- "description": "Distro - an OS platform information API",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/python-distro/distro",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/distro/1.8.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/distro@1.8.0",
- "properties": [
- {
- "name": "License Comments",
- "value": "distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "20-gsutil",
- "name": "gsutil",
- "version": "5.25",
- "supplier": {
- "name": "Google Inc.",
- "contact": [
- {
- "email": "buganizer-system+187143@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:*",
- "description": "A command line tool for interacting with cloud storage services.",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://cloud.google.com/storage/docs/gsutil",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/gsutil/5.25",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/gsutil@5.25",
- "properties": [
- {
- "name": "License Comments",
- "value": "gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "21-argcomplete",
- "name": "argcomplete",
- "version": "3.1.1",
- "supplier": {
- "name": "Andrey Kislyuk",
- "contact": [
- {
- "email": "kislyuk@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.1:*:*:*:*:*:*:*",
- "description": "Bash tab completion for argparse",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/kislyuk/argcomplete",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/argcomplete/3.1.1",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/argcomplete@3.1.1",
- "properties": [
- {
- "name": "License Comments",
- "value": "argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "22-crcmod",
- "name": "crcmod",
- "version": "1.7",
- "supplier": {
- "name": "Ray Buvel",
- "contact": [
- {
- "email": "rlbuvel@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*",
- "description": "CRC Generator",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "http://crcmod.sourceforge.net/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/crcmod/1.7",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/crcmod@1.7"
- },
- {
- "type": "library",
- "bom-ref": "23-fasteners",
- "name": "fasteners",
- "version": "0.18",
- "supplier": {
- "name": "Joshua Harlow"
- },
- "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:*",
- "description": "A python package that provides useful locks",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/harlowja/fasteners",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/fasteners/0.18",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/fasteners@0.18",
- "properties": [
- {
- "name": "License Comments",
- "value": "fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "24-gcs-oauth2-boto-plugin",
- "name": "gcs-oauth2-boto-plugin",
- "version": "3.0",
- "supplier": {
- "name": "Google Inc.",
- "contact": [
- {
- "email": "gs-team@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*",
- "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://developers.google.com/storage/docs/gspythonlibrary",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.0",
- "properties": [
- {
- "name": "License Comments",
- "value": "gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "25-boto",
- "name": "boto",
- "version": "2.49.0",
- "supplier": {
- "name": "Mitch Garnaat",
- "contact": [
- {
- "email": "mitch@garnaat.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*",
- "description": "Amazon Web Services Library",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/boto/boto/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/boto/2.49.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/boto@2.49.0"
- },
- {
- "type": "library",
- "bom-ref": "26-google-reauth",
- "name": "google-reauth",
- "version": "0.1.1",
- "supplier": {
- "name": "Google",
- "contact": [
- {
- "email": "googleapis-publisher@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
- "description": "Google Reauth Library",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/Google/google-reauth-python",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/google-reauth/0.1.1",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/google-reauth@0.1.1",
- "properties": [
- {
- "name": "License Comments",
- "value": "google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "27-pyu2f",
- "name": "pyu2f",
- "version": "0.1.5",
- "supplier": {
- "name": "Google Inc.",
- "contact": [
- {
- "email": "pyu2f-team@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
- "description": "U2F host library for interacting with a U2F device over USB.",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/google/pyu2f/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/pyu2f/0.1.5",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/pyu2f@0.1.5",
- "properties": [
- {
- "name": "License Comments",
- "value": "pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "28-six",
- "name": "six",
- "version": "1.16.0",
- "supplier": {
- "name": "Benjamin Peterson",
- "contact": [
- {
- "email": "benjamin@python.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*",
- "description": "Python 2 and 3 compatibility utilities",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/benjaminp/six",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/six/1.16.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/six@1.16.0"
- },
- {
- "type": "library",
- "bom-ref": "29-httplib2",
- "name": "httplib2",
- "version": "0.20.4",
- "supplier": {
- "name": "Joe Gregorio",
- "contact": [
- {
- "email": "joe@bitworking.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*",
- "description": "A comprehensive HTTP client library.",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/httplib2/httplib2",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/httplib2/0.20.4",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/httplib2@0.20.4"
- },
- {
- "type": "library",
- "bom-ref": "30-pyparsing",
- "name": "pyparsing",
- "version": "3.1.0",
- "supplier": {
- "name": "Paul McGuire",
- "contact": [
- {
- "email": "ptmcg.gm+pyparsing@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:*",
- "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
- "externalReferences": [
- {
- "url": "https://pypi.org/project/pyparsing/3.1.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/pyparsing@3.1.0"
- },
- {
- "type": "library",
- "bom-ref": "31-oauth2client",
- "name": "oauth2client",
- "version": "4.1.3",
- "supplier": {
- "name": "Google Inc.",
- "contact": [
- {
- "email": "jonwayne+oauth2client@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
- "description": "OAuth 2.0 client library",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "http://github.com/google/oauth2client/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/oauth2client/4.1.3",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/oauth2client@4.1.3",
- "properties": [
- {
- "name": "License Comments",
- "value": "oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "32-pyasn1",
- "name": "pyasn1",
- "version": "0.5.0",
- "supplier": {
- "name": "Ilya Etingof",
- "contact": [
- {
- "email": "etingof@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.5.0:*:*:*:*:*:*:*",
- "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
- "licenses": [
- {
- "license": {
- "id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/pyasn1/pyasn1",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/pyasn1/0.5.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/pyasn1@0.5.0"
- },
- {
- "type": "library",
- "bom-ref": "33-pyasn1-modules",
- "name": "pyasn1-modules",
- "version": "0.3.0",
- "supplier": {
- "name": "Ilya Etingof",
- "contact": [
- {
- "email": "etingof@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.3.0:*:*:*:*:*:*:*",
- "description": "A collection of ASN.1-based protocols modules",
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/pyasn1/pyasn1-modules",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/pyasn1-modules/0.3.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/pyasn1-modules@0.3.0",
- "properties": [
- {
- "name": "License Comments",
- "value": "pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "34-rsa",
- "name": "rsa",
- "version": "4.7.2",
- "supplier": {
- "name": "Sybren A. Stuvel",
- "contact": [
- {
- "email": "sybren@stuvel.eu"
- }
- ]
- },
- "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
- "description": "Pure-Python RSA implementation",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://stuvel.eu/rsa",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/rsa/4.7.2",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/rsa@4.7.2",
- "properties": [
- {
- "name": "License Comments",
- "value": "rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "35-pyopenssl",
- "name": "pyopenssl",
- "version": "23.2.0",
- "supplier": {
- "name": "The pyOpenSSL developers",
- "contact": [
- {
- "email": "cryptography-dev@python.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.2.0:*:*:*:*:*:*:*",
- "description": "Python wrapper module around the OpenSSL library",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://pyopenssl.org/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/pyOpenSSL/23.2.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/pyopenssl@23.2.0",
- "properties": [
- {
- "name": "License Comments",
- "value": "pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "36-cryptography",
- "name": "cryptography",
- "version": "41.0.1",
- "supplier": {
- "name": "The Python Cryptographic Authority and individual contributors",
- "contact": [
- {
- "email": "cryptography-dev@python.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:*",
- "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
- "licenses": [
- {
- "license": {
- "expression": "Apache-2.0 OR BSD-3-Clause"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://pypi.org/project/cryptography/41.0.1",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/cryptography@41.0.1"
- },
- {
- "type": "library",
- "bom-ref": "37-cffi",
- "name": "cffi",
- "version": "1.15.1",
- "supplier": {
- "name": "Armin Maciej Fijalkowski",
- "contact": [
- {
- "email": "python-cffi@googlegroups.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.15.1:*:*:*:*:*:*:*",
- "description": "Foreign Function Interface for Python calling C code.",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "http://cffi.readthedocs.org",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/cffi/1.15.1",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/cffi@1.15.1"
- },
- {
- "type": "library",
- "bom-ref": "38-pycparser",
- "name": "pycparser",
- "version": "2.21",
- "supplier": {
- "name": "Eli Bendersky",
- "contact": [
- {
- "email": "eliben@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.21:*:*:*:*:*:*:*",
- "description": "C parser in Python",
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/eliben/pycparser",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/pycparser/2.21",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/pycparser@2.21",
- "properties": [
- {
- "name": "License Comments",
- "value": "pycparser declares BSD which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "39-retry-decorator",
- "name": "retry-decorator",
- "version": "1.1.1",
- "supplier": {
- "name": "Patrick Ng",
- "contact": [
- {
- "email": "pn.appdev@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*",
- "description": "Retry Decorator",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/pnpnpn/retry-decorator",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/retry-decorator/1.1.1",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/retry-decorator@1.1.1"
- },
- {
- "type": "library",
- "bom-ref": "40-google-apitools",
- "name": "google-apitools",
- "version": "0.5.32",
- "supplier": {
- "name": "Craig Citro",
- "contact": [
- {
- "email": "craigcitro@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*",
- "description": "client libraries for humans",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "http://github.com/google/apitools",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/google-apitools/0.5.32",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/google-apitools@0.5.32",
- "properties": [
- {
- "name": "License Comments",
- "value": "google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "41-google-auth",
- "name": "google-auth",
- "version": "2.20.0",
- "supplier": {
- "name": "Google Cloud Platform",
- "contact": [
- {
- "email": "googleapis-packages@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.20.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/googleapis/google-auth-library-python",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/google-auth/2.20.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/google-auth@2.20.0",
- "properties": [
- {
- "name": "License Comments",
- "value": "google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "42-cachetools",
- "name": "cachetools",
- "version": "5.3.1",
- "supplier": {
- "name": "Thomas Kemmer",
- "contact": [
- {
- "email": "tkemmer@computer.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:*",
- "description": "Extensible memoizing collections and decorators",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/tkem/cachetools/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/cachetools/5.3.1",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/cachetools@5.3.1"
- },
- {
- "type": "library",
- "bom-ref": "43-urllib3",
- "name": "urllib3",
- "version": "1.26.16",
- "supplier": {
- "name": "Andrey Petrov",
- "contact": [
- {
- "email": "andrey.petrov@shazow.net"
- }
- ]
- },
- "cpe": "cpe:2.3:a:andrey_petrov:urllib3:1.26.16:*:*:*:*:*:*:*",
- "description": "HTTP library with thread-safe connection pooling, file post, and more.",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://urllib3.readthedocs.io/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/urllib3/1.26.16",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/urllib3@1.26.16"
- },
- {
- "type": "library",
- "bom-ref": "44-monotonic",
- "name": "monotonic",
- "version": "1.6",
- "supplier": {
- "name": "Ori Livneh",
- "contact": [
- {
- "email": "ori@wikimedia.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*",
- "description": "An implementation of time.monotonic() for Python 2 & < 3.3",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/atdt/monotonic",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/monotonic/1.6",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/monotonic@1.6",
- "properties": [
- {
- "name": "License Comments",
- "value": "monotonic declares Apache which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "45-importlib-resources",
- "name": "importlib-resources",
- "version": "5.12.0",
- "supplier": {
- "name": "Barry Warsaw",
- "contact": [
- {
- "email": "barry@python.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:5.12.0:*:*:*:*:*:*:*",
- "description": "Read resources from Python packages",
- "externalReferences": [
- {
- "url": "https://github.com/python/importlib_resources",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/importlib-resources/5.12.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/importlib-resources@5.12.0"
- },
- {
- "type": "library",
- "bom-ref": "46-jinja2",
- "name": "jinja2",
- "version": "3.1.2",
- "supplier": {
- "name": "Armin Ronacher",
- "contact": [
- {
- "email": "armin.ronacher@active-4.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*:*:*",
- "description": "A very fast and expressive template engine.",
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://palletsprojects.com/p/jinja/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/Jinja2/3.1.2",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/jinja2@3.1.2"
- },
- {
- "type": "library",
- "bom-ref": "47-markupsafe",
- "name": "markupsafe",
- "version": "2.1.3",
- "description": "Safely add untrusted strings to HTML/XML markup.",
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://palletsprojects.com/p/markupsafe/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/MarkupSafe/2.1.3",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/markupsafe@2.1.3"
- },
- {
- "type": "library",
- "bom-ref": "48-jsonschema",
- "name": "jsonschema",
- "version": "4.17.3",
- "supplier": {
- "name": "Julian Berman"
- },
- "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.17.3:*:*:*:*:*:*:*",
- "description": "An implementation of JSON Schema validation for Python",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://pypi.org/project/jsonschema/4.17.3",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/jsonschema@4.17.3"
- },
- {
- "type": "library",
- "bom-ref": "49-pkgutil-resolve-name",
- "name": "pkgutil-resolve-name",
- "version": "1.3.10",
- "supplier": {
- "name": "Vinay Sajip",
- "contact": [
- {
- "email": "vinay_sajip@yahoo.co.uk"
- }
- ]
- },
- "cpe": "cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.10:*:*:*:*:*:*:*",
- "description": "Resolve a name to an object.",
- "externalReferences": [
- {
- "url": "https://github.com/graingert/pkgutil-resolve-name",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/pkgutil_resolve_name/1.3.10",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/pkgutil-resolve-name@1.3.10"
- },
- {
- "type": "library",
- "bom-ref": "50-pyrsistent",
- "name": "pyrsistent",
- "version": "0.19.3",
- "supplier": {
- "name": "Tobias Gustafsson",
- "contact": [
- {
- "email": "tobias.l.gustafsson@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:tobias_gustafsson:pyrsistent:0.19.3:*:*:*:*:*:*:*",
- "description": "Persistent/Functional/Immutable data structures",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/tobgu/pyrsistent/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/pyrsistent/0.19.3",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/pyrsistent@0.19.3"
- },
- {
- "type": "library",
- "bom-ref": "51-lib4sbom",
- "name": "lib4sbom",
- "version": "0.3.1",
- "supplier": {
- "name": "Anthony Harrison",
- "contact": [
- {
- "email": "anthony.p.harrison@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:*",
- "description": "Software Bill of Material (SBOM) generator and consumer library",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/anthonyharrison/lib4sbom",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/lib4sbom/0.3.1",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/lib4sbom@0.3.1"
- },
- {
- "type": "library",
- "bom-ref": "52-pyyaml",
- "name": "pyyaml",
- "version": "6.0",
- "supplier": {
- "name": "Kirill Simonov",
- "contact": [
- {
- "email": "xi@resolvent.net"
- }
- ]
- },
- "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:*",
- "description": "YAML parser and emitter for Python",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://pyyaml.org/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/PyYAML/6.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/pyyaml@6.0"
- },
- {
- "type": "library",
- "bom-ref": "53-semantic-version",
- "name": "semantic-version",
- "version": "2.10.0",
- "supplier": {
- "name": "Raphael Barrois",
- "contact": [
- {
- "email": "raphael.barrois+semver@polytechnique.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*",
- "description": "A library implementing the 'SemVer' scheme.",
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/rbarrois/python-semanticversion",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/semantic-version/2.10.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/semantic-version@2.10.0",
- "properties": [
- {
- "name": "License Comments",
- "value": "semantic-version declares BSD which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "54-packaging",
- "name": "packaging",
- "version": "21.3",
- "supplier": {
- "name": "Donald Stufft and individual contributors",
- "contact": [
- {
- "email": "donald@stufft.io"
- }
- ]
- },
- "cpe": "cpe:2.3:a:donald_stufft_and_individual_contributors:packaging:21.3:*:*:*:*:*:*:*",
- "description": "Core utilities for Python packages",
- "licenses": [
- {
- "license": {
- "expression": "BSD-2-Clause OR Apache-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/pypa/packaging",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/packaging/21.3",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/packaging@21.3",
- "properties": [
- {
- "name": "License Comments",
- "value": "packaging declares BSD-2-Clause or Apache-2.0 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "55-plotly",
- "name": "plotly",
- "version": "5.15.0",
- "supplier": {
- "name": "Chris P",
- "contact": [
- {
- "email": "chris@plot.ly"
- }
- ]
- },
- "cpe": "cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:*",
- "description": "An open-source, interactive data visualization library for Python",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://plotly.com/python/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/plotly/5.15.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/plotly@5.15.0"
- },
- {
- "type": "library",
- "bom-ref": "56-tenacity",
- "name": "tenacity",
- "version": "8.2.2",
- "supplier": {
- "name": "Julien Danjou",
- "contact": [
- {
- "email": "julien@danjou.info"
- }
- ]
- },
- "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:*",
- "description": "Retry code until it succeeds",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/jd/tenacity",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/tenacity/8.2.2",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/tenacity@8.2.2",
- "properties": [
- {
- "name": "License Comments",
- "value": "tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "57-python-gnupg",
- "name": "python-gnupg",
- "version": "0.5.0",
- "supplier": {
- "name": "Vinay Sajip",
- "contact": [
- {
- "email": "vinay_sajip@yahoo.co.uk"
- }
- ]
- },
- "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.0:*:*:*:*:*:*:*",
- "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/vsajip/python-gnupg",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/python-gnupg/0.5.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/python-gnupg@0.5.0",
- "properties": [
- {
- "name": "License Comments",
- "value": "python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "58-requests",
- "name": "requests",
- "version": "2.31.0",
- "supplier": {
- "name": "Kenneth Reitz",
- "contact": [
- {
- "email": "me@kennethreitz.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:*",
- "description": "Python HTTP for Humans.",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://requests.readthedocs.io",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/requests/2.31.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/requests@2.31.0",
- "properties": [
- {
- "name": "License Comments",
- "value": "requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "59-certifi",
- "name": "certifi",
- "version": "2023.5.7",
- "supplier": {
- "name": "Kenneth Reitz",
- "contact": [
- {
- "email": "me@kennethreitz.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*",
- "description": "Python package for providing Mozilla's CA Bundle.",
- "licenses": [
- {
- "license": {
- "id": "MPL-2.0",
- "url": "https://www.mozilla.org/MPL/2.0/"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/certifi/python-certifi",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/certifi/2023.5.7",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/certifi@2023.5.7"
- },
- {
- "type": "library",
- "bom-ref": "60-rich",
- "name": "rich",
- "version": "13.4.2",
- "supplier": {
- "name": "Will McGugan",
- "contact": [
- {
- "email": "willmcgugan@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:*",
- "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/Textualize/rich",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/rich/13.4.2",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/rich@13.4.2"
- },
- {
- "type": "library",
- "bom-ref": "61-markdown-it-py",
- "name": "markdown-it-py",
- "version": "2.2.0",
- "supplier": {
- "name": "Chris Sewell",
- "contact": [
- {
- "email": "chrisj_sewell@hotmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:chris_sewell:markdown-it-py:2.2.0:*:*:*:*:*:*:*",
- "description": "Python port of markdown-it. Markdown parsing, done right!",
- "externalReferences": [
- {
- "url": "https://pypi.org/project/markdown-it-py/2.2.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/markdown-it-py@2.2.0"
- },
- {
- "type": "library",
- "bom-ref": "62-mdurl",
- "name": "mdurl",
- "version": "0.1.2",
- "supplier": {
- "name": "Taneli Hukkinen",
- "contact": [
- {
- "email": "hukkin@users.noreply.github.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*",
- "description": "Markdown URL utilities",
- "externalReferences": [
- {
- "url": "https://pypi.org/project/mdurl/0.1.2",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/mdurl@0.1.2"
- },
- {
- "type": "library",
- "bom-ref": "63-pygments",
- "name": "pygments",
- "version": "2.15.1",
- "supplier": {
- "name": "Georg Brandl",
- "contact": [
- {
- "email": "georg@python.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*",
- "description": "Pygments is a syntax highlighting package written in Python.",
- "licenses": [
- {
- "license": {
- "id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://pypi.org/project/Pygments/2.15.1",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/pygments@2.15.1"
- },
- {
- "type": "library",
- "bom-ref": "64-rpmfile",
- "name": "rpmfile",
- "version": "1.1.1",
- "supplier": {
- "name": "Sean Ross",
- "contact": [
- {
- "email": "srossross@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:*",
- "description": "Read rpm archive files",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/srossross/rpmfile",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/rpmfile/1.1.1",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/rpmfile@1.1.1"
- },
- {
- "type": "library",
- "bom-ref": "65-toml",
- "name": "toml",
- "version": "0.10.2",
- "supplier": {
- "name": "William Pearson",
- "contact": [
- {
- "email": "uiri@xqz.ca"
- }
- ]
- },
- "cpe": "cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*",
- "description": "Python Library for Tom's Obvious, Minimal Language",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/uiri/toml",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/toml/0.10.2",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/toml@0.10.2"
- },
- {
- "type": "library",
- "bom-ref": "66-xmlschema",
- "name": "xmlschema",
- "version": "2.3.1",
- "supplier": {
- "name": "Davide Brunato",
- "contact": [
- {
- "email": "brunato@sissa.it"
- }
- ]
- },
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:*",
- "description": "An XML Schema validator and decoder",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/sissaschool/xmlschema",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/xmlschema/2.3.1",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/xmlschema@2.3.1"
- },
- {
- "type": "library",
- "bom-ref": "67-elementpath",
- "name": "elementpath",
- "version": "4.1.3",
- "supplier": {
- "name": "Davide Brunato",
- "contact": [
- {
- "email": "brunato@sissa.it"
- }
- ]
- },
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.3:*:*:*:*:*:*:*",
- "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/sissaschool/elementpath",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/elementpath/4.1.3",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/elementpath@4.1.3"
- },
- {
- "type": "library",
- "bom-ref": "68-zstandard",
- "name": "zstandard",
- "version": "0.21.0",
- "supplier": {
- "name": "Gregory Szorc",
- "contact": [
- {
- "email": "gregory.szorc@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:*",
- "description": "Zstandard bindings for Python",
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/indygreg/python-zstandard",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/zstandard/0.21.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/zstandard@0.21.0",
- "properties": [
- {
- "name": "License Comments",
- "value": "zstandard declares BSD which is not currently a valid SPDX License identifier or expression."
- }
- ]
- }
- ],
- "dependencies": [
- {
- "ref": "CDXRef-DOCUMENT",
- "dependsOn": [
- "1-cve-bin-tool"
- ]
- },
- {
- "ref": "1-cve-bin-tool",
- "dependsOn": [
- "2-aiohttp",
- "15-beautifulsoup4",
- "17-cvss",
- "18-defusedxml",
- "19-distro",
- "20-gsutil",
- "9-importlib-metadata",
- "45-importlib-resources",
- "46-jinja2",
- "48-jsonschema",
- "51-lib4sbom",
- "54-packaging",
- "55-plotly",
- "57-python-gnupg",
- "52-pyyaml",
- "58-requests",
- "60-rich",
- "64-rpmfile",
- "65-toml",
- "43-urllib3",
- "66-xmlschema",
- "68-zstandard"
- ]
- },
- {
- "ref": "2-aiohttp",
- "dependsOn": [
- "3-aiosignal",
- "5-async-timeout",
- "7-asynctest",
- "8-attrs",
- "11-charset-normalizer",
- "4-frozenlist",
- "12-multidict",
- "6-typing-extensions",
- "13-yarl"
- ]
- },
- {
- "ref": "3-aiosignal",
- "dependsOn": [
- "4-frozenlist"
- ]
- },
- {
- "ref": "5-async-timeout",
- "dependsOn": [
- "6-typing-extensions"
- ]
- },
- {
- "ref": "8-attrs",
- "dependsOn": [
- "9-importlib-metadata"
- ]
- },
- {
- "ref": "9-importlib-metadata",
- "dependsOn": [
- "6-typing-extensions",
- "10-zipp"
- ]
- },
- {
- "ref": "13-yarl",
- "dependsOn": [
- "14-idna",
- "12-multidict",
- "6-typing-extensions"
- ]
- },
- {
- "ref": "15-beautifulsoup4",
- "dependsOn": [
- "16-soupsieve"
- ]
- },
- {
- "ref": "20-gsutil",
- "dependsOn": [
- "21-argcomplete",
- "22-crcmod",
- "23-fasteners",
- "24-gcs-oauth2-boto-plugin",
- "40-google-apitools",
- "41-google-auth",
- "26-google-reauth",
- "29-httplib2",
- "44-monotonic",
- "35-pyopenssl",
- "39-retry-decorator",
- "28-six"
- ]
- },
- {
- "ref": "21-argcomplete",
- "dependsOn": [
- "9-importlib-metadata"
- ]
- },
- {
- "ref": "24-gcs-oauth2-boto-plugin",
- "dependsOn": [
- "25-boto",
- "26-google-reauth",
- "29-httplib2",
- "31-oauth2client",
- "35-pyopenssl",
- "39-retry-decorator",
- "34-rsa",
- "28-six"
- ]
- },
- {
- "ref": "26-google-reauth",
- "dependsOn": [
- "27-pyu2f"
- ]
- },
- {
- "ref": "27-pyu2f",
- "dependsOn": [
- "28-six"
- ]
- },
- {
- "ref": "29-httplib2",
- "dependsOn": [
- "30-pyparsing"
- ]
- },
- {
- "ref": "31-oauth2client",
- "dependsOn": [
- "29-httplib2",
- "32-pyasn1",
- "33-pyasn1-modules",
- "34-rsa",
- "28-six"
- ]
- },
- {
- "ref": "33-pyasn1-modules",
- "dependsOn": [
- "32-pyasn1"
- ]
- },
- {
- "ref": "34-rsa",
- "dependsOn": [
- "32-pyasn1"
- ]
- },
- {
- "ref": "35-pyopenssl",
- "dependsOn": [
- "36-cryptography"
- ]
- },
- {
- "ref": "36-cryptography",
- "dependsOn": [
- "37-cffi"
- ]
- },
- {
- "ref": "37-cffi",
- "dependsOn": [
- "38-pycparser"
- ]
- },
- {
- "ref": "40-google-apitools",
- "dependsOn": [
- "23-fasteners",
- "29-httplib2",
- "31-oauth2client",
- "28-six"
- ]
- },
- {
- "ref": "41-google-auth",
- "dependsOn": [
- "42-cachetools",
- "33-pyasn1-modules",
- "34-rsa",
- "28-six",
- "43-urllib3"
- ]
- },
- {
- "ref": "45-importlib-resources",
- "dependsOn": [
- "10-zipp"
- ]
- },
- {
- "ref": "46-jinja2",
- "dependsOn": [
- "47-markupsafe"
- ]
- },
- {
- "ref": "48-jsonschema",
- "dependsOn": [
- "8-attrs",
- "9-importlib-metadata",
- "45-importlib-resources",
- "49-pkgutil-resolve-name",
- "50-pyrsistent",
- "6-typing-extensions"
- ]
- },
- {
- "ref": "51-lib4sbom",
- "dependsOn": [
- "52-pyyaml",
- "53-semantic-version"
- ]
- },
- {
- "ref": "54-packaging",
- "dependsOn": [
- "30-pyparsing"
- ]
- },
- {
- "ref": "55-plotly",
- "dependsOn": [
- "54-packaging",
- "56-tenacity"
- ]
- },
- {
- "ref": "58-requests",
- "dependsOn": [
- "59-certifi",
- "11-charset-normalizer",
- "14-idna",
- "43-urllib3"
- ]
- },
- {
- "ref": "60-rich",
- "dependsOn": [
- "61-markdown-it-py",
- "63-pygments",
- "6-typing-extensions"
- ]
- },
- {
- "ref": "61-markdown-it-py",
- "dependsOn": [
- "62-mdurl",
- "6-typing-extensions"
- ]
- },
- {
- "ref": "66-xmlschema",
- "dependsOn": [
- "67-elementpath"
- ]
- }
- ]
-}
diff --git a/sbom/cve-bin-tool-py3.7.spdx b/sbom/cve-bin-tool-py3.7.spdx
deleted file mode 100644
index 76060c0c75..0000000000
--- a/sbom/cve-bin-tool-py3.7.spdx
+++ /dev/null
@@ -1,1220 +0,0 @@
-SPDXVersion: SPDX-2.3
-DataLicense: CC0-1.0
-SPDXID: SPDXRef-DOCUMENT
-DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c3c0603d-4c4e-4030-8d63-80cfe9b55bf2
-LicenseListVersion: 3.20
-Creator: Tool: sbom4python-0.9.1
-Created: 2023-06-26T00:31:57Z
-CreatorComment: This document has been automatically generated.
-#####
-
-PackageName: cve-bin-tool
-SPDXID: SPDXRef-Package-1-cve-bin-tool
-PackageVersion: 3.2.2.dev0
-PrimaryPackagePurpose: APPLICATION
-PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
-PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.2.2.dev0
-FilesAnalyzed: false
-PackageHomePage: https://github.com/intel/cve-bin-tool
-PackageLicenseDeclared: GPL-3.0-or-later
-PackageLicenseConcluded: GPL-3.0-or-later
-PackageCopyrightText: NOASSERTION
-PackageSummary: CVE Binary Checker Tool
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.2.2.dev0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.2.dev0:*:*:*:*:*:*:*
-#####
-
-PackageName: aiohttp
-SPDXID: SPDXRef-Package-2-aiohttp
-PackageVersion: 3.8.4
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.8.4
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.4
-#####
-
-PackageName: aiosignal
-SPDXID: SPDXRef-Package-3-aiosignal
-PackageVersion: 1.3.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/aiosignal
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: aiosignal: a list of registered asynchronous callbacks
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.3.1
-#####
-
-PackageName: frozenlist
-SPDXID: SPDXRef-Package-4-frozenlist
-PackageVersion: 1.3.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/frozenlist/1.3.3
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/frozenlist
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A list-like structure which implements collections.abc.MutableSequence
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.3.3
-#####
-
-PackageName: async-timeout
-SPDXID: SPDXRef-Package-5-async-timeout
-PackageVersion: 4.0.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.2
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/async-timeout
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Timeout context manager for asyncio programs
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/async-timeout@4.0.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:*
-#####
-
-PackageName: typing-extensions
-SPDXID: SPDXRef-Package-6-typing-extensions
-PackageVersion: 4.6.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/typing_extensions/4.6.3
-FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Backported and Experimental Type Hints for Python 3.7+
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.6.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.6.3:*:*:*:*:*:*:*
-#####
-
-PackageName: asynctest
-SPDXID: SPDXRef-Package-7-asynctest
-PackageVersion: 0.13.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Martin Richard (martius@martiusweb.net)
-PackageDownloadLocation: https://pypi.org/project/asynctest/0.13.0
-FilesAnalyzed: false
-PackageHomePage: https://github.com/Martiusweb/asynctest/
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: asynctest declares Apache 2 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Enhance the standard unittest package with features for testing asyncio libraries
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/asynctest@0.13.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:martin_richard:asynctest:0.13.0:*:*:*:*:*:*:*
-#####
-
-PackageName: attrs
-SPDXID: SPDXRef-Package-8-attrs
-PackageVersion: 23.1.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
-PackageDownloadLocation: https://pypi.org/project/attrs/23.1.0
-FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Classes Without Boilerplate
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@23.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*:*:*
-#####
-
-PackageName: importlib-metadata
-SPDXID: SPDXRef-Package-9-importlib-metadata
-PackageVersion: 6.7.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/importlib-metadata/6.7.0
-FilesAnalyzed: false
-PackageHomePage: https://github.com/python/importlib_metadata
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Read metadata from Python packages
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-metadata@6.7.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:6.7.0:*:*:*:*:*:*:*
-#####
-
-PackageName: zipp
-SPDXID: SPDXRef-Package-10-zipp
-PackageVersion: 3.15.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.15.0
-FilesAnalyzed: false
-PackageHomePage: https://github.com/jaraco/zipp
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.15.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.15.0:*:*:*:*:*:*:*
-#####
-
-PackageName: charset-normalizer
-SPDXID: SPDXRef-Package-11-charset-normalizer
-PackageVersion: 3.1.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev)
-PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.1.0
-FilesAnalyzed: false
-PackageHomePage: https://github.com/Ousret/charset_normalizer
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.1.0:*:*:*:*:*:*:*
-#####
-
-PackageName: multidict
-SPDXID: SPDXRef-Package-12-multidict
-PackageVersion: 6.0.4
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/multidict/6.0.4
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/multidict
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: multidict implementation
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/multidict@6.0.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:*:*:*:*
-#####
-
-PackageName: yarl
-SPDXID: SPDXRef-Package-13-yarl
-PackageVersion: 1.9.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.9.2
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/yarl/
-PackageLicenseDeclared: Apache-2.0
-PackageLicenseConcluded: Apache-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Yet another URL library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:*
-#####
-
-PackageName: idna
-SPDXID: SPDXRef-Package-14-idna
-PackageVersion: 3.4
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Kim Davies (kim@cynosure.com.au)
-PackageDownloadLocation: https://pypi.org/project/idna/3.4
-FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Internationalized Domain Names in Applications (IDNA)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/idna@3.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.4:*:*:*:*:*:*:*
-#####
-
-PackageName: beautifulsoup4
-SPDXID: SPDXRef-Package-15-beautifulsoup4
-PackageVersion: 4.12.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
-PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.2
-FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Screen-scraping library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.12.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.2:*:*:*:*:*:*:*
-#####
-
-PackageName: soupsieve
-SPDXID: SPDXRef-Package-16-soupsieve
-PackageVersion: 2.4.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Isaac Muse (use@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/soupsieve/2.4.1
-FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: A modern CSS selector implementation for Beautiful Soup.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.4.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.4.1:*:*:*:*:*:*:*
-#####
-
-PackageName: cvss
-SPDXID: SPDXRef-Package-17-cvss
-PackageVersion: 2.6
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
-PackageDownloadLocation: https://pypi.org/project/cvss/2.6
-FilesAnalyzed: false
-PackageHomePage: https://github.com/RedHatProductSecurity/cvss
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: LGPL-3.0-or-later
-PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: CVSS2/3 library with interactive calculator for Python 2 and Python 3
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@2.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:2.6:*:*:*:*:*:*:*
-#####
-
-PackageName: defusedxml
-SPDXID: SPDXRef-Package-18-defusedxml
-PackageVersion: 0.7.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Christian Heimes (christian@python.org)
-PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1
-FilesAnalyzed: false
-PackageHomePage: https://github.com/tiran/defusedxml
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: PSF-2.0
-PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: XML bomb protection for Python stdlib modules
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/defusedxml@0.7.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*
-#####
-
-PackageName: distro
-SPDXID: SPDXRef-Package-19-distro
-PackageVersion: 1.8.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Nir Cohen (nir36g@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/distro/1.8.0
-FilesAnalyzed: false
-PackageHomePage: https://github.com/python-distro/distro
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Distro - an OS platform information API
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/distro@1.8.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:*
-#####
-
-PackageName: gsutil
-SPDXID: SPDXRef-Package-20-gsutil
-PackageVersion: 5.25
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.25
-FilesAnalyzed: false
-PackageHomePage: https://cloud.google.com/storage/docs/gsutil
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A command line tool for interacting with cloud storage services.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.25
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:*
-#####
-
-PackageName: argcomplete
-SPDXID: SPDXRef-Package-21-argcomplete
-PackageVersion: 3.1.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.1
-FilesAnalyzed: false
-PackageHomePage: https://github.com/kislyuk/argcomplete
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.1:*:*:*:*:*:*:*
-#####
-
-PackageName: crcmod
-SPDXID: SPDXRef-Package-22-crcmod
-PackageVersion: 1.7
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/crcmod/1.7
-FilesAnalyzed: false
-PackageHomePage: http://crcmod.sourceforge.net/
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: CRC Generator
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/crcmod@1.7
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
-#####
-
-PackageName: fasteners
-SPDXID: SPDXRef-Package-23-fasteners
-PackageVersion: 0.18
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Joshua Harlow
-PackageDownloadLocation: https://pypi.org/project/fasteners/0.18
-FilesAnalyzed: false
-PackageHomePage: https://github.com/harlowja/fasteners
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A python package that provides useful locks
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.18
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:*
-#####
-
-PackageName: gcs-oauth2-boto-plugin
-SPDXID: SPDXRef-Package-24-gcs-oauth2-boto-plugin
-PackageVersion: 3.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google Inc. (gs-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.0
-FilesAnalyzed: false
-PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*
-#####
-
-PackageName: boto
-SPDXID: SPDXRef-Package-25-boto
-PackageVersion: 2.49.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
-PackageDownloadLocation: https://pypi.org/project/boto/2.49.0
-FilesAnalyzed: false
-PackageHomePage: https://github.com/boto/boto/
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Amazon Web Services Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/boto@2.49.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
-#####
-
-PackageName: google-reauth
-SPDXID: SPDXRef-Package-26-google-reauth
-PackageVersion: 0.1.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google (googleapis-publisher@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1
-FilesAnalyzed: false
-PackageHomePage: https://github.com/Google/google-reauth-python
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Reauth Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-reauth@0.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pyu2f
-SPDXID: SPDXRef-Package-27-pyu2f
-PackageVersion: 0.1.5
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5
-FilesAnalyzed: false
-PackageHomePage: https://github.com/google/pyu2f/
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: U2F host library for interacting with a U2F device over USB.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyu2f@0.1.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
-#####
-
-PackageName: six
-SPDXID: SPDXRef-Package-28-six
-PackageVersion: 1.16.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Benjamin Peterson (benjamin@python.org)
-PackageDownloadLocation: https://pypi.org/project/six/1.16.0
-FilesAnalyzed: false
-PackageHomePage: https://github.com/benjaminp/six
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python 2 and 3 compatibility utilities
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/six@1.16.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*
-#####
-
-PackageName: httplib2
-SPDXID: SPDXRef-Package-29-httplib2
-PackageVersion: 0.20.4
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Joe Gregorio (joe@bitworking.org)
-PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4
-FilesAnalyzed: false
-PackageHomePage: https://github.com/httplib2/httplib2
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: A comprehensive HTTP client library.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/httplib2@0.20.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*
-#####
-
-PackageName: pyparsing
-SPDXID: SPDXRef-Package-30-pyparsing
-PackageVersion: 3.1.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.0
-FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:*
-#####
-
-PackageName: oauth2client
-SPDXID: SPDXRef-Package-31-oauth2client
-PackageVersion: 4.1.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com)
-PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3
-FilesAnalyzed: false
-PackageHomePage: http://github.com/google/oauth2client/
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: OAuth 2.0 client library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/oauth2client@4.1.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*
-#####
-
-PackageName: pyasn1
-SPDXID: SPDXRef-Package-32-pyasn1
-PackageVersion: 0.5.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1/0.5.0
-FilesAnalyzed: false
-PackageHomePage: https://github.com/pyasn1/pyasn1
-PackageLicenseDeclared: BSD-2-Clause
-PackageLicenseConcluded: BSD-2-Clause
-PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.5.0:*:*:*:*:*:*:*
-#####
-
-PackageName: pyasn1-modules
-SPDXID: SPDXRef-Package-33-pyasn1-modules
-PackageVersion: 0.3.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.3.0
-FilesAnalyzed: false
-PackageHomePage: https://github.com/pyasn1/pyasn1-modules
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A collection of ASN.1-based protocols modules
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1-modules@0.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.3.0:*:*:*:*:*:*:*
-#####
-
-PackageName: rsa
-SPDXID: SPDXRef-Package-34-rsa
-PackageVersion: 4.7.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
-PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2
-FilesAnalyzed: false
-PackageHomePage: https://stuvel.eu/rsa
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python RSA implementation
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rsa@4.7.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
-#####
-
-PackageName: pyopenssl
-SPDXID: SPDXRef-Package-35-pyopenssl
-PackageVersion: 23.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.2.0
-FilesAnalyzed: false
-PackageHomePage: https://pyopenssl.org/
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python wrapper module around the OpenSSL library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.2.0:*:*:*:*:*:*:*
-#####
-
-PackageName: cryptography
-SPDXID: SPDXRef-Package-36-cryptography
-PackageVersion: 41.0.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.1
-FilesAnalyzed: false
-PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
-PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
-PackageCopyrightText: NOASSERTION
-PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:*
-#####
-
-PackageName: cffi
-SPDXID: SPDXRef-Package-37-cffi
-PackageVersion: 1.15.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com)
-PackageDownloadLocation: https://pypi.org/project/cffi/1.15.1
-FilesAnalyzed: false
-PackageHomePage: http://cffi.readthedocs.org
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Foreign Function Interface for Python calling C code.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@1.15.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.15.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pycparser
-SPDXID: SPDXRef-Package-38-pycparser
-PackageVersion: 2.21
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pycparser/2.21
-FilesAnalyzed: false
-PackageHomePage: https://github.com/eliben/pycparser
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pycparser declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: C parser in Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pycparser@2.21
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.21:*:*:*:*:*:*:*
-#####
-
-PackageName: retry-decorator
-SPDXID: SPDXRef-Package-39-retry-decorator
-PackageVersion: 1.1.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1
-FilesAnalyzed: false
-PackageHomePage: https://github.com/pnpnpn/retry-decorator
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Retry Decorator
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/retry-decorator@1.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*
-#####
-
-PackageName: google-apitools
-SPDXID: SPDXRef-Package-40-google-apitools
-PackageVersion: 0.5.32
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Craig Citro (craigcitro@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32
-FilesAnalyzed: false
-PackageHomePage: http://github.com/google/apitools
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: client libraries for humans
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-apitools@0.5.32
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
-#####
-
-PackageName: google-auth
-SPDXID: SPDXRef-Package-41-google-auth
-PackageVersion: 2.20.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.20.0
-FilesAnalyzed: false
-PackageHomePage: https://github.com/googleapis/google-auth-library-python
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.20.0:*:*:*:*:*:*:*
-#####
-
-PackageName: cachetools
-SPDXID: SPDXRef-Package-42-cachetools
-PackageVersion: 5.3.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.1
-FilesAnalyzed: false
-PackageHomePage: https://github.com/tkem/cachetools/
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Extensible memoizing collections and decorators
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:*
-#####
-
-PackageName: urllib3
-SPDXID: SPDXRef-Package-43-urllib3
-PackageVersion: 1.26.16
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
-PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.16
-FilesAnalyzed: false
-PackageHomePage: https://urllib3.readthedocs.io/
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.16
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.16:*:*:*:*:*:*:*
-#####
-
-PackageName: monotonic
-SPDXID: SPDXRef-Package-44-monotonic
-PackageVersion: 1.6
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ori Livneh (ori@wikimedia.org)
-PackageDownloadLocation: https://pypi.org/project/monotonic/1.6
-FilesAnalyzed: false
-PackageHomePage: https://github.com/atdt/monotonic
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/monotonic@1.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
-#####
-
-PackageName: importlib-resources
-SPDXID: SPDXRef-Package-45-importlib-resources
-PackageVersion: 5.12.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Barry Warsaw (barry@python.org)
-PackageDownloadLocation: https://pypi.org/project/importlib-resources/5.12.0
-FilesAnalyzed: false
-PackageHomePage: https://github.com/python/importlib_resources
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Read resources from Python packages
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-resources@5.12.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:5.12.0:*:*:*:*:*:*:*
-#####
-
-PackageName: jinja2
-SPDXID: SPDXRef-Package-46-jinja2
-PackageVersion: 3.1.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)
-PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.2
-FilesAnalyzed: false
-PackageHomePage: https://palletsprojects.com/p/jinja/
-PackageLicenseDeclared: BSD-3-Clause
-PackageLicenseConcluded: BSD-3-Clause
-PackageCopyrightText: NOASSERTION
-PackageSummary: A very fast and expressive template engine.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.1.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*:*:*
-#####
-
-PackageName: markupsafe
-SPDXID: SPDXRef-Package-47-markupsafe
-PackageVersion: 2.1.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.3
-FilesAnalyzed: false
-PackageHomePage: https://palletsprojects.com/p/markupsafe/
-PackageLicenseDeclared: BSD-3-Clause
-PackageLicenseConcluded: BSD-3-Clause
-PackageCopyrightText: NOASSERTION
-PackageSummary: Safely add untrusted strings to HTML/XML markup.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3
-#####
-
-PackageName: jsonschema
-SPDXID: SPDXRef-Package-48-jsonschema
-PackageVersion: 4.17.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.17.3
-FilesAnalyzed: false
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: An implementation of JSON Schema validation for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.17.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.17.3:*:*:*:*:*:*:*
-#####
-
-PackageName: pkgutil-resolve-name
-SPDXID: SPDXRef-Package-49-pkgutil-resolve-name
-PackageVersion: 1.3.10
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
-PackageDownloadLocation: https://pypi.org/project/pkgutil_resolve_name/1.3.10
-FilesAnalyzed: false
-PackageHomePage: https://github.com/graingert/pkgutil-resolve-name
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Resolve a name to an object.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pkgutil-resolve-name@1.3.10
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.10:*:*:*:*:*:*:*
-#####
-
-PackageName: pyrsistent
-SPDXID: SPDXRef-Package-50-pyrsistent
-PackageVersion: 0.19.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Tobias Gustafsson (tobias.l.gustafsson@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyrsistent/0.19.3
-FilesAnalyzed: false
-PackageHomePage: https://github.com/tobgu/pyrsistent/
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Persistent/Functional/Immutable data structures
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyrsistent@0.19.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:tobias_gustafsson:pyrsistent:0.19.3:*:*:*:*:*:*:*
-#####
-
-PackageName: lib4sbom
-SPDXID: SPDXRef-Package-51-lib4sbom
-PackageVersion: 0.3.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.3.1
-FilesAnalyzed: false
-PackageHomePage: https://github.com/anthonyharrison/lib4sbom
-PackageLicenseDeclared: Apache-2.0
-PackageLicenseConcluded: Apache-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pyyaml
-SPDXID: SPDXRef-Package-52-pyyaml
-PackageVersion: 6.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
-PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0
-FilesAnalyzed: false
-PackageHomePage: https://pyyaml.org/
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: YAML parser and emitter for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:*
-#####
-
-PackageName: semantic-version
-SPDXID: SPDXRef-Package-53-semantic-version
-PackageVersion: 2.10.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org)
-PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0
-FilesAnalyzed: false
-PackageHomePage: https://github.com/rbarrois/python-semanticversion
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A library implementing the 'SemVer' scheme.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/semantic-version@2.10.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*
-#####
-
-PackageName: packaging
-SPDXID: SPDXRef-Package-54-packaging
-PackageVersion: 21.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Donald Stufft and individual contributors (donald@stufft.io)
-PackageDownloadLocation: https://pypi.org/project/packaging/21.3
-FilesAnalyzed: false
-PackageHomePage: https://github.com/pypa/packaging
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-2-Clause OR Apache-2.0
-PackageLicenseComments: packaging declares BSD-2-Clause or Apache-2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Core utilities for Python packages
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packaging@21.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contributors:packaging:21.3:*:*:*:*:*:*:*
-#####
-
-PackageName: plotly
-SPDXID: SPDXRef-Package-55-plotly
-PackageVersion: 5.15.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/5.15.0
-FilesAnalyzed: false
-PackageHomePage: https://plotly.com/python/
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: An open-source, interactive data visualization library for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.15.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:*
-#####
-
-PackageName: tenacity
-SPDXID: SPDXRef-Package-56-tenacity
-PackageVersion: 8.2.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Julien Danjou (julien@danjou.info)
-PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.2
-FilesAnalyzed: false
-PackageHomePage: https://github.com/jd/tenacity
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Retry code until it succeeds
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:*
-#####
-
-PackageName: python-gnupg
-SPDXID: SPDXRef-Package-57-python-gnupg
-PackageVersion: 0.5.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
-PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.0
-FilesAnalyzed: false
-PackageHomePage: https://github.com/vsajip/python-gnupg
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.0:*:*:*:*:*:*:*
-#####
-
-PackageName: requests
-SPDXID: SPDXRef-Package-58-requests
-PackageVersion: 2.31.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
-PackageDownloadLocation: https://pypi.org/project/requests/2.31.0
-FilesAnalyzed: false
-PackageHomePage: https://requests.readthedocs.io
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python HTTP for Humans.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.31.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:*
-#####
-
-PackageName: certifi
-SPDXID: SPDXRef-Package-59-certifi
-PackageVersion: 2023.5.7
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2023.5.7
-FilesAnalyzed: false
-PackageHomePage: https://github.com/certifi/python-certifi
-PackageLicenseDeclared: MPL-2.0
-PackageLicenseConcluded: MPL-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python package for providing Mozilla's CA Bundle.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2023.5.7
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*
-#####
-
-PackageName: rich
-SPDXID: SPDXRef-Package-60-rich
-PackageVersion: 13.4.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.4.2
-FilesAnalyzed: false
-PackageHomePage: https://github.com/Textualize/rich
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:*
-#####
-
-PackageName: markdown-it-py
-SPDXID: SPDXRef-Package-61-markdown-it-py
-PackageVersion: 2.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
-PackageDownloadLocation: https://pypi.org/project/markdown-it-py/2.2.0
-FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python port of markdown-it. Markdown parsing, done right!
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markdown-it-py@2.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:2.2.0:*:*:*:*:*:*:*
-#####
-
-PackageName: mdurl
-SPDXID: SPDXRef-Package-62-mdurl
-PackageVersion: 0.1.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
-PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2
-FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Markdown URL utilities
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/mdurl@0.1.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*
-#####
-
-PackageName: pygments
-SPDXID: SPDXRef-Package-63-pygments
-PackageVersion: 2.15.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Georg Brandl (georg@python.org)
-PackageDownloadLocation: https://pypi.org/project/Pygments/2.15.1
-FilesAnalyzed: false
-PackageLicenseDeclared: BSD-2-Clause
-PackageLicenseConcluded: BSD-2-Clause
-PackageCopyrightText: NOASSERTION
-PackageSummary: Pygments is a syntax highlighting package written in Python.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.15.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*
-#####
-
-PackageName: rpmfile
-SPDXID: SPDXRef-Package-64-rpmfile
-PackageVersion: 1.1.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Sean Ross (srossross@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rpmfile/1.1.1
-FilesAnalyzed: false
-PackageHomePage: https://github.com/srossross/rpmfile
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Read rpm archive files
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@1.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:*
-#####
-
-PackageName: toml
-SPDXID: SPDXRef-Package-65-toml
-PackageVersion: 0.10.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: William Pearson (uiri@xqz.ca)
-PackageDownloadLocation: https://pypi.org/project/toml/0.10.2
-FilesAnalyzed: false
-PackageHomePage: https://github.com/uiri/toml
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python Library for Tom's Obvious, Minimal Language
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/toml@0.10.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*
-#####
-
-PackageName: xmlschema
-SPDXID: SPDXRef-Package-66-xmlschema
-PackageVersion: 2.3.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/2.3.1
-FilesAnalyzed: false
-PackageHomePage: https://github.com/sissaschool/xmlschema
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:*
-#####
-
-PackageName: elementpath
-SPDXID: SPDXRef-Package-67-elementpath
-PackageVersion: 4.1.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.3
-FilesAnalyzed: false
-PackageHomePage: https://github.com/sissaschool/elementpath
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.3:*:*:*:*:*:*:*
-#####
-
-PackageName: zstandard
-SPDXID: SPDXRef-Package-68-zstandard
-PackageVersion: 0.21.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/zstandard/0.21.0
-FilesAnalyzed: false
-PackageHomePage: https://github.com/indygreg/python-zstandard
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Zstandard bindings for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:*
-#####
-
-Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-beautifulsoup4
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-17-cvss
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-18-defusedxml
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-19-distro
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-20-gsutil
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-urllib3
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-importlib-resources
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-jinja2
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-jsonschema
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-lib4sbom
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-pyyaml
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-packaging
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-plotly
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-python-gnupg
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-requests
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-rich
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-rpmfile
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-toml
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-xmlschema
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-68-zstandard
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-9-importlib-metadata
-Relationship: SPDXRef-Package-13-yarl DEPENDS_ON SPDXRef-Package-12-multidict
-Relationship: SPDXRef-Package-13-yarl DEPENDS_ON SPDXRef-Package-14-idna
-Relationship: SPDXRef-Package-13-yarl DEPENDS_ON SPDXRef-Package-6-typing-extensions
-Relationship: SPDXRef-Package-15-beautifulsoup4 DEPENDS_ON SPDXRef-Package-16-soupsieve
-Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-11-charset-normalizer
-Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-12-multidict
-Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-13-yarl
-Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal
-Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist
-Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-async-timeout
-Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-typing-extensions
-Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-asynctest
-Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-attrs
-Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-21-argcomplete
-Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-22-crcmod
-Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-23-fasteners
-Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-24-gcs-oauth2-boto-plugin
-Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-26-google-reauth
-Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-28-six
-Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-29-httplib2
-Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-35-pyopenssl
-Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-39-retry-decorator
-Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-40-google-apitools
-Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-41-google-auth
-Relationship: SPDXRef-Package-20-gsutil DEPENDS_ON SPDXRef-Package-44-monotonic
-Relationship: SPDXRef-Package-21-argcomplete DEPENDS_ON SPDXRef-Package-9-importlib-metadata
-Relationship: SPDXRef-Package-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-25-boto
-Relationship: SPDXRef-Package-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-google-reauth
-Relationship: SPDXRef-Package-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-six
-Relationship: SPDXRef-Package-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-httplib2
-Relationship: SPDXRef-Package-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-oauth2client
-Relationship: SPDXRef-Package-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-rsa
-Relationship: SPDXRef-Package-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-35-pyopenssl
-Relationship: SPDXRef-Package-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-39-retry-decorator
-Relationship: SPDXRef-Package-26-google-reauth DEPENDS_ON SPDXRef-Package-27-pyu2f
-Relationship: SPDXRef-Package-27-pyu2f DEPENDS_ON SPDXRef-Package-28-six
-Relationship: SPDXRef-Package-29-httplib2 DEPENDS_ON SPDXRef-Package-30-pyparsing
-Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist
-Relationship: SPDXRef-Package-31-oauth2client DEPENDS_ON SPDXRef-Package-28-six
-Relationship: SPDXRef-Package-31-oauth2client DEPENDS_ON SPDXRef-Package-29-httplib2
-Relationship: SPDXRef-Package-31-oauth2client DEPENDS_ON SPDXRef-Package-32-pyasn1
-Relationship: SPDXRef-Package-31-oauth2client DEPENDS_ON SPDXRef-Package-33-pyasn1-modules
-Relationship: SPDXRef-Package-31-oauth2client DEPENDS_ON SPDXRef-Package-34-rsa
-Relationship: SPDXRef-Package-33-pyasn1-modules DEPENDS_ON SPDXRef-Package-32-pyasn1
-Relationship: SPDXRef-Package-34-rsa DEPENDS_ON SPDXRef-Package-32-pyasn1
-Relationship: SPDXRef-Package-35-pyopenssl DEPENDS_ON SPDXRef-Package-36-cryptography
-Relationship: SPDXRef-Package-36-cryptography DEPENDS_ON SPDXRef-Package-37-cffi
-Relationship: SPDXRef-Package-37-cffi DEPENDS_ON SPDXRef-Package-38-pycparser
-Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-23-fasteners
-Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-28-six
-Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-29-httplib2
-Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-31-oauth2client
-Relationship: SPDXRef-Package-41-google-auth DEPENDS_ON SPDXRef-Package-28-six
-Relationship: SPDXRef-Package-41-google-auth DEPENDS_ON SPDXRef-Package-33-pyasn1-modules
-Relationship: SPDXRef-Package-41-google-auth DEPENDS_ON SPDXRef-Package-34-rsa
-Relationship: SPDXRef-Package-41-google-auth DEPENDS_ON SPDXRef-Package-42-cachetools
-Relationship: SPDXRef-Package-41-google-auth DEPENDS_ON SPDXRef-Package-43-urllib3
-Relationship: SPDXRef-Package-45-importlib-resources DEPENDS_ON SPDXRef-Package-10-zipp
-Relationship: SPDXRef-Package-46-jinja2 DEPENDS_ON SPDXRef-Package-47-markupsafe
-Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-45-importlib-resources
-Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-49-pkgutil-resolve-name
-Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-50-pyrsistent
-Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-6-typing-extensions
-Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-8-attrs
-Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-9-importlib-metadata
-Relationship: SPDXRef-Package-5-async-timeout DEPENDS_ON SPDXRef-Package-6-typing-extensions
-Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-52-pyyaml
-Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-53-semantic-version
-Relationship: SPDXRef-Package-54-packaging DEPENDS_ON SPDXRef-Package-30-pyparsing
-Relationship: SPDXRef-Package-55-plotly DEPENDS_ON SPDXRef-Package-54-packaging
-Relationship: SPDXRef-Package-55-plotly DEPENDS_ON SPDXRef-Package-56-tenacity
-Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-11-charset-normalizer
-Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-14-idna
-Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-43-urllib3
-Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-59-certifi
-Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-6-typing-extensions
-Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-61-markdown-it-py
-Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-63-pygments
-Relationship: SPDXRef-Package-61-markdown-it-py DEPENDS_ON SPDXRef-Package-6-typing-extensions
-Relationship: SPDXRef-Package-61-markdown-it-py DEPENDS_ON SPDXRef-Package-62-mdurl
-Relationship: SPDXRef-Package-66-xmlschema DEPENDS_ON SPDXRef-Package-67-elementpath
-Relationship: SPDXRef-Package-8-attrs DEPENDS_ON SPDXRef-Package-9-importlib-metadata
-Relationship: SPDXRef-Package-9-importlib-metadata DEPENDS_ON SPDXRef-Package-10-zipp
-Relationship: SPDXRef-Package-9-importlib-metadata DEPENDS_ON SPDXRef-Package-6-typing-extensions
diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
deleted file mode 100644
index 74569d7233..0000000000
--- a/sbom/cve-bin-tool-py3.8.json
+++ /dev/null
@@ -1,5210 +0,0 @@
-{
- "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
- "bomFormat": "CycloneDX",
- "specVersion": "1.6",
- "serialNumber": "urn:uuid:972fe4d1-dcd3-4c2c-946e-793d08eda43c",
- "version": 1,
- "metadata": {
- "timestamp": "2024-12-23T00:36:39Z",
- "lifecycles": [
- {
- "phase": "build"
- }
- ],
- "tools": {
- "components": [
- {
- "name": "sbom4python",
- "version": "0.12.1",
- "type": "application"
- }
- ]
- },
- "component": {
- "type": "application",
- "bom-ref": "CDXRef-DOCUMENT",
- "name": "Python-cve-bin-tool"
- }
- },
- "components": [
- {
- "type": "application",
- "bom-ref": "1-cve-bin-tool",
- "name": "cve-bin-tool",
- "version": "3.4",
- "supplier": {
- "name": "Terri Oda",
- "contact": [
- {
- "email": "terri.oda@intel.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*",
- "description": "CVE Binary Checker Tool",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "GPL-3.0-or-later",
- "url": "https://www.gnu.org/licenses/gpl-3.0-standalone.html",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/intel/cve-bin-tool",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/cve-bin-tool/3.4/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/cve-bin-tool@3.4",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-09-17T18:57:44Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "2-aiohttp",
- "name": "aiohttp",
- "version": "3.10.11",
- "description": "Async http client/server framework (asyncio)",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "5077b1a5f40ffa3ba1f40d537d3bec4383988ee51fbba6b74aa8fb1bc466599e"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/aio-libs/aiohttp",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/aiohttp/3.10.11/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://matrix.to/#/#aio-libs:matrix.org",
- "type": "other"
- },
- {
- "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI",
- "type": "build-system"
- },
- {
- "url": "https://codecov.io/github/aio-libs/aiohttp",
- "type": "other"
- },
- {
- "url": "https://docs.aiohttp.org/en/stable/changes.html",
- "type": "log"
- },
- {
- "url": "https://docs.aiohttp.org",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/aiohttp/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/aio-libs/aiohttp",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/aiohttp@3.10.11",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-11-13T16:36:38Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "3-aiohappyeyeballs",
- "name": "aiohappyeyeballs",
- "version": "2.4.4",
- "supplier": {
- "name": "J. Nick Koston",
- "contact": [
- {
- "email": "nick@koston.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*",
- "description": "Happy Eyeballs for asyncio",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "PSF-2.0",
- "url": "https://opensource.org/licenses/Python-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/aio-libs/aiohappyeyeballs",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://github.com/aio-libs/aiohappyeyeballs/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md",
- "type": "log"
- },
- {
- "url": "https://aiohappyeyeballs.readthedocs.io",
- "type": "documentation"
- },
- {
- "url": "https://github.com/aio-libs/aiohappyeyeballs",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/aiohappyeyeballs@2.4.4",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-11-30T18:43:39Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "4-aiosignal",
- "name": "aiosignal",
- "version": "1.3.1",
- "description": "aiosignal: a list of registered asynchronous callbacks",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "f8376fb07dd1e86a584e4fcdec80b36b7f81aac666ebc724e2c090300dd83b17"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/aio-libs/aiosignal",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/aiosignal/1.3.1/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://gitter.im/aio-libs/Lobby",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/aiosignal/actions",
- "type": "build-system"
- },
- {
- "url": "https://codecov.io/github/aio-libs/aiosignal",
- "type": "other"
- },
- {
- "url": "https://docs.aiosignal.org",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/aiosignal/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/aio-libs/aiosignal",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/aiosignal@1.3.1",
- "properties": [
- {
- "name": "release_date",
- "value": "2022-11-08T16:03:57Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "5-frozenlist",
- "name": "frozenlist",
- "version": "1.5.0",
- "description": "A list-like structure which implements collections.abc.MutableSequence",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/aio-libs/frozenlist",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/frozenlist/1.5.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://matrix.to/#/#aio-libs:matrix.org",
- "type": "other"
- },
- {
- "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/frozenlist/actions",
- "type": "build-system"
- },
- {
- "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
- "type": "other"
- },
- {
- "url": "https://codecov.io/github/aio-libs/frozenlist",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog",
- "type": "log"
- },
- {
- "url": "https://frozenlist.aio-libs.org",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/frozenlist/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/aio-libs/frozenlist",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/frozenlist@1.5.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-10-23T09:46:20Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "6-attrs",
- "name": "attrs",
- "version": "24.3.0",
- "supplier": {
- "name": "Hynek Schlawack",
- "contact": [
- {
- "email": "hs@ox.cx"
- }
- ]
- },
- "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.3.0:*:*:*:*:*:*:*",
- "description": "Classes Without Boilerplate",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "ac96cd038792094f438ad1f6ff80837353805ac950cd2aa0e0625ef19850c308"
- }
- ],
- "externalReferences": [
- {
- "url": "https://pypi.org/project/attrs/24.3.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://www.attrs.org/",
- "type": "documentation"
- },
- {
- "url": "https://www.attrs.org/en/stable/changelog.html",
- "type": "log"
- },
- {
- "url": "https://github.com/python-attrs/attrs",
- "type": "vcs"
- },
- {
- "url": "https://github.com/sponsors/hynek",
- "type": "other"
- },
- {
- "url": "https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi",
- "type": "other"
- }
- ],
- "purl": "pkg:pypi/attrs@24.3.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-12-16T06:59:26Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "7-multidict",
- "name": "multidict",
- "version": "6.1.0",
- "supplier": {
- "name": "Andrew Svetlov",
- "contact": [
- {
- "email": "andrew.svetlov@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
- "description": "multidict implementation",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/aio-libs/multidict",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/multidict/6.1.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://matrix.to/#/#aio-libs:matrix.org",
- "type": "other"
- },
- {
- "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/multidict/actions",
- "type": "build-system"
- },
- {
- "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
- "type": "other"
- },
- {
- "url": "https://codecov.io/github/aio-libs/multidict",
- "type": "other"
- },
- {
- "url": "https://multidict.aio-libs.org/en/latest/changes/",
- "type": "log"
- },
- {
- "url": "https://multidict.aio-libs.org",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/multidict/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/aio-libs/multidict",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/multidict@6.1.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-09-09T23:47:18Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "8-typing-extensions",
- "name": "typing-extensions",
- "version": "4.12.2",
- "supplier": {
- "name": "Guido van Jukka ukasz Michael",
- "contact": [
- {
- "email": "levkivskyi@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
- "description": "Backported and Experimental Type Hints for Python 3.8+",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d"
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/python/typing_extensions",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://github.com/python/typing_extensions/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md",
- "type": "log"
- },
- {
- "url": "https://typing-extensions.readthedocs.io/",
- "type": "documentation"
- },
- {
- "url": "https://github.com/python/typing/discussions",
- "type": "other"
- },
- {
- "url": "https://github.com/python/typing_extensions",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/typing-extensions@4.12.2",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-06-07T18:52:13Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "9-yarl",
- "name": "yarl",
- "version": "1.15.2",
- "supplier": {
- "name": "Andrew Svetlov",
- "contact": [
- {
- "email": "andrew.svetlov@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*",
- "description": "Yet another URL library",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "e4ee8b8639070ff246ad3649294336b06db37a94bdea0d09ea491603e0be73b8"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/aio-libs/yarl",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/yarl/1.15.2/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://matrix.to/#/#aio-libs:matrix.org",
- "type": "other"
- },
- {
- "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/yarl/actions?query=branch:master",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
- "type": "other"
- },
- {
- "url": "https://codecov.io/github/aio-libs/yarl",
- "type": "other"
- },
- {
- "url": "https://yarl.aio-libs.org/en/latest/changes/",
- "type": "log"
- },
- {
- "url": "https://yarl.aio-libs.org",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/yarl/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/aio-libs/yarl",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/yarl@1.15.2",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-10-13T18:44:32Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "10-idna",
- "name": "idna",
- "version": "3.10",
- "supplier": {
- "name": "Kim Davies",
- "contact": [
- {
- "email": "kim+pypi@gumleaf.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*",
- "description": "Internationalized Domain Names in Applications (IDNA)",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3"
- }
- ],
- "externalReferences": [
- {
- "url": "https://pypi.org/project/idna/3.10/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://github.com/kjd/idna/blob/master/HISTORY.rst",
- "type": "log"
- },
- {
- "url": "https://github.com/kjd/idna/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/kjd/idna",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/idna@3.10",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-09-15T18:07:37Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "11-propcache",
- "name": "propcache",
- "version": "0.2.0",
- "supplier": {
- "name": "Andrew Svetlov",
- "contact": [
- {
- "email": "andrew.svetlov@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*",
- "description": "Accelerated property cache",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "c5869b8fd70b81835a6f187c5fdbe67917a04d7e52b6e7cc4e5fe39d55c39d58"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/aio-libs/propcache",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/propcache/0.2.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://matrix.to/#/#aio-libs:matrix.org",
- "type": "other"
- },
- {
- "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/propcache/actions?query=branch:master",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
- "type": "other"
- },
- {
- "url": "https://codecov.io/github/aio-libs/propcache",
- "type": "other"
- },
- {
- "url": "https://propcache.readthedocs.io/en/latest/changes/",
- "type": "log"
- },
- {
- "url": "https://propcache.readthedocs.io",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/propcache/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/aio-libs/propcache",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/propcache@0.2.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-10-07T12:54:02Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "12-async-timeout",
- "name": "async-timeout",
- "version": "5.0.1",
- "supplier": {
- "name": "Andrew Svetlov",
- "contact": [
- {
- "email": "andrew.svetlov@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*",
- "description": "Timeout context manager for asyncio programs",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/aio-libs/async-timeout",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/async-timeout/5.0.1/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://gitter.im/aio-libs/Lobby",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/async-timeout/actions",
- "type": "build-system"
- },
- {
- "url": "https://codecov.io/github/aio-libs/async-timeout",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/async-timeout/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/aio-libs/async-timeout",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/async-timeout@5.0.1",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-11-06T16:41:37Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "13-beautifulsoup4",
- "name": "beautifulsoup4",
- "version": "4.12.3",
- "supplier": {
- "name": "Leonard Richardson",
- "contact": [
- {
- "email": "leonardr@segfault.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*",
- "description": "Screen-scraping library",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://www.crummy.com/software/BeautifulSoup/bs4/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://www.crummy.com/software/BeautifulSoup/bs4/download/",
- "type": "other"
- }
- ],
- "purl": "pkg:pypi/beautifulsoup4@4.12.3",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-01-17T16:53:12Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "14-soupsieve",
- "name": "soupsieve",
- "version": "2.6",
- "supplier": {
- "name": "Isaac Muse",
- "contact": [
- {
- "email": "Isaac.Muse@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
- "description": "A modern CSS selector implementation for Beautiful Soup.",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9"
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/facelessuser/soupsieve",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/soupsieve/2.6/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/soupsieve@2.6",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-08-13T13:39:10Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "15-cvss",
- "name": "cvss",
- "version": "3.3",
- "supplier": {
- "name": "Stanislav Red Hat Product Security",
- "contact": [
- {
- "email": "skontar@redhat.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
- "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "LGPL-3.0-or-later",
- "url": "https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/RedHatProductSecurity/cvss",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/cvss/3.3/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://github.com/RedHatProductSecurity/cvss/releases",
- "type": "other"
- },
- {
- "url": "https://github.com/RedHatProductSecurity/cvss",
- "type": "vcs"
- },
- {
- "url": "https://github.com/RedHatProductSecurity/cvss/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/RedHatProductSecurity/cvss/actions",
- "type": "build-system"
- }
- ],
- "purl": "pkg:pypi/cvss@3.3",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-11-01T10:05:52Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "16-defusedxml",
- "name": "defusedxml",
- "version": "0.7.1",
- "supplier": {
- "name": "Christian Heimes",
- "contact": [
- {
- "email": "christian@python.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*",
- "description": "XML bomb protection for Python stdlib modules",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "PSF-2.0",
- "url": "https://opensource.org/licenses/Python-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/tiran/defusedxml",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.python.org/pypi/defusedxml",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/defusedxml@0.7.1",
- "properties": [
- {
- "name": "release_date",
- "value": "2021-03-08T10:59:24Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "17-distro",
- "name": "distro",
- "version": "1.9.0",
- "supplier": {
- "name": "Nir Cohen",
- "contact": [
- {
- "email": "nir36g@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*",
- "description": "Distro - an OS platform information API",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/python-distro/distro",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/distro/1.9.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/distro@1.9.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2023-12-24T09:54:30Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "18-filetype",
- "name": "filetype",
- "version": "1.2.0",
- "supplier": {
- "name": "Tomas Aparicio",
- "contact": [
- {
- "email": "tomas@aparicio.me"
- }
- ]
- },
- "cpe": "cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:*",
- "description": "Infer file type and MIME type of any file/buffer. No external dependencies.",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/h2non/filetype.py",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://github.com/h2non/filetype.py/tarball/master",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/filetype@1.2.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2022-11-02T17:34:01Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "19-gsutil",
- "name": "gsutil",
- "version": "5.33",
- "supplier": {
- "name": "Google Inc .",
- "contact": [
- {
- "email": "buganizer-system+187143@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*",
- "description": "A command line tool for interacting with cloud storage services.",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://cloud.google.com/storage/docs/gsutil",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://cloud.google.com/storage/docs/gsutil_install",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/gsutil@5.33",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-12-11T09:40:59Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "20-argcomplete",
- "name": "argcomplete",
- "version": "3.5.2",
- "supplier": {
- "name": "Andrey Kislyuk",
- "contact": [
- {
- "email": "kislyuk@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*",
- "description": "Bash tab completion for argparse",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/kislyuk/argcomplete",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/argcomplete/3.5.2/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://kislyuk.github.io/argcomplete",
- "type": "documentation"
- },
- {
- "url": "https://github.com/kislyuk/argcomplete",
- "type": "vcs"
- },
- {
- "url": "https://github.com/kislyuk/argcomplete/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst",
- "type": "log"
- }
- ],
- "purl": "pkg:pypi/argcomplete@3.5.2",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-12-06T18:24:27Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "21-crcmod",
- "name": "crcmod",
- "version": "1.7",
- "supplier": {
- "name": "Ray Buvel",
- "contact": [
- {
- "email": "rlbuvel@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*",
- "description": "CRC Generator",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "http://crcmod.sourceforge.net/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "http://sourceforge.net/projects/crcmod",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/crcmod@1.7",
- "properties": [
- {
- "name": "release_date",
- "value": "2010-06-27T14:35:29Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "22-fasteners",
- "name": "fasteners",
- "version": "0.19",
- "supplier": {
- "name": "Joshua Harlow"
- },
- "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*",
- "description": "A python package that provides useful locks",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/harlowja/fasteners",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/fasteners/0.19/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/fasteners@0.19",
- "properties": [
- {
- "name": "release_date",
- "value": "2023-09-19T17:11:18Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "23-gcs-oauth2-boto-plugin",
- "name": "gcs-oauth2-boto-plugin",
- "version": "3.2",
- "supplier": {
- "name": "Google Inc .",
- "contact": [
- {
- "email": "gs-team@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*",
- "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://developers.google.com/storage/docs/gspythonlibrary",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-05-02T14:37:31Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "24-rsa",
- "name": "rsa",
- "version": "4.7.2",
- "supplier": {
- "name": "Sybren A . Stuvel",
- "contact": [
- {
- "email": "sybren@stuvel.eu"
- }
- ]
- },
- "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
- "description": "Pure-Python RSA implementation",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://stuvel.eu/rsa",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/rsa/4.7.2/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/rsa@4.7.2",
- "properties": [
- {
- "name": "release_date",
- "value": "2021-02-24T10:55:03Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "25-pyasn1",
- "name": "pyasn1",
- "version": "0.6.1",
- "supplier": {
- "name": "Ilya Etingof",
- "contact": [
- {
- "email": "etingof@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*",
- "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/pyasn1/pyasn1",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/pyasn1/0.6.1/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://pyasn1.readthedocs.io",
- "type": "documentation"
- },
- {
- "url": "https://github.com/pyasn1/pyasn1",
- "type": "vcs"
- },
- {
- "url": "https://github.com/pyasn1/pyasn1/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://pyasn1.readthedocs.io/en/latest/changelog.html",
- "type": "log"
- }
- ],
- "purl": "pkg:pypi/pyasn1@0.6.1",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-09-10T22:41:42Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "26-boto",
- "name": "boto",
- "version": "2.49.0",
- "supplier": {
- "name": "Mitch Garnaat",
- "contact": [
- {
- "email": "mitch@garnaat.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*",
- "description": "Amazon Web Services Library",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/boto/boto/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/boto/2.49.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/boto@2.49.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2018-07-11T20:58:55Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "27-google-reauth",
- "name": "google-reauth",
- "version": "0.1.1",
- "supplier": {
- "name": "Google",
- "contact": [
- {
- "email": "googleapis-publisher@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
- "description": "Google Reauth Library",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/Google/google-reauth-python",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/google-reauth/0.1.1/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/google-reauth@0.1.1",
- "properties": [
- {
- "name": "release_date",
- "value": "2020-12-01T17:35:45Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "28-pyu2f",
- "name": "pyu2f",
- "version": "0.1.5",
- "supplier": {
- "name": "Google Inc .",
- "contact": [
- {
- "email": "pyu2f-team@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
- "description": "U2F host library for interacting with a U2F device over USB.",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/google/pyu2f/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/pyu2f/0.1.5/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/pyu2f@0.1.5",
- "properties": [
- {
- "name": "release_date",
- "value": "2020-10-30T20:03:07Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "29-six",
- "name": "six",
- "version": "1.17.0",
- "supplier": {
- "name": "Benjamin Peterson",
- "contact": [
- {
- "email": "benjamin@python.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*",
- "description": "Python 2 and 3 compatibility utilities",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/benjaminp/six",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/six/1.17.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/six@1.17.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-12-04T17:35:26Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "30-httplib2",
- "name": "httplib2",
- "version": "0.20.4",
- "supplier": {
- "name": "Joe Gregorio",
- "contact": [
- {
- "email": "joe@bitworking.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*",
- "description": "A comprehensive HTTP client library.",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/httplib2/httplib2",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/httplib2/0.20.4/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/httplib2@0.20.4",
- "properties": [
- {
- "name": "release_date",
- "value": "2022-02-03T00:00:29Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "31-pyparsing",
- "name": "pyparsing",
- "version": "3.1.4",
- "supplier": {
- "name": "Paul McGuire",
- "contact": [
- {
- "email": "ptmcg.gm+pyparsing@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:*:*:*",
- "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "a6a7ee4235a3f944aa1fa2249307708f893fe5717dc603503c6c7969c070fb7c"
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/pyparsing/pyparsing/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/pyparsing/3.1.4/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/pyparsing@3.1.4",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-08-25T15:00:45Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "32-oauth2client",
- "name": "oauth2client",
- "version": "4.1.3",
- "supplier": {
- "name": "Google Inc .",
- "contact": [
- {
- "email": "jonwayne+oauth2client@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
- "description": "OAuth 2.0 client library",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "http://github.com/google/oauth2client/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/oauth2client/4.1.3/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/oauth2client@4.1.3",
- "properties": [
- {
- "name": "release_date",
- "value": "2018-09-07T21:38:16Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "33-pyasn1-modules",
- "name": "pyasn1-modules",
- "version": "0.4.1",
- "supplier": {
- "name": "Ilya Etingof",
- "contact": [
- {
- "email": "etingof@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*",
- "description": "A collection of ASN.1-based protocols modules",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/pyasn1/pyasn1-modules",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://github.com/pyasn1/pyasn1-modules",
- "type": "vcs"
- },
- {
- "url": "https://github.com/pyasn1/pyasn1-modules/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt",
- "type": "log"
- }
- ],
- "purl": "pkg:pypi/pyasn1-modules@0.4.1",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-09-10T22:42:08Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "34-pyopenssl",
- "name": "pyopenssl",
- "version": "24.2.1",
- "supplier": {
- "name": "The pyOpenSSL developers",
- "contact": [
- {
- "email": "cryptography-dev@python.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
- "description": "Python wrapper module around the OpenSSL library",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://pyopenssl.org/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://github.com/pyca/pyopenssl",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/pyopenssl@24.2.1",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-07-20T17:26:29Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "35-cryptography",
- "name": "cryptography",
- "version": "43.0.3",
- "supplier": {
- "name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
- "contact": [
- {
- "email": "cryptography-dev@python.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
- "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e"
- }
- ],
- "licenses": [
- {
- "expression": "Apache-2.0 OR BSD-3-Clause"
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/pyca/cryptography",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/cryptography/43.0.3/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://cryptography.io/",
- "type": "documentation"
- },
- {
- "url": "https://github.com/pyca/cryptography/",
- "type": "vcs"
- },
- {
- "url": "https://github.com/pyca/cryptography/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://cryptography.io/en/latest/changelog/",
- "type": "log"
- }
- ],
- "purl": "pkg:pypi/cryptography@43.0.3",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-10-18T15:57:36Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "36-cffi",
- "name": "cffi",
- "version": "1.17.1",
- "supplier": {
- "name": "Armin Maciej Fijalkowski",
- "contact": [
- {
- "email": "python-cffi@googlegroups.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
- "description": "Foreign Function Interface for Python calling C code.",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "http://cffi.readthedocs.org",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/cffi/1.17.1/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "http://cffi.readthedocs.org/",
- "type": "documentation"
- },
- {
- "url": "https://github.com/python-cffi/cffi",
- "type": "vcs"
- },
- {
- "url": "https://github.com/python-cffi/cffi/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://cffi.readthedocs.io/en/latest/whatsnew.html",
- "type": "log"
- },
- {
- "url": "https://github.com/python-cffi/cffi/releases",
- "type": "other"
- },
- {
- "url": "https://groups.google.com/forum/#!forum/python-cffi",
- "type": "other"
- }
- ],
- "purl": "pkg:pypi/cffi@1.17.1",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-09-04T20:43:30Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "37-pycparser",
- "name": "pycparser",
- "version": "2.22",
- "supplier": {
- "name": "Eli Bendersky",
- "contact": [
- {
- "email": "eliben@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
- "description": "C parser in Python",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/eliben/pycparser",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/pycparser/2.22/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/pycparser@2.22",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-03-30T13:22:20Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "38-retry-decorator",
- "name": "retry-decorator",
- "version": "1.1.1",
- "supplier": {
- "name": "Patrick Ng",
- "contact": [
- {
- "email": "pn.appdev@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*",
- "description": "Retry Decorator",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/pnpnpn/retry-decorator",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/retry-decorator/1.1.1/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/retry-decorator@1.1.1",
- "properties": [
- {
- "name": "release_date",
- "value": "2020-03-10T23:56:29Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "39-google-auth",
- "name": "google-auth",
- "version": "2.17.0",
- "supplier": {
- "name": "Google Cloud Platform",
- "contact": [
- {
- "email": "googleapis-packages@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/googleapis/google-auth-library-python",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/google-auth/2.17.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/google-auth@2.17.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2023-03-28T19:51:30Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "40-cachetools",
- "name": "cachetools",
- "version": "5.5.0",
- "supplier": {
- "name": "Thomas Kemmer",
- "contact": [
- {
- "email": "tkemmer@computer.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
- "description": "Extensible memoizing collections and decorators",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/tkem/cachetools/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/cachetools/5.5.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/cachetools@5.5.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-08-18T20:28:43Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "41-google-auth-httplib2",
- "name": "google-auth-httplib2",
- "version": "0.2.0",
- "supplier": {
- "name": "Google Cloud Platform",
- "contact": [
- {
- "email": "googleapis-packages@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library: httplib2 transport",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2023-12-12T17:40:13Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "42-google-apitools",
- "name": "google-apitools",
- "version": "0.5.32",
- "supplier": {
- "name": "Craig Citro",
- "contact": [
- {
- "email": "craigcitro@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*",
- "description": "client libraries for humans",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "http://github.com/google/apitools",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/google-apitools/0.5.32/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/google-apitools@0.5.32",
- "properties": [
- {
- "name": "release_date",
- "value": "2021-05-05T22:12:58Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "43-monotonic",
- "name": "monotonic",
- "version": "1.6",
- "supplier": {
- "name": "Ori Livneh",
- "contact": [
- {
- "email": "ori@wikimedia.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*",
- "description": "An implementation of time.monotonic() for Python 2 & < 3.3",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/atdt/monotonic",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/monotonic/1.6/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/monotonic@1.6",
- "properties": [
- {
- "name": "release_date",
- "value": "2021-04-09T21:58:05Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "44-jinja2",
- "name": "jinja2",
- "version": "3.1.5",
- "description": "A very fast and expressive template engine.",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb"
- }
- ],
- "externalReferences": [
- {
- "url": "https://pypi.org/project/jinja2/3.1.5/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://jinja.palletsprojects.com/changes/",
- "type": "log"
- },
- {
- "url": "https://discord.gg/pallets",
- "type": "chat"
- },
- {
- "url": "https://jinja.palletsprojects.com/",
- "type": "documentation"
- },
- {
- "url": "https://palletsprojects.com/donate",
- "type": "other"
- },
- {
- "url": "https://github.com/pallets/jinja/",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/jinja2@3.1.5",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-12-21T18:30:19Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "45-markupsafe",
- "name": "markupsafe",
- "version": "2.1.5",
- "description": "Safely add untrusted strings to HTML/XML markup.",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://palletsprojects.com/p/markupsafe/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/markupsafe/2.1.5/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://palletsprojects.com/donate",
- "type": "other"
- },
- {
- "url": "https://markupsafe.palletsprojects.com/",
- "type": "documentation"
- },
- {
- "url": "https://markupsafe.palletsprojects.com/changes/",
- "type": "log"
- },
- {
- "url": "https://github.com/pallets/markupsafe/",
- "type": "vcs"
- },
- {
- "url": "https://github.com/pallets/markupsafe/issues/",
- "type": "issue-tracker"
- },
- {
- "url": "https://discord.gg/pallets",
- "type": "chat"
- }
- ],
- "purl": "pkg:pypi/markupsafe@2.1.5",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-02-02T16:30:04Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "46-jsonschema",
- "name": "jsonschema",
- "version": "4.23.0",
- "supplier": {
- "name": "Julian Berman",
- "contact": [
- {
- "email": "Julian+jsonschema@GrayVines.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*",
- "description": "An implementation of JSON Schema validation for Python",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/python-jsonschema/jsonschema",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/jsonschema/4.23.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://python-jsonschema.readthedocs.io/",
- "type": "documentation"
- },
- {
- "url": "https://github.com/python-jsonschema/jsonschema/issues/",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/sponsors/Julian",
- "type": "other"
- },
- {
- "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link",
- "type": "other"
- },
- {
- "url": "https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst",
- "type": "log"
- },
- {
- "url": "https://github.com/python-jsonschema/jsonschema",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/jsonschema@4.23.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-07-08T18:40:00Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "47-importlib-resources",
- "name": "importlib-resources",
- "version": "6.4.5",
- "supplier": {
- "name": "Barry Warsaw",
- "contact": [
- {
- "email": "barry@python.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*",
- "description": "Read resources from Python packages",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "ac29d5f956f01d5e4bb63102a5a19957f1b9175e45649977264a1416783bb717"
- }
- ],
- "externalReferences": [
- {
- "url": "https://pypi.org/project/importlib-resources/6.4.5/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://github.com/python/importlib_resources",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/importlib-resources@6.4.5",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-09-09T17:03:13Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "48-zipp",
- "name": "zipp",
- "version": "3.20.2",
- "supplier": {
- "name": "Jason R .",
- "contact": [
- {
- "email": "jaraco@jaraco.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*",
- "description": "Backport of pathlib-compatible object wrapper for zip files",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350"
- }
- ],
- "externalReferences": [
- {
- "url": "https://pypi.org/project/zipp/3.20.2/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://github.com/jaraco/zipp",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/zipp@3.20.2",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-09-13T13:44:14Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "49-jsonschema-specifications",
- "name": "jsonschema-specifications",
- "version": "2023.12.1",
- "supplier": {
- "name": "Julian Berman",
- "contact": [
- {
- "email": "Julian+jsonschema-specifications@GrayVines.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*",
- "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "87e4fdf3a94858b8a2ba2778d9ba57d8a9cafca7c7489c46ba0d30a8bc6a9c3c"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/python-jsonschema/jsonschema-specifications",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/jsonschema-specifications/2023.12.1/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://jsonschema-specifications.readthedocs.io/",
- "type": "documentation"
- },
- {
- "url": "https://github.com/python-jsonschema/jsonschema-specifications/issues/",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/sponsors/Julian",
- "type": "other"
- },
- {
- "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link",
- "type": "other"
- },
- {
- "url": "https://github.com/python-jsonschema/jsonschema-specifications",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/jsonschema-specifications@2023.12.1",
- "properties": [
- {
- "name": "release_date",
- "value": "2023-12-25T15:16:51Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "50-referencing",
- "name": "referencing",
- "version": "0.35.1",
- "supplier": {
- "name": "Julian Berman",
- "contact": [
- {
- "email": "Julian+referencing@GrayVines.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*",
- "description": "JSON Referencing + Python",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de"
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/python-jsonschema/referencing",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/referencing/0.35.1/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://referencing.readthedocs.io/",
- "type": "documentation"
- },
- {
- "url": "https://github.com/python-jsonschema/referencing/issues/",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/sponsors/Julian",
- "type": "other"
- },
- {
- "url": "https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link",
- "type": "other"
- },
- {
- "url": "https://referencing.readthedocs.io/en/stable/changes/",
- "type": "log"
- },
- {
- "url": "https://github.com/python-jsonschema/referencing",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/referencing@0.35.1",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-05-01T20:26:02Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "51-rpds-py",
- "name": "rpds-py",
- "version": "0.20.1",
- "supplier": {
- "name": "Julian Berman",
- "contact": [
- {
- "email": "Julian+rpds@GrayVines.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*",
- "description": "Python bindings to Rust's persistent data structures (rpds)",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "a649dfd735fff086e8a9d0503a9f0c7d01b7912a333c7ae77e1515c08c146dad"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/crate-py/rpds",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/rpds-py/0.20.1/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://rpds.readthedocs.io/",
- "type": "documentation"
- },
- {
- "url": "https://github.com/crate-py/rpds/issues/",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/sponsors/Julian",
- "type": "other"
- },
- {
- "url": "https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link",
- "type": "other"
- },
- {
- "url": "https://github.com/crate-py/rpds",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/rpds-py@0.20.1",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-10-31T14:26:20Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "52-pkgutil-resolve-name",
- "name": "pkgutil-resolve-name",
- "version": "1.3.10",
- "supplier": {
- "name": "Vinay Sajip",
- "contact": [
- {
- "email": "vinay_sajip@yahoo.co.uk"
- }
- ]
- },
- "cpe": "cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.10:*:*:*:*:*:*:*",
- "description": "Resolve a name to an object.",
- "externalReferences": [
- {
- "url": "https://github.com/graingert/pkgutil-resolve-name",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/pkgutil-resolve-name/1.3.10/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/pkgutil-resolve-name@1.3.10",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-10-31T14:26:20Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "53-lib4sbom",
- "name": "lib4sbom",
- "version": "0.8.1",
- "supplier": {
- "name": "Anthony Harrison",
- "contact": [
- {
- "email": "anthony.p.harrison@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.1:*:*:*:*:*:*:*",
- "description": "Software Bill of Material (SBOM) generator and consumer library",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "7fba7451760c49738911b344fef96a3a274baaef6d34ab61e89284c506f0a343"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/anthonyharrison/lib4sbom",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/lib4sbom/0.8.1/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/lib4sbom@0.8.1",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-12-18T21:54:27Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "54-pyyaml",
- "name": "pyyaml",
- "version": "6.0.2",
- "supplier": {
- "name": "Kirill Simonov",
- "contact": [
- {
- "email": "xi@resolvent.net"
- }
- ]
- },
- "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*",
- "description": "YAML parser and emitter for Python",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://pyyaml.org/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/PyYAML/",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://github.com/yaml/pyyaml/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/yaml/pyyaml/actions",
- "type": "build-system"
- },
- {
- "url": "https://pyyaml.org/wiki/PyYAMLDocumentation",
- "type": "documentation"
- },
- {
- "url": "http://lists.sourceforge.net/lists/listinfo/yaml-core",
- "type": "mailing-list"
- },
- {
- "url": "https://github.com/yaml/pyyaml",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/pyyaml@6.0.2",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-08-06T20:31:40Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "55-semantic-version",
- "name": "semantic-version",
- "version": "2.10.0",
- "supplier": {
- "name": "Raphael Barrois",
- "contact": [
- {
- "email": "raphael.barrois+semver@polytechnique.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*",
- "description": "A library implementing the 'SemVer' scheme.",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/rbarrois/python-semanticversion",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/semantic-version/2.10.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/semantic-version@2.10.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2022-05-26T13:35:21Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "56-lib4vex",
- "name": "lib4vex",
- "version": "0.2.0",
- "supplier": {
- "name": "Anthony Harrison",
- "contact": [
- {
- "email": "anthony.p.harrison@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*",
- "description": "VEX generator and consumer library",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/anthonyharrison/lib4vex",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/lib4vex/0.2.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/lib4vex@0.2.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-08-29T20:36:52Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "57-csaf-tool",
- "name": "csaf-tool",
- "version": "0.3.2",
- "supplier": {
- "name": "Anthony Harrison",
- "contact": [
- {
- "email": "anthony.p.harrison@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:*",
- "description": "CSAF generator and analyser",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/anthonyharrison/csaf",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/csaf-tool/0.3.2/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/csaf-tool@0.3.2",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-06-12T20:10:06Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "58-packageurl-python",
- "name": "packageurl-python",
- "version": "0.16.0",
- "supplier": {
- "name": "the purl authors"
- },
- "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
- "description": "A purl aka. Package URL parser and builder",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/package-url/packageurl-python",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/packageurl-python/0.16.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/packageurl-python@0.16.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-10-22T05:51:23Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "59-rich",
- "name": "rich",
- "version": "13.9.4",
- "supplier": {
- "name": "Will McGugan",
- "contact": [
- {
- "email": "willmcgugan@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*",
- "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/Textualize/rich",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/rich/13.9.4/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://rich.readthedocs.io/en/latest/",
- "type": "documentation"
- }
- ],
- "purl": "pkg:pypi/rich@13.9.4",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-11-01T16:43:55Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "60-markdown-it-py",
- "name": "markdown-it-py",
- "version": "3.0.0",
- "supplier": {
- "name": "Chris Sewell",
- "contact": [
- {
- "email": "chrisj_sewell@hotmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*",
- "description": "Python port of markdown-it. Markdown parsing, done right!",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1"
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/executablebooks/markdown-it-py",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/markdown-it-py/3.0.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://markdown-it-py.readthedocs.io",
- "type": "documentation"
- }
- ],
- "purl": "pkg:pypi/markdown-it-py@3.0.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2023-06-03T06:41:11Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "61-mdurl",
- "name": "mdurl",
- "version": "0.1.2",
- "supplier": {
- "name": "Taneli Hukkinen",
- "contact": [
- {
- "email": "hukkin@users.noreply.github.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*",
- "description": "Markdown URL utilities",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8"
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/executablebooks/mdurl",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/mdurl/0.1.2/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/mdurl@0.1.2",
- "properties": [
- {
- "name": "release_date",
- "value": "2022-08-14T12:40:09Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "62-pygments",
- "name": "pygments",
- "version": "2.18.0",
- "supplier": {
- "name": "Georg Brandl",
- "contact": [
- {
- "email": "georg@python.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*",
- "description": "Pygments is a syntax highlighting package written in Python.",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://pygments.org",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/pygments/2.18.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://pygments.org/docs",
- "type": "documentation"
- },
- {
- "url": "https://github.com/pygments/pygments",
- "type": "vcs"
- },
- {
- "url": "https://github.com/pygments/pygments/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/pygments/pygments/blob/master/CHANGES",
- "type": "log"
- }
- ],
- "purl": "pkg:pypi/pygments@2.18.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-05-04T13:41:57Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "63-python-gnupg",
- "name": "python-gnupg",
- "version": "0.5.3",
- "supplier": {
- "name": "Vinay Sajip",
- "contact": [
- {
- "email": "vinay_sajip@yahoo.co.uk"
- }
- ]
- },
- "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*",
- "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/vsajip/python-gnupg",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/python-gnupg/0.5.3/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://gnupg.readthedocs.io/",
- "type": "documentation"
- },
- {
- "url": "https://github.com/vsajip/python-gnupg",
- "type": "vcs"
- },
- {
- "url": "https://github.com/vsajip/python-gnupg/issues",
- "type": "issue-tracker"
- }
- ],
- "purl": "pkg:pypi/python-gnupg@0.5.3",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-09-20T16:43:47Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "64-packaging",
- "name": "packaging",
- "version": "24.2",
- "supplier": {
- "name": "Donald Stufft",
- "contact": [
- {
- "email": "donald@stufft.io"
- }
- ]
- },
- "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
- "description": "Core utilities for Python packages",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759"
- }
- ],
- "externalReferences": [
- {
- "url": "https://pypi.org/project/packaging/24.2/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://packaging.pypa.io/",
- "type": "documentation"
- },
- {
- "url": "https://github.com/pypa/packaging",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/packaging@24.2",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-11-08T09:47:44Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "65-plotly",
- "name": "plotly",
- "version": "5.24.1",
- "supplier": {
- "name": "Chris P",
- "contact": [
- {
- "email": "chris@plot.ly"
- }
- ]
- },
- "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*",
- "description": "An open-source, interactive data visualization library for Python",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://plotly.com/python/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/plotly/5.24.1/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://plotly.com/python/",
- "type": "documentation"
- },
- {
- "url": "https://github.com/plotly/plotly.py",
- "type": "vcs"
- },
- {
- "url": "https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md",
- "type": "log"
- }
- ],
- "purl": "pkg:pypi/plotly@5.24.1",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-09-12T15:36:24Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "66-tenacity",
- "name": "tenacity",
- "version": "9.0.0",
- "supplier": {
- "name": "Julien Danjou",
- "contact": [
- {
- "email": "julien@danjou.info"
- }
- ]
- },
- "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*",
- "description": "Retry code until it succeeds",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/jd/tenacity",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/tenacity/9.0.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/tenacity@9.0.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-07-29T12:12:25Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "67-requests",
- "name": "requests",
- "version": "2.32.3",
- "supplier": {
- "name": "Kenneth Reitz",
- "contact": [
- {
- "email": "me@kennethreitz.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:*",
- "description": "Python HTTP for Humans.",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://requests.readthedocs.io",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/requests/2.32.3/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://requests.readthedocs.io",
- "type": "documentation"
- },
- {
- "url": "https://github.com/psf/requests",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/requests@2.32.3",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-05-29T15:37:47Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "68-charset-normalizer",
- "name": "charset-normalizer",
- "version": "3.4.0",
- "supplier": {
- "name": "Ahmed TAHRI",
- "contact": [
- {
- "email": "tahri.ahmed@proton.me"
- }
- ]
- },
- "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*",
- "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/Ousret/charset_normalizer",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://github.com/Ousret/charset_normalizer/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://charset-normalizer.readthedocs.io/en/latest",
- "type": "documentation"
- }
- ],
- "purl": "pkg:pypi/charset-normalizer@3.4.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-10-09T07:38:02Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "69-urllib3",
- "name": "urllib3",
- "version": "2.2.3",
- "supplier": {
- "name": "Andrey Petrov",
- "contact": [
- {
- "email": "andrey.petrov@shazow.net"
- }
- ]
- },
- "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*",
- "description": "HTTP library with thread-safe connection pooling, file post, and more.",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac"
- }
- ],
- "externalReferences": [
- {
- "url": "https://pypi.org/project/urllib3/2.2.3/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://github.com/urllib3/urllib3/blob/main/CHANGES.rst",
- "type": "log"
- },
- {
- "url": "https://urllib3.readthedocs.io",
- "type": "documentation"
- },
- {
- "url": "https://github.com/urllib3/urllib3",
- "type": "vcs"
- },
- {
- "url": "https://github.com/urllib3/urllib3/issues",
- "type": "issue-tracker"
- }
- ],
- "purl": "pkg:pypi/urllib3@2.2.3",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-09-12T10:52:16Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "70-certifi",
- "name": "certifi",
- "version": "2024.12.14",
- "supplier": {
- "name": "Kenneth Reitz",
- "contact": [
- {
- "email": "me@kennethreitz.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*",
- "description": "Python package for providing Mozilla's CA Bundle.",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MPL-2.0",
- "url": "https://www.mozilla.org/MPL/2.0/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/certifi/python-certifi",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/certifi/2024.12.14/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://github.com/certifi/python-certifi",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/certifi@2024.12.14",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-12-14T13:52:36Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "71-rpmfile",
- "name": "rpmfile",
- "version": "2.1.0",
- "supplier": {
- "name": "Sean Ross",
- "contact": [
- {
- "email": "srossross@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*",
- "description": "Read rpm archive files",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/srossross/rpmfile",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/rpmfile/2.1.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/rpmfile@2.1.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-07-24T21:57:45Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "72-setuptools",
- "name": "setuptools",
- "version": "75.3.0",
- "supplier": {
- "name": "Python Packaging Authority",
- "contact": [
- {
- "email": "distutils-sig@python.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
- "description": "Easily download, build, install, upgrade, and uninstall Python packages",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "f2504966861356aa38616760c0f66568e535562374995367b4e69c7143cf6bcd"
- }
- ],
- "externalReferences": [
- {
- "url": "https://pypi.org/project/setuptools/75.3.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://github.com/pypa/setuptools",
- "type": "vcs"
- },
- {
- "url": "https://setuptools.pypa.io/",
- "type": "documentation"
- },
- {
- "url": "https://setuptools.pypa.io/en/stable/history.html",
- "type": "log"
- }
- ],
- "purl": "pkg:pypi/setuptools@75.3.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-10-29T10:23:24Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "73-xmlschema",
- "name": "xmlschema",
- "version": "3.4.3",
- "supplier": {
- "name": "Davide Brunato",
- "contact": [
- {
- "email": "brunato@sissa.it"
- }
- ]
- },
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
- "description": "An XML Schema validator and decoder",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/sissaschool/xmlschema",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/xmlschema/3.4.3/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/xmlschema@3.4.3",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-10-31T09:47:12Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "74-elementpath",
- "name": "elementpath",
- "version": "4.7.0",
- "supplier": {
- "name": "Davide Brunato",
- "contact": [
- {
- "email": "brunato@sissa.it"
- }
- ]
- },
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.7.0:*:*:*:*:*:*:*",
- "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "607804a1b4250ac448c1e2bfaec4ee1c980b0a07cfdb0d9057b57102038ed480"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/sissaschool/elementpath",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/elementpath/4.7.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/elementpath@4.7.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-12-20T13:58:04Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "75-importlib-metadata",
- "name": "importlib-metadata",
- "version": "8.5.0",
- "supplier": {
- "name": "Jason R .",
- "contact": [
- {
- "email": "jaraco@jaraco.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*",
- "description": "Read metadata from Python packages",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b"
- }
- ],
- "externalReferences": [
- {
- "url": "https://pypi.org/project/importlib-metadata/8.5.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://github.com/python/importlib_metadata",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/importlib-metadata@8.5.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-09-11T14:56:07Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "76-toml",
- "name": "toml",
- "version": "0.10.2",
- "supplier": {
- "name": "William Pearson",
- "contact": [
- {
- "email": "uiri@xqz.ca"
- }
- ]
- },
- "cpe": "cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*",
- "description": "Python Library for Tom's Obvious, Minimal Language",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/uiri/toml",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/toml/0.10.2/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/toml@0.10.2",
- "properties": [
- {
- "name": "release_date",
- "value": "2020-11-01T01:40:20Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "77-zstandard",
- "name": "zstandard",
- "version": "0.23.0",
- "supplier": {
- "name": "Gregory Szorc",
- "contact": [
- {
- "email": "gregory.szorc@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*",
- "description": "Zstandard bindings for Python",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/indygreg/python-zstandard",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/zstandard/0.23.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/zstandard@0.23.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-07-15T00:13:27Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- }
- ],
- "dependencies": [
- {
- "ref": "CDXRef-DOCUMENT",
- "dependsOn": [
- "1-cve-bin-tool"
- ]
- },
- {
- "ref": "1-cve-bin-tool",
- "dependsOn": [
- "2-aiohttp",
- "13-beautifulsoup4",
- "15-cvss",
- "16-defusedxml",
- "17-distro",
- "18-filetype",
- "19-gsutil",
- "44-jinja2",
- "46-jsonschema",
- "53-lib4sbom",
- "56-lib4vex",
- "63-python-gnupg",
- "58-packageurl-python",
- "64-packaging",
- "65-plotly",
- "54-pyyaml",
- "67-requests",
- "59-rich",
- "71-rpmfile",
- "72-setuptools",
- "69-urllib3",
- "73-xmlschema",
- "48-zipp",
- "75-importlib-metadata",
- "76-toml",
- "47-importlib-resources",
- "77-zstandard"
- ]
- },
- {
- "ref": "2-aiohttp",
- "dependsOn": [
- "3-aiohappyeyeballs",
- "4-aiosignal",
- "6-attrs",
- "5-frozenlist",
- "7-multidict",
- "9-yarl",
- "12-async-timeout"
- ]
- },
- {
- "ref": "4-aiosignal",
- "dependsOn": [
- "5-frozenlist"
- ]
- },
- {
- "ref": "7-multidict",
- "dependsOn": [
- "8-typing-extensions"
- ]
- },
- {
- "ref": "9-yarl",
- "dependsOn": [
- "10-idna",
- "7-multidict",
- "11-propcache"
- ]
- },
- {
- "ref": "13-beautifulsoup4",
- "dependsOn": [
- "14-soupsieve"
- ]
- },
- {
- "ref": "19-gsutil",
- "dependsOn": [
- "20-argcomplete",
- "21-crcmod",
- "22-fasteners",
- "23-gcs-oauth2-boto-plugin",
- "42-google-apitools",
- "30-httplib2",
- "27-google-reauth",
- "43-monotonic",
- "34-pyopenssl",
- "38-retry-decorator",
- "29-six",
- "39-google-auth",
- "41-google-auth-httplib2"
- ]
- },
- {
- "ref": "23-gcs-oauth2-boto-plugin",
- "dependsOn": [
- "24-rsa",
- "26-boto",
- "27-google-reauth",
- "30-httplib2",
- "32-oauth2client",
- "34-pyopenssl",
- "38-retry-decorator",
- "29-six",
- "39-google-auth",
- "41-google-auth-httplib2"
- ]
- },
- {
- "ref": "24-rsa",
- "dependsOn": [
- "25-pyasn1"
- ]
- },
- {
- "ref": "27-google-reauth",
- "dependsOn": [
- "28-pyu2f"
- ]
- },
- {
- "ref": "28-pyu2f",
- "dependsOn": [
- "29-six"
- ]
- },
- {
- "ref": "30-httplib2",
- "dependsOn": [
- "31-pyparsing"
- ]
- },
- {
- "ref": "32-oauth2client",
- "dependsOn": [
- "30-httplib2",
- "25-pyasn1",
- "33-pyasn1-modules",
- "24-rsa",
- "29-six"
- ]
- },
- {
- "ref": "33-pyasn1-modules",
- "dependsOn": [
- "25-pyasn1"
- ]
- },
- {
- "ref": "34-pyopenssl",
- "dependsOn": [
- "35-cryptography"
- ]
- },
- {
- "ref": "35-cryptography",
- "dependsOn": [
- "36-cffi"
- ]
- },
- {
- "ref": "36-cffi",
- "dependsOn": [
- "37-pycparser"
- ]
- },
- {
- "ref": "39-google-auth",
- "dependsOn": [
- "40-cachetools",
- "33-pyasn1-modules",
- "29-six",
- "24-rsa"
- ]
- },
- {
- "ref": "41-google-auth-httplib2",
- "dependsOn": [
- "39-google-auth",
- "30-httplib2"
- ]
- },
- {
- "ref": "42-google-apitools",
- "dependsOn": [
- "30-httplib2",
- "22-fasteners",
- "32-oauth2client",
- "29-six"
- ]
- },
- {
- "ref": "44-jinja2",
- "dependsOn": [
- "45-markupsafe"
- ]
- },
- {
- "ref": "46-jsonschema",
- "dependsOn": [
- "6-attrs",
- "47-importlib-resources",
- "49-jsonschema-specifications",
- "52-pkgutil-resolve-name",
- "50-referencing",
- "51-rpds-py"
- ]
- },
- {
- "ref": "47-importlib-resources",
- "dependsOn": [
- "48-zipp"
- ]
- },
- {
- "ref": "49-jsonschema-specifications",
- "dependsOn": [
- "47-importlib-resources",
- "50-referencing"
- ]
- },
- {
- "ref": "50-referencing",
- "dependsOn": [
- "6-attrs",
- "51-rpds-py"
- ]
- },
- {
- "ref": "53-lib4sbom",
- "dependsOn": [
- "54-pyyaml",
- "55-semantic-version",
- "16-defusedxml"
- ]
- },
- {
- "ref": "56-lib4vex",
- "dependsOn": [
- "53-lib4sbom",
- "57-csaf-tool",
- "58-packageurl-python"
- ]
- },
- {
- "ref": "57-csaf-tool",
- "dependsOn": [
- "58-packageurl-python",
- "59-rich"
- ]
- },
- {
- "ref": "59-rich",
- "dependsOn": [
- "60-markdown-it-py",
- "62-pygments",
- "8-typing-extensions"
- ]
- },
- {
- "ref": "60-markdown-it-py",
- "dependsOn": [
- "61-mdurl"
- ]
- },
- {
- "ref": "65-plotly",
- "dependsOn": [
- "66-tenacity",
- "64-packaging"
- ]
- },
- {
- "ref": "67-requests",
- "dependsOn": [
- "68-charset-normalizer",
- "10-idna",
- "69-urllib3",
- "70-certifi"
- ]
- },
- {
- "ref": "73-xmlschema",
- "dependsOn": [
- "74-elementpath"
- ]
- },
- {
- "ref": "75-importlib-metadata",
- "dependsOn": [
- "48-zipp",
- "8-typing-extensions"
- ]
- },
- {
- "ref": "77-zstandard",
- "dependsOn": [
- "36-cffi"
- ]
- }
- ]
-}
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
deleted file mode 100644
index 2ed9756802..0000000000
--- a/sbom/cve-bin-tool-py3.8.spdx
+++ /dev/null
@@ -1,1695 +0,0 @@
-SPDXVersion: SPDX-2.3
-DataLicense: CC0-1.0
-SPDXID: SPDXRef-DOCUMENT
-DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-baac9a1e-e29c-436b-b0a9-7a43d31a386a
-LicenseListVersion: 3.25
-Creator: Tool: sbom4python-0.12.1
-Created: 2024-12-23T00:36:31Z
-CreatorComment: This document has been automatically generated.
-#####
-
-PackageName: cve-bin-tool
-SPDXID: SPDXRef-1-cve-bin-tool
-PackageVersion: 3.4
-PrimaryPackagePurpose: APPLICATION
-PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
-PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/intel/cve-bin-tool
-PackageChecksum: SHA256: 48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d
-PackageLicenseDeclared: GPL-3.0-or-later
-PackageLicenseConcluded: GPL-3.0-or-later
-PackageCopyrightText: NOASSERTION
-PackageSummary: CVE Binary Checker Tool
-ReleaseDate: 2024-09-17T18:57:44Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*
-#####
-
-PackageName: aiohttp
-SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.10.11
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.11/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageChecksum: SHA256: 5077b1a5f40ffa3ba1f40d537d3bec4383988ee51fbba6b74aa8fb1bc466599e
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Async http client/server framework (asyncio)
-ReleaseDate: 2024-11-13T16:36:38Z
-ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
-ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
-ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI
-ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiohttp
-ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html
-ExternalRef: OTHER other https://docs.aiohttp.org
-ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues
-ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.10.11
-#####
-
-PackageName: aiohappyeyeballs
-SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.4
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageChecksum: SHA256: a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8
-PackageLicenseDeclared: PSF-2.0
-PackageLicenseConcluded: PSF-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Happy Eyeballs for asyncio
-ReleaseDate: 2024-11-30T18:43:39Z
-ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohappyeyeballs/issues
-ExternalRef: OTHER log https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md
-ExternalRef: OTHER documentation https://aiohappyeyeballs.readthedocs.io
-ExternalRef: OTHER vcs https://github.com/aio-libs/aiohappyeyeballs
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*
-#####
-
-PackageName: aiosignal
-SPDXID: SPDXRef-4-aiosignal
-PackageVersion: 1.3.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/aiosignal
-PackageChecksum: SHA256: f8376fb07dd1e86a584e4fcdec80b36b7f81aac666ebc724e2c090300dd83b17
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: aiosignal: a list of registered asynchronous callbacks
-ReleaseDate: 2022-11-08T16:03:57Z
-ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby
-ExternalRef: OTHER build-system https://github.com/aio-libs/aiosignal/actions
-ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal
-ExternalRef: OTHER other https://docs.aiosignal.org
-ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiosignal/issues
-ExternalRef: OTHER vcs https://github.com/aio-libs/aiosignal
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.3.1
-#####
-
-PackageName: frozenlist
-SPDXID: SPDXRef-5-frozenlist
-PackageVersion: 1.5.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/frozenlist
-PackageChecksum: SHA256: 5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A list-like structure which implements collections.abc.MutableSequence
-ReleaseDate: 2024-10-23T09:46:20Z
-ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
-ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
-ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions
-ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
-ExternalRef: OTHER other https://codecov.io/github/aio-libs/frozenlist
-ExternalRef: OTHER log https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog
-ExternalRef: OTHER other https://frozenlist.aio-libs.org
-ExternalRef: OTHER issue-tracker https://github.com/aio-libs/frozenlist/issues
-ExternalRef: OTHER vcs https://github.com/aio-libs/frozenlist
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.5.0
-#####
-
-PackageName: attrs
-SPDXID: SPDXRef-6-attrs
-PackageVersion: 24.3.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
-PackageDownloadLocation: https://pypi.org/project/attrs/24.3.0/#files
-FilesAnalyzed: false
-PackageChecksum: SHA256: ac96cd038792094f438ad1f6ff80837353805ac950cd2aa0e0625ef19850c308
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Classes Without Boilerplate
-ReleaseDate: 2024-12-16T06:59:26Z
-ExternalRef: OTHER documentation https://www.attrs.org/
-ExternalRef: OTHER log https://www.attrs.org/en/stable/changelog.html
-ExternalRef: OTHER vcs https://github.com/python-attrs/attrs
-ExternalRef: OTHER other https://github.com/sponsors/hynek
-ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@24.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.3.0:*:*:*:*:*:*:*
-#####
-
-PackageName: multidict
-SPDXID: SPDXRef-7-multidict
-PackageVersion: 6.1.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/multidict
-PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: multidict implementation
-ReleaseDate: 2024-09-09T23:47:18Z
-ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
-ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
-ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions
-ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
-ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict
-ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/
-ExternalRef: OTHER other https://multidict.aio-libs.org
-ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues
-ExternalRef: OTHER vcs https://github.com/aio-libs/multidict
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/multidict@6.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*
-#####
-
-PackageName: typing-extensions
-SPDXID: SPDXRef-8-typing-extensions
-PackageVersion: 4.12.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/python/typing_extensions
-PackageChecksum: SHA256: 04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Backported and Experimental Type Hints for Python 3.8+
-ReleaseDate: 2024-06-07T18:52:13Z
-ExternalRef: OTHER issue-tracker https://github.com/python/typing_extensions/issues
-ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHANGELOG.md
-ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/
-ExternalRef: OTHER other https://github.com/python/typing/discussions
-ExternalRef: OTHER vcs https://github.com/python/typing_extensions
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.12.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*
-#####
-
-PackageName: yarl
-SPDXID: SPDXRef-9-yarl
-PackageVersion: 1.15.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/yarl
-PackageChecksum: SHA256: e4ee8b8639070ff246ad3649294336b06db37a94bdea0d09ea491603e0be73b8
-PackageLicenseDeclared: Apache-2.0
-PackageLicenseConcluded: Apache-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Yet another URL library
-ReleaseDate: 2024-10-13T18:44:32Z
-ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
-ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
-ExternalRef: OTHER other https://github.com/aio-libs/yarl/actions?query=branch:master
-ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
-ExternalRef: OTHER other https://codecov.io/github/aio-libs/yarl
-ExternalRef: OTHER log https://yarl.aio-libs.org/en/latest/changes/
-ExternalRef: OTHER other https://yarl.aio-libs.org
-ExternalRef: OTHER issue-tracker https://github.com/aio-libs/yarl/issues
-ExternalRef: OTHER vcs https://github.com/aio-libs/yarl
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.15.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*
-#####
-
-PackageName: idna
-SPDXID: SPDXRef-10-idna
-PackageVersion: 3.10
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
-PackageDownloadLocation: https://pypi.org/project/idna/3.10/#files
-FilesAnalyzed: false
-PackageChecksum: SHA256: 946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Internationalized Domain Names in Applications (IDNA)
-ReleaseDate: 2024-09-15T18:07:37Z
-ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst
-ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues
-ExternalRef: OTHER vcs https://github.com/kjd/idna
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/idna@3.10
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*
-#####
-
-PackageName: propcache
-SPDXID: SPDXRef-11-propcache
-PackageVersion: 0.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/propcache
-PackageChecksum: SHA256: c5869b8fd70b81835a6f187c5fdbe67917a04d7e52b6e7cc4e5fe39d55c39d58
-PackageLicenseDeclared: Apache-2.0
-PackageLicenseConcluded: Apache-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Accelerated property cache
-ReleaseDate: 2024-10-07T12:54:02Z
-ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
-ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
-ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master
-ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
-ExternalRef: OTHER other https://codecov.io/github/aio-libs/propcache
-ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/
-ExternalRef: OTHER other https://propcache.readthedocs.io
-ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues
-ExternalRef: OTHER vcs https://github.com/aio-libs/propcache
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/propcache@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*
-#####
-
-PackageName: async-timeout
-SPDXID: SPDXRef-12-async-timeout
-PackageVersion: 5.0.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/async-timeout
-PackageChecksum: SHA256: 39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Timeout context manager for asyncio programs
-ReleaseDate: 2024-11-06T16:41:37Z
-ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby
-ExternalRef: OTHER build-system https://github.com/aio-libs/async-timeout/actions
-ExternalRef: OTHER other https://codecov.io/github/aio-libs/async-timeout
-ExternalRef: OTHER issue-tracker https://github.com/aio-libs/async-timeout/issues
-ExternalRef: OTHER vcs https://github.com/aio-libs/async-timeout
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/async-timeout@5.0.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*
-#####
-
-PackageName: beautifulsoup4
-SPDXID: SPDXRef-13-beautifulsoup4
-PackageVersion: 4.12.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
-PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3/#files
-FilesAnalyzed: false
-PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/
-PackageChecksum: SHA256: b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: MIT
-PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Screen-scraping library
-ReleaseDate: 2024-01-17T16:53:12Z
-ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.12.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*
-#####
-
-PackageName: soupsieve
-SPDXID: SPDXRef-14-soupsieve
-PackageVersion: 2.6
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/facelessuser/soupsieve
-PackageChecksum: SHA256: e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: A modern CSS selector implementation for Beautiful Soup.
-ReleaseDate: 2024-08-13T13:39:10Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
-#####
-
-PackageName: cvss
-SPDXID: SPDXRef-15-cvss
-PackageVersion: 3.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
-PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/RedHatProductSecurity/cvss
-PackageChecksum: SHA256: cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: LGPL-3.0-or-later
-PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
-ReleaseDate: 2024-11-01T10:05:52Z
-ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases
-ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss
-ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues
-ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@3.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
-#####
-
-PackageName: defusedxml
-SPDXID: SPDXRef-16-defusedxml
-PackageVersion: 0.7.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Christian Heimes (christian@python.org)
-PackageDownloadLocation: https://pypi.python.org/pypi/defusedxml
-FilesAnalyzed: false
-PackageHomePage: https://github.com/tiran/defusedxml
-PackageChecksum: SHA256: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: PSF-2.0
-PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: XML bomb protection for Python stdlib modules
-ReleaseDate: 2021-03-08T10:59:24Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/defusedxml@0.7.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*
-#####
-
-PackageName: distro
-SPDXID: SPDXRef-17-distro
-PackageVersion: 1.9.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Nir Cohen (nir36g@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/distro/1.9.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/python-distro/distro
-PackageChecksum: SHA256: 7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Distro - an OS platform information API
-ReleaseDate: 2023-12-24T09:54:30Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/distro@1.9.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*
-#####
-
-PackageName: filetype
-SPDXID: SPDXRef-18-filetype
-PackageVersion: 1.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me)
-PackageDownloadLocation: https://github.com/h2non/filetype.py/tarball/master
-FilesAnalyzed: false
-PackageHomePage: https://github.com/h2non/filetype.py
-PackageChecksum: SHA256: 7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies.
-ReleaseDate: 2022-11-02T17:34:01Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/filetype@1.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:*
-#####
-
-PackageName: gsutil
-SPDXID: SPDXRef-19-gsutil
-PackageVersion: 5.33
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install
-FilesAnalyzed: false
-PackageHomePage: https://cloud.google.com/storage/docs/gsutil
-PackageChecksum: SHA256: 26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A command line tool for interacting with cloud storage services.
-ReleaseDate: 2024-12-11T09:40:59Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.33
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*
-#####
-
-PackageName: argcomplete
-SPDXID: SPDXRef-20-argcomplete
-PackageVersion: 3.5.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/kislyuk/argcomplete
-PackageChecksum: SHA256: 036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Bash tab completion for argparse
-ReleaseDate: 2024-12-06T18:24:27Z
-ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete
-ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete
-ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues
-ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.5.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*
-#####
-
-PackageName: crcmod
-SPDXID: SPDXRef-21-crcmod
-PackageVersion: 1.7
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com)
-PackageDownloadLocation: http://sourceforge.net/projects/crcmod
-FilesAnalyzed: false
-PackageHomePage: http://crcmod.sourceforge.net/
-PackageChecksum: SHA256: dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: CRC Generator
-ReleaseDate: 2010-06-27T14:35:29Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/crcmod@1.7
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
-#####
-
-PackageName: fasteners
-SPDXID: SPDXRef-22-fasteners
-PackageVersion: 0.19
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Joshua Harlow
-PackageDownloadLocation: https://pypi.org/project/fasteners/0.19/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/harlowja/fasteners
-PackageChecksum: SHA256: 758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237
-PackageLicenseDeclared: Apache-2.0
-PackageLicenseConcluded: Apache-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: A python package that provides useful locks
-ReleaseDate: 2023-09-19T17:11:18Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.19
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*
-#####
-
-PackageName: gcs-oauth2-boto-plugin
-SPDXID: SPDXRef-23-gcs-oauth2-boto-plugin
-PackageVersion: 3.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google Inc. (gs-team@google.com)
-PackageDownloadLocation: https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin
-FilesAnalyzed: false
-PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary
-PackageChecksum: SHA256: a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.
-ReleaseDate: 2024-05-02T14:37:31Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*
-#####
-
-PackageName: rsa
-SPDXID: SPDXRef-24-rsa
-PackageVersion: 4.7.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
-PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files
-FilesAnalyzed: false
-PackageHomePage: https://stuvel.eu/rsa
-PackageChecksum: SHA256: 78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python RSA implementation
-ReleaseDate: 2021-02-24T10:55:03Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rsa@4.7.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
-#####
-
-PackageName: pyasn1
-SPDXID: SPDXRef-25-pyasn1
-PackageVersion: 0.6.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/pyasn1/pyasn1
-PackageChecksum: SHA256: 6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034
-PackageLicenseDeclared: BSD-2-Clause
-PackageLicenseConcluded: BSD-2-Clause
-PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
-ReleaseDate: 2024-09-10T22:41:42Z
-ExternalRef: OTHER documentation https://pyasn1.readthedocs.io
-ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1
-ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1/issues
-ExternalRef: OTHER log https://pyasn1.readthedocs.io/en/latest/changelog.html
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.6.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*
-#####
-
-PackageName: boto
-SPDXID: SPDXRef-26-boto
-PackageVersion: 2.49.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
-PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/boto/boto/
-PackageChecksum: SHA256: 147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Amazon Web Services Library
-ReleaseDate: 2018-07-11T20:58:55Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/boto@2.49.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
-#####
-
-PackageName: google-reauth
-SPDXID: SPDXRef-27-google-reauth
-PackageVersion: 0.1.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google (googleapis-publisher@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/Google/google-reauth-python
-PackageChecksum: SHA256: cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Reauth Library
-ReleaseDate: 2020-12-01T17:35:45Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-reauth@0.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pyu2f
-SPDXID: SPDXRef-28-pyu2f
-PackageVersion: 0.1.5
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/google/pyu2f/
-PackageChecksum: SHA256: a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: U2F host library for interacting with a U2F device over USB.
-ReleaseDate: 2020-10-30T20:03:07Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyu2f@0.1.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
-#####
-
-PackageName: six
-SPDXID: SPDXRef-29-six
-PackageVersion: 1.17.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Benjamin Peterson (benjamin@python.org)
-PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/benjaminp/six
-PackageChecksum: SHA256: 4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python 2 and 3 compatibility utilities
-ReleaseDate: 2024-12-04T17:35:26Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/six@1.17.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*
-#####
-
-PackageName: httplib2
-SPDXID: SPDXRef-30-httplib2
-PackageVersion: 0.20.4
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Joe Gregorio (joe@bitworking.org)
-PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/httplib2/httplib2
-PackageChecksum: SHA256: 8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: A comprehensive HTTP client library.
-ReleaseDate: 2022-02-03T00:00:29Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/httplib2@0.20.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*
-#####
-
-PackageName: pyparsing
-SPDXID: SPDXRef-31-pyparsing
-PackageVersion: 3.1.4
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.4/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/pyparsing/pyparsing/
-PackageChecksum: SHA256: a6a7ee4235a3f944aa1fa2249307708f893fe5717dc603503c6c7969c070fb7c
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
-ReleaseDate: 2024-08-25T15:00:45Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:*:*:*
-#####
-
-PackageName: oauth2client
-SPDXID: SPDXRef-32-oauth2client
-PackageVersion: 4.1.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com)
-PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3/#files
-FilesAnalyzed: false
-PackageHomePage: http://github.com/google/oauth2client/
-PackageChecksum: SHA256: b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: OAuth 2.0 client library
-ReleaseDate: 2018-09-07T21:38:16Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/oauth2client@4.1.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*
-#####
-
-PackageName: pyasn1-modules
-SPDXID: SPDXRef-33-pyasn1-modules
-PackageVersion: 0.4.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/pyasn1/pyasn1-modules
-PackageChecksum: SHA256: c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A collection of ASN.1-based protocols modules
-ReleaseDate: 2024-09-10T22:42:08Z
-ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1-modules
-ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1-modules/issues
-ExternalRef: OTHER log https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1-modules@0.4.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pyopenssl
-SPDXID: SPDXRef-34-pyopenssl
-PackageVersion: 24.2.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://pyopenssl.org/
-PackageChecksum: SHA256: 967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python wrapper module around the OpenSSL library
-ReleaseDate: 2024-07-20T17:26:29Z
-ExternalRef: OTHER vcs https://github.com/pyca/pyopenssl
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@24.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
-#####
-
-PackageName: cryptography
-SPDXID: SPDXRef-35-cryptography
-PackageVersion: 43.0.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/pyca/cryptography
-PackageChecksum: SHA256: bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e
-PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
-PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
-PackageCopyrightText: NOASSERTION
-PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ReleaseDate: 2024-10-18T15:57:36Z
-ExternalRef: OTHER documentation https://cryptography.io/
-ExternalRef: OTHER vcs https://github.com/pyca/cryptography/
-ExternalRef: OTHER issue-tracker https://github.com/pyca/cryptography/issues
-ExternalRef: OTHER log https://cryptography.io/en/latest/changelog/
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@43.0.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
-#####
-
-PackageName: cffi
-SPDXID: SPDXRef-36-cffi
-PackageVersion: 1.17.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com)
-PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files
-FilesAnalyzed: false
-PackageHomePage: http://cffi.readthedocs.org
-PackageChecksum: SHA256: df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Foreign Function Interface for Python calling C code.
-ReleaseDate: 2024-09-04T20:43:30Z
-ExternalRef: OTHER documentation http://cffi.readthedocs.org/
-ExternalRef: OTHER vcs https://github.com/python-cffi/cffi
-ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues
-ExternalRef: OTHER log https://cffi.readthedocs.io/en/latest/whatsnew.html
-ExternalRef: OTHER other https://github.com/python-cffi/cffi/releases
-ExternalRef: OTHER other https://groups.google.com/forum/#!forum/python-cffi
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@1.17.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pycparser
-SPDXID: SPDXRef-37-pycparser
-PackageVersion: 2.22
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pycparser/2.22/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/eliben/pycparser
-PackageChecksum: SHA256: c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
-PackageLicenseDeclared: BSD-3-Clause
-PackageLicenseConcluded: BSD-3-Clause
-PackageCopyrightText: NOASSERTION
-PackageSummary: C parser in Python
-ReleaseDate: 2024-03-30T13:22:20Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pycparser@2.22
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*
-#####
-
-PackageName: retry-decorator
-SPDXID: SPDXRef-38-retry-decorator
-PackageVersion: 1.1.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/pnpnpn/retry-decorator
-PackageChecksum: SHA256: e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Retry Decorator
-ReleaseDate: 2020-03-10T23:56:29Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/retry-decorator@1.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*
-#####
-
-PackageName: google-auth
-SPDXID: SPDXRef-39-google-auth
-PackageVersion: 2.17.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/googleapis/google-auth-library-python
-PackageChecksum: SHA256: 45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library
-ReleaseDate: 2023-03-28T19:51:30Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.17.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*
-#####
-
-PackageName: cachetools
-SPDXID: SPDXRef-40-cachetools
-PackageVersion: 5.5.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/tkem/cachetools/
-PackageChecksum: SHA256: 02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Extensible memoizing collections and decorators
-ReleaseDate: 2024-08-18T20:28:43Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
-#####
-
-PackageName: google-auth-httplib2
-SPDXID: SPDXRef-41-google-auth-httplib2
-PackageVersion: 0.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2
-PackageChecksum: SHA256: b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library: httplib2 transport
-ReleaseDate: 2023-12-12T17:40:13Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
-#####
-
-PackageName: google-apitools
-SPDXID: SPDXRef-42-google-apitools
-PackageVersion: 0.5.32
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Craig Citro (craigcitro@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files
-FilesAnalyzed: false
-PackageHomePage: http://github.com/google/apitools
-PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: client libraries for humans
-ReleaseDate: 2021-05-05T22:12:58Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-apitools@0.5.32
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
-#####
-
-PackageName: monotonic
-SPDXID: SPDXRef-43-monotonic
-PackageVersion: 1.6
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ori Livneh (ori@wikimedia.org)
-PackageDownloadLocation: https://pypi.org/project/monotonic/1.6/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/atdt/monotonic
-PackageChecksum: SHA256: 68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3
-ReleaseDate: 2021-04-09T21:58:05Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/monotonic@1.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
-#####
-
-PackageName: jinja2
-SPDXID: SPDXRef-44-jinja2
-PackageVersion: 3.1.5
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.5/#files
-FilesAnalyzed: false
-PackageChecksum: SHA256: aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: A very fast and expressive template engine.
-ReleaseDate: 2024-12-21T18:30:19Z
-ExternalRef: OTHER log https://jinja.palletsprojects.com/changes/
-ExternalRef: OTHER chat https://discord.gg/pallets
-ExternalRef: OTHER documentation https://jinja.palletsprojects.com/
-ExternalRef: OTHER other https://palletsprojects.com/donate
-ExternalRef: OTHER vcs https://github.com/pallets/jinja/
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.1.5
-#####
-
-PackageName: markupsafe
-SPDXID: SPDXRef-45-markupsafe
-PackageVersion: 2.1.5
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/markupsafe/2.1.5/#files
-FilesAnalyzed: false
-PackageHomePage: https://palletsprojects.com/p/markupsafe/
-PackageChecksum: SHA256: a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc
-PackageLicenseDeclared: BSD-3-Clause
-PackageLicenseConcluded: BSD-3-Clause
-PackageCopyrightText: NOASSERTION
-PackageSummary: Safely add untrusted strings to HTML/XML markup.
-ReleaseDate: 2024-02-02T16:30:04Z
-ExternalRef: OTHER other https://palletsprojects.com/donate
-ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/
-ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/
-ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/
-ExternalRef: OTHER issue-tracker https://github.com/pallets/markupsafe/issues/
-ExternalRef: OTHER chat https://discord.gg/pallets
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.5
-#####
-
-PackageName: jsonschema
-SPDXID: SPDXRef-46-jsonschema
-PackageVersion: 4.23.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/python-jsonschema/jsonschema
-PackageChecksum: SHA256: fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: An implementation of JSON Schema validation for Python
-ReleaseDate: 2024-07-08T18:40:00Z
-ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/
-ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/
-ExternalRef: OTHER other https://github.com/sponsors/Julian
-ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link
-ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst
-ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.23.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*
-#####
-
-PackageName: importlib-resources
-SPDXID: SPDXRef-47-importlib-resources
-PackageVersion: 6.4.5
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Barry Warsaw (barry@python.org)
-PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.4.5/#files
-FilesAnalyzed: false
-PackageChecksum: SHA256: ac29d5f956f01d5e4bb63102a5a19957f1b9175e45649977264a1416783bb717
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Read resources from Python packages
-ReleaseDate: 2024-09-09T17:03:13Z
-ExternalRef: OTHER vcs https://github.com/python/importlib_resources
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-resources@6.4.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*
-#####
-
-PackageName: zipp
-SPDXID: SPDXRef-48-zipp
-PackageVersion: 3.20.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files
-FilesAnalyzed: false
-PackageChecksum: SHA256: a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ReleaseDate: 2024-09-13T13:44:14Z
-ExternalRef: OTHER vcs https://github.com/jaraco/zipp
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.20.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*
-#####
-
-PackageName: jsonschema-specifications
-SPDXID: SPDXRef-49-jsonschema-specifications
-PackageVersion: 2023.12.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.12.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications
-PackageChecksum: SHA256: 87e4fdf3a94858b8a2ba2778d9ba57d8a9cafca7c7489c46ba0d30a8bc6a9c3c
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry
-ReleaseDate: 2023-12-25T15:16:51Z
-ExternalRef: OTHER documentation https://jsonschema-specifications.readthedocs.io/
-ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema-specifications/issues/
-ExternalRef: OTHER other https://github.com/sponsors/Julian
-ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link
-ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*
-#####
-
-PackageName: referencing
-SPDXID: SPDXRef-50-referencing
-PackageVersion: 0.35.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/python-jsonschema/referencing
-PackageChecksum: SHA256: eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: JSON Referencing + Python
-ReleaseDate: 2024-05-01T20:26:02Z
-ExternalRef: OTHER documentation https://referencing.readthedocs.io/
-ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/
-ExternalRef: OTHER other https://github.com/sponsors/Julian
-ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link
-ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/
-ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.35.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*
-#####
-
-PackageName: rpds-py
-SPDXID: SPDXRef-51-rpds-py
-PackageVersion: 0.20.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA256: a649dfd735fff086e8a9d0503a9f0c7d01b7912a333c7ae77e1515c08c146dad
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ReleaseDate: 2024-10-31T14:26:20Z
-ExternalRef: OTHER documentation https://rpds.readthedocs.io/
-ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/
-ExternalRef: OTHER other https://github.com/sponsors/Julian
-ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link
-ExternalRef: OTHER vcs https://github.com/crate-py/rpds
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.20.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pkgutil-resolve-name
-SPDXID: SPDXRef-52-pkgutil-resolve-name
-PackageVersion: 1.3.10
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
-PackageDownloadLocation: https://pypi.org/project/pkgutil-resolve-name/1.3.10/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/graingert/pkgutil-resolve-name
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Resolve a name to an object.
-ReleaseDate: 2024-10-31T14:26:20Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pkgutil-resolve-name@1.3.10
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.10:*:*:*:*:*:*:*
-#####
-
-PackageName: lib4sbom
-SPDXID: SPDXRef-53-lib4sbom
-PackageVersion: 0.8.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/anthonyharrison/lib4sbom
-PackageChecksum: SHA256: 7fba7451760c49738911b344fef96a3a274baaef6d34ab61e89284c506f0a343
-PackageLicenseDeclared: Apache-2.0
-PackageLicenseConcluded: Apache-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ReleaseDate: 2024-12-18T21:54:27Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.8.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pyyaml
-SPDXID: SPDXRef-54-pyyaml
-PackageVersion: 6.0.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
-PackageDownloadLocation: https://pypi.org/project/PyYAML/
-FilesAnalyzed: false
-PackageHomePage: https://pyyaml.org/
-PackageChecksum: SHA256: 0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: YAML parser and emitter for Python
-ReleaseDate: 2024-08-06T20:31:40Z
-ExternalRef: OTHER issue-tracker https://github.com/yaml/pyyaml/issues
-ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions
-ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation
-ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core
-ExternalRef: OTHER vcs https://github.com/yaml/pyyaml
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*
-#####
-
-PackageName: semantic-version
-SPDXID: SPDXRef-55-semantic-version
-PackageVersion: 2.10.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org)
-PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/rbarrois/python-semanticversion
-PackageChecksum: SHA256: de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A library implementing the 'SemVer' scheme.
-ReleaseDate: 2022-05-26T13:35:21Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/semantic-version@2.10.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*
-#####
-
-PackageName: lib4vex
-SPDXID: SPDXRef-56-lib4vex
-PackageVersion: 0.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/anthonyharrison/lib4vex
-PackageChecksum: SHA256: bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce
-PackageLicenseDeclared: Apache-2.0
-PackageLicenseConcluded: Apache-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: VEX generator and consumer library
-ReleaseDate: 2024-08-29T20:36:52Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4vex@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*
-#####
-
-PackageName: csaf-tool
-SPDXID: SPDXRef-57-csaf-tool
-PackageVersion: 0.3.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/anthonyharrison/csaf
-PackageChecksum: SHA256: 7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: CSAF generator and analyser
-ReleaseDate: 2024-06-12T20:10:06Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/csaf-tool@0.3.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:*
-#####
-
-PackageName: packageurl-python
-SPDXID: SPDXRef-58-packageurl-python
-PackageVersion: 0.16.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/package-url/packageurl-python
-PackageChecksum: SHA256: 5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: A purl aka. Package URL parser and builder
-ReleaseDate: 2024-10-22T05:51:23Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.16.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*
-#####
-
-PackageName: rich
-SPDXID: SPDXRef-59-rich
-PackageVersion: 13.9.4
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/Textualize/rich
-PackageChecksum: SHA256: 6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ReleaseDate: 2024-11-01T16:43:55Z
-ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.9.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
-#####
-
-PackageName: markdown-it-py
-SPDXID: SPDXRef-60-markdown-it-py
-PackageVersion: 3.0.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
-PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/executablebooks/markdown-it-py
-PackageChecksum: SHA256: 355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python port of markdown-it. Markdown parsing, done right!
-ReleaseDate: 2023-06-03T06:41:11Z
-ExternalRef: OTHER documentation https://markdown-it-py.readthedocs.io
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markdown-it-py@3.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*
-#####
-
-PackageName: mdurl
-SPDXID: SPDXRef-61-mdurl
-PackageVersion: 0.1.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
-PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/executablebooks/mdurl
-PackageChecksum: SHA256: 84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Markdown URL utilities
-ReleaseDate: 2022-08-14T12:40:09Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/mdurl@0.1.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*
-#####
-
-PackageName: pygments
-SPDXID: SPDXRef-62-pygments
-PackageVersion: 2.18.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Georg Brandl (georg@python.org)
-PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://pygments.org
-PackageChecksum: SHA256: b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a
-PackageLicenseDeclared: BSD-2-Clause
-PackageLicenseConcluded: BSD-2-Clause
-PackageCopyrightText: NOASSERTION
-PackageSummary: Pygments is a syntax highlighting package written in Python.
-ReleaseDate: 2024-05-04T13:41:57Z
-ExternalRef: OTHER documentation https://pygments.org/docs
-ExternalRef: OTHER vcs https://github.com/pygments/pygments
-ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues
-ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.18.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*
-#####
-
-PackageName: python-gnupg
-SPDXID: SPDXRef-63-python-gnupg
-PackageVersion: 0.5.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
-PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/vsajip/python-gnupg
-PackageChecksum: SHA256: 2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
-ReleaseDate: 2024-09-20T16:43:47Z
-ExternalRef: OTHER documentation https://gnupg.readthedocs.io/
-ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg
-ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
-#####
-
-PackageName: packaging
-SPDXID: SPDXRef-64-packaging
-PackageVersion: 24.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Donald Stufft (donald@stufft.io)
-PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
-FilesAnalyzed: false
-PackageChecksum: SHA256: 09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Core utilities for Python packages
-ReleaseDate: 2024-11-08T09:47:44Z
-ExternalRef: OTHER documentation https://packaging.pypa.io/
-ExternalRef: OTHER vcs https://github.com/pypa/packaging
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packaging@24.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
-#####
-
-PackageName: plotly
-SPDXID: SPDXRef-65-plotly
-PackageVersion: 5.24.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/5.24.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://plotly.com/python/
-PackageChecksum: SHA256: f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: An open-source, interactive data visualization library for Python
-ReleaseDate: 2024-09-12T15:36:24Z
-ExternalRef: OTHER documentation https://plotly.com/python/
-ExternalRef: OTHER vcs https://github.com/plotly/plotly.py
-ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.24.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*
-#####
-
-PackageName: tenacity
-SPDXID: SPDXRef-66-tenacity
-PackageVersion: 9.0.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Julien Danjou (julien@danjou.info)
-PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/jd/tenacity
-PackageChecksum: SHA256: 93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Retry code until it succeeds
-ReleaseDate: 2024-07-29T12:12:25Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@9.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*
-#####
-
-PackageName: requests
-SPDXID: SPDXRef-67-requests
-PackageVersion: 2.32.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
-PackageDownloadLocation: https://pypi.org/project/requests/2.32.3/#files
-FilesAnalyzed: false
-PackageHomePage: https://requests.readthedocs.io
-PackageChecksum: SHA256: 70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
-PackageLicenseDeclared: Apache-2.0
-PackageLicenseConcluded: Apache-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python HTTP for Humans.
-ReleaseDate: 2024-05-29T15:37:47Z
-ExternalRef: OTHER documentation https://requests.readthedocs.io
-ExternalRef: OTHER vcs https://github.com/psf/requests
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.32.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:*
-#####
-
-PackageName: charset-normalizer
-SPDXID: SPDXRef-68-charset-normalizer
-PackageVersion: 3.4.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me)
-PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/Ousret/charset_normalizer
-PackageChecksum: SHA256: 4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
-ReleaseDate: 2024-10-09T07:38:02Z
-ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues
-ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*
-#####
-
-PackageName: urllib3
-SPDXID: SPDXRef-69-urllib3
-PackageVersion: 2.2.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
-PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files
-FilesAnalyzed: false
-PackageChecksum: SHA256: ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
-ReleaseDate: 2024-09-12T10:52:16Z
-ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst
-ExternalRef: OTHER documentation https://urllib3.readthedocs.io
-ExternalRef: OTHER vcs https://github.com/urllib3/urllib3
-ExternalRef: OTHER issue-tracker https://github.com/urllib3/urllib3/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@2.2.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*
-#####
-
-PackageName: certifi
-SPDXID: SPDXRef-70-certifi
-PackageVersion: 2024.12.14
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2024.12.14/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/certifi/python-certifi
-PackageChecksum: SHA256: 1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56
-PackageLicenseDeclared: MPL-2.0
-PackageLicenseConcluded: MPL-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python package for providing Mozilla's CA Bundle.
-ReleaseDate: 2024-12-14T13:52:36Z
-ExternalRef: OTHER vcs https://github.com/certifi/python-certifi
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2024.12.14
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*
-#####
-
-PackageName: rpmfile
-SPDXID: SPDXRef-71-rpmfile
-PackageVersion: 2.1.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Sean Ross (srossross@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rpmfile/2.1.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/srossross/rpmfile
-PackageChecksum: SHA256: 9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Read rpm archive files
-ReleaseDate: 2024-07-24T21:57:45Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@2.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
-#####
-
-PackageName: setuptools
-SPDXID: SPDXRef-72-setuptools
-PackageVersion: 75.3.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
-FilesAnalyzed: false
-PackageChecksum: SHA256: f2504966861356aa38616760c0f66568e535562374995367b4e69c7143cf6bcd
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ReleaseDate: 2024-10-29T10:23:24Z
-ExternalRef: OTHER vcs https://github.com/pypa/setuptools
-ExternalRef: OTHER documentation https://setuptools.pypa.io/
-ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@75.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
-#####
-
-PackageName: xmlschema
-SPDXID: SPDXRef-73-xmlschema
-PackageVersion: 3.4.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/sissaschool/xmlschema
-PackageChecksum: SHA256: eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: An XML Schema validator and decoder
-ReleaseDate: 2024-10-31T09:47:12Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.4.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
-#####
-
-PackageName: elementpath
-SPDXID: SPDXRef-74-elementpath
-PackageVersion: 4.7.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.7.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/sissaschool/elementpath
-PackageChecksum: SHA256: 607804a1b4250ac448c1e2bfaec4ee1c980b0a07cfdb0d9057b57102038ed480
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ReleaseDate: 2024-12-20T13:58:04Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.7.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.7.0:*:*:*:*:*:*:*
-#####
-
-PackageName: importlib-metadata
-SPDXID: SPDXRef-75-importlib-metadata
-PackageVersion: 8.5.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files
-FilesAnalyzed: false
-PackageChecksum: SHA256: 45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Read metadata from Python packages
-ReleaseDate: 2024-09-11T14:56:07Z
-ExternalRef: OTHER vcs https://github.com/python/importlib_metadata
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-metadata@8.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*
-#####
-
-PackageName: toml
-SPDXID: SPDXRef-76-toml
-PackageVersion: 0.10.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: William Pearson (uiri@xqz.ca)
-PackageDownloadLocation: https://pypi.org/project/toml/0.10.2/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/uiri/toml
-PackageChecksum: SHA256: 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python Library for Tom's Obvious, Minimal Language
-ReleaseDate: 2020-11-01T01:40:20Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/toml@0.10.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*
-#####
-
-PackageName: zstandard
-SPDXID: SPDXRef-77-zstandard
-PackageVersion: 0.23.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/zstandard/0.23.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/indygreg/python-zstandard
-PackageChecksum: SHA256: bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Zstandard bindings for Python
-ReleaseDate: 2024-07-15T00:13:27Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.23.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*
-#####
-
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-beautifulsoup4
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-cvss
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-defusedxml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-distro
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-filetype
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-gsutil
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-jinja2
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-jsonschema
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-47-importlib-resources
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-zipp
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-53-lib4sbom
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-pyyaml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-56-lib4vex
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-58-packageurl-python
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-59-rich
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-python-gnupg
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-packaging
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-plotly
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-requests
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-69-urllib3
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-rpmfile
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-setuptools
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-xmlschema
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-75-importlib-metadata
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-76-toml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-77-zstandard
-Relationship: SPDXRef-13-beautifulsoup4 DEPENDS_ON SPDXRef-14-soupsieve
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-20-argcomplete
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-21-crcmod
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-22-fasteners
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-23-gcs-oauth2-boto-plugin
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-27-google-reauth
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-29-six
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-30-httplib2
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-34-pyopenssl
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-38-retry-decorator
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-39-google-auth
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-41-google-auth-httplib2
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-42-google-apitools
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-43-monotonic
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-12-async-timeout
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-multidict
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-9-yarl
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-24-rsa
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-26-boto
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-google-reauth
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-six
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-httplib2
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-oauth2client
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-pyopenssl
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-38-retry-decorator
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-39-google-auth
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-google-auth-httplib2
-Relationship: SPDXRef-24-rsa DEPENDS_ON SPDXRef-25-pyasn1
-Relationship: SPDXRef-27-google-reauth DEPENDS_ON SPDXRef-28-pyu2f
-Relationship: SPDXRef-28-pyu2f DEPENDS_ON SPDXRef-29-six
-Relationship: SPDXRef-30-httplib2 DEPENDS_ON SPDXRef-31-pyparsing
-Relationship: SPDXRef-32-oauth2client DEPENDS_ON SPDXRef-24-rsa
-Relationship: SPDXRef-32-oauth2client DEPENDS_ON SPDXRef-25-pyasn1
-Relationship: SPDXRef-32-oauth2client DEPENDS_ON SPDXRef-29-six
-Relationship: SPDXRef-32-oauth2client DEPENDS_ON SPDXRef-30-httplib2
-Relationship: SPDXRef-32-oauth2client DEPENDS_ON SPDXRef-33-pyasn1-modules
-Relationship: SPDXRef-33-pyasn1-modules DEPENDS_ON SPDXRef-25-pyasn1
-Relationship: SPDXRef-34-pyopenssl DEPENDS_ON SPDXRef-35-cryptography
-Relationship: SPDXRef-35-cryptography DEPENDS_ON SPDXRef-36-cffi
-Relationship: SPDXRef-36-cffi DEPENDS_ON SPDXRef-37-pycparser
-Relationship: SPDXRef-39-google-auth DEPENDS_ON SPDXRef-24-rsa
-Relationship: SPDXRef-39-google-auth DEPENDS_ON SPDXRef-29-six
-Relationship: SPDXRef-39-google-auth DEPENDS_ON SPDXRef-33-pyasn1-modules
-Relationship: SPDXRef-39-google-auth DEPENDS_ON SPDXRef-40-cachetools
-Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist
-Relationship: SPDXRef-41-google-auth-httplib2 DEPENDS_ON SPDXRef-30-httplib2
-Relationship: SPDXRef-41-google-auth-httplib2 DEPENDS_ON SPDXRef-39-google-auth
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-22-fasteners
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-29-six
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-30-httplib2
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-32-oauth2client
-Relationship: SPDXRef-44-jinja2 DEPENDS_ON SPDXRef-45-markupsafe
-Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-47-importlib-resources
-Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-49-jsonschema-specifications
-Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-50-referencing
-Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-51-rpds-py
-Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-52-pkgutil-resolve-name
-Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-6-attrs
-Relationship: SPDXRef-47-importlib-resources DEPENDS_ON SPDXRef-48-zipp
-Relationship: SPDXRef-49-jsonschema-specifications DEPENDS_ON SPDXRef-47-importlib-resources
-Relationship: SPDXRef-49-jsonschema-specifications DEPENDS_ON SPDXRef-50-referencing
-Relationship: SPDXRef-50-referencing DEPENDS_ON SPDXRef-51-rpds-py
-Relationship: SPDXRef-50-referencing DEPENDS_ON SPDXRef-6-attrs
-Relationship: SPDXRef-53-lib4sbom DEPENDS_ON SPDXRef-16-defusedxml
-Relationship: SPDXRef-53-lib4sbom DEPENDS_ON SPDXRef-54-pyyaml
-Relationship: SPDXRef-53-lib4sbom DEPENDS_ON SPDXRef-55-semantic-version
-Relationship: SPDXRef-56-lib4vex DEPENDS_ON SPDXRef-53-lib4sbom
-Relationship: SPDXRef-56-lib4vex DEPENDS_ON SPDXRef-57-csaf-tool
-Relationship: SPDXRef-56-lib4vex DEPENDS_ON SPDXRef-58-packageurl-python
-Relationship: SPDXRef-57-csaf-tool DEPENDS_ON SPDXRef-58-packageurl-python
-Relationship: SPDXRef-57-csaf-tool DEPENDS_ON SPDXRef-59-rich
-Relationship: SPDXRef-59-rich DEPENDS_ON SPDXRef-60-markdown-it-py
-Relationship: SPDXRef-59-rich DEPENDS_ON SPDXRef-62-pygments
-Relationship: SPDXRef-59-rich DEPENDS_ON SPDXRef-8-typing-extensions
-Relationship: SPDXRef-60-markdown-it-py DEPENDS_ON SPDXRef-61-mdurl
-Relationship: SPDXRef-65-plotly DEPENDS_ON SPDXRef-64-packaging
-Relationship: SPDXRef-65-plotly DEPENDS_ON SPDXRef-66-tenacity
-Relationship: SPDXRef-67-requests DEPENDS_ON SPDXRef-10-idna
-Relationship: SPDXRef-67-requests DEPENDS_ON SPDXRef-68-charset-normalizer
-Relationship: SPDXRef-67-requests DEPENDS_ON SPDXRef-69-urllib3
-Relationship: SPDXRef-67-requests DEPENDS_ON SPDXRef-70-certifi
-Relationship: SPDXRef-7-multidict DEPENDS_ON SPDXRef-8-typing-extensions
-Relationship: SPDXRef-73-xmlschema DEPENDS_ON SPDXRef-74-elementpath
-Relationship: SPDXRef-75-importlib-metadata DEPENDS_ON SPDXRef-48-zipp
-Relationship: SPDXRef-75-importlib-metadata DEPENDS_ON SPDXRef-8-typing-extensions
-Relationship: SPDXRef-77-zstandard DEPENDS_ON SPDXRef-36-cffi
-Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-10-idna
-Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-11-propcache
-Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-7-multidict
-Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool
diff --git a/test/README.md b/test/README.md
index d04a607a4a..c1bafca412 100644
--- a/test/README.md
+++ b/test/README.md
@@ -74,14 +74,14 @@ The recommended way to do this yourself is to use python's `virtualenv`
You can set up virtualenv for all these environments:
```console
-virtualenv -p python3.8 venv3.8
-virtualenv -p python3.9 venv3.9
+virtualenv -p python3.11 venv3.11
+virtualenv -p python3.12 venv3.12
```
-To activate one of these (the example uses 3.8), run the tests, and deactivate:
+To activate one of these (the example uses 3.12), run the tests, and deactivate:
```console
-source venv3.8/bin/activate
+source venv3.12/bin/activate
pytest
deactivate
diff --git a/test/language_data/requirements.txt b/test/language_data/requirements.txt
index 1d4aa9a090..27a8edff20 100644
--- a/test/language_data/requirements.txt
+++ b/test/language_data/requirements.txt
@@ -11,9 +11,8 @@ zstandard; python_version >= "3.4"
distro
defusedxml
xmlschema
-importlib_metadata; python_version < "3.8"
requests
-urllib3>=1.26.5 # dependency of requests added explictly to avoid CVEs
+urllib3>=1.26.5 # dependency of requests added explicitly to avoid CVEs
gsutil
cvss
packaging
diff --git a/test/test_extractor.py b/test/test_extractor.py
index 8b72cf791f..968555dc2f 100644
--- a/test/test_extractor.py
+++ b/test/test_extractor.py
@@ -322,8 +322,7 @@ def extension_list(self) -> list[str]:
@pytest.mark.asyncio
@pytest.mark.skipif(
- sys.version_info.major == 3 and (sys.version_info.minor in (7, 11)),
- reason="py3.7 and py3.11 fail sometimes",
+ sys.version_info[:2] == (3, 11), reason="py3.11 fails sometimes"
)
@pytest.mark.skipif(
sys.platform == "win32", reason="windows zst support incomplete"