diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt
index 9e05f3909b..88c55c264d 100644
--- a/.github/actions/spelling/allow.txt
+++ b/.github/actions/spelling/allow.txt
@@ -129,6 +129,7 @@ cyberciti
cybersecurity
cygwin
d
+daemon
darkhttpd
datasource
dav
@@ -147,6 +148,7 @@ dio
Dio
distro
distros
+dlt
dmidecode
dnsmasq
docker
@@ -394,6 +396,7 @@ lighttpd
linode
linting
linux
+linuxptp
lite
lldpd
logrotate
diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml
index 8072d5fc17..f2b0195499 100644
--- a/.github/workflows/build-wheel.yml
+++ b/.github/workflows/build-wheel.yml
@@ -28,7 +28,7 @@ jobs:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python-version }}
cache: 'pip'
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 9be38b3a64..aa82ed9ecf 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -51,7 +51,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
+ uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -76,4 +76,4 @@ jobs:
# make release
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
+ uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
diff --git a/.github/workflows/cve_scan.yml b/.github/workflows/cve_scan.yml
index f3ef84aa58..c97248eeb3 100644
--- a/.github/workflows/cve_scan.yml
+++ b/.github/workflows/cve_scan.yml
@@ -12,8 +12,9 @@ permissions:
jobs:
cve_scan:
name: CVE scan on dependencies
- runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
- timeout-minutes: 30
+ # runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
+ runs-on: 'ubuntu-latest'
+ timeout-minutes: 60
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
@@ -21,7 +22,7 @@ jobs:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.11'
cache: 'pip'
@@ -31,7 +32,7 @@ jobs:
run: |
echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
- name: Get cached database
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: cache
key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 026818198f..d99c952123 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -24,4 +24,4 @@ jobs:
- name: 'Checkout Repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: 'Dependency Review'
- uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
+ uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0
diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml
index dc99b6d2e2..5ef52b7699 100644
--- a/.github/workflows/formatting.yml
+++ b/.github/workflows/formatting.yml
@@ -24,7 +24,7 @@ jobs:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.11'
cache: 'pip'
diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml
index 0ff4d7bbcc..b4fb4a9fcb 100644
--- a/.github/workflows/fuzzing.yml
+++ b/.github/workflows/fuzzing.yml
@@ -19,7 +19,7 @@ jobs:
uses: actions/checkout@v4
- name: Set up Python
- uses: actions/setup-python@v5.2.0
+ uses: actions/setup-python@v5.3.0
with:
python-version: 3.9
@@ -51,13 +51,13 @@ jobs:
echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT
- name: Get today's cached database
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
id: todays-cache
with:
path: fuzz-cache
key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
- name: Get yesterday's cached database if today's is not available
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
if: steps.todays-cache.outputs.cache-hit != 'true'
with:
path: fuzz-cache
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
index 48f759c58e..c4737601f6 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -23,7 +23,7 @@ jobs:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.11'
cache: 'pip'
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
index 05fe91de08..1d42ac5baa 100644
--- a/.github/workflows/sbom.yml
+++ b/.github/workflows/sbom.yml
@@ -27,7 +27,7 @@ jobs:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python }}
cache: 'pip'
diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml
index fd7d1d7d4b..2dec16dcae 100644
--- a/.github/workflows/spelling.yml
+++ b/.github/workflows/spelling.yml
@@ -19,7 +19,7 @@ jobs:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: check-spelling/check-spelling@v0.0.22
+ - uses: check-spelling/check-spelling@v0.0.24
with:
extra_dictionaries:
cspell:python/src/python/python.txt
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
index 7a63aa2896..6ed476bcb6 100644
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@@ -49,7 +49,7 @@ jobs:
pypi.org:443
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.11'
cache: 'pip'
@@ -108,7 +108,7 @@ jobs:
www.sqlite.org:443
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python }}
cache: 'pip'
@@ -135,13 +135,13 @@ jobs:
echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
- name: Get today's cached database
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
id: todays-cache
with:
path: cache
key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
- name: Get yesterday's cached database if today's is not available
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
if: steps.todays-cache.outputs.cache-hit != 'true'
with:
path: cache
@@ -197,7 +197,7 @@ jobs:
github.head_ref
)
)
- runs-on: 'ubuntu-latest'
+ runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
timeout-minutes: 120
env:
LONG_TESTS: 1
@@ -240,7 +240,7 @@ jobs:
www.sqlite.org:443
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.10'
cache: 'pip'
@@ -267,13 +267,13 @@ jobs:
echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
- name: Get today's cached database
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
id: todays-cache
with:
path: cache
key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
- name: Get yesterday's cached database if today's is not available
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
if: steps.todays-cache.outputs.cache-hit != 'true'
with:
path: cache
@@ -339,7 +339,7 @@ jobs:
test/test_cvedb.py
- name: Upload code coverage to codecov
if: env.sbom != 'true'
- uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
+ uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
with:
files: ./coverage.xml
flags: longtests
@@ -397,7 +397,7 @@ jobs:
www.sqlite.org:443
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.10'
cache: 'pip'
@@ -411,13 +411,13 @@ jobs:
echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
- name: Get today's cached database
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
id: todays-cache
with:
path: cache
key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
- name: Get yesterday's cached database if today's is not available
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
if: steps.todays-cache.outputs.cache-hit != 'true'
with:
path: cache
@@ -503,7 +503,7 @@ jobs:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.12'
cache: 'pip'
@@ -517,14 +517,14 @@ jobs:
echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.DATE }}"
echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.YESTERDAY }}"
- name: Get today's cached database
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
id: todays-cache
with:
path: cache
key: Linux-cve-bin-tool-${{ steps.get-date.outputs.DATE }}
enableCrossOsArchive: true
- name: Get yesterday's cached database if today's is not available
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
if: steps.todays-cache.outputs.cache-hit != 'true'
with:
path: cache
@@ -558,7 +558,7 @@ jobs:
test/test_cli.py
test/test_cvedb.py
- name: Cache conda
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
env:
# Increase to reset cache if requirements.txt file has not changed
CACHE_NUMBER: 0
@@ -566,7 +566,7 @@ jobs:
path: ~/conda_pkgs_dir
key: ${{ runner.os }}-conda-${{ env.CACHE_NUMBER }}-${{
hashFiles('requirements.txt') }}
- - uses: conda-incubator/setup-miniconda@a4260408e20b96e80095f42ff7f1a15b27dd94ca # v3.0.4
+ - uses: conda-incubator/setup-miniconda@d2e6a045a86077fb6cad6f5adf368e9076ddaa8d # v3.1.0
with:
auto-update-conda: true
activate-environment: pdftotext
@@ -583,7 +583,7 @@ jobs:
- name: Test PDF generation on Windows
run: pytest test/test_output_engine.py -k test_output_pdf --cov --cov-append --cov-report=xml --durations=50
- name: Upload code coverage to codecov
- uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
+ uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
with:
files: ./coverage.xml
flags: win-longtests
diff --git a/.github/workflows/update-cache.yml b/.github/workflows/update-cache.yml
index 0ab91e9a27..fa2c93fae7 100644
--- a/.github/workflows/update-cache.yml
+++ b/.github/workflows/update-cache.yml
@@ -31,7 +31,7 @@ jobs:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.10'
cache: 'pip'
@@ -39,7 +39,7 @@ jobs:
id: get-date
run: |
echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
- - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+ - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: cache
key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
diff --git a/.github/workflows/update-js-dependencies.yml b/.github/workflows/update-js-dependencies.yml
index 27b1081df7..f2b3fc0bd9 100644
--- a/.github/workflows/update-js-dependencies.yml
+++ b/.github/workflows/update-js-dependencies.yml
@@ -28,7 +28,7 @@ jobs:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.11'
@@ -36,7 +36,7 @@ jobs:
run: python .github/workflows/update_js_dependencies.py
- name: Get cached Python packages
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
diff --git a/.github/workflows/update-pre-commit.yml b/.github/workflows/update-pre-commit.yml
index 23a58da58f..2b3be9cf39 100644
--- a/.github/workflows/update-pre-commit.yml
+++ b/.github/workflows/update-pre-commit.yml
@@ -28,7 +28,7 @@ jobs:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.11'
diff --git a/.github/workflows/validate-yml.yml b/.github/workflows/validate-yml.yml
index 477aba9b85..b4bd97f31d 100644
--- a/.github/workflows/validate-yml.yml
+++ b/.github/workflows/validate-yml.yml
@@ -19,7 +19,7 @@ jobs:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.11'
cache: 'pip'
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 5d4ccd7243..8a14acb674 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -6,6 +6,7 @@ repos:
verbose: True
exclude: ^(locales|presentation|fuzz/generated|test|cve_bin_tool/checkers|build)
args: ["-vv", "-i", "-I", "-M", "-C", "-n", "-p", "-f", "60.0"]
+ # args for cut and paste: interrogate -vv -i -I -M -C -n -p -f 60.0
- repo: https://github.com/pycqa/isort
rev: 5.13.2
@@ -14,13 +15,13 @@ repos:
exclude: ^fuzz/generated/
- repo: https://github.com/psf/black-pre-commit-mirror
- rev: 24.8.0
+ rev: 24.10.0
hooks:
- id: black
exclude: ^fuzz/generated/
- repo: https://github.com/asottile/pyupgrade
- rev: v3.17.0
+ rev: v3.19.0
hooks:
- id: pyupgrade
exclude: ^fuzz/generated/
@@ -45,7 +46,7 @@ repos:
- id: gitlint
- repo: https://github.com/pre-commit/mirrors-mypy
- rev: v1.11.2
+ rev: v1.13.0
hooks:
- id: mypy
additional_dependencies:
diff --git a/README.md b/README.md
index 27ff4bb6f9..3d5d12c07d 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ CVE Binary Tool uses the NVD API but is not endorsed or certified by the NVD.
The tool has two main modes of operation:
-1. A binary scanner which helps you determine which packages may have been included as part of a piece of software. There are 365 checkers. Our initial focus was on common, vulnerable open source components such as openssl, libpng, libxml2 and expat.
+1. A binary scanner which helps you determine which packages may have been included as part of a piece of software. There are 367 checkers. Our initial focus was on common, vulnerable open source components such as openssl, libpng, libxml2 and expat.
2. Tools for scanning known component lists in various formats, including .csv, several linux distribution package lists, language specific package scanners and several Software Bill of Materials (SBOM) formats.
@@ -226,7 +226,7 @@ The following checkers are available for finding components in binary files:
| | | | Available checkers | | | |
-|--------------- |------------- |------------------ |--------------- |----------------- |-------------- |--------------- |
+|--------------- |--------------- |------------------ |------------- |---------------- |------------ |----------------- |
| accountsservice |acpid |apache_http_server |apcupsd |apparmor |asn1c |assimp |
| asterisk |atftp |avahi |axel |bash |bind |binutils |
| bird |bison |bluez |boinc |botan |bro |bubblewrap |
@@ -234,52 +234,52 @@ The following checkers are available for finding components in binary files:
| chrony |civetweb |clamav |collectd |commons_compress |connman |coreutils |
| cpio |cronie |cryptsetup |cups |curl |cvs |darkhttpd |
| dav1d |davfs2 |dbus |debianutils |dhclient |dhcpcd |dhcpd |
-| dmidecode |dnsmasq |docker |domoticz |dosfstools |dotnet |dovecot |
-| doxygen |dpkg |dropbear |e2fsprogs |ed |elfutils |emacs |
-| enscript |exfatprogs |exim |exiv2 |f2fs_tools |faad2 |fastd |
-| ffmpeg |file |firefox |flac |fluidsynth |freeradius |freerdp |
-| fribidi |frr |gawk |gcc |gdal |gdb |gdk_pixbuf |
-| ghostscript |gimp |git |glib |glibc |gmp |gnomeshell |
-| gnupg |gnutls |go |gpgme |gpsd |graphicsmagick |grep |
-| grub2 |gstreamer |gupnp |gvfs |gzip |haproxy |harfbuzz |
-| haserl |hdf5 |heimdal |hostapd |hunspell |hwloc |i2pd |
-| icecast |icu |iperf3 |ipmitool |ipsec_tools |iptables |irssi |
-| iucode_tool |iwd |jack2 |jacksondatabind |janus |jasper |jhead |
-| jq |json_c |kbd |keepalived |kerberos |kexectools |kodi |
-| kubernetes |ldns |lftp |libarchive |libass |libbpg |libcoap |
-| libconfuse |libcurl |libdb |libde265 |libebml |libevent |libexpat |
-| libgcrypt |libgd |libgit2 |libheif |libical |libidn2 |libinput |
-| libjpeg |libjpeg_turbo |libksba |liblas |libmatroska |libmemcached |libmicrohttpd |
-| libmodbus |libnss |libopenmpt |libpcap |libraw |librsvg |librsync |
-| libsamplerate |libseccomp |libsndfile |libsolv |libsoup |libsrtp |libssh |
-| libssh2 |libtasn1 |libtiff |libtomcrypt |libupnp |libuv |libvips |
-| libvirt |libvncserver |libvorbis |libvpx |libxslt |libyaml |lighttpd |
-| linux_kernel |lldpd |logrotate |lrzip |lua |luajit |lxc |
-| lynx |lz4 |mailx |mariadb |mbedtls |mdadm |memcached |
-| micropython |minetest |mini_httpd |minicom |minidlna |miniupnpc |miniupnpd |
-| moby |modsecurity |monit |mosquitto |motion |mp4v2 |mpg123 |
-| mpv |msmtp |mtr |mupdf |mutt |mysql |nano |
-| nasm |nbd |ncurses |neon |nessus |netatalk |netdata |
-| netkit_ftp |netpbm |nettle |nghttp2 |nginx |ngircd |nmap |
-| node |ntfs_3g |ntp |ntpsec |open_iscsi |open_vm_tools |openafs |
-| opencv |openjpeg |openldap |opensc |openssh |openssl |openswan |
-| openvpn |p7zip |pango |patch |pcre |pcre2 |pcsc_lite |
-| perl |php |picocom |pigz |pixman |png |polarssl_fedora |
-| poppler |postgresql |ppp |privoxy |procps_ng |proftpd |protobuf_c |
-| pspp |pure_ftpd |putty |python |qemu |qpdf |qt |
-| quagga |radare2 |radvd |raptor |rauc |rdesktop |readline |
-| rpm |rsync |rsyslog |rtl_433 |rtmpdump |runc |rust |
-| samba |sane_backends |sdl |seahorse |shadowsocks_libev |snapd |sngrep |
-| snort |socat |sofia_sip |speex |spice |sqlite |squashfs |
-| squid |sslh |stellarium |strongswan |stunnel |subversion |sudo |
-| suricata |sylpheed |syslogng |sysstat |systemd |tar |tcpdump |
-| tcpreplay |terminology |tesseract |thrift |thttpd |thunderbird |timescaledb |
-| tinyproxy |tor |tpm2_tss |traceroute |transmission |trousers |ttyd |
-| twonky_server |u_boot |udisks |unbound |unixodbc |upx |util_linux |
-| varnish |vim |vlc |vorbis_tools |vsftpd |webkitgtk |wget |
-| wireshark |wolfssl |wpa_supplicant |xerces |xml2 |xscreensaver |xwayland |
-| yasm |zabbix |zchunk |zeek |zlib |znc |zsh |
-| zstandard | | | | | | |
+| dlt_daemon |dmidecode |dnsmasq |docker |domoticz |dosfstools |dotnet |
+| dovecot |doxygen |dpkg |dropbear |e2fsprogs |ed |elfutils |
+| emacs |enscript |exfatprogs |exim |exiv2 |f2fs_tools |faad2 |
+| fastd |ffmpeg |file |firefox |flac |fluidsynth |freeradius |
+| freerdp |fribidi |frr |gawk |gcc |gdal |gdb |
+| gdk_pixbuf |ghostscript |gimp |git |glib |glibc |gmp |
+| gnomeshell |gnupg |gnutls |go |gpgme |gpsd |graphicsmagick |
+| grep |grub2 |gstreamer |gupnp |gvfs |gzip |haproxy |
+| harfbuzz |haserl |hdf5 |heimdal |hostapd |hunspell |hwloc |
+| i2pd |icecast |icu |iperf3 |ipmitool |ipsec_tools |iptables |
+| irssi |iucode_tool |iwd |jack2 |jacksondatabind |janus |jasper |
+| jhead |jq |json_c |kbd |keepalived |kerberos |kexectools |
+| kodi |kubernetes |ldns |lftp |libarchive |libass |libbpg |
+| libcoap |libconfuse |libcurl |libdb |libde265 |libebml |libevent |
+| libexpat |libgcrypt |libgd |libgit2 |libheif |libical |libidn2 |
+| libinput |libjpeg |libjpeg_turbo |libksba |liblas |libmatroska |libmemcached |
+| libmicrohttpd |libmodbus |libnss |libopenmpt |libpcap |libraw |librsvg |
+| librsync |libsamplerate |libseccomp |libsndfile |libsolv |libsoup |libsrtp |
+| libssh |libssh2 |libtasn1 |libtiff |libtomcrypt |libupnp |libuv |
+| libvips |libvirt |libvncserver |libvorbis |libvpx |libxslt |libyaml |
+| lighttpd |linux_kernel |linuxptp |lldpd |logrotate |lrzip |lua |
+| luajit |lxc |lynx |lz4 |mailx |mariadb |mbedtls |
+| mdadm |memcached |micropython |minetest |mini_httpd |minicom |minidlna |
+| miniupnpc |miniupnpd |moby |modsecurity |monit |mosquitto |motion |
+| mp4v2 |mpg123 |mpv |msmtp |mtr |mupdf |mutt |
+| mysql |nano |nasm |nbd |ncurses |neon |nessus |
+| netatalk |netdata |netkit_ftp |netpbm |nettle |nghttp2 |nginx |
+| ngircd |nmap |node |ntfs_3g |ntp |ntpsec |open_iscsi |
+| open_vm_tools |openafs |opencv |openjpeg |openldap |opensc |openssh |
+| openssl |openswan |openvpn |p7zip |pango |patch |pcre |
+| pcre2 |pcsc_lite |perl |php |picocom |pigz |pixman |
+| png |polarssl_fedora |poppler |postgresql |ppp |privoxy |procps_ng |
+| proftpd |protobuf_c |pspp |pure_ftpd |putty |python |qemu |
+| qpdf |qt |quagga |radare2 |radvd |raptor |rauc |
+| rdesktop |readline |rpm |rsync |rsyslog |rtl_433 |rtmpdump |
+| runc |rust |samba |sane_backends |sdl |seahorse |shadowsocks_libev |
+| snapd |sngrep |snort |socat |sofia_sip |speex |spice |
+| sqlite |squashfs |squid |sslh |stellarium |strongswan |stunnel |
+| subversion |sudo |suricata |sylpheed |syslogng |sysstat |systemd |
+| tar |tcpdump |tcpreplay |terminology |tesseract |thrift |thttpd |
+| thunderbird |timescaledb |tinyproxy |tor |tpm2_tss |traceroute |transmission |
+| trousers |ttyd |twonky_server |u_boot |udisks |unbound |unixodbc |
+| upx |util_linux |varnish |vim |vlc |vorbis_tools |vsftpd |
+| webkitgtk |wget |wireshark |wolfssl |wpa_supplicant |xerces |xml2 |
+| xscreensaver |xwayland |yasm |zabbix |zchunk |zeek |zlib |
+| znc |zsh |zstandard | | | | |
All the checkers can be found in the checkers directory, as can the
diff --git a/cve_bin_tool/available_fix/debian_cve_tracker.py b/cve_bin_tool/available_fix/debian_cve_tracker.py
index 542fc34375..fcb0733bae 100644
--- a/cve_bin_tool/available_fix/debian_cve_tracker.py
+++ b/cve_bin_tool/available_fix/debian_cve_tracker.py
@@ -33,7 +33,27 @@
class DebianCVETracker:
+ """
+ A class for tracking CVEs (Common Vulnerabilities and Exposures) for Debian-based distributions.
+
+ This class is designed to monitor CVEs specific to a given Debian distribution,
+ taking into account the distribution name, codename, and whether the package is a backport.
+
+ Attributes:
+ distro_name (str): The name of the Debian-based distribution (e.g., "Debian", "Ubuntu").
+ distro_codename (str): The codename of the distribution release (e.g., "buster", "focal").
+ is_backport (bool): Flag indicating if the package is a backport.
+ """
+
def __init__(self, distro_name: str, distro_codename: str, is_backport: bool):
+ """
+ Initializes a DebianCVETracker instance with distribution information.
+
+ Parameters:
+ distro_name (str): The name of the Debian-based distribution.
+ distro_codename (str): The codename for the distribution release.
+ is_backport (bool): Specifies if the package is a backport.
+ """
self.distro_name = distro_name
self.distro_codename = distro_codename
self.is_backport = is_backport
@@ -42,7 +62,17 @@ def cve_info(
self,
all_cve_data: dict[ProductInfo, CVEData],
):
- """Produces the Backported fixes' info"""
+ """
+ Generates information on backported CVE fixes for a given set of CVE data.
+
+ This function processes CVE data and checks for resolved vulnerabilities in
+ the Debian or Ubuntu distributions. If a fix is available or backported, it logs
+ relevant information about the fix's availability and version.
+
+ Parameters:
+ all_cve_data (dict[ProductInfo, CVEData]): Dictionary containing CVE data,
+ organized by product and version.
+ """
cve_data = format_output(all_cve_data, None)
json_data = self.get_data()
@@ -72,11 +102,30 @@ def cve_info(
)
def get_data(self):
+ """
+ Retrieves CVE data from the Debian CVE JSON file.
+
+ This method opens and loads the Debian CVE JSON file for processing
+ vulnerability data, calling `check_json` to verify that the file is
+ up-to-date before loading.
+
+ Returns:
+ dict: Loaded JSON data from the Debian CVE JSON file.
+ """
check_json()
with open(DEB_CVE_JSON_PATH) as jsonfile:
return load(jsonfile)
def compute_distro(self):
+ """
+ Computes the distribution codename based on the Debian or Ubuntu release.
+
+ Maps the specified distribution codename to either Ubuntu or Debian based
+ on the provided `distro_name`.
+
+ Returns:
+ str: The mapped codename for the distribution.
+ """
if self.distro_name == "ubuntu":
return UBUNTU_DEBIAN_MAP[self.distro_codename]
elif self.distro_name == "debian":
@@ -84,7 +133,12 @@ def compute_distro(self):
def check_json():
- """Check to update the Debian CVE JSON file"""
+ """
+ Verifies if the Debian CVE JSON file is current and triggers an update if outdated.
+
+ This function checks the modification time of the JSON file. If it's older than
+ one day, it calls `update_json` to download a fresh version.
+ """
if (
not DEB_CVE_JSON_PATH.exists()
@@ -94,7 +148,12 @@ def check_json():
def update_json():
- """Update the Debian CVE JSON file"""
+ """
+ Updates the Debian CVE JSON file by downloading the latest data.
+
+ This function requests the JSON data from the specified URL and saves it to
+ the `DEB_CVE_JSON_PATH` location, logging the update status.
+ """
LOGGER.info("Updating Debian CVE JSON file for checking available fixes.")
# timeout = 300s = 5min. This is a guess at a valid default
diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py
index 8befebe599..d91fcaf253 100644
--- a/cve_bin_tool/checkers/__init__.py
+++ b/cve_bin_tool/checkers/__init__.py
@@ -73,6 +73,7 @@
"dhclient",
"dhcpcd",
"dhcpd",
+ "dlt_daemon",
"dmidecode",
"dnsmasq",
"docker",
@@ -214,6 +215,7 @@
"libyaml",
"lighttpd",
"linux_kernel",
+ "linuxptp",
"lldpd",
"logrotate",
"lrzip",
diff --git a/cve_bin_tool/checkers/dlt_daemon.py b/cve_bin_tool/checkers/dlt_daemon.py
new file mode 100644
index 0000000000..9726d37dde
--- /dev/null
+++ b/cve_bin_tool/checkers/dlt_daemon.py
@@ -0,0 +1,22 @@
+# Copyright (C) 2024 Orange
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+
+"""
+CVE checker for dlt-daemon
+
+https://www.cvedetails.com/product/136117/Covesa-Dlt-daemon.html?vendor_id=29885
+
+"""
+from __future__ import annotations
+
+from cve_bin_tool.checkers import Checker
+
+
+class DltDaemonChecker(Checker):
+ CONTAINS_PATTERNS: list[str] = []
+ FILENAME_PATTERNS: list[str] = []
+ VERSION_PATTERNS = [
+ r"([0-9]+\.[0-9]+\.[0-9]+)\r?\n[A-Za-z0-9+_:%(), \[\]\.\-\r\n]*DLT(?:_| Package Version)"
+ ]
+ VENDOR_PRODUCT = [("covesa", "dlt-daemon")]
diff --git a/cve_bin_tool/checkers/linuxptp.py b/cve_bin_tool/checkers/linuxptp.py
new file mode 100644
index 0000000000..6f459a099d
--- /dev/null
+++ b/cve_bin_tool/checkers/linuxptp.py
@@ -0,0 +1,22 @@
+# Copyright (C) 2024 Orange
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+
+"""
+CVE checker for linuxptp
+
+https://www.cvedetails.com/product/98135/Linuxptp-Project-Linuxptp.html?vendor_id=24927
+
+"""
+from __future__ import annotations
+
+from cve_bin_tool.checkers import Checker
+
+
+class LinuxptpChecker(Checker):
+ CONTAINS_PATTERNS: list[str] = []
+ FILENAME_PATTERNS: list[str] = []
+ VERSION_PATTERNS = [
+ r"(?:ptp|PTP)[A-Za-z0-9_:% \[\]\-\.\r\n]*\r?\n([0-9]\.[0-9])\r?\n"
+ ]
+ VENDOR_PRODUCT = [("linuxptp_project", "linuxptp")]
diff --git a/cve_bin_tool/output_engine/__init__.py b/cve_bin_tool/output_engine/__init__.py
index a697785d1f..0de9c28a2e 100644
--- a/cve_bin_tool/output_engine/__init__.py
+++ b/cve_bin_tool/output_engine/__init__.py
@@ -882,7 +882,10 @@ def output_file(self, output_type="console"):
with open(self.filename, "wb") as f:
self.output_cves(f, output_type)
else:
- with open(self.filename, "w", encoding="utf8") as f:
+ # if type is csv, file should be opened with newline=''
+ # see https://docs.python.org/3/library/csv.html#csv.writer
+ newline = "" if output_type == "csv" else None
+ with open(self.filename, mode="w", newline=newline, encoding="utf8") as f:
self.output_cves(f, output_type)
def check_file_path(self, filepath: str, output_type: str, prefix: str = "output"):
diff --git a/cve_bin_tool/parsers/env.py b/cve_bin_tool/parsers/env.py
index 536f681752..e4cb15a55c 100644
--- a/cve_bin_tool/parsers/env.py
+++ b/cve_bin_tool/parsers/env.py
@@ -15,6 +15,12 @@
@dataclasses.dataclass
class EnvNamespaceConfig:
+ """
+ Configuration details for environment namespace in the CVE Bin tool
+ Attributes:
+ CVE ID associated with this namespace, vendor name, product name, version of the product, file path where product is located
+ """
+
ad_hoc_cve_id: str
vendor: str
product: str
@@ -24,6 +30,12 @@ class EnvNamespaceConfig:
@dataclasses.dataclass
class EnvConfig:
+ """
+ Configuration for multiple environment namespaces
+ Attributes:
+ A dictionary mapping namespace names to their configurations
+ """
+
namespaces: dict[str, EnvNamespaceConfig]
@@ -40,6 +52,13 @@ class EnvParser(Parser):
@staticmethod
def parse_file_contents(contents):
+ """
+ Parse the contents of an environment configuration file
+ Args:
+ contents(str): textual content of environment configuration file
+ Returns:
+ EnvConfig: EnvConfig instance containing parsed namespace configurations
+ """
lines = list(
[
line
diff --git a/cve_bin_tool/vex_manager/generate.py b/cve_bin_tool/vex_manager/generate.py
index 83ddc9150b..d18735c749 100644
--- a/cve_bin_tool/vex_manager/generate.py
+++ b/cve_bin_tool/vex_manager/generate.py
@@ -1,5 +1,6 @@
# Copyright (C) 2024 Intel Corporation
# SPDX-License-Identifier: GPL-3.0-or-later
+
from logging import Logger
from pathlib import Path
from typing import Dict, List, Optional
@@ -12,6 +13,26 @@
class VEXGenerate:
+ """
+ A class for generating VEX (Vulnerability Exploitability eXchange) documents.
+
+ This class maintains the state of vulnerability analysis for different VEX types,
+ including CycloneDX, CSAF, and OpenVEX. The `analysis_state` dictionary maps
+ remarks related to vulnerability status to their corresponding states for each
+ VEX type.
+
+ Attributes:
+ analysis_state (dict): A dictionary containing the mapping of remarks to
+ analysis states for different VEX types. The keys are the VEX types ("cyclonedx",
+ "csaf", "openvex"), and the values are dictionaries mapping `Remarks` enum values
+ to their corresponding vulnerability analysis states.
+
+ Example:
+ >>> vex_gen = VEXGenerate()
+ >>> state = vex_gen.analysis_state["cyclonedx"][Remarks.Confirmed]
+ >>> print(state) # Output: "exploitable"
+ """
+
analysis_state = {
"cyclonedx": {
Remarks.NewFound: "in_triage",
@@ -53,6 +74,23 @@ def __init__(
logger: Optional[Logger] = None,
validate: bool = True,
):
+ """
+ Initializes a VEXGenerate instance with specified product, release, and other parameters
+ for managing CVE data and generating vulnerability exchange (VEX) documents.
+
+ Parameters:
+ product (str): The name of the product being analyzed.
+ release (str): The product release version.
+ vendor (str): The name of the product vendor.
+ filename (str): The filename to use for generated VEX data.
+ vextype (str): The type of VEX document.
+ all_cve_data (Dict[ProductInfo, CVEData]): Dictionary containing CVE data by product.
+ revision_reason (str, optional): Reason for the VEX document revision. Defaults to "".
+ sbom_serial_number (str, optional): The serial number for the software bill of materials. Defaults to "".
+ sbom (Optional[str], optional): Software bill of materials, if available. Defaults to None.
+ logger (Optional[Logger], optional): Logger instance for logging. Defaults to None.
+ validate (bool, optional): Flag indicating if input validation is required. Defaults to True.
+ """
self.product = product
self.release = release
self.vendor = vendor
@@ -67,7 +105,12 @@ def __init__(
def generate_vex(self) -> None:
"""
- Generates VEX code based on the specified VEX type.
+ Generates a VEX (Vulnerability Exploitability eXchange) document based on the specified VEX type
+ and stores it in the given filename.
+
+ This method sets up a VEX generator instance with the product name, release version, and other
+ metadata. It automatically assigns a filename if none is provided, logs the update status if the
+ file already exists, and generates the VEX document with product vulnerability data.
Returns:
None
@@ -82,11 +125,11 @@ def generate_vex(self) -> None:
vexgen.set_product(**kwargs)
if not self.filename:
self.logger.info(
- "No filename defined, Generating a new filename with Default Naming Convention"
+ "No filename defined, generating a new filename with default naming convention."
)
self.filename = self.__generate_vex_filename()
if Path(self.filename).is_file():
- self.logger.info(f"Updating the vex file: {self.filename}")
+ self.logger.info(f"Updating the VEX file: {self.filename}")
vexgen.generate(
project_name=self.product,
@@ -97,10 +140,13 @@ def generate_vex(self) -> None:
def __generate_vex_filename(self) -> str:
"""
- Generates a VEX filename based on the current date and time.
+ Generates a default VEX filename using the product, release, vendor, and VEX type information.
+
+ The filename is structured as "{product}_{release}_{vendor}_{vextype}.json" and is saved in the
+ current working directory.
Returns:
- str: The generated VEX filename.
+ str: The generated VEX filename as a string.
"""
filename = (
Path.cwd()
@@ -109,6 +155,17 @@ def __generate_vex_filename(self) -> str:
return str(filename)
def __get_metadata(self) -> Dict:
+ """
+ Generates metadata for the VEX document based on the specified VEX type, product, release,
+ and vendor information.
+
+ This method creates a dictionary containing metadata fields, such as `id`, `supplier`,
+ `author`, and `revision_reason`, depending on the VEX type. Metadata fields are populated
+ according to the VEX format requirements, such as "cyclonedx," "csaf," or "openvex".
+
+ Returns:
+ Dict: A dictionary containing the metadata for the VEX document.
+ """
metadata = {}
if self.vextype == "cyclonedx":
if self.product:
@@ -128,10 +185,17 @@ def __get_metadata(self) -> Dict:
def __get_vulnerabilities(self) -> List[Vulnerability]:
"""
- Retrieves a list of vulnerabilities.
+ Retrieves and constructs a list of vulnerability objects based on the current CVE data.
+
+ This method iterates through all CVE data associated with the product and vendor,
+ creating and configuring `Vulnerability` objects for each entry. It sets attributes
+ like name, release, ID, description, status, and additional metadata such as package
+ URLs (purl) and bill of materials (BOM) links. If a vulnerability includes comments
+ or justification, these are added to the vulnerability details.
Returns:
- A list of Vulnerability objects representing the vulnerabilities.
+ List[Vulnerability]: A list of `Vulnerability` objects representing the identified
+ vulnerabilities, enriched with metadata and details.
"""
vulnerabilities = []
for product_info, cve_data in self.all_cve_data.items():
@@ -156,7 +220,6 @@ def __get_vulnerabilities(self) -> List[Vulnerability]:
if cve.comments
else cve.remarks.name
)
- # more details will be added using set_value()
if purl is None:
purl = f"pkg:generic/{vendor}/{product}@{version}"
bom_version = 1
@@ -170,7 +233,6 @@ def __get_vulnerabilities(self) -> List[Vulnerability]:
vulnerability.set_value("action", detail)
vulnerability.set_value("source", cve.data_source)
vulnerability.set_value("updated", cve.last_modified)
- # vulnerability.show_vulnerability()
vulnerabilities.append(vulnerability.get_vulnerability())
self.logger.debug(f"Vulnerabilities: {vulnerabilities}")
return vulnerabilities
diff --git a/dev-requirements.txt b/dev-requirements.txt
index 676d73734d..d98d7977bb 100644
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@@ -1,14 +1,15 @@
-black==24.8.0
+black==24.10.0; python_version > "3.8"
+black==24.8.0; python_version <= "3.8"
isort; python_version < "3.8"
isort==5.13.2; python_version >= "3.8"
pre-commit; python_version <= "3.8"
-pre-commit==3.8.0; python_version > "3.8"
+pre-commit==4.0.1; python_version > "3.8"
flake8; python_version < "3.8"
flake8==7.1.1; python_version >= "3.8"
bandit==1.7.10
gitlint==v0.19.1
interrogate
-mypy==v1.11.2
+mypy==v1.13.0
pytest>=7.2.0
pytest-xdist
pytest-cov
diff --git a/doc/MANUAL.md b/doc/MANUAL.md
index 4125d3b20d..4a7644afff 100644
--- a/doc/MANUAL.md
+++ b/doc/MANUAL.md
@@ -241,7 +241,7 @@ which is useful if you're trying the latest code from
| | | | Available checkers | | | |
-|--------------- |------------- |------------------ |--------------- |----------------- |-------------- |--------------- |
+|--------------- |--------------- |------------------ |------------- |---------------- |------------ |----------------- |
| accountsservice |acpid |apache_http_server |apcupsd |apparmor |asn1c |assimp |
| asterisk |atftp |avahi |axel |bash |bind |binutils |
| bird |bison |bluez |boinc |botan |bro |bubblewrap |
@@ -249,52 +249,52 @@ which is useful if you're trying the latest code from
| chrony |civetweb |clamav |collectd |commons_compress |connman |coreutils |
| cpio |cronie |cryptsetup |cups |curl |cvs |darkhttpd |
| dav1d |davfs2 |dbus |debianutils |dhclient |dhcpcd |dhcpd |
-| dmidecode |dnsmasq |docker |domoticz |dosfstools |dotnet |dovecot |
-| doxygen |dpkg |dropbear |e2fsprogs |ed |elfutils |emacs |
-| enscript |exfatprogs |exim |exiv2 |f2fs_tools |faad2 |fastd |
-| ffmpeg |file |firefox |flac |fluidsynth |freeradius |freerdp |
-| fribidi |frr |gawk |gcc |gdal |gdb |gdk_pixbuf |
-| ghostscript |gimp |git |glib |glibc |gmp |gnomeshell |
-| gnupg |gnutls |go |gpgme |gpsd |graphicsmagick |grep |
-| grub2 |gstreamer |gupnp |gvfs |gzip |haproxy |harfbuzz |
-| haserl |hdf5 |heimdal |hostapd |hunspell |hwloc |i2pd |
-| icecast |icu |iperf3 |ipmitool |ipsec_tools |iptables |irssi |
-| iucode_tool |iwd |jack2 |jacksondatabind |janus |jasper |jhead |
-| jq |json_c |kbd |keepalived |kerberos |kexectools |kodi |
-| kubernetes |ldns |lftp |libarchive |libass |libbpg |libcoap |
-| libconfuse |libcurl |libdb |libde265 |libebml |libevent |libexpat |
-| libgcrypt |libgd |libgit2 |libheif |libical |libidn2 |libinput |
-| libjpeg |libjpeg_turbo |libksba |liblas |libmatroska |libmemcached |libmicrohttpd |
-| libmodbus |libnss |libopenmpt |libpcap |libraw |librsvg |librsync |
-| libsamplerate |libseccomp |libsndfile |libsolv |libsoup |libsrtp |libssh |
-| libssh2 |libtasn1 |libtiff |libtomcrypt |libupnp |libuv |libvips |
-| libvirt |libvncserver |libvorbis |libvpx |libxslt |libyaml |lighttpd |
-| linux_kernel |lldpd |logrotate |lrzip |lua |luajit |lxc |
-| lynx |lz4 |mailx |mariadb |mbedtls |mdadm |memcached |
-| micropython |minetest |mini_httpd |minicom |minidlna |miniupnpc |miniupnpd |
-| moby |modsecurity |monit |mosquitto |motion |mp4v2 |mpg123 |
-| mpv |msmtp |mtr |mupdf |mutt |mysql |nano |
-| nasm |nbd |ncurses |neon |nessus |netatalk |netdata |
-| netkit_ftp |netpbm |nettle |nghttp2 |nginx |ngircd |nmap |
-| node |ntfs_3g |ntp |ntpsec |open_iscsi |open_vm_tools |openafs |
-| opencv |openjpeg |openldap |opensc |openssh |openssl |openswan |
-| openvpn |p7zip |pango |patch |pcre |pcre2 |pcsc_lite |
-| perl |php |picocom |pigz |pixman |png |polarssl_fedora |
-| poppler |postgresql |ppp |privoxy |procps_ng |proftpd |protobuf_c |
-| pspp |pure_ftpd |putty |python |qemu |qpdf |qt |
-| quagga |radare2 |radvd |raptor |rauc |rdesktop |readline |
-| rpm |rsync |rsyslog |rtl_433 |rtmpdump |runc |rust |
-| samba |sane_backends |sdl |seahorse |shadowsocks_libev |snapd |sngrep |
-| snort |socat |sofia_sip |speex |spice |sqlite |squashfs |
-| squid |sslh |stellarium |strongswan |stunnel |subversion |sudo |
-| suricata |sylpheed |syslogng |sysstat |systemd |tar |tcpdump |
-| tcpreplay |terminology |tesseract |thrift |thttpd |thunderbird |timescaledb |
-| tinyproxy |tor |tpm2_tss |traceroute |transmission |trousers |ttyd |
-| twonky_server |u_boot |udisks |unbound |unixodbc |upx |util_linux |
-| varnish |vim |vlc |vorbis_tools |vsftpd |webkitgtk |wget |
-| wireshark |wolfssl |wpa_supplicant |xerces |xml2 |xscreensaver |xwayland |
-| yasm |zabbix |zchunk |zeek |zlib |znc |zsh |
-| zstandard | | | | | | |
+| dlt_daemon |dmidecode |dnsmasq |docker |domoticz |dosfstools |dotnet |
+| dovecot |doxygen |dpkg |dropbear |e2fsprogs |ed |elfutils |
+| emacs |enscript |exfatprogs |exim |exiv2 |f2fs_tools |faad2 |
+| fastd |ffmpeg |file |firefox |flac |fluidsynth |freeradius |
+| freerdp |fribidi |frr |gawk |gcc |gdal |gdb |
+| gdk_pixbuf |ghostscript |gimp |git |glib |glibc |gmp |
+| gnomeshell |gnupg |gnutls |go |gpgme |gpsd |graphicsmagick |
+| grep |grub2 |gstreamer |gupnp |gvfs |gzip |haproxy |
+| harfbuzz |haserl |hdf5 |heimdal |hostapd |hunspell |hwloc |
+| i2pd |icecast |icu |iperf3 |ipmitool |ipsec_tools |iptables |
+| irssi |iucode_tool |iwd |jack2 |jacksondatabind |janus |jasper |
+| jhead |jq |json_c |kbd |keepalived |kerberos |kexectools |
+| kodi |kubernetes |ldns |lftp |libarchive |libass |libbpg |
+| libcoap |libconfuse |libcurl |libdb |libde265 |libebml |libevent |
+| libexpat |libgcrypt |libgd |libgit2 |libheif |libical |libidn2 |
+| libinput |libjpeg |libjpeg_turbo |libksba |liblas |libmatroska |libmemcached |
+| libmicrohttpd |libmodbus |libnss |libopenmpt |libpcap |libraw |librsvg |
+| librsync |libsamplerate |libseccomp |libsndfile |libsolv |libsoup |libsrtp |
+| libssh |libssh2 |libtasn1 |libtiff |libtomcrypt |libupnp |libuv |
+| libvips |libvirt |libvncserver |libvorbis |libvpx |libxslt |libyaml |
+| lighttpd |linux_kernel |linuxptp |lldpd |logrotate |lrzip |lua |
+| luajit |lxc |lynx |lz4 |mailx |mariadb |mbedtls |
+| mdadm |memcached |micropython |minetest |mini_httpd |minicom |minidlna |
+| miniupnpc |miniupnpd |moby |modsecurity |monit |mosquitto |motion |
+| mp4v2 |mpg123 |mpv |msmtp |mtr |mupdf |mutt |
+| mysql |nano |nasm |nbd |ncurses |neon |nessus |
+| netatalk |netdata |netkit_ftp |netpbm |nettle |nghttp2 |nginx |
+| ngircd |nmap |node |ntfs_3g |ntp |ntpsec |open_iscsi |
+| open_vm_tools |openafs |opencv |openjpeg |openldap |opensc |openssh |
+| openssl |openswan |openvpn |p7zip |pango |patch |pcre |
+| pcre2 |pcsc_lite |perl |php |picocom |pigz |pixman |
+| png |polarssl_fedora |poppler |postgresql |ppp |privoxy |procps_ng |
+| proftpd |protobuf_c |pspp |pure_ftpd |putty |python |qemu |
+| qpdf |qt |quagga |radare2 |radvd |raptor |rauc |
+| rdesktop |readline |rpm |rsync |rsyslog |rtl_433 |rtmpdump |
+| runc |rust |samba |sane_backends |sdl |seahorse |shadowsocks_libev |
+| snapd |sngrep |snort |socat |sofia_sip |speex |spice |
+| sqlite |squashfs |squid |sslh |stellarium |strongswan |stunnel |
+| subversion |sudo |suricata |sylpheed |syslogng |sysstat |systemd |
+| tar |tcpdump |tcpreplay |terminology |tesseract |thrift |thttpd |
+| thunderbird |timescaledb |tinyproxy |tor |tpm2_tss |traceroute |transmission |
+| trousers |ttyd |twonky_server |u_boot |udisks |unbound |unixodbc |
+| upx |util_linux |varnish |vim |vlc |vorbis_tools |vsftpd |
+| webkitgtk |wget |wireshark |wolfssl |wpa_supplicant |xerces |xml2 |
+| xscreensaver |xwayland |yasm |zabbix |zchunk |zeek |zlib |
+| znc |zsh |zstandard | | | | |
For a quick overview of usage and how it works, you can also see [the readme file](README.md).
diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index 86ec5733d2..11e8b80d5a 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:56360034-11b1-4e31-8643-843d5a966243",
+ "serialNumber": "urn:uuid:9d8b3f1e-c984-4279-a86b-50bcec4fda9b",
"version": 1,
"metadata": {
- "timestamp": "2024-10-21T00:38:03Z",
+ "timestamp": "2024-11-11T00:37:52Z",
"lifecycles": [
{
"phase": "build"
@@ -129,6 +129,12 @@
},
"cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
+ }
+ ],
"licenses": [
{
"license": {
@@ -215,7 +221,7 @@
"type": "library",
"bom-ref": "5-frozenlist",
"name": "frozenlist",
- "version": "1.4.1",
+ "version": "1.5.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
"licenses": [
{
@@ -233,12 +239,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/frozenlist/1.4.1/#files",
+ "url": "https://pypi.org/project/frozenlist/1.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/frozenlist@1.4.1",
+ "purl": "pkg:pypi/frozenlist@1.5.0",
"properties": [
{
"name": "language",
@@ -247,10 +253,6 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-15T08:40:29.000Z"
}
]
},
@@ -327,6 +329,12 @@
},
"cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/attrs/24.2.0/#files",
@@ -409,6 +417,12 @@
},
"cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
"description": "Backported and Experimental Type Hints for Python 3.8+",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
@@ -432,7 +446,7 @@
"type": "library",
"bom-ref": "10-yarl",
"name": "yarl",
- "version": "1.15.5",
+ "version": "1.17.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -441,7 +455,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -459,12 +473,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.15.5/#files",
+ "url": "https://pypi.org/project/yarl/1.17.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.15.5",
+ "purl": "pkg:pypi/yarl@1.17.1",
"properties": [
{
"name": "language",
@@ -625,6 +639,12 @@
},
"cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/facelessuser/soupsieve",
@@ -653,7 +673,7 @@
"type": "library",
"bom-ref": "15-cvss",
"name": "cvss",
- "version": "3.2",
+ "version": "3.3",
"supplier": {
"name": "Stanislav Red Hat Product Security",
"contact": [
@@ -662,7 +682,7 @@
}
]
},
- "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
"licenses": [
{
@@ -680,12 +700,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cvss/3.2/#files",
+ "url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cvss@3.2",
+ "purl": "pkg:pypi/cvss@3.3",
"properties": [
{
"name": "language",
@@ -2226,6 +2246,12 @@
"name": "markupsafe",
"version": "3.0.2",
"description": "Safely add untrusted strings to HTML/XML markup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/markupsafe/3.0.2/#files",
@@ -2391,7 +2417,7 @@
"type": "library",
"bom-ref": "49-rpds-py",
"name": "rpds-py",
- "version": "0.20.0",
+ "version": "0.21.0",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -2400,23 +2426,8 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
- }
- ],
"externalReferences": [
{
"url": "https://github.com/crate-py/rpds",
@@ -2424,12 +2435,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.20.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.20.0",
+ "purl": "pkg:pypi/rpds-py@0.21.0",
"properties": [
{
"name": "language",
@@ -2707,18 +2718,12 @@
"type": "library",
"bom-ref": "55-packageurl-python",
"name": "packageurl-python",
- "version": "0.15.6",
+ "version": "0.16.0",
"supplier": {
"name": "the purl authors"
},
- "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "14a11b50ab723796888133d3722b5b3e2845b084"
- }
- ],
"licenses": [
{
"license": {
@@ -2735,12 +2740,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/packageurl-python/0.15.6/#files",
+ "url": "https://pypi.org/project/packageurl-python/0.16.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packageurl-python@0.15.6",
+ "purl": "pkg:pypi/packageurl-python@0.16.0",
"properties": [
{
"name": "language",
@@ -2756,7 +2761,7 @@
"type": "library",
"bom-ref": "56-rich",
"name": "rich",
- "version": "13.9.2",
+ "version": "13.9.4",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -2765,8 +2770,14 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2783,12 +2794,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rich/13.9.2/#files",
+ "url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.9.2",
+ "purl": "pkg:pypi/rich@13.9.4",
"properties": [
{
"name": "language",
@@ -2960,7 +2971,7 @@
"type": "library",
"bom-ref": "60-packaging",
"name": "packaging",
- "version": "24.1",
+ "version": "24.2",
"supplier": {
"name": "Donald Stufft",
"contact": [
@@ -2969,16 +2980,16 @@
}
]
},
- "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/packaging/24.1/#files",
+ "url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packaging@24.1",
+ "purl": "pkg:pypi/packaging@24.2",
"properties": [
{
"name": "language",
@@ -3382,7 +3393,7 @@
"type": "library",
"bom-ref": "69-setuptools",
"name": "setuptools",
- "version": "75.2.0",
+ "version": "75.3.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3391,16 +3402,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.2.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@75.2.0",
+ "purl": "pkg:pypi/setuptools@75.3.0",
"properties": [
{
"name": "language",
@@ -3474,7 +3485,7 @@
"type": "library",
"bom-ref": "71-xmlschema",
"name": "xmlschema",
- "version": "3.4.2",
+ "version": "3.4.3",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3483,7 +3494,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -3501,12 +3512,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/xmlschema/3.4.2/#files",
+ "url": "https://pypi.org/project/xmlschema/3.4.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@3.4.2",
+ "purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
{
"name": "language",
@@ -3522,7 +3533,7 @@
"type": "library",
"bom-ref": "72-elementpath",
"name": "elementpath",
- "version": "4.5.0",
+ "version": "4.6.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3531,7 +3542,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
"licenses": [
{
@@ -3549,12 +3560,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/elementpath/4.5.0/#files",
+ "url": "https://pypi.org/project/elementpath/4.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/elementpath@4.5.0",
+ "purl": "pkg:pypi/elementpath@4.6.0",
"properties": [
{
"name": "language",
@@ -3570,7 +3581,7 @@
"type": "library",
"bom-ref": "73-zipp",
"name": "zipp",
- "version": "3.20.2",
+ "version": "3.21.0",
"supplier": {
"name": "Jason R .",
"contact": [
@@ -3579,16 +3590,16 @@
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
"description": "Backport of pathlib-compatible object wrapper for zip files",
"externalReferences": [
{
- "url": "https://pypi.org/project/zipp/3.20.2/#files",
+ "url": "https://pypi.org/project/zipp/3.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zipp@3.20.2",
+ "purl": "pkg:pypi/zipp@3.21.0",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index b90ba2c350..3450e18661 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-31c41ad2-71db-4400-b6a9-3897d659df61
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fbb1f496-d598-4256-ad86-451dd81c5ec2
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-10-21T00:37:15Z
+Created: 2024-11-11T00:37:01Z
CreatorComment: This document has been automatically generated.
#####
@@ -49,6 +49,7 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
+PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
@@ -76,10 +77,10 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1
PackageName: frozenlist
SPDXID: SPDXRef-5-frozenlist
-PackageVersion: 1.4.1
+PackageVersion: 1.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.1/#files
+PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
PackageLicenseDeclared: NOASSERTION
@@ -87,7 +88,7 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0
#####
PackageName: async-timeout
@@ -115,6 +116,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -147,6 +149,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -157,18 +160,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
PackageName: yarl
SPDXID: SPDXRef-10-yarl
-PackageVersion: 1.15.5
+PackageVersion: 1.17.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -227,6 +230,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
+PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -237,10 +241,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
PackageName: cvss
SPDXID: SPDXRef-15-cvss
-PackageVersion: 3.2
+PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
-PackageDownloadLocation: https://pypi.org/project/cvss/3.2/#files
+PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
PackageLicenseDeclared: NOASSERTION
@@ -248,8 +252,8 @@ PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
@@ -754,6 +758,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.
@@ -814,19 +819,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-49-rpds-py
-PackageVersion: 0.20.0
+PackageVersion: 0.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
@@ -915,35 +919,35 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*
PackageName: packageurl-python
SPDXID: SPDXRef-55-packageurl-python
-PackageVersion: 0.15.6
+PackageVersion: 0.16.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6/#files
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
-PackageChecksum: SHA1: 14a11b50ab723796888133d3722b5b3e2845b084
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*
#####
PackageName: rich
SPDXID: SPDXRef-56-rich
-PackageVersion: 13.9.2
+PackageVersion: 13.9.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.9.2/#files
+PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
+PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -999,17 +1003,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*
PackageName: packaging
SPDXID: SPDXRef-60-packaging
-PackageVersion: 24.1
+PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
-PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files
+PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
PackageName: plotly
@@ -1146,17 +1150,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-69-setuptools
-PackageVersion: 75.2.0
+PackageVersion: 75.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
#####
PackageName: toml
@@ -1178,49 +1182,49 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
PackageName: xmlschema
SPDXID: SPDXRef-71-xmlschema
-PackageVersion: 3.4.2
+PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.2/#files
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
SPDXID: SPDXRef-72-elementpath
-PackageVersion: 4.5.0
+PackageVersion: 4.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.5.0/#files
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*
#####
PackageName: zipp
SPDXID: SPDXRef-73-zipp
-PackageVersion: 3.20.2
+PackageVersion: 3.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files
+PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
#####
PackageName: zstandard
diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
index df44fa0767..5ba8175fb4 100644
--- a/sbom/cve-bin-tool-py3.11.json
+++ b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:d5e538e5-15fc-467b-9af5-fdbadcd9bc9e",
+ "serialNumber": "urn:uuid:427b46ae-e987-4f40-8517-9a8d3fcec56e",
"version": 1,
"metadata": {
- "timestamp": "2024-10-21T00:38:07Z",
+ "timestamp": "2024-11-11T00:37:40Z",
"lifecycles": [
{
"phase": "build"
@@ -129,6 +129,12 @@
},
"cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
+ }
+ ],
"licenses": [
{
"license": {
@@ -215,7 +221,7 @@
"type": "library",
"bom-ref": "5-frozenlist",
"name": "frozenlist",
- "version": "1.4.1",
+ "version": "1.5.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
"licenses": [
{
@@ -233,12 +239,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/frozenlist/1.4.1/#files",
+ "url": "https://pypi.org/project/frozenlist/1.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/frozenlist@1.4.1",
+ "purl": "pkg:pypi/frozenlist@1.5.0",
"properties": [
{
"name": "language",
@@ -247,10 +253,6 @@
{
"name": "python_version",
"value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-15T08:40:29.000Z"
}
]
},
@@ -269,6 +271,12 @@
},
"cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/attrs/24.2.0/#files",
@@ -340,7 +348,7 @@
"type": "library",
"bom-ref": "8-yarl",
"name": "yarl",
- "version": "1.15.5",
+ "version": "1.17.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -349,7 +357,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -367,12 +375,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.15.5/#files",
+ "url": "https://pypi.org/project/yarl/1.17.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.15.5",
+ "purl": "pkg:pypi/yarl@1.17.1",
"properties": [
{
"name": "language",
@@ -533,6 +541,12 @@
},
"cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/facelessuser/soupsieve",
@@ -561,7 +575,7 @@
"type": "library",
"bom-ref": "13-cvss",
"name": "cvss",
- "version": "3.2",
+ "version": "3.3",
"supplier": {
"name": "Stanislav Red Hat Product Security",
"contact": [
@@ -570,7 +584,7 @@
}
]
},
- "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
"licenses": [
{
@@ -588,12 +602,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cvss/3.2/#files",
+ "url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cvss@3.2",
+ "purl": "pkg:pypi/cvss@3.3",
"properties": [
{
"name": "language",
@@ -2134,6 +2148,12 @@
"name": "markupsafe",
"version": "3.0.2",
"description": "Safely add untrusted strings to HTML/XML markup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/markupsafe/3.0.2/#files",
@@ -2299,7 +2319,7 @@
"type": "library",
"bom-ref": "47-rpds-py",
"name": "rpds-py",
- "version": "0.20.0",
+ "version": "0.21.0",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -2308,23 +2328,8 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
- }
- ],
"externalReferences": [
{
"url": "https://github.com/crate-py/rpds",
@@ -2332,12 +2337,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.20.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.20.0",
+ "purl": "pkg:pypi/rpds-py@0.21.0",
"properties": [
{
"name": "language",
@@ -2615,18 +2620,12 @@
"type": "library",
"bom-ref": "53-packageurl-python",
"name": "packageurl-python",
- "version": "0.15.6",
+ "version": "0.16.0",
"supplier": {
"name": "the purl authors"
},
- "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "14a11b50ab723796888133d3722b5b3e2845b084"
- }
- ],
"licenses": [
{
"license": {
@@ -2643,12 +2642,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/packageurl-python/0.15.6/#files",
+ "url": "https://pypi.org/project/packageurl-python/0.16.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packageurl-python@0.15.6",
+ "purl": "pkg:pypi/packageurl-python@0.16.0",
"properties": [
{
"name": "language",
@@ -2664,7 +2663,7 @@
"type": "library",
"bom-ref": "54-rich",
"name": "rich",
- "version": "13.9.2",
+ "version": "13.9.4",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -2673,8 +2672,14 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2691,12 +2696,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rich/13.9.2/#files",
+ "url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.9.2",
+ "purl": "pkg:pypi/rich@13.9.4",
"properties": [
{
"name": "language",
@@ -2868,7 +2873,7 @@
"type": "library",
"bom-ref": "58-packaging",
"name": "packaging",
- "version": "24.1",
+ "version": "24.2",
"supplier": {
"name": "Donald Stufft",
"contact": [
@@ -2877,16 +2882,16 @@
}
]
},
- "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/packaging/24.1/#files",
+ "url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packaging@24.1",
+ "purl": "pkg:pypi/packaging@24.2",
"properties": [
{
"name": "language",
@@ -3290,7 +3295,7 @@
"type": "library",
"bom-ref": "67-setuptools",
"name": "setuptools",
- "version": "75.2.0",
+ "version": "75.3.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3299,16 +3304,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.2.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@75.2.0",
+ "purl": "pkg:pypi/setuptools@75.3.0",
"properties": [
{
"name": "language",
@@ -3324,7 +3329,7 @@
"type": "library",
"bom-ref": "68-xmlschema",
"name": "xmlschema",
- "version": "3.4.2",
+ "version": "3.4.3",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3333,7 +3338,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -3351,12 +3356,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/xmlschema/3.4.2/#files",
+ "url": "https://pypi.org/project/xmlschema/3.4.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@3.4.2",
+ "purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
{
"name": "language",
@@ -3372,7 +3377,7 @@
"type": "library",
"bom-ref": "69-elementpath",
"name": "elementpath",
- "version": "4.5.0",
+ "version": "4.6.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3381,7 +3386,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
"licenses": [
{
@@ -3399,12 +3404,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/elementpath/4.5.0/#files",
+ "url": "https://pypi.org/project/elementpath/4.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/elementpath@4.5.0",
+ "purl": "pkg:pypi/elementpath@4.6.0",
"properties": [
{
"name": "language",
@@ -3420,7 +3425,7 @@
"type": "library",
"bom-ref": "70-zipp",
"name": "zipp",
- "version": "3.20.2",
+ "version": "3.21.0",
"supplier": {
"name": "Jason R .",
"contact": [
@@ -3429,16 +3434,16 @@
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
"description": "Backport of pathlib-compatible object wrapper for zip files",
"externalReferences": [
{
- "url": "https://pypi.org/project/zipp/3.20.2/#files",
+ "url": "https://pypi.org/project/zipp/3.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zipp@3.20.2",
+ "purl": "pkg:pypi/zipp@3.21.0",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
index 27c84d6e71..272ff4e086 100644
--- a/sbom/cve-bin-tool-py3.11.spdx
+++ b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a9a33c0b-ebd3-45ac-a9ec-32d3d43f6e62
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-efe4b143-b05c-44c4-852e-b6b21a68340f
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-10-21T00:37:27Z
+Created: 2024-11-11T00:37:01Z
CreatorComment: This document has been automatically generated.
#####
@@ -49,6 +49,7 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
+PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
@@ -76,10 +77,10 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1
PackageName: frozenlist
SPDXID: SPDXRef-5-frozenlist
-PackageVersion: 1.4.1
+PackageVersion: 1.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.1/#files
+PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
PackageLicenseDeclared: NOASSERTION
@@ -87,7 +88,7 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0
#####
PackageName: attrs
@@ -97,6 +98,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -124,18 +126,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*
PackageName: yarl
SPDXID: SPDXRef-8-yarl
-PackageVersion: 1.15.5
+PackageVersion: 1.17.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -194,6 +196,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
+PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -204,10 +207,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
PackageName: cvss
SPDXID: SPDXRef-13-cvss
-PackageVersion: 3.2
+PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
-PackageDownloadLocation: https://pypi.org/project/cvss/3.2/#files
+PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
PackageLicenseDeclared: NOASSERTION
@@ -215,8 +218,8 @@ PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
@@ -721,6 +724,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.
@@ -781,19 +785,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-47-rpds-py
-PackageVersion: 0.20.0
+PackageVersion: 0.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
@@ -882,35 +885,35 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*
PackageName: packageurl-python
SPDXID: SPDXRef-53-packageurl-python
-PackageVersion: 0.15.6
+PackageVersion: 0.16.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6/#files
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
-PackageChecksum: SHA1: 14a11b50ab723796888133d3722b5b3e2845b084
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*
#####
PackageName: rich
SPDXID: SPDXRef-54-rich
-PackageVersion: 13.9.2
+PackageVersion: 13.9.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.9.2/#files
+PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
+PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -966,17 +969,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*
PackageName: packaging
SPDXID: SPDXRef-58-packaging
-PackageVersion: 24.1
+PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
-PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files
+PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
PackageName: plotly
@@ -1113,64 +1116,64 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-67-setuptools
-PackageVersion: 75.2.0
+PackageVersion: 75.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
#####
PackageName: xmlschema
SPDXID: SPDXRef-68-xmlschema
-PackageVersion: 3.4.2
+PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.2/#files
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
SPDXID: SPDXRef-69-elementpath
-PackageVersion: 4.5.0
+PackageVersion: 4.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.5.0/#files
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*
#####
PackageName: zipp
SPDXID: SPDXRef-70-zipp
-PackageVersion: 3.20.2
+PackageVersion: 3.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files
+PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
#####
PackageName: zstandard
diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
index 0eef678b0b..60821f01a1 100644
--- a/sbom/cve-bin-tool-py3.12.json
+++ b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:0f75c410-49c3-4b71-9350-9079ef768e63",
+ "serialNumber": "urn:uuid:473bf76a-fad4-4e1d-858c-96c7fb94c47b",
"version": 1,
"metadata": {
- "timestamp": "2024-10-21T00:38:03Z",
+ "timestamp": "2024-11-11T00:37:48Z",
"lifecycles": [
{
"phase": "build"
@@ -129,6 +129,12 @@
},
"cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
+ }
+ ],
"licenses": [
{
"license": {
@@ -215,7 +221,7 @@
"type": "library",
"bom-ref": "5-frozenlist",
"name": "frozenlist",
- "version": "1.4.1",
+ "version": "1.5.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
"licenses": [
{
@@ -233,12 +239,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/frozenlist/1.4.1/#files",
+ "url": "https://pypi.org/project/frozenlist/1.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/frozenlist@1.4.1",
+ "purl": "pkg:pypi/frozenlist@1.5.0",
"properties": [
{
"name": "language",
@@ -247,10 +253,6 @@
{
"name": "python_version",
"value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-15T08:40:29.000Z"
}
]
},
@@ -269,6 +271,12 @@
},
"cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/attrs/24.2.0/#files",
@@ -340,7 +348,7 @@
"type": "library",
"bom-ref": "8-yarl",
"name": "yarl",
- "version": "1.15.5",
+ "version": "1.17.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -349,7 +357,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -367,12 +375,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.15.5/#files",
+ "url": "https://pypi.org/project/yarl/1.17.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.15.5",
+ "purl": "pkg:pypi/yarl@1.17.1",
"properties": [
{
"name": "language",
@@ -533,6 +541,12 @@
},
"cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/facelessuser/soupsieve",
@@ -561,7 +575,7 @@
"type": "library",
"bom-ref": "13-cvss",
"name": "cvss",
- "version": "3.2",
+ "version": "3.3",
"supplier": {
"name": "Stanislav Red Hat Product Security",
"contact": [
@@ -570,7 +584,7 @@
}
]
},
- "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
"licenses": [
{
@@ -588,12 +602,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cvss/3.2/#files",
+ "url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cvss@3.2",
+ "purl": "pkg:pypi/cvss@3.3",
"properties": [
{
"name": "language",
@@ -2134,6 +2148,12 @@
"name": "markupsafe",
"version": "3.0.2",
"description": "Safely add untrusted strings to HTML/XML markup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/markupsafe/3.0.2/#files",
@@ -2299,7 +2319,7 @@
"type": "library",
"bom-ref": "47-rpds-py",
"name": "rpds-py",
- "version": "0.20.0",
+ "version": "0.21.0",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -2308,23 +2328,8 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
- }
- ],
"externalReferences": [
{
"url": "https://github.com/crate-py/rpds",
@@ -2332,12 +2337,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.20.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.20.0",
+ "purl": "pkg:pypi/rpds-py@0.21.0",
"properties": [
{
"name": "language",
@@ -2615,18 +2620,12 @@
"type": "library",
"bom-ref": "53-packageurl-python",
"name": "packageurl-python",
- "version": "0.15.6",
+ "version": "0.16.0",
"supplier": {
"name": "the purl authors"
},
- "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "14a11b50ab723796888133d3722b5b3e2845b084"
- }
- ],
"licenses": [
{
"license": {
@@ -2643,12 +2642,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/packageurl-python/0.15.6/#files",
+ "url": "https://pypi.org/project/packageurl-python/0.16.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packageurl-python@0.15.6",
+ "purl": "pkg:pypi/packageurl-python@0.16.0",
"properties": [
{
"name": "language",
@@ -2664,7 +2663,7 @@
"type": "library",
"bom-ref": "54-rich",
"name": "rich",
- "version": "13.9.2",
+ "version": "13.9.4",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -2673,8 +2672,14 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2691,12 +2696,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rich/13.9.2/#files",
+ "url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.9.2",
+ "purl": "pkg:pypi/rich@13.9.4",
"properties": [
{
"name": "language",
@@ -2868,7 +2873,7 @@
"type": "library",
"bom-ref": "58-packaging",
"name": "packaging",
- "version": "24.1",
+ "version": "24.2",
"supplier": {
"name": "Donald Stufft",
"contact": [
@@ -2877,16 +2882,16 @@
}
]
},
- "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/packaging/24.1/#files",
+ "url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packaging@24.1",
+ "purl": "pkg:pypi/packaging@24.2",
"properties": [
{
"name": "language",
@@ -3290,7 +3295,7 @@
"type": "library",
"bom-ref": "67-setuptools",
"name": "setuptools",
- "version": "75.2.0",
+ "version": "75.3.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3299,16 +3304,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.2.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@75.2.0",
+ "purl": "pkg:pypi/setuptools@75.3.0",
"properties": [
{
"name": "language",
@@ -3324,7 +3329,7 @@
"type": "library",
"bom-ref": "68-xmlschema",
"name": "xmlschema",
- "version": "3.4.2",
+ "version": "3.4.3",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3333,7 +3338,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -3351,12 +3356,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/xmlschema/3.4.2/#files",
+ "url": "https://pypi.org/project/xmlschema/3.4.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@3.4.2",
+ "purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
{
"name": "language",
@@ -3372,7 +3377,7 @@
"type": "library",
"bom-ref": "69-elementpath",
"name": "elementpath",
- "version": "4.5.0",
+ "version": "4.6.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3381,7 +3386,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
"licenses": [
{
@@ -3399,12 +3404,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/elementpath/4.5.0/#files",
+ "url": "https://pypi.org/project/elementpath/4.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/elementpath@4.5.0",
+ "purl": "pkg:pypi/elementpath@4.6.0",
"properties": [
{
"name": "language",
@@ -3420,7 +3425,7 @@
"type": "library",
"bom-ref": "70-zipp",
"name": "zipp",
- "version": "3.20.2",
+ "version": "3.21.0",
"supplier": {
"name": "Jason R .",
"contact": [
@@ -3429,16 +3434,16 @@
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
"description": "Backport of pathlib-compatible object wrapper for zip files",
"externalReferences": [
{
- "url": "https://pypi.org/project/zipp/3.20.2/#files",
+ "url": "https://pypi.org/project/zipp/3.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zipp@3.20.2",
+ "purl": "pkg:pypi/zipp@3.21.0",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
index ae93fe6415..132341bedb 100644
--- a/sbom/cve-bin-tool-py3.12.spdx
+++ b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-b2973599-018f-42ec-9c3a-664a3e5f75a2
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-780d67c5-e334-4774-85fc-7ad1e1961493
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-10-21T00:37:15Z
+Created: 2024-11-11T00:37:00Z
CreatorComment: This document has been automatically generated.
#####
@@ -49,6 +49,7 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
+PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
@@ -76,10 +77,10 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1
PackageName: frozenlist
SPDXID: SPDXRef-5-frozenlist
-PackageVersion: 1.4.1
+PackageVersion: 1.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.1/#files
+PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
PackageLicenseDeclared: NOASSERTION
@@ -87,7 +88,7 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0
#####
PackageName: attrs
@@ -97,6 +98,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -124,18 +126,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*
PackageName: yarl
SPDXID: SPDXRef-8-yarl
-PackageVersion: 1.15.5
+PackageVersion: 1.17.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -194,6 +196,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
+PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -204,10 +207,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
PackageName: cvss
SPDXID: SPDXRef-13-cvss
-PackageVersion: 3.2
+PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
-PackageDownloadLocation: https://pypi.org/project/cvss/3.2/#files
+PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
PackageLicenseDeclared: NOASSERTION
@@ -215,8 +218,8 @@ PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
@@ -721,6 +724,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.
@@ -781,19 +785,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-47-rpds-py
-PackageVersion: 0.20.0
+PackageVersion: 0.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
@@ -882,35 +885,35 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*
PackageName: packageurl-python
SPDXID: SPDXRef-53-packageurl-python
-PackageVersion: 0.15.6
+PackageVersion: 0.16.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6/#files
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
-PackageChecksum: SHA1: 14a11b50ab723796888133d3722b5b3e2845b084
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*
#####
PackageName: rich
SPDXID: SPDXRef-54-rich
-PackageVersion: 13.9.2
+PackageVersion: 13.9.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.9.2/#files
+PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
+PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -966,17 +969,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*
PackageName: packaging
SPDXID: SPDXRef-58-packaging
-PackageVersion: 24.1
+PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
-PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files
+PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
PackageName: plotly
@@ -1113,64 +1116,64 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-67-setuptools
-PackageVersion: 75.2.0
+PackageVersion: 75.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
#####
PackageName: xmlschema
SPDXID: SPDXRef-68-xmlschema
-PackageVersion: 3.4.2
+PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.2/#files
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
SPDXID: SPDXRef-69-elementpath
-PackageVersion: 4.5.0
+PackageVersion: 4.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.5.0/#files
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*
#####
PackageName: zipp
SPDXID: SPDXRef-70-zipp
-PackageVersion: 3.20.2
+PackageVersion: 3.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files
+PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
#####
PackageName: zstandard
diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
index a664a2838d..8e6c4b88f2 100644
--- a/sbom/cve-bin-tool-py3.8.json
+++ b/sbom/cve-bin-tool-py3.8.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:bc112257-5e89-4898-95bc-ba411056a8d5",
+ "serialNumber": "urn:uuid:09185e60-2171-4493-a4fd-eaadb9d689b9",
"version": 1,
"metadata": {
- "timestamp": "2024-10-21T00:38:42Z",
+ "timestamp": "2024-11-11T00:37:58Z",
"lifecycles": [
{
"phase": "build"
@@ -129,6 +129,12 @@
},
"cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
+ }
+ ],
"licenses": [
{
"license": {
@@ -215,7 +221,7 @@
"type": "library",
"bom-ref": "5-frozenlist",
"name": "frozenlist",
- "version": "1.4.1",
+ "version": "1.5.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
"licenses": [
{
@@ -233,12 +239,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/frozenlist/1.4.1/#files",
+ "url": "https://pypi.org/project/frozenlist/1.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/frozenlist@1.4.1",
+ "purl": "pkg:pypi/frozenlist@1.5.0",
"properties": [
{
"name": "language",
@@ -247,10 +253,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-15T08:40:29.000Z"
}
]
},
@@ -327,6 +329,12 @@
},
"cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/attrs/24.2.0/#files",
@@ -409,6 +417,12 @@
},
"cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
"description": "Backported and Experimental Type Hints for Python 3.8+",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
@@ -443,6 +457,12 @@
},
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*",
"description": "Yet another URL library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "33294bf084d2dde1ac1e8133b0125e1f142a8274"
+ }
+ ],
"licenses": [
{
"license": {
@@ -625,6 +645,12 @@
},
"cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/facelessuser/soupsieve",
@@ -653,7 +679,7 @@
"type": "library",
"bom-ref": "15-cvss",
"name": "cvss",
- "version": "3.2",
+ "version": "3.3",
"supplier": {
"name": "Stanislav Red Hat Product Security",
"contact": [
@@ -662,7 +688,7 @@
}
]
},
- "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
"licenses": [
{
@@ -680,12 +706,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cvss/3.2/#files",
+ "url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cvss@3.2",
+ "purl": "pkg:pypi/cvss@3.3",
"properties": [
{
"name": "language",
@@ -2200,6 +2226,12 @@
},
"cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*",
"description": "Read metadata from Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b34810b1e0665580a91ea19b6317a1890ecd42c1"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/importlib-metadata/8.5.0/#files",
@@ -2268,6 +2300,12 @@
},
"cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*",
"description": "Read resources from Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "284148b005b57031a354402c446473f53cab2c49"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/importlib-resources/6.4.5/#files",
@@ -2530,7 +2568,7 @@
"type": "library",
"bom-ref": "52-rpds-py",
"name": "rpds-py",
- "version": "0.20.0",
+ "version": "0.20.1",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -2539,14 +2577,8 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d"
- }
- ],
"licenses": [
{
"license": {
@@ -2563,12 +2595,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.20.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.20.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.20.0",
+ "purl": "pkg:pypi/rpds-py@0.20.1",
"properties": [
{
"name": "language",
@@ -2889,18 +2921,12 @@
"type": "library",
"bom-ref": "59-packageurl-python",
"name": "packageurl-python",
- "version": "0.15.6",
+ "version": "0.16.0",
"supplier": {
"name": "the purl authors"
},
- "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "14a11b50ab723796888133d3722b5b3e2845b084"
- }
- ],
"licenses": [
{
"license": {
@@ -2917,12 +2943,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/packageurl-python/0.15.6/#files",
+ "url": "https://pypi.org/project/packageurl-python/0.16.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packageurl-python@0.15.6",
+ "purl": "pkg:pypi/packageurl-python@0.16.0",
"properties": [
{
"name": "language",
@@ -2938,7 +2964,7 @@
"type": "library",
"bom-ref": "60-rich",
"name": "rich",
- "version": "13.9.2",
+ "version": "13.9.4",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -2947,8 +2973,14 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2965,12 +2997,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rich/13.9.2/#files",
+ "url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.9.2",
+ "purl": "pkg:pypi/rich@13.9.4",
"properties": [
{
"name": "language",
@@ -3142,7 +3174,7 @@
"type": "library",
"bom-ref": "64-packaging",
"name": "packaging",
- "version": "24.1",
+ "version": "24.2",
"supplier": {
"name": "Donald Stufft",
"contact": [
@@ -3151,16 +3183,16 @@
}
]
},
- "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/packaging/24.1/#files",
+ "url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packaging@24.1",
+ "purl": "pkg:pypi/packaging@24.2",
"properties": [
{
"name": "language",
@@ -3564,7 +3596,7 @@
"type": "library",
"bom-ref": "73-setuptools",
"name": "setuptools",
- "version": "75.2.0",
+ "version": "75.3.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3573,16 +3605,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.2.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@75.2.0",
+ "purl": "pkg:pypi/setuptools@75.3.0",
"properties": [
{
"name": "language",
@@ -3656,7 +3688,7 @@
"type": "library",
"bom-ref": "75-xmlschema",
"name": "xmlschema",
- "version": "3.4.2",
+ "version": "3.4.3",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3665,7 +3697,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -3683,12 +3715,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/xmlschema/3.4.2/#files",
+ "url": "https://pypi.org/project/xmlschema/3.4.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@3.4.2",
+ "purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
{
"name": "language",
@@ -3704,7 +3736,7 @@
"type": "library",
"bom-ref": "76-elementpath",
"name": "elementpath",
- "version": "4.5.0",
+ "version": "4.6.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3713,7 +3745,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
"licenses": [
{
@@ -3731,12 +3763,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/elementpath/4.5.0/#files",
+ "url": "https://pypi.org/project/elementpath/4.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/elementpath@4.5.0",
+ "purl": "pkg:pypi/elementpath@4.6.0",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
index 87e23e8dac..c66cbe5150 100644
--- a/sbom/cve-bin-tool-py3.8.spdx
+++ b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-31326d6d-bbe6-44f9-b106-9f12af5fb249
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7d29612d-e195-4775-b376-646cc2514ac4
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-10-21T00:37:49Z
+Created: 2024-11-11T00:36:58Z
CreatorComment: This document has been automatically generated.
#####
@@ -49,6 +49,7 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
+PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
@@ -76,10 +77,10 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1
PackageName: frozenlist
SPDXID: SPDXRef-5-frozenlist
-PackageVersion: 1.4.1
+PackageVersion: 1.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.1/#files
+PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
PackageLicenseDeclared: NOASSERTION
@@ -87,7 +88,7 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0
#####
PackageName: async-timeout
@@ -115,6 +116,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -147,6 +149,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -163,6 +166,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
+PackageChecksum: SHA1: 33294bf084d2dde1ac1e8133b0125e1f142a8274
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
@@ -227,6 +231,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
+PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -237,10 +242,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
PackageName: cvss
SPDXID: SPDXRef-15-cvss
-PackageVersion: 3.2
+PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
-PackageDownloadLocation: https://pypi.org/project/cvss/3.2/#files
+PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
PackageLicenseDeclared: NOASSERTION
@@ -248,8 +253,8 @@ PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
@@ -739,6 +744,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: b34810b1e0665580a91ea19b6317a1890ecd42c1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -769,6 +775,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Barry Warsaw (barry@python.org)
PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.4.5/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 284148b005b57031a354402c446473f53cab2c49
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -860,19 +867,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-52-rpds-py
-PackageVersion: 0.20.0
+PackageVersion: 0.20.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*
#####
PackageName: pkgutil-resolve-name
@@ -977,35 +983,35 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*
PackageName: packageurl-python
SPDXID: SPDXRef-59-packageurl-python
-PackageVersion: 0.15.6
+PackageVersion: 0.16.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6/#files
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
-PackageChecksum: SHA1: 14a11b50ab723796888133d3722b5b3e2845b084
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*
#####
PackageName: rich
SPDXID: SPDXRef-60-rich
-PackageVersion: 13.9.2
+PackageVersion: 13.9.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.9.2/#files
+PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
+PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -1061,17 +1067,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*
PackageName: packaging
SPDXID: SPDXRef-64-packaging
-PackageVersion: 24.1
+PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
-PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files
+PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
PackageName: plotly
@@ -1208,17 +1214,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-73-setuptools
-PackageVersion: 75.2.0
+PackageVersion: 75.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
#####
PackageName: toml
@@ -1240,34 +1246,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
PackageName: xmlschema
SPDXID: SPDXRef-75-xmlschema
-PackageVersion: 3.4.2
+PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.2/#files
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
SPDXID: SPDXRef-76-elementpath
-PackageVersion: 4.5.0
+PackageVersion: 4.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.5.0/#files
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*
#####
PackageName: zstandard
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index 79f4383c38..2f66f324d6 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:446914dd-c18a-4e5a-8c75-a21664d12eb9",
+ "serialNumber": "urn:uuid:b533a6a5-37a1-49d0-ac98-ad45000656d8",
"version": 1,
"metadata": {
- "timestamp": "2024-10-21T00:38:06Z",
+ "timestamp": "2024-11-11T00:38:15Z",
"lifecycles": [
{
"phase": "build"
@@ -129,6 +129,12 @@
},
"cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
+ }
+ ],
"licenses": [
{
"license": {
@@ -215,7 +221,7 @@
"type": "library",
"bom-ref": "5-frozenlist",
"name": "frozenlist",
- "version": "1.4.1",
+ "version": "1.5.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
"licenses": [
{
@@ -233,12 +239,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/frozenlist/1.4.1/#files",
+ "url": "https://pypi.org/project/frozenlist/1.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/frozenlist@1.4.1",
+ "purl": "pkg:pypi/frozenlist@1.5.0",
"properties": [
{
"name": "language",
@@ -247,10 +253,6 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-15T08:40:29.000Z"
}
]
},
@@ -327,6 +329,12 @@
},
"cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/attrs/24.2.0/#files",
@@ -409,6 +417,12 @@
},
"cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
"description": "Backported and Experimental Type Hints for Python 3.8+",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
@@ -432,7 +446,7 @@
"type": "library",
"bom-ref": "10-yarl",
"name": "yarl",
- "version": "1.15.5",
+ "version": "1.17.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -441,7 +455,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -459,12 +473,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.15.5/#files",
+ "url": "https://pypi.org/project/yarl/1.17.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.15.5",
+ "purl": "pkg:pypi/yarl@1.17.1",
"properties": [
{
"name": "language",
@@ -625,6 +639,12 @@
},
"cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/facelessuser/soupsieve",
@@ -653,7 +673,7 @@
"type": "library",
"bom-ref": "15-cvss",
"name": "cvss",
- "version": "3.2",
+ "version": "3.3",
"supplier": {
"name": "Stanislav Red Hat Product Security",
"contact": [
@@ -662,7 +682,7 @@
}
]
},
- "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
"licenses": [
{
@@ -680,12 +700,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cvss/3.2/#files",
+ "url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cvss@3.2",
+ "purl": "pkg:pypi/cvss@3.3",
"properties": [
{
"name": "language",
@@ -2200,6 +2220,12 @@
},
"cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*",
"description": "Read metadata from Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b34810b1e0665580a91ea19b6317a1890ecd42c1"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/importlib-metadata/8.5.0/#files",
@@ -2223,7 +2249,7 @@
"type": "library",
"bom-ref": "45-zipp",
"name": "zipp",
- "version": "3.20.2",
+ "version": "3.21.0",
"supplier": {
"name": "Jason R .",
"contact": [
@@ -2232,16 +2258,16 @@
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
"description": "Backport of pathlib-compatible object wrapper for zip files",
"externalReferences": [
{
- "url": "https://pypi.org/project/zipp/3.20.2/#files",
+ "url": "https://pypi.org/project/zipp/3.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zipp@3.20.2",
+ "purl": "pkg:pypi/zipp@3.21.0",
"properties": [
{
"name": "language",
@@ -2294,6 +2320,12 @@
"name": "markupsafe",
"version": "3.0.2",
"description": "Safely add untrusted strings to HTML/XML markup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/markupsafe/3.0.2/#files",
@@ -2459,7 +2491,7 @@
"type": "library",
"bom-ref": "51-rpds-py",
"name": "rpds-py",
- "version": "0.20.0",
+ "version": "0.21.0",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -2468,23 +2500,8 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
- }
- ],
"externalReferences": [
{
"url": "https://github.com/crate-py/rpds",
@@ -2492,12 +2509,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.20.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.20.0",
+ "purl": "pkg:pypi/rpds-py@0.21.0",
"properties": [
{
"name": "language",
@@ -2775,18 +2792,12 @@
"type": "library",
"bom-ref": "57-packageurl-python",
"name": "packageurl-python",
- "version": "0.15.6",
+ "version": "0.16.0",
"supplier": {
"name": "the purl authors"
},
- "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "14a11b50ab723796888133d3722b5b3e2845b084"
- }
- ],
"licenses": [
{
"license": {
@@ -2803,12 +2814,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/packageurl-python/0.15.6/#files",
+ "url": "https://pypi.org/project/packageurl-python/0.16.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packageurl-python@0.15.6",
+ "purl": "pkg:pypi/packageurl-python@0.16.0",
"properties": [
{
"name": "language",
@@ -2824,7 +2835,7 @@
"type": "library",
"bom-ref": "58-rich",
"name": "rich",
- "version": "13.9.2",
+ "version": "13.9.4",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -2833,8 +2844,14 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2851,12 +2868,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rich/13.9.2/#files",
+ "url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.9.2",
+ "purl": "pkg:pypi/rich@13.9.4",
"properties": [
{
"name": "language",
@@ -3028,7 +3045,7 @@
"type": "library",
"bom-ref": "62-packaging",
"name": "packaging",
- "version": "24.1",
+ "version": "24.2",
"supplier": {
"name": "Donald Stufft",
"contact": [
@@ -3037,16 +3054,16 @@
}
]
},
- "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/packaging/24.1/#files",
+ "url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packaging@24.1",
+ "purl": "pkg:pypi/packaging@24.2",
"properties": [
{
"name": "language",
@@ -3450,7 +3467,7 @@
"type": "library",
"bom-ref": "71-setuptools",
"name": "setuptools",
- "version": "75.2.0",
+ "version": "75.3.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3459,16 +3476,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.2.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@75.2.0",
+ "purl": "pkg:pypi/setuptools@75.3.0",
"properties": [
{
"name": "language",
@@ -3542,7 +3559,7 @@
"type": "library",
"bom-ref": "73-xmlschema",
"name": "xmlschema",
- "version": "3.4.2",
+ "version": "3.4.3",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3551,7 +3568,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -3569,12 +3586,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/xmlschema/3.4.2/#files",
+ "url": "https://pypi.org/project/xmlschema/3.4.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@3.4.2",
+ "purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
{
"name": "language",
@@ -3590,7 +3607,7 @@
"type": "library",
"bom-ref": "74-elementpath",
"name": "elementpath",
- "version": "4.5.0",
+ "version": "4.6.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3599,7 +3616,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
"licenses": [
{
@@ -3617,12 +3634,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/elementpath/4.5.0/#files",
+ "url": "https://pypi.org/project/elementpath/4.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/elementpath@4.5.0",
+ "purl": "pkg:pypi/elementpath@4.6.0",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index d4bb770ec9..e3fee52bd3 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fb473dd3-9d06-4045-8446-8b94d55b0135
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9649f957-449f-4148-b2c1-9a5ec28d0ff8
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-10-21T00:37:14Z
+Created: 2024-11-11T00:37:24Z
CreatorComment: This document has been automatically generated.
#####
@@ -49,6 +49,7 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
+PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
@@ -76,10 +77,10 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1
PackageName: frozenlist
SPDXID: SPDXRef-5-frozenlist
-PackageVersion: 1.4.1
+PackageVersion: 1.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.1/#files
+PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
PackageLicenseDeclared: NOASSERTION
@@ -87,7 +88,7 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0
#####
PackageName: async-timeout
@@ -115,6 +116,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -147,6 +149,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -157,18 +160,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
PackageName: yarl
SPDXID: SPDXRef-10-yarl
-PackageVersion: 1.15.5
+PackageVersion: 1.17.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -227,6 +230,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
+PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -237,10 +241,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
PackageName: cvss
SPDXID: SPDXRef-15-cvss
-PackageVersion: 3.2
+PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
-PackageDownloadLocation: https://pypi.org/project/cvss/3.2/#files
+PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
PackageLicenseDeclared: NOASSERTION
@@ -248,8 +252,8 @@ PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
@@ -739,6 +743,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: b34810b1e0665580a91ea19b6317a1890ecd42c1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -749,17 +754,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:
PackageName: zipp
SPDXID: SPDXRef-45-zipp
-PackageVersion: 3.20.2
+PackageVersion: 3.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files
+PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
#####
PackageName: jinja2
@@ -784,6 +789,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.
@@ -844,19 +850,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-51-rpds-py
-PackageVersion: 0.20.0
+PackageVersion: 0.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
@@ -945,35 +950,35 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*
PackageName: packageurl-python
SPDXID: SPDXRef-57-packageurl-python
-PackageVersion: 0.15.6
+PackageVersion: 0.16.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6/#files
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
-PackageChecksum: SHA1: 14a11b50ab723796888133d3722b5b3e2845b084
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*
#####
PackageName: rich
SPDXID: SPDXRef-58-rich
-PackageVersion: 13.9.2
+PackageVersion: 13.9.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.9.2/#files
+PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
+PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -1029,17 +1034,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*
PackageName: packaging
SPDXID: SPDXRef-62-packaging
-PackageVersion: 24.1
+PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
-PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files
+PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
PackageName: plotly
@@ -1176,17 +1181,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-71-setuptools
-PackageVersion: 75.2.0
+PackageVersion: 75.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
#####
PackageName: toml
@@ -1208,34 +1213,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
PackageName: xmlschema
SPDXID: SPDXRef-73-xmlschema
-PackageVersion: 3.4.2
+PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.2/#files
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
SPDXID: SPDXRef-74-elementpath
-PackageVersion: 4.5.0
+PackageVersion: 4.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.5.0/#files
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*
#####
PackageName: zstandard
diff --git a/test/condensed-downloads/dlt-daemon_2.18.0-1_amd64.deb.tar.gz b/test/condensed-downloads/dlt-daemon_2.18.0-1_amd64.deb.tar.gz
new file mode 100644
index 0000000000..c65998553e
Binary files /dev/null and b/test/condensed-downloads/dlt-daemon_2.18.0-1_amd64.deb.tar.gz differ
diff --git a/test/condensed-downloads/dlt-daemon_2.18.8-6_arm64.deb.tar.gz b/test/condensed-downloads/dlt-daemon_2.18.8-6_arm64.deb.tar.gz
new file mode 100644
index 0000000000..3b06477a14
Binary files /dev/null and b/test/condensed-downloads/dlt-daemon_2.18.8-6_arm64.deb.tar.gz differ
diff --git a/test/condensed-downloads/linuxptp-4.4-2.fc42.aarch64.rpm.tar.gz b/test/condensed-downloads/linuxptp-4.4-2.fc42.aarch64.rpm.tar.gz
new file mode 100644
index 0000000000..7959b026c8
Binary files /dev/null and b/test/condensed-downloads/linuxptp-4.4-2.fc42.aarch64.rpm.tar.gz differ
diff --git a/test/condensed-downloads/linuxptp_2.0-3_x86_64.ipk.tar.gz b/test/condensed-downloads/linuxptp_2.0-3_x86_64.ipk.tar.gz
new file mode 100644
index 0000000000..780f447e41
Binary files /dev/null and b/test/condensed-downloads/linuxptp_2.0-3_x86_64.ipk.tar.gz differ
diff --git a/test/condensed-downloads/linuxptp_3.1-2.1_amd64.deb.tar.gz b/test/condensed-downloads/linuxptp_3.1-2.1_amd64.deb.tar.gz
new file mode 100644
index 0000000000..2c4cccda06
Binary files /dev/null and b/test/condensed-downloads/linuxptp_3.1-2.1_amd64.deb.tar.gz differ
diff --git a/test/test_data/dlt_daemon.py b/test/test_data/dlt_daemon.py
new file mode 100644
index 0000000000..d71a22c680
--- /dev/null
+++ b/test/test_data/dlt_daemon.py
@@ -0,0 +1,20 @@
+# Copyright (C) 2024 Orange
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+mapping_test_data = [
+ {"product": "dlt-daemon", "version": "2.18.0", "version_strings": ["2.18.0\nDLT_"]}
+]
+package_test_data = [
+ {
+ "url": "http://ftp.debian.org/debian/pool/main/d/dlt-daemon/",
+ "package_name": "dlt-daemon_2.18.0-1_amd64.deb",
+ "product": "dlt-daemon",
+ "version": "2.18.0",
+ },
+ {
+ "url": "http://ftp.debian.org/debian/pool/main/d/dlt-daemon/",
+ "package_name": "dlt-daemon_2.18.8-6_arm64.deb",
+ "product": "dlt-daemon",
+ "version": "2.18.8",
+ },
+]
diff --git a/test/test_data/linuxptp.py b/test/test_data/linuxptp.py
new file mode 100644
index 0000000000..7706c18ad7
--- /dev/null
+++ b/test/test_data/linuxptp.py
@@ -0,0 +1,26 @@
+# Copyright (C) 2024 Orange
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+mapping_test_data = [
+ {"product": "linuxptp", "version": "3.1", "version_strings": ["ptp\n3.1"]}
+]
+package_test_data = [
+ {
+ "url": "http://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/aarch64/os/Packages/l/",
+ "package_name": "linuxptp-4.4-2.fc42.aarch64.rpm",
+ "product": "linuxptp",
+ "version": "4.4",
+ },
+ {
+ "url": "http://ftp.debian.org/debian/pool/main/l/linuxptp/",
+ "package_name": "linuxptp_3.1-2.1_amd64.deb",
+ "product": "linuxptp",
+ "version": "3.1",
+ },
+ {
+ "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/",
+ "package_name": "linuxptp_2.0-3_x86_64.ipk",
+ "product": "linuxptp",
+ "version": "2.0",
+ },
+]
diff --git a/test/test_output_engine.py b/test/test_output_engine.py
index 5510738a9f..5a65e5c4cd 100644
--- a/test/test_output_engine.py
+++ b/test/test_output_engine.py
@@ -1270,6 +1270,16 @@ def test_output_file(self):
self.assertEqual(contains_filename, True)
self.assertEqual(contains_msg, True)
+ def test_csv_output_file(self):
+ self.output_engine.output_file(output_type="csv")
+ filename = Path(self.output_engine.filename)
+ n_cves = sum(len(c["cves"]) for c in self.MOCK_OUTPUT.values())
+ with filename.open(newline="", mode="r") as f:
+ n_lines = len(f.read().splitlines())
+ # cvs file should have one line per cve plus a header line
+ assert n_lines == n_cves + 1
+ filename.unlink()
+
def test_output_file_wrapper(self):
"""Test file generation logic in output_file_wrapper"""
logger = logging.getLogger()