diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
index 98107b6237..6a78b9e207 100644
--- a/sbom/cve-bin-tool-py3.12.json
+++ b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:ffde74e2-2ced-4c17-9b7f-fea38b10c62b",
+ "serialNumber": "urn:uuid:542b3565-348f-49c3-9f72-c62a1b27bc31",
"version": 1,
"metadata": {
- "timestamp": "2025-04-21T00:40:19Z",
+ "timestamp": "2025-04-28T00:40:59Z",
"lifecycles": [
{
"phase": "build"
@@ -89,12 +89,12 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.11.17",
+ "version": "3.11.18",
"description": "Async http client/server framework (asyncio)",
"hashes": [
{
"alg": "SHA-256",
- "content": "67eaabe31454d68503ddc10d805944187787b4351600aedda1724f75f3f20b6c"
+ "content": "96264854fedbea933a9ca4b7e0c745728f01380691687b7365d18d9e977179c4"
}
],
"licenses": [
@@ -113,7 +113,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.11.17/#files",
+ "url": "https://pypi.org/project/aiohttp/3.11.18/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -150,11 +150,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/aiohttp@3.11.17",
+ "purl": "pkg:pypi/aiohttp@3.11.18",
"properties": [
{
"name": "release_date",
- "value": "2025-04-19T21:38:28Z"
+ "value": "2025-04-21T09:40:25Z"
},
{
"name": "language",
@@ -305,10 +305,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -552,10 +548,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -878,10 +870,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "idna declares BSD License which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -944,10 +932,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1006,10 +990,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "soupsieve declares MIT License which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1084,10 +1064,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1146,10 +1122,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1208,10 +1180,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1328,10 +1296,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1406,10 +1370,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1579,10 +1539,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1641,10 +1597,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1835,10 +1787,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -1897,10 +1845,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -2075,10 +2019,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "pyparsing declares MIT License which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -2137,10 +2077,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -2211,10 +2147,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -2277,10 +2209,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -2607,10 +2535,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -2727,10 +2651,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -2789,10 +2709,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -2851,10 +2767,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "monotonic declares Apache which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -2912,10 +2824,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "importlib-metadata declares Apache Software License which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -2973,10 +2881,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "zipp declares MIT License which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -3041,10 +2945,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "jinja2 declares BSD License which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -3100,10 +3000,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "markupsafe declares Copyright 2010 Pallets\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer.\n\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in the\n documentation and/or other materials provided with the distribution.\n\n3. Neither the name of the copyright holder nor the names of its\n contributors may be used to endorse or promote products derived from\n this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A\nPARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nHOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED\nTO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR\nPROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\nLIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\nNEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -3193,7 +3089,7 @@
"type": "library",
"bom-ref": "48-jsonschema-specifications",
"name": "jsonschema-specifications",
- "version": "2024.10.1",
+ "version": "2025.4.1",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -3202,21 +3098,12 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2024.10.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2025.4.1:*:*:*:*:*:*:*",
"description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
"hashes": [
{
"alg": "SHA-256",
- "content": "a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
+ "content": "4653bffbd6584f7de83a67e0d620ef16900b390ddc7939d56684d6c81e33f1af"
}
],
"externalReferences": [
@@ -3226,7 +3113,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/jsonschema-specifications/2024.10.1/#files",
+ "url": "https://pypi.org/project/jsonschema-specifications/2025.4.1/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -3251,11 +3138,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/jsonschema-specifications@2024.10.1",
+ "purl": "pkg:pypi/jsonschema-specifications@2025.4.1",
"properties": [
{
"name": "release_date",
- "value": "2024-10-08T12:29:30Z"
+ "value": "2025-04-23T12:34:05Z"
},
{
"name": "language",
@@ -3264,10 +3151,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "jsonschema-specifications declares MIT License which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -3430,7 +3313,7 @@
"type": "library",
"bom-ref": "51-lib4sbom",
"name": "lib4sbom",
- "version": "0.8.3",
+ "version": "0.8.2",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -3439,12 +3322,12 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.2:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"hashes": [
{
"alg": "SHA-256",
- "content": "f166b110204cb50c867fb80023fd54bb7070b5cf4ff5a40362df9597dc72f378"
+ "content": "a46338154d7daf701f960a49495468f3722ae1845baf88f848c668f79519da8f"
}
],
"licenses": [
@@ -3463,16 +3346,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/lib4sbom/0.8.3/#files",
+ "url": "https://pypi.org/project/lib4sbom/0.8.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.8.3",
+ "purl": "pkg:pypi/lib4sbom@0.8.2",
"properties": [
{
"name": "release_date",
- "value": "2025-04-14T15:42:28Z"
+ "value": "2025-03-03T21:24:16Z"
},
{
"name": "language",
@@ -3617,10 +3500,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "semantic-version declares BSD which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -3914,10 +3793,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "markdown-it-py declares MIT License which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -3976,10 +3851,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "mdurl declares MIT License which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -4059,81 +3930,7 @@
},
{
"type": "library",
- "bom-ref": "61-python-gnupg",
- "name": "python-gnupg",
- "version": "0.5.4",
- "supplier": {
- "name": "Vinay Sajip",
- "contact": [
- {
- "email": "vinay_sajip@yahoo.co.uk"
- }
- ]
- },
- "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.4:*:*:*:*:*:*:*",
- "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "40ce25cde9df29af91fe931ce9df3ce544e14a37f62b13ca878c897217b2de6c"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/vsajip/python-gnupg",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/python-gnupg/0.5.4/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://gnupg.readthedocs.io/",
- "type": "documentation"
- },
- {
- "url": "https://github.com/vsajip/python-gnupg",
- "type": "vcs"
- },
- {
- "url": "https://github.com/vsajip/python-gnupg/issues",
- "type": "issue-tracker"
- }
- ],
- "purl": "pkg:pypi/python-gnupg@0.5.4",
- "properties": [
- {
- "name": "release_date",
- "value": "2025-01-07T11:58:32Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression."
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "62-packaging",
+ "bom-ref": "61-packaging",
"name": "packaging",
"version": "25.0",
"supplier": {
@@ -4185,16 +3982,12 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "packaging declares Apache Software License AND BSD License which is not currently a valid SPDX License identifier or expression."
}
]
},
{
"type": "library",
- "bom-ref": "63-plotly",
+ "bom-ref": "62-plotly",
"name": "plotly",
"version": "6.0.1",
"supplier": {
@@ -4250,18 +4043,14 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "plotly declares MIT License\n\nCopyright (c) 2016-2024 Plotly Technologies Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n which is not currently a valid SPDX License identifier or expression."
}
]
},
{
"type": "library",
- "bom-ref": "64-narwhals",
+ "bom-ref": "63-narwhals",
"name": "narwhals",
- "version": "1.35.0",
+ "version": "1.36.0",
"supplier": {
"name": "Marco Gorelli",
"contact": [
@@ -4270,12 +4059,12 @@
}
]
},
- "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.35.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.36.0:*:*:*:*:*:*:*",
"description": "Extremely lightweight compatibility layer between dataframe libraries",
"hashes": [
{
"alg": "SHA-256",
- "content": "7562af132fa3f8aaaf34dc96d7ec95bdca29d1c795e8fcf14e01edf1d32122bc"
+ "content": "e3c50dd1d769bc145f57ae17c1f0f0da6c3d397d62cdd0bb167e9b618e95c9d6"
}
],
"licenses": [
@@ -4294,7 +4083,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/narwhals/1.35.0/#files",
+ "url": "https://pypi.org/project/narwhals/1.36.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4311,11 +4100,11 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/narwhals@1.35.0",
+ "purl": "pkg:pypi/narwhals@1.36.0",
"properties": [
{
"name": "release_date",
- "value": "2025-04-14T17:14:50Z"
+ "value": "2025-04-23T07:15:30Z"
},
{
"name": "language",
@@ -4324,10 +4113,76 @@
{
"name": "python_version",
"value": "3.12.10"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "64-python-gnupg",
+ "name": "python-gnupg",
+ "version": "0.5.4",
+ "supplier": {
+ "name": "Vinay Sajip",
+ "contact": [
+ {
+ "email": "vinay_sajip@yahoo.co.uk"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.4:*:*:*:*:*:*:*",
+ "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "40ce25cde9df29af91fe931ce9df3ce544e14a37f62b13ca878c897217b2de6c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://github.com/vsajip/python-gnupg",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/python-gnupg/0.5.4/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
},
{
- "name": "License Comments",
- "value": "narwhals declares MIT License which is not currently a valid SPDX License identifier or expression."
+ "url": "https://gnupg.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/vsajip/python-gnupg",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/vsajip/python-gnupg/issues",
+ "type": "issue-tracker"
+ }
+ ],
+ "purl": "pkg:pypi/python-gnupg@0.5.4",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2025-01-07T11:58:32Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.10"
}
]
},
@@ -4530,7 +4385,7 @@
"type": "library",
"bom-ref": "68-certifi",
"name": "certifi",
- "version": "2025.1.31",
+ "version": "2025.4.26",
"supplier": {
"name": "Kenneth Reitz",
"contact": [
@@ -4539,12 +4394,12 @@
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2025.1.31:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2025.4.26:*:*:*:*:*:*:*",
"description": "Python package for providing Mozilla's CA Bundle.",
"hashes": [
{
"alg": "SHA-256",
- "content": "ca78db4565a652026a4db2bcdf68f2fb589ea80d0be70e03929ed730746b84fe"
+ "content": "30350364dfe371162649852c63336a15c70c6510c2ad5015b21c2345311805f3"
}
],
"licenses": [
@@ -4563,7 +4418,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/certifi/2025.1.31/#files",
+ "url": "https://pypi.org/project/certifi/2025.4.26/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4572,11 +4427,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/certifi@2025.1.31",
+ "purl": "pkg:pypi/certifi@2025.4.26",
"properties": [
{
"name": "release_date",
- "value": "2025-01-31T02:16:45Z"
+ "value": "2025-04-26T02:12:27Z"
},
{
"name": "language",
@@ -4650,7 +4505,7 @@
"type": "library",
"bom-ref": "70-setuptools",
"name": "setuptools",
- "version": "79.0.0",
+ "version": "80.0.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -4659,17 +4514,17 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:79.0.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:80.0.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"hashes": [
{
"alg": "SHA-256",
- "content": "b9ab3a104bedb292323f53797b00864e10e434a3ab3906813a7169e4745b912a"
+ "content": "a38f898dcd6e5380f4da4381a87ec90bd0a7eec23d204a5552e80ee3cab6bd27"
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/79.0.0/#files",
+ "url": "https://pypi.org/project/setuptools/80.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4686,11 +4541,11 @@
"type": "log"
}
],
- "purl": "pkg:pypi/setuptools@79.0.0",
+ "purl": "pkg:pypi/setuptools@80.0.0",
"properties": [
{
"name": "release_date",
- "value": "2025-04-20T15:47:54Z"
+ "value": "2025-04-27T17:21:09Z"
},
{
"name": "language",
@@ -4755,7 +4610,7 @@
"type": "library",
"bom-ref": "72-elementpath",
"name": "elementpath",
- "version": "4.8.0",
+ "version": "5.0.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -4764,23 +4619,8 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.8.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:elementpath:5.0.0:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "5393191f84969bcf8033b05ec4593ef940e58622ea13cefe60ecefbbf09d58d9"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
- }
- ],
"externalReferences": [
{
"url": "https://github.com/sissaschool/elementpath",
@@ -4788,16 +4628,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/elementpath/4.8.0/#files",
+ "url": "https://pypi.org/project/elementpath/5.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/elementpath@4.8.0",
+ "purl": "pkg:pypi/elementpath@5.0.0",
"properties": [
{
"name": "release_date",
- "value": "2025-03-03T20:51:03Z"
+ "value": "2025-04-13T20:41:21Z"
},
{
"name": "language",
@@ -4864,10 +4704,6 @@
{
"name": "python_version",
"value": "3.12.10"
- },
- {
- "name": "License Comments",
- "value": "zstandard declares BSD which is not currently a valid SPDX License identifier or expression."
}
]
}
@@ -4894,10 +4730,10 @@
"47-jsonschema",
"51-lib4sbom",
"54-lib4vex",
- "61-python-gnupg",
"56-packageurl-python",
- "62-packaging",
- "63-plotly",
+ "61-packaging",
+ "62-plotly",
+ "64-python-gnupg",
"52-pyyaml",
"65-requests",
"57-rich",
@@ -4905,8 +4741,8 @@
"70-setuptools",
"67-urllib3",
"71-xmlschema",
- "73-zstandard",
- "44-zipp"
+ "44-zipp",
+ "73-zstandard"
]
},
{
@@ -5131,10 +4967,10 @@
]
},
{
- "ref": "63-plotly",
+ "ref": "62-plotly",
"dependsOn": [
- "64-narwhals",
- "62-packaging"
+ "63-narwhals",
+ "61-packaging"
]
},
{
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
index 5c5f0e3ffa..a64b5ff05f 100644
--- a/sbom/cve-bin-tool-py3.12.spdx
+++ b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,11 +2,11 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-d7161b84-8422-459a-aa53-1c4e30721080
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-2f0f706a-5a91-44a2-bdb0-d153268120b8
LicenseListVersion: 3.25
Creator: Tool: sbom4python-0.12.3
-Created: 2025-04-21T00:40:14Z
-CreatorComment: SBOM Type: Build - This document has been automatically generated.
+Created: 2025-04-28T00:40:54Z
+CreatorComment: This document has been automatically generated.
#####
PackageName: cve-bin-tool
@@ -29,18 +29,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.11.17
+PackageVersion: 3.11.18
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.17/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.18/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageChecksum: SHA256: 67eaabe31454d68503ddc10d805944187787b4351600aedda1724f75f3f20b6c
+PackageChecksum: SHA256: 96264854fedbea933a9ca4b7e0c745728f01380691687b7365d18d9e977179c4
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ReleaseDate: 2025-04-19T21:38:28Z
+ReleaseDate: 2025-04-21T09:40:25Z
ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI
@@ -49,7 +49,7 @@ ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html
ExternalRef: OTHER other https://docs.aiohttp.org
ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues
ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.11.17
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.11.18
#####
PackageName: aiohappyeyeballs
@@ -1011,26 +1011,25 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:
PackageName: jsonschema-specifications
SPDXID: SPDXRef-48-jsonschema-specifications
-PackageVersion: 2024.10.1
+PackageVersion: 2025.4.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2024.10.1/#files
+PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2025.4.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications
-PackageChecksum: SHA256: a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf
+PackageChecksum: SHA256: 4653bffbd6584f7de83a67e0d620ef16900b390ddc7939d56684d6c81e33f1af
PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: MIT
-PackageLicenseComments: jsonschema-specifications declares MIT License which is not currently a valid SPDX License identifier or expression.
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry
-ReleaseDate: 2024-10-08T12:29:30Z
+ReleaseDate: 2025-04-23T12:34:05Z
ExternalRef: OTHER documentation https://jsonschema-specifications.readthedocs.io/
ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema-specifications/issues/
ExternalRef: OTHER other https://github.com/sponsors/Julian
ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link
ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2024.10.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2024.10.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2025.4.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2025.4.1:*:*:*:*:*:*:*
#####
PackageName: referencing
@@ -1083,20 +1082,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.24.0:*:*:*:*:*
PackageName: lib4sbom
SPDXID: SPDXRef-51-lib4sbom
-PackageVersion: 0.8.3
+PackageVersion: 0.8.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.3/#files
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4sbom
-PackageChecksum: SHA256: f166b110204cb50c867fb80023fd54bb7070b5cf4ff5a40362df9597dc72f378
+PackageChecksum: SHA256: a46338154d7daf701f960a49495468f3722ae1845baf88f848c668f79519da8f
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ReleaseDate: 2025-04-14T15:42:28Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.8.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.3:*:*:*:*:*:*:*
+ReleaseDate: 2025-03-03T21:24:16Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.8.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.2:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -1275,30 +1274,8 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.19.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.19.1:*:*:*:*:*:*:*
#####
-PackageName: python-gnupg
-SPDXID: SPDXRef-61-python-gnupg
-PackageVersion: 0.5.4
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
-PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.4/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/vsajip/python-gnupg
-PackageChecksum: SHA256: 40ce25cde9df29af91fe931ce9df3ce544e14a37f62b13ca878c897217b2de6c
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
-ReleaseDate: 2025-01-07T11:58:32Z
-ExternalRef: OTHER documentation https://gnupg.readthedocs.io/
-ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg
-ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.4:*:*:*:*:*:*:*
-#####
-
PackageName: packaging
-SPDXID: SPDXRef-62-packaging
+SPDXID: SPDXRef-61-packaging
PackageVersion: 25.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
@@ -1318,7 +1295,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:25.0:*:*:*:*:*
#####
PackageName: plotly
-SPDXID: SPDXRef-63-plotly
+SPDXID: SPDXRef-62-plotly
PackageVersion: 6.0.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
@@ -1361,25 +1338,47 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.0.1:*:*:*:*:*:*:*
#####
PackageName: narwhals
-SPDXID: SPDXRef-64-narwhals
-PackageVersion: 1.35.0
+SPDXID: SPDXRef-63-narwhals
+PackageVersion: 1.36.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Marco Gorelli (33491632+MarcoGorelli@users.noreply.github.com)
-PackageDownloadLocation: https://pypi.org/project/narwhals/1.35.0/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/1.36.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/narwhals-dev/narwhals
-PackageChecksum: SHA256: 7562af132fa3f8aaaf34dc96d7ec95bdca29d1c795e8fcf14e01edf1d32122bc
+PackageChecksum: SHA256: e3c50dd1d769bc145f57ae17c1f0f0da6c3d397d62cdd0bb167e9b618e95c9d6
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: MIT
PackageLicenseComments: narwhals declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Extremely lightweight compatibility layer between dataframe libraries
-ReleaseDate: 2025-04-14T17:14:50Z
+ReleaseDate: 2025-04-23T07:15:30Z
ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.35.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.35.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.36.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.36.0:*:*:*:*:*:*:*
+#####
+
+PackageName: python-gnupg
+SPDXID: SPDXRef-64-python-gnupg
+PackageVersion: 0.5.4
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
+PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.4/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/vsajip/python-gnupg
+PackageChecksum: SHA256: 40ce25cde9df29af91fe931ce9df3ce544e14a37f62b13ca878c897217b2de6c
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
+ReleaseDate: 2025-01-07T11:58:32Z
+ExternalRef: OTHER documentation https://gnupg.readthedocs.io/
+ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg
+ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.4:*:*:*:*:*:*:*
#####
PackageName: requests
@@ -1446,21 +1445,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.4.0:*:*:*:*:*:
PackageName: certifi
SPDXID: SPDXRef-68-certifi
-PackageVersion: 2025.1.31
+PackageVersion: 2025.4.26
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2025.1.31/#files
+PackageDownloadLocation: https://pypi.org/project/certifi/2025.4.26/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/certifi/python-certifi
-PackageChecksum: SHA256: ca78db4565a652026a4db2bcdf68f2fb589ea80d0be70e03929ed730746b84fe
+PackageChecksum: SHA256: 30350364dfe371162649852c63336a15c70c6510c2ad5015b21c2345311805f3
PackageLicenseDeclared: MPL-2.0
PackageLicenseConcluded: MPL-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python package for providing Mozilla's CA Bundle.
-ReleaseDate: 2025-01-31T02:16:45Z
+ReleaseDate: 2025-04-26T02:12:27Z
ExternalRef: OTHER vcs https://github.com/certifi/python-certifi
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2025.1.31
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2025.1.31:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2025.4.26
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2025.4.26:*:*:*:*:*:*:*
#####
PackageName: rpmfile
@@ -1483,22 +1482,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-70-setuptools
-PackageVersion: 79.0.0
+PackageVersion: 80.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/79.0.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/80.0.0/#files
FilesAnalyzed: false
-PackageChecksum: SHA256: b9ab3a104bedb292323f53797b00864e10e434a3ab3906813a7169e4745b912a
+PackageChecksum: SHA256: a38f898dcd6e5380f4da4381a87ec90bd0a7eec23d204a5552e80ee3cab6bd27
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ReleaseDate: 2025-04-20T15:47:54Z
+ReleaseDate: 2025-04-27T17:21:09Z
ExternalRef: OTHER vcs https://github.com/pypa/setuptools
ExternalRef: OTHER documentation https://setuptools.pypa.io/
ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@79.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:79.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@80.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:80.0.0:*:*:*:*:*:*:*
#####
PackageName: xmlschema
@@ -1521,20 +1520,19 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:4.0.1:*:*:*:*
PackageName: elementpath
SPDXID: SPDXRef-72-elementpath
-PackageVersion: 4.8.0
+PackageVersion: 5.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.8.0/#files
+PackageDownloadLocation: https://pypi.org/project/elementpath/5.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
-PackageChecksum: SHA256: 5393191f84969bcf8033b05ec4593ef940e58622ea13cefe60ecefbbf09d58d9
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ReleaseDate: 2025-03-03T20:51:03Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.8.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.8.0:*:*:*:*:*:*:*
+ReleaseDate: 2025-04-13T20:41:21Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@5.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:5.0.0:*:*:*:*:*:*:*
#####
PackageName: zstandard
@@ -1572,9 +1570,9 @@ Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-52-pyyaml
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-lib4vex
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-56-packageurl-python
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-rich
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-61-python-gnupg
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-packaging
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-plotly
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-61-packaging
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-plotly
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-python-gnupg
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-requests
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-urllib3
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-69-rpmfile
@@ -1661,8 +1659,8 @@ Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-58-markdown-it-py
Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-60-pygments
Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-8-typing-extensions
Relationship: SPDXRef-58-markdown-it-py DEPENDS_ON SPDXRef-59-mdurl
-Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-62-packaging
-Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-64-narwhals
+Relationship: SPDXRef-62-plotly DEPENDS_ON SPDXRef-61-packaging
+Relationship: SPDXRef-62-plotly DEPENDS_ON SPDXRef-63-narwhals
Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-11-idna
Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-66-charset-normalizer
Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-67-urllib3