From 1834f63eac9dbdbaa2ea76ba25cb6b30948d0301 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 3 Sep 2024 10:14:28 -0700 Subject: [PATCH] chore: update SBOM for Python 3.8 (#4409) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.8.json | 100 +++++++++++++++++------------------ sbom/cve-bin-tool-py3.8.spdx | 80 ++++++++++++++-------------- 2 files changed, 90 insertions(+), 90 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index ab95503139..3fd83ca2ab 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:78249e2c-ba6b-44f6-bf53-f4428b5dd43d", + "serialNumber": "urn:uuid:d87a674a-b387-4583-a4d4-bfed4fdfb862", "version": 1, "metadata": { - "timestamp": "2024-08-26T00:35:34Z", + "timestamp": "2024-09-02T00:36:17Z", "lifecycles": [ { "phase": "build" @@ -31,7 +31,7 @@ "type": "application", "bom-ref": "1-cve-bin-tool", "name": "cve-bin-tool", - "version": "3.4rc0", + "version": "3.4rc1", "supplier": { "name": "Terri Oda", "contact": [ @@ -40,7 +40,7 @@ } ] }, - "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc1:*:*:*:*:*:*:*", "description": "CVE Binary Checker Tool", "licenses": [ { @@ -53,12 +53,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cve-bin-tool/3.4rc0", + "url": "https://pypi.org/project/cve-bin-tool/3.4rc1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cve-bin-tool@3.4rc0", + "purl": "pkg:pypi/cve-bin-tool@3.4rc1", "properties": [ { "name": "language", @@ -119,6 +119,12 @@ }, "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.0:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", + "hashes": [ + { + "alg": "SHA-1", + "content": "c31b127a69bdcd7895d1a521985d918061955348" + } + ], "licenses": [ { "license": { @@ -356,7 +362,7 @@ "type": "library", "bom-ref": "9-yarl", "name": "yarl", - "version": "1.9.4", + "version": "1.9.7", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -365,14 +371,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.7:*:*:*:*:*:*:*", "description": "Yet another URL library", - "hashes": [ - { - "alg": "SHA-1", - "content": "6362ff155ba02964a5e773927412f7cf4ca23cd1" - } - ], "licenses": [ { "license": { @@ -384,12 +384,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/yarl/1.9.4", + "url": "https://pypi.org/project/yarl/1.9.7", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.9.4", + "purl": "pkg:pypi/yarl@1.9.7", "properties": [ { "name": "language", @@ -416,6 +416,12 @@ }, "cpe": "cpe:2.3:a:kim_davies:idna:3.8:*:*:*:*:*:*:*", "description": "Internationalized Domain Names in Applications (IDNA)", + "hashes": [ + { + "alg": "SHA-1", + "content": "784c6f45c162db9709588124f2f1def5b70615ff" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/idna/3.8", @@ -1886,7 +1892,7 @@ "type": "library", "bom-ref": "43-zipp", "name": "zipp", - "version": "3.20.0", + "version": "3.20.1", "supplier": { "name": "Jason R .", "contact": [ @@ -1895,16 +1901,16 @@ } ] }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.1:*:*:*:*:*:*:*", "description": "Backport of pathlib-compatible object wrapper for zip files", "externalReferences": [ { - "url": "https://pypi.org/project/zipp/3.20.0", + "url": "https://pypi.org/project/zipp/3.20.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/zipp@3.20.0", + "purl": "pkg:pypi/zipp@3.20.1", "properties": [ { "name": "language", @@ -2208,7 +2214,7 @@ "type": "library", "bom-ref": "52-lib4sbom", "name": "lib4sbom", - "version": "0.7.3", + "version": "0.7.4", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -2217,7 +2223,7 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.4:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", "licenses": [ { @@ -2230,12 +2236,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4sbom/0.7.3", + "url": "https://pypi.org/project/lib4sbom/0.7.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.7.3", + "purl": "pkg:pypi/lib4sbom@0.7.4", "properties": [ { "name": "language", @@ -2343,7 +2349,7 @@ "type": "library", "bom-ref": "55-lib4vex", "name": "lib4vex", - "version": "0.1.0", + "version": "0.2.0", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -2352,14 +2358,8 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4vex:0.1.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*", "description": "VEX generator and consumer library", - "hashes": [ - { - "alg": "SHA-1", - "content": "84229c7770dd95cf887d6874e0203da4c8aa809b" - } - ], "licenses": [ { "license": { @@ -2371,12 +2371,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4vex/0.1.0", + "url": "https://pypi.org/project/lib4vex/0.2.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4vex@0.1.0", + "purl": "pkg:pypi/lib4vex@0.2.0", "properties": [ { "name": "language", @@ -2485,7 +2485,7 @@ "type": "library", "bom-ref": "58-rich", "name": "rich", - "version": "13.7.1", + "version": "13.8.0", "supplier": { "name": "Will McGugan", "contact": [ @@ -2494,7 +2494,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.8.0:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -2507,12 +2507,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rich/13.7.1", + "url": "https://pypi.org/project/rich/13.8.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.7.1", + "purl": "pkg:pypi/rich@13.8.0", "properties": [ { "name": "language", @@ -2725,7 +2725,7 @@ "type": "library", "bom-ref": "64-plotly", "name": "plotly", - "version": "5.23.0", + "version": "5.24.0", "supplier": { "name": "Chris P", "contact": [ @@ -2734,7 +2734,7 @@ } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.23.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:chris_p:plotly:5.24.0:*:*:*:*:*:*:*", "description": "An open-source, interactive data visualization library for Python", "licenses": [ { @@ -2747,12 +2747,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/plotly/5.23.0", + "url": "https://pypi.org/project/plotly/5.24.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/plotly@5.23.0", + "purl": "pkg:pypi/plotly@5.24.0", "properties": [ { "name": "language", @@ -2915,7 +2915,7 @@ "type": "library", "bom-ref": "68-certifi", "name": "certifi", - "version": "2024.7.4", + "version": "2024.8.30", "supplier": { "name": "Kenneth Reitz", "contact": [ @@ -2924,7 +2924,7 @@ } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.7.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*", "description": "Python package for providing Mozilla's CA Bundle.", "licenses": [ { @@ -2937,12 +2937,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/certifi/2024.7.4", + "url": "https://pypi.org/project/certifi/2024.8.30", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/certifi@2024.7.4", + "purl": "pkg:pypi/certifi@2024.8.30", "properties": [ { "name": "language", @@ -3090,7 +3090,7 @@ "type": "library", "bom-ref": "72-setuptools", "name": "setuptools", - "version": "73.0.1", + "version": "74.0.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3099,16 +3099,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:73.0.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:74.0.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/73.0.1", + "url": "https://pypi.org/project/setuptools/74.0.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@73.0.1", + "purl": "pkg:pypi/setuptools@74.0.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index bdf945fcb4..9b46a3d149 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,26 +2,26 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-da6f8d35-e8b9-490e-bf04-c8364e3c55e7 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-36380a6d-1569-477d-a8b9-2881d984a8f1 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.1 -Created: 2024-08-26T00:34:07Z +Created: 2024-09-02T00:34:50Z CreatorComment: This document has been automatically generated. ##### PackageName: cve-bin-tool SPDXID: SPDXRef-Package-1-cve-bin-tool -PackageVersion: 3.4rc0 +PackageVersion: 3.4rc1 PrimaryPackagePurpose: APPLICATION PackageSupplier: Person: Terri Oda (terri.oda@intel.com) -PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4rc0 +PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4rc1 FilesAnalyzed: false PackageLicenseDeclared: GPL-3.0-or-later PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION PackageSummary: CVE Binary Checker Tool -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4rc0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4rc1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc1:*:*:*:*:*:*:* ##### PackageName: aiohttp @@ -46,6 +46,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: J. Nick Koston (nick@koston.org) PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.0 FilesAnalyzed: false +PackageChecksum: SHA1: c31b127a69bdcd7895d1a521985d918061955348 PackageLicenseDeclared: Python-2.0.1 PackageLicenseConcluded: Python-2.0.1 PackageCopyrightText: NOASSERTION @@ -135,18 +136,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:* PackageName: yarl SPDXID: SPDXRef-Package-9-yarl -PackageVersion: 1.9.4 +PackageVersion: 1.9.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.9.4 +PackageDownloadLocation: https://pypi.org/project/yarl/1.9.7 FilesAnalyzed: false -PackageChecksum: SHA1: 6362ff155ba02964a5e773927412f7cf4ca23cd1 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.9.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.9.7 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.7:*:*:*:*:*:*:* ##### PackageName: idna @@ -156,6 +156,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) PackageDownloadLocation: https://pypi.org/project/idna/3.8 FilesAnalyzed: false +PackageChecksum: SHA1: 784c6f45c162db9709588124f2f1def5b70615ff PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -680,17 +681,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.4.0:*:*: PackageName: zipp SPDXID: SPDXRef-Package-43-zipp -PackageVersion: 3.20.0 +PackageVersion: 3.20.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.20.0 +PackageDownloadLocation: https://pypi.org/project/zipp/3.20.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.1:*:*:*:*:*:*:* ##### PackageName: importlib-resources @@ -816,17 +817,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.1 PackageName: lib4sbom SPDXID: SPDXRef-Package-52-lib4sbom -PackageVersion: 0.7.3 +PackageVersion: 0.7.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.3 +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.4 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.4:*:*:*:*:*:*:* ##### PackageName: pyyaml @@ -863,18 +864,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. PackageName: lib4vex SPDXID: SPDXRef-Package-55-lib4vex -PackageVersion: 0.1.0 +PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4vex/0.1.0 +PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0 FilesAnalyzed: false -PackageChecksum: SHA1: 84229c7770dd95cf887d6874e0203da4c8aa809b PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: VEX generator and consumer library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:* ##### PackageName: csaf-tool @@ -911,17 +911,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 PackageName: rich SPDXID: SPDXRef-Package-58-rich -PackageVersion: 13.7.1 +PackageVersion: 13.8.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.7.1 +PackageDownloadLocation: https://pypi.org/project/rich/13.8.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.7.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.8.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.8.0:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -1004,17 +1004,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:* PackageName: plotly SPDXID: SPDXRef-Package-64-plotly -PackageVersion: 5.23.0 +PackageVersion: 5.24.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) -PackageDownloadLocation: https://pypi.org/project/plotly/5.23.0 +PackageDownloadLocation: https://pypi.org/project/plotly/5.24.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.23.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.23.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.0:*:*:*:*:*:*:* ##### PackageName: tenacity @@ -1069,17 +1069,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*: PackageName: certifi SPDXID: SPDXRef-Package-68-certifi -PackageVersion: 2024.7.4 +PackageVersion: 2024.8.30 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) -PackageDownloadLocation: https://pypi.org/project/certifi/2024.7.4 +PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30 FilesAnalyzed: false PackageLicenseDeclared: MPL-2.0 PackageLicenseConcluded: MPL-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Python package for providing Mozilla's CA Bundle. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.7.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.7.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.8.30 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:* ##### PackageName: charset-normalizer @@ -1131,17 +1131,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-Package-72-setuptools -PackageVersion: 73.0.1 +PackageVersion: 74.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/73.0.1 +PackageDownloadLocation: https://pypi.org/project/setuptools/74.0.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@73.0.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:73.0.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@74.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:74.0.0:*:*:*:*:*:*:* ##### PackageName: toml