From 3133138e289bf0049244f768ac88a392e7e26d63 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 18:41:50 +0000 Subject: [PATCH] chore: update SBOM for Python 3.12 (#4570) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.12.json | 269 +++++++++++++++++++++++++++------- sbom/cve-bin-tool-py3.12.spdx | 77 +++++----- 2 files changed, 256 insertions(+), 90 deletions(-) diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index 60821f01a1..4c2b0f704a 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:473bf76a-fad4-4e1d-858c-96c7fb94c47b", + "serialNumber": "urn:uuid:b68a2b85-9212-4889-b7b2-84f3edf441ff", "version": 1, "metadata": { - "timestamp": "2024-11-11T00:37:48Z", + "timestamp": "2024-11-18T00:38:25Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.10.10", + "version": "3.11.2", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.10.10/#files", + "url": "https://pypi.org/project/aiohttp/3.11.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.10.10", + "purl": "pkg:pypi/aiohttp@3.11.2", "properties": [ { "name": "language", @@ -165,6 +165,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-30T19:42:26.000Z" } ] }, @@ -253,6 +257,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-23T09:46:20.000Z" } ] }, @@ -293,6 +301,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-08-06T14:37:36.000Z" } ] }, @@ -341,14 +353,18 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-09T23:47:18.000Z" } ] }, { "type": "library", - "bom-ref": "8-yarl", - "name": "yarl", - "version": "1.17.1", + "bom-ref": "8-propcache", + "name": "propcache", + "version": "0.2.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -357,8 +373,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*", - "description": "Yet another URL library", + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", + "description": "Accelerated property cache", "licenses": [ { "license": { @@ -370,17 +386,17 @@ ], "externalReferences": [ { - "url": "https://github.com/aio-libs/yarl", + "url": "https://github.com/aio-libs/propcache", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.17.1/#files", + "url": "https://pypi.org/project/propcache/0.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.17.1", + "purl": "pkg:pypi/propcache@0.2.0", "properties": [ { "name": "language", @@ -389,32 +405,50 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-07T12:54:02.000Z" } ] }, { "type": "library", - "bom-ref": "9-idna", - "name": "idna", - "version": "3.10", + "bom-ref": "9-yarl", + "name": "yarl", + "version": "1.17.2", "supplier": { - "name": "Kim Davies", + "name": "Andrew Svetlov", "contact": [ { - "email": "kim+pypi@gumleaf.org" + "email": "andrew.svetlov@gmail.com" } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", - "description": "Internationalized Domain Names in Applications (IDNA)", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*", + "description": "Yet another URL library", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/idna/3.10/#files", + "url": "https://github.com/aio-libs/yarl", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/yarl/1.17.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/idna@3.10", + "purl": "pkg:pypi/yarl@1.17.2", "properties": [ { "name": "language", @@ -428,41 +462,27 @@ }, { "type": "library", - "bom-ref": "10-propcache", - "name": "propcache", - "version": "0.2.0", + "bom-ref": "10-idna", + "name": "idna", + "version": "3.10", "supplier": { - "name": "Andrew Svetlov", + "name": "Kim Davies", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "kim+pypi@gumleaf.org" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", - "description": "Accelerated property cache", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } - } - ], + "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", + "description": "Internationalized Domain Names in Applications (IDNA)", "externalReferences": [ { - "url": "https://github.com/aio-libs/propcache", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/propcache/0.2.0/#files", + "url": "https://pypi.org/project/idna/3.10/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/propcache@0.2.0", + "purl": "pkg:pypi/idna@3.10", "properties": [ { "name": "language", @@ -471,6 +491,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-15T18:07:37.000Z" } ] }, @@ -586,6 +610,12 @@ }, "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", + "hashes": [ + { + "alg": "SHA-1", + "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261" + } + ], "licenses": [ { "license": { @@ -616,6 +646,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-01T10:05:52.000Z" } ] }, @@ -832,6 +866,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-10T15:59:06.000Z" } ] }, @@ -880,6 +918,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-07T04:00:36.000Z" } ] }, @@ -1195,6 +1237,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-08-18T20:28:43.000Z" } ] }, @@ -1243,6 +1289,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:42:08.000Z" } ] }, @@ -1291,6 +1341,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:41:42.000Z" } ] }, @@ -1558,6 +1612,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-13T10:01:13.000Z" } ] }, @@ -1780,6 +1838,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-07-20T17:26:29.000Z" } ] }, @@ -1824,6 +1886,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:57:36.000Z" } ] }, @@ -2170,6 +2236,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:20:51.000Z" } ] }, @@ -2218,6 +2288,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-07-08T18:40:00.000Z" } ] }, @@ -2263,6 +2337,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-08T12:29:30.000Z" } ] }, @@ -2330,6 +2408,12 @@ }, "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", + "hashes": [ + { + "alg": "SHA-1", + "content": "73581d8dfc56a24eac6ee32c83e6759b4506bb71" + } + ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2351,6 +2435,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-06T13:57:41.000Z" } ] }, @@ -2447,6 +2535,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-08-06T20:31:40.000Z" } ] }, @@ -2710,6 +2802,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-01T16:43:55.000Z" } ] }, @@ -2900,6 +2996,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-08T09:47:44.000Z" } ] }, @@ -2948,6 +3048,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-12T15:36:24.000Z" } ] }, @@ -3002,6 +3106,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-07-29T12:12:25.000Z" } ] }, @@ -3020,6 +3128,12 @@ }, "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "hashes": [ + { + "alg": "SHA-1", + "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c" + } + ], "licenses": [ { "license": { @@ -3050,6 +3164,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-20T16:43:47.000Z" } ] }, @@ -3104,6 +3222,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-05-29T15:37:47.000Z" } ] }, @@ -3152,6 +3274,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-08-30T01:55:02.000Z" } ] }, @@ -3200,6 +3326,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-09T07:38:02.000Z" } ] }, @@ -3218,6 +3348,12 @@ }, "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/urllib3/2.2.3/#files", @@ -3234,6 +3370,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-12T10:52:16.000Z" } ] }, @@ -3288,6 +3428,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-07-24T21:57:45.000Z" } ] }, @@ -3295,7 +3439,7 @@ "type": "library", "bom-ref": "67-setuptools", "name": "setuptools", - "version": "75.3.0", + "version": "75.5.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3304,16 +3448,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.3.0/#files", + "url": "https://pypi.org/project/setuptools/75.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.3.0", + "purl": "pkg:pypi/setuptools@75.5.0", "properties": [ { "name": "language", @@ -3322,6 +3466,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-13T11:22:04.000Z" } ] }, @@ -3370,6 +3518,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-31T09:47:12.000Z" } ] }, @@ -3452,6 +3604,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-10T15:05:19.000Z" } ] }, @@ -3500,6 +3656,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-07-15T00:13:27.000Z" } ] } @@ -3548,7 +3708,8 @@ "6-attrs", "5-frozenlist", "7-multidict", - "8-yarl" + "8-propcache", + "9-yarl" ] }, { @@ -3558,11 +3719,11 @@ ] }, { - "ref": "8-yarl", + "ref": "9-yarl", "dependsOn": [ - "9-idna", + "10-idna", "7-multidict", - "10-propcache" + "8-propcache" ] }, { @@ -3763,7 +3924,7 @@ "dependsOn": [ "63-certifi", "64-charset-normalizer", - "9-idna", + "10-idna", "65-urllib3" ] }, diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index 132341bedb..495c06d14d 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-780d67c5-e334-4774-85fc-7ad1e1961493 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-babbb628-7d9c-4a26-8587-854eedfee7d8 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-11T00:37:00Z +Created: 2024-11-18T00:37:38Z CreatorComment: This document has been automatically generated. ##### @@ -27,10 +27,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.10.10 +PackageVersion: 3.11.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: NOASSERTION @@ -38,7 +38,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2 ##### PackageName: aiohappyeyeballs @@ -124,24 +124,40 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* ##### +PackageName: propcache +SPDXID: SPDXRef-8-propcache +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/propcache +PackageLicenseDeclared: Apache-2.0 +PackageLicenseConcluded: Apache-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Accelerated property cache +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* +##### + PackageName: yarl -SPDXID: SPDXRef-8-yarl -PackageVersion: 1.17.1 +SPDXID: SPDXRef-9-yarl +PackageVersion: 1.17.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-9-idna +SPDXID: SPDXRef-10-idna PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) @@ -155,22 +171,6 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### -PackageName: propcache -SPDXID: SPDXRef-10-propcache -PackageVersion: 0.2.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/propcache -PackageLicenseDeclared: Apache-2.0 -PackageLicenseConcluded: Apache-2.0 -PackageCopyrightText: NOASSERTION -PackageSummary: Accelerated property cache -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* -##### - PackageName: beautifulsoup4 SPDXID: SPDXRef-11-beautifulsoup4 PackageVersion: 4.12.3 @@ -213,6 +213,7 @@ PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redha PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss +PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. @@ -791,6 +792,7 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds +PackageChecksum: SHA1: 73581d8dfc56a24eac6ee32c83e6759b4506bb71 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1024,6 +1026,7 @@ PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/vsajip/python-gnupg +PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. @@ -1089,6 +1092,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false +PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1116,17 +1120,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-67-setuptools -PackageVersion: 75.3.0 +PackageVersion: 75.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:* ##### PackageName: xmlschema @@ -1236,7 +1240,8 @@ Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-multidict -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-yarl +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-propcache +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-9-yarl Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-22-boto Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-23-google-auth Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-rsa @@ -1292,12 +1297,12 @@ Relationship: SPDXRef-54-rich DEPENDS_ON SPDXRef-57-pygments Relationship: SPDXRef-55-markdown-it-py DEPENDS_ON SPDXRef-56-mdurl Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-58-packaging Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-60-tenacity +Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-10-idna Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-63-certifi Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-64-charset-normalizer Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-65-urllib3 -Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-9-idna Relationship: SPDXRef-68-xmlschema DEPENDS_ON SPDXRef-69-elementpath -Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-10-propcache -Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-7-multidict -Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-9-idna +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-10-idna +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-7-multidict +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-8-propcache Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool