diff --git a/sbom/cve-bin-tool-py3.13.json b/sbom/cve-bin-tool-py3.13.json
index e92fe00088..57fc37782e 100644
--- a/sbom/cve-bin-tool-py3.13.json
+++ b/sbom/cve-bin-tool-py3.13.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:1a1f6942-114f-468f-9701-57faeb352631",
+ "serialNumber": "urn:uuid:fe5225ad-8d82-41ad-b1e0-aa0b1294f956",
"version": 1,
"metadata": {
- "timestamp": "2025-09-08T00:42:05Z",
+ "timestamp": "2025-09-15T00:43:01Z",
"lifecycles": [
{
"phase": "build"
@@ -2002,7 +2002,7 @@
"type": "library",
"bom-ref": "30-pyparsing",
"name": "pyparsing",
- "version": "3.2.3",
+ "version": "3.2.4",
"supplier": {
"name": "Paul McGuire",
"contact": [
@@ -2011,21 +2011,12 @@
}
]
},
- "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.3:*:*:*:*:*:*:*",
- "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
+ "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.4:*:*:*:*:*:*:*",
+ "description": "pyparsing - Classes and methods to define and execute parsing grammars",
"hashes": [
{
"alg": "SHA-256",
- "content": "a749938e02d6fd0b59b356ca504a24982314bb090c383e3cf201c95ef7e2bfcf"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
+ "content": "91d0fcde680d42cd031daf3a6ba20da3107e08a75de50da58360e7d94ab24d36"
}
],
"externalReferences": [
@@ -2035,16 +2026,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyparsing/3.2.3/#files",
+ "url": "https://pypi.org/project/pyparsing/3.2.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyparsing@3.2.3",
+ "purl": "pkg:pypi/pyparsing@3.2.4",
"properties": [
{
"name": "release_date",
- "value": "2025-03-25T05:01:24Z"
+ "value": "2025-09-13T05:47:17Z"
},
{
"name": "language",
@@ -2053,10 +2044,6 @@
{
"name": "python_version",
"value": "3.13.7"
- },
- {
- "name": "License Comments",
- "value": "pyparsing declares MIT License which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -2337,55 +2324,28 @@
"type": "library",
"bom-ref": "35-cffi",
"name": "cffi",
- "version": "1.17.1",
+ "version": "2.0.0",
"supplier": {
- "name": "Armin Maciej Fijalkowski",
- "contact": [
- {
- "email": "python-cffi@googlegroups.com"
- }
- ]
+ "name": "Armin Maciej Fijalkowski"
},
- "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:2.0.0:*:*:*:*:*:*:*",
"description": "Foreign Function Interface for Python calling C code.",
"hashes": [
{
"alg": "SHA-256",
- "content": "df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
+ "content": "0cf2d91ecc3fcc0625c2c530fe004f82c110405f101548512cce44322fa8ac44"
}
],
"externalReferences": [
{
- "url": "http://cffi.readthedocs.org",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/cffi/1.17.1/#files",
+ "url": "https://pypi.org/project/cffi/2.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
{
- "url": "http://cffi.readthedocs.org/",
+ "url": "https://cffi.readthedocs.io/",
"type": "documentation"
},
- {
- "url": "https://github.com/python-cffi/cffi",
- "type": "vcs"
- },
- {
- "url": "https://github.com/python-cffi/cffi/issues",
- "type": "issue-tracker"
- },
{
"url": "https://cffi.readthedocs.io/en/latest/whatsnew.html",
"type": "log"
@@ -2397,13 +2357,21 @@
{
"url": "https://groups.google.com/forum/#!forum/python-cffi",
"type": "other"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi/issues",
+ "type": "issue-tracker"
}
],
- "purl": "pkg:pypi/cffi@1.17.1",
+ "purl": "pkg:pypi/cffi@2.0.0",
"properties": [
{
"name": "release_date",
- "value": "2024-09-04T20:43:30Z"
+ "value": "2025-09-08T23:22:08Z"
},
{
"name": "language",
@@ -2419,7 +2387,7 @@
"type": "library",
"bom-ref": "36-pycparser",
"name": "pycparser",
- "version": "2.22",
+ "version": "2.23",
"supplier": {
"name": "Eli Bendersky",
"contact": [
@@ -2428,12 +2396,12 @@
}
]
},
- "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.23:*:*:*:*:*:*:*",
"description": "C parser in Python",
"hashes": [
{
"alg": "SHA-256",
- "content": "c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"
+ "content": "e5c6e8d3fbad53479cab09ac03729e0a9faf2bee3db8208a550daf5af81a5934"
}
],
"licenses": [
@@ -2452,16 +2420,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pycparser/2.22/#files",
+ "url": "https://pypi.org/project/pycparser/2.23/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pycparser@2.22",
+ "purl": "pkg:pypi/pycparser@2.23",
"properties": [
{
"name": "release_date",
- "value": "2024-03-30T13:22:20Z"
+ "value": "2025-09-09T13:23:46Z"
},
{
"name": "language",
@@ -3041,7 +3009,7 @@
"type": "library",
"bom-ref": "46-jsonschema-specifications",
"name": "jsonschema-specifications",
- "version": "2025.4.1",
+ "version": "2025.9.1",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -3050,12 +3018,12 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2025.4.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2025.9.1:*:*:*:*:*:*:*",
"description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
"hashes": [
{
"alg": "SHA-256",
- "content": "4653bffbd6584f7de83a67e0d620ef16900b390ddc7939d56684d6c81e33f1af"
+ "content": "98802fee3a11ee76ecaca44429fda8a41bff98b00a0f2838151b113f210cc6fe"
}
],
"externalReferences": [
@@ -3065,7 +3033,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/jsonschema-specifications/2025.4.1/#files",
+ "url": "https://pypi.org/project/jsonschema-specifications/2025.9.1/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -3090,11 +3058,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/jsonschema-specifications@2025.4.1",
+ "purl": "pkg:pypi/jsonschema-specifications@2025.9.1",
"properties": [
{
"name": "release_date",
- "value": "2025-04-23T12:34:05Z"
+ "value": "2025-09-08T01:34:57Z"
},
{
"name": "language",
@@ -4174,7 +4142,7 @@
"type": "library",
"bom-ref": "64-narwhals",
"name": "narwhals",
- "version": "2.3.0",
+ "version": "2.5.0",
"supplier": {
"name": "Marco Gorelli",
"contact": [
@@ -4183,12 +4151,12 @@
}
]
},
- "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.3.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.5.0:*:*:*:*:*:*:*",
"description": "Extremely lightweight compatibility layer between dataframe libraries",
"hashes": [
{
"alg": "SHA-256",
- "content": "5507b1a9a9c2b1c55a627fdf6cf722fef2e23498bd14362a332c8848a311c321"
+ "content": "7e213f9ca7db3f8bf6f7eff35eaee6a1cf80902997e1b78d49b7755775d8f423"
}
],
"licenses": [
@@ -4207,7 +4175,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/narwhals/2.3.0/#files",
+ "url": "https://pypi.org/project/narwhals/2.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4224,11 +4192,11 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/narwhals@2.3.0",
+ "purl": "pkg:pypi/narwhals@2.5.0",
"properties": [
{
"name": "release_date",
- "value": "2025-09-01T08:29:25Z"
+ "value": "2025-09-12T10:04:22Z"
},
{
"name": "language",
@@ -4741,7 +4709,7 @@
"type": "library",
"bom-ref": "73-zstandard",
"name": "zstandard",
- "version": "0.24.0",
+ "version": "0.25.0",
"supplier": {
"name": "Gregory Szorc",
"contact": [
@@ -4750,23 +4718,8 @@
}
]
},
- "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.24.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.25.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "af1394c2c5febc44e0bbf0fc6428263fa928b50d1b1982ce1d870dc793a8e5f4"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
- "acknowledgement": "concluded"
- }
- }
- ],
"externalReferences": [
{
"url": "https://github.com/indygreg/python-zstandard",
@@ -4774,7 +4727,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/zstandard/0.24.0/#files",
+ "url": "https://pypi.org/project/zstandard/0.25.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4783,11 +4736,11 @@
"type": "documentation"
}
],
- "purl": "pkg:pypi/zstandard@0.24.0",
+ "purl": "pkg:pypi/zstandard@0.25.0",
"properties": [
{
"name": "release_date",
- "value": "2025-08-17T18:21:12Z"
+ "value": "2025-06-08T17:06:38Z"
},
{
"name": "language",
@@ -4796,10 +4749,6 @@
{
"name": "python_version",
"value": "3.13.7"
- },
- {
- "name": "License Comments",
- "value": "zstandard declares BSD which is not currently a valid SPDX License identifier or expression."
}
]
}
diff --git a/sbom/cve-bin-tool-py3.13.spdx b/sbom/cve-bin-tool-py3.13.spdx
index 69983a4cdc..07246bab99 100644
--- a/sbom/cve-bin-tool-py3.13.spdx
+++ b/sbom/cve-bin-tool-py3.13.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-806f52fd-02df-4ff8-a165-4d5f4518cc0b
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-75edad36-2f83-4708-be90-cc4d6f34009c
LicenseListVersion: 3.26
Creator: Tool: sbom4python-0.12.4
-Created: 2025-09-08T00:41:51Z
+Created: 2025-09-15T00:42:41Z
CreatorComment: SBOM Type: Build - This document has been automatically generated.
#####
@@ -619,21 +619,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*
PackageName: pyparsing
SPDXID: SPDXRef-30-pyparsing
-PackageVersion: 3.2.3
+PackageVersion: 3.2.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.3/#files
+PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyparsing/pyparsing/
-PackageChecksum: SHA256: a749938e02d6fd0b59b356ca504a24982314bb090c383e3cf201c95ef7e2bfcf
+PackageChecksum: SHA256: 91d0fcde680d42cd031daf3a6ba20da3107e08a75de50da58360e7d94ab24d36
PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: MIT
-PackageLicenseComments: pyparsing declares MIT License which is not currently a valid SPDX License identifier or expression.
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
-PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
-ReleaseDate: 2025-03-25T05:01:24Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.2.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.3:*:*:*:*:*:*:*
+PackageSummary: pyparsing - Classes and methods to define and execute parsing grammars
+ReleaseDate: 2025-09-13T05:47:17Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.2.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.4:*:*:*:*:*:*:*
#####
PackageName: oauth2client
@@ -721,44 +720,43 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python
PackageName: cffi
SPDXID: SPDXRef-35-cffi
-PackageVersion: 1.17.1
+PackageVersion: 2.0.0
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com)
-PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files
+PackageSupplier: Organization: Armin Maciej Fijalkowski
+PackageDownloadLocation: https://pypi.org/project/cffi/2.0.0/#files
FilesAnalyzed: false
-PackageHomePage: http://cffi.readthedocs.org
-PackageChecksum: SHA256: df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageChecksum: SHA256: 0cf2d91ecc3fcc0625c2c530fe004f82c110405f101548512cce44322fa8ac44
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Foreign Function Interface for Python calling C code.
-ReleaseDate: 2024-09-04T20:43:30Z
-ExternalRef: OTHER documentation http://cffi.readthedocs.org/
-ExternalRef: OTHER vcs https://github.com/python-cffi/cffi
-ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues
+ReleaseDate: 2025-09-08T23:22:08Z
+ExternalRef: OTHER documentation https://cffi.readthedocs.io/
ExternalRef: OTHER log https://cffi.readthedocs.io/en/latest/whatsnew.html
ExternalRef: OTHER other https://github.com/python-cffi/cffi/releases
ExternalRef: OTHER other https://groups.google.com/forum/#!forum/python-cffi
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@1.17.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*
+ExternalRef: OTHER vcs https://github.com/python-cffi/cffi
+ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@2.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:2.0.0:*:*:*:*:*:*:*
#####
PackageName: pycparser
SPDXID: SPDXRef-36-pycparser
-PackageVersion: 2.22
+PackageVersion: 2.23
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pycparser/2.22/#files
+PackageDownloadLocation: https://pypi.org/project/pycparser/2.23/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/eliben/pycparser
-PackageChecksum: SHA256: c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
+PackageChecksum: SHA256: e5c6e8d3fbad53479cab09ac03729e0a9faf2bee3db8208a550daf5af81a5934
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: C parser in Python
-ReleaseDate: 2024-03-30T13:22:20Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pycparser@2.22
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*
+ReleaseDate: 2025-09-09T13:23:46Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pycparser@2.23
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.23:*:*:*:*:*:*:*
#####
PackageName: retry-decorator
@@ -971,25 +969,25 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.25.1:*:*:*:
PackageName: jsonschema-specifications
SPDXID: SPDXRef-46-jsonschema-specifications
-PackageVersion: 2025.4.1
+PackageVersion: 2025.9.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2025.4.1/#files
+PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2025.9.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications
-PackageChecksum: SHA256: 4653bffbd6584f7de83a67e0d620ef16900b390ddc7939d56684d6c81e33f1af
+PackageChecksum: SHA256: 98802fee3a11ee76ecaca44429fda8a41bff98b00a0f2838151b113f210cc6fe
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry
-ReleaseDate: 2025-04-23T12:34:05Z
+ReleaseDate: 2025-09-08T01:34:57Z
ExternalRef: OTHER documentation https://jsonschema-specifications.readthedocs.io/
ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema-specifications/issues/
ExternalRef: OTHER other https://github.com/sponsors/Julian
ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link
ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2025.4.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2025.4.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2025.9.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2025.9.1:*:*:*:*:*:*:*
#####
PackageName: referencing
@@ -1354,24 +1352,24 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.3.0:*:*:*:*:*:*:*
PackageName: narwhals
SPDXID: SPDXRef-64-narwhals
-PackageVersion: 2.3.0
+PackageVersion: 2.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Marco Gorelli (hello_narwhals@proton.me)
-PackageDownloadLocation: https://pypi.org/project/narwhals/2.3.0/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/2.5.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/narwhals-dev/narwhals
-PackageChecksum: SHA256: 5507b1a9a9c2b1c55a627fdf6cf722fef2e23498bd14362a332c8848a311c321
+PackageChecksum: SHA256: 7e213f9ca7db3f8bf6f7eff35eaee6a1cf80902997e1b78d49b7755775d8f423
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: MIT
PackageLicenseComments: narwhals declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Extremely lightweight compatibility layer between dataframe libraries
-ReleaseDate: 2025-09-01T08:29:25Z
+ReleaseDate: 2025-09-12T10:04:22Z
ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.5.0:*:*:*:*:*:*:*
#####
PackageName: python-gnupg
@@ -1535,22 +1533,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.23.0:*:*:*:*:*:*:*
PackageName: zstandard
SPDXID: SPDXRef-73-zstandard
-PackageVersion: 0.24.0
+PackageVersion: 0.25.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/zstandard/0.24.0/#files
+PackageDownloadLocation: https://pypi.org/project/zstandard/0.25.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/indygreg/python-zstandard
-PackageChecksum: SHA256: af1394c2c5febc44e0bbf0fc6428263fa928b50d1b1982ce1d870dc793a8e5f4
PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Zstandard bindings for Python
-ReleaseDate: 2025-08-17T18:21:12Z
+ReleaseDate: 2025-06-08T17:06:38Z
ExternalRef: OTHER documentation https://python-zstandard.readthedocs.io/en/latest/
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.24.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.24.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.25.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.25.0:*:*:*:*:*:*:*
#####
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool