From 505bcf044cb263f473703669b713c1ee54bd4f11 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 18:59:51 +0000 Subject: [PATCH 01/22] chore: update SBOM for Python 3.11 (#4560) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.11.json | 61 ++++++++++++++++++----------------- sbom/cve-bin-tool-py3.11.spdx | 36 +++++++++++---------- 2 files changed, 51 insertions(+), 46 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index 1ab4cf5700..5ba8175fb4 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:d41bd464-c594-4908-998a-aa31f02d37f2", + "serialNumber": "urn:uuid:427b46ae-e987-4f40-8517-9a8d3fcec56e", "version": 1, "metadata": { - "timestamp": "2024-11-04T00:39:27Z", + "timestamp": "2024-11-11T00:37:40Z", "lifecycles": [ { "phase": "build" @@ -541,6 +541,12 @@ }, "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*", "description": "A modern CSS selector implementation for Beautiful Soup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990" + } + ], "externalReferences": [ { "url": "https://github.com/facelessuser/soupsieve", @@ -2142,6 +2148,12 @@ "name": "markupsafe", "version": "3.0.2", "description": "Safely add untrusted strings to HTML/XML markup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/markupsafe/3.0.2/#files", @@ -2307,7 +2319,7 @@ "type": "library", "bom-ref": "47-rpds-py", "name": "rpds-py", - "version": "0.20.1", + "version": "0.21.0", "supplier": { "name": "Julian Berman", "contact": [ @@ -2316,17 +2328,8 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } - } - ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2334,12 +2337,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.20.1/#files", + "url": "https://pypi.org/project/rpds-py/0.21.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.20.1", + "purl": "pkg:pypi/rpds-py@0.21.0", "properties": [ { "name": "language", @@ -2671,6 +2674,12 @@ }, "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", + "hashes": [ + { + "alg": "SHA-1", + "content": "43d3b04725ab9731727fb1126e35980c62f32377" + } + ], "licenses": [ { "license": { @@ -2864,7 +2873,7 @@ "type": "library", "bom-ref": "58-packaging", "name": "packaging", - "version": "24.1", + "version": "24.2", "supplier": { "name": "Donald Stufft", "contact": [ @@ -2873,22 +2882,16 @@ } ] }, - "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", - "hashes": [ - { - "alg": "SHA-1", - "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7" - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/packaging/24.1/#files", + "url": "https://pypi.org/project/packaging/24.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packaging@24.1", + "purl": "pkg:pypi/packaging@24.2", "properties": [ { "name": "language", @@ -3422,7 +3425,7 @@ "type": "library", "bom-ref": "70-zipp", "name": "zipp", - "version": "3.20.2", + "version": "3.21.0", "supplier": { "name": "Jason R .", "contact": [ @@ -3431,16 +3434,16 @@ } ] }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*", "description": "Backport of pathlib-compatible object wrapper for zip files", "externalReferences": [ { - "url": "https://pypi.org/project/zipp/3.20.2/#files", + "url": "https://pypi.org/project/zipp/3.21.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/zipp@3.20.2", + "purl": "pkg:pypi/zipp@3.21.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index 17f485a570..272ff4e086 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-42a5440d-e497-4f5a-8c23-5f4cbc506669 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-efe4b143-b05c-44c4-852e-b6b21a68340f LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-04T00:38:31Z +Created: 2024-11-11T00:37:01Z CreatorComment: This document has been automatically generated. ##### @@ -196,6 +196,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/facelessuser/soupsieve +PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -723,6 +724,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. @@ -783,18 +785,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* PackageName: rpds-py SPDXID: SPDXRef-47-rpds-py -PackageVersion: 0.20.1 +PackageVersion: 0.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:* ##### PackageName: lib4sbom @@ -905,6 +907,7 @@ PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich +PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -966,18 +969,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* PackageName: packaging SPDXID: SPDXRef-58-packaging -PackageVersion: 24.1 +PackageVersion: 24.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) -PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files +PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Core utilities for Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:* ##### PackageName: plotly @@ -1161,17 +1163,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:* PackageName: zipp SPDXID: SPDXRef-70-zipp -PackageVersion: 3.20.2 +PackageVersion: 3.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files +PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:* ##### PackageName: zstandard From 58235bea62c81bb845e53652ddc2c8eca96886d5 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 19:01:02 +0000 Subject: [PATCH 02/22] chore: update SBOM for Python 3.9 (#4564) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.9.json | 67 ++++++++++++++++++++---------------- sbom/cve-bin-tool-py3.9.spdx | 37 +++++++++++--------- 2 files changed, 58 insertions(+), 46 deletions(-) diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index d9f6feaf78..2f66f324d6 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:cf0e1889-1a11-4eb0-90b5-58e1bd7cf8fb", + "serialNumber": "urn:uuid:b533a6a5-37a1-49d0-ac98-ad45000656d8", "version": 1, "metadata": { - "timestamp": "2024-11-04T00:39:04Z", + "timestamp": "2024-11-11T00:38:15Z", "lifecycles": [ { "phase": "build" @@ -417,6 +417,12 @@ }, "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*", "description": "Backported and Experimental Type Hints for Python 3.8+", + "hashes": [ + { + "alg": "SHA-1", + "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/typing-extensions/4.12.2/#files", @@ -633,6 +639,12 @@ }, "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*", "description": "A modern CSS selector implementation for Beautiful Soup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990" + } + ], "externalReferences": [ { "url": "https://github.com/facelessuser/soupsieve", @@ -2237,7 +2249,7 @@ "type": "library", "bom-ref": "45-zipp", "name": "zipp", - "version": "3.20.2", + "version": "3.21.0", "supplier": { "name": "Jason R .", "contact": [ @@ -2246,16 +2258,16 @@ } ] }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*", "description": "Backport of pathlib-compatible object wrapper for zip files", "externalReferences": [ { - "url": "https://pypi.org/project/zipp/3.20.2/#files", + "url": "https://pypi.org/project/zipp/3.21.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/zipp@3.20.2", + "purl": "pkg:pypi/zipp@3.21.0", "properties": [ { "name": "language", @@ -2308,6 +2320,12 @@ "name": "markupsafe", "version": "3.0.2", "description": "Safely add untrusted strings to HTML/XML markup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/markupsafe/3.0.2/#files", @@ -2473,7 +2491,7 @@ "type": "library", "bom-ref": "51-rpds-py", "name": "rpds-py", - "version": "0.20.1", + "version": "0.21.0", "supplier": { "name": "Julian Berman", "contact": [ @@ -2482,17 +2500,8 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } - } - ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2500,12 +2509,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.20.1/#files", + "url": "https://pypi.org/project/rpds-py/0.21.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.20.1", + "purl": "pkg:pypi/rpds-py@0.21.0", "properties": [ { "name": "language", @@ -2837,6 +2846,12 @@ }, "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", + "hashes": [ + { + "alg": "SHA-1", + "content": "43d3b04725ab9731727fb1126e35980c62f32377" + } + ], "licenses": [ { "license": { @@ -3030,7 +3045,7 @@ "type": "library", "bom-ref": "62-packaging", "name": "packaging", - "version": "24.1", + "version": "24.2", "supplier": { "name": "Donald Stufft", "contact": [ @@ -3039,22 +3054,16 @@ } ] }, - "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", - "hashes": [ - { - "alg": "SHA-1", - "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7" - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/packaging/24.1/#files", + "url": "https://pypi.org/project/packaging/24.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packaging@24.1", + "purl": "pkg:pypi/packaging@24.2", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index f90e2a7e85..e3fee52bd3 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9f3d8833-874a-4b8d-97a0-34ac23a6561e +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9649f957-449f-4148-b2c1-9a5ec28d0ff8 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-04T00:38:06Z +Created: 2024-11-11T00:37:24Z CreatorComment: This document has been automatically generated. ##### @@ -149,6 +149,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -229,6 +230,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/facelessuser/soupsieve +PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -752,17 +754,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*: PackageName: zipp SPDXID: SPDXRef-45-zipp -PackageVersion: 3.20.2 +PackageVersion: 3.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files +PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:* ##### PackageName: jinja2 @@ -787,6 +789,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. @@ -847,18 +850,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* PackageName: rpds-py SPDXID: SPDXRef-51-rpds-py -PackageVersion: 0.20.1 +PackageVersion: 0.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:* ##### PackageName: lib4sbom @@ -969,6 +972,7 @@ PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich +PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -1030,18 +1034,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* PackageName: packaging SPDXID: SPDXRef-62-packaging -PackageVersion: 24.1 +PackageVersion: 24.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) -PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files +PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Core utilities for Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:* ##### PackageName: plotly From dfcfff7783f286003d9161782891f8b411393604 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 19:02:28 +0000 Subject: [PATCH 03/22] chore: update SBOM for Python 3.8 (#4563) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.8.json | 42 +++++++++++++++++++++++++----------- sbom/cve-bin-tool-py3.8.spdx | 17 +++++++++------ 2 files changed, 40 insertions(+), 19 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index 4079d26ba9..8e6c4b88f2 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:b70c8919-aa47-439d-9ce3-c84a2d16b633", + "serialNumber": "urn:uuid:09185e60-2171-4493-a4fd-eaadb9d689b9", "version": 1, "metadata": { - "timestamp": "2024-11-04T00:37:54Z", + "timestamp": "2024-11-11T00:37:58Z", "lifecycles": [ { "phase": "build" @@ -417,6 +417,12 @@ }, "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*", "description": "Backported and Experimental Type Hints for Python 3.8+", + "hashes": [ + { + "alg": "SHA-1", + "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/typing-extensions/4.12.2/#files", @@ -639,6 +645,12 @@ }, "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*", "description": "A modern CSS selector implementation for Beautiful Soup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990" + } + ], "externalReferences": [ { "url": "https://github.com/facelessuser/soupsieve", @@ -2288,6 +2300,12 @@ }, "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*", "description": "Read resources from Python packages", + "hashes": [ + { + "alg": "SHA-1", + "content": "284148b005b57031a354402c446473f53cab2c49" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/importlib-resources/6.4.5/#files", @@ -2957,6 +2975,12 @@ }, "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", + "hashes": [ + { + "alg": "SHA-1", + "content": "43d3b04725ab9731727fb1126e35980c62f32377" + } + ], "licenses": [ { "license": { @@ -3150,7 +3174,7 @@ "type": "library", "bom-ref": "64-packaging", "name": "packaging", - "version": "24.1", + "version": "24.2", "supplier": { "name": "Donald Stufft", "contact": [ @@ -3159,22 +3183,16 @@ } ] }, - "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", - "hashes": [ - { - "alg": "SHA-1", - "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7" - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/packaging/24.1/#files", + "url": "https://pypi.org/project/packaging/24.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packaging@24.1", + "purl": "pkg:pypi/packaging@24.2", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index c2f86ce550..c66cbe5150 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-549306a2-498d-4c40-9fba-23e2d0d32c42 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7d29612d-e195-4775-b376-646cc2514ac4 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-04T00:36:57Z +Created: 2024-11-11T00:36:58Z CreatorComment: This document has been automatically generated. ##### @@ -149,6 +149,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -230,6 +231,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/facelessuser/soupsieve +PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -773,6 +775,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Barry Warsaw (barry@python.org) PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.4.5/#files FilesAnalyzed: false +PackageChecksum: SHA1: 284148b005b57031a354402c446473f53cab2c49 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1002,6 +1005,7 @@ PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich +PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -1063,18 +1067,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* PackageName: packaging SPDXID: SPDXRef-64-packaging -PackageVersion: 24.1 +PackageVersion: 24.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) -PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files +PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Core utilities for Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:* ##### PackageName: plotly From 59680eecec7abafe77b3d6247c11a7357f46a651 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:03:28 -0800 Subject: [PATCH 04/22] chore(deps): bump conda-incubator/setup-miniconda from 3.0.4 to 3.1.0 (#4566) Bumps [conda-incubator/setup-miniconda](https://github.com/conda-incubator/setup-miniconda) from 3.0.4 to 3.1.0. - [Release notes](https://github.com/conda-incubator/setup-miniconda/releases) - [Changelog](https://github.com/conda-incubator/setup-miniconda/blob/main/CHANGELOG.md) - [Commits](https://github.com/conda-incubator/setup-miniconda/compare/a4260408e20b96e80095f42ff7f1a15b27dd94ca...d2e6a045a86077fb6cad6f5adf368e9076ddaa8d) --- updated-dependencies: - dependency-name: conda-incubator/setup-miniconda dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/testing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 651c378eb6..f6dd40f734 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -566,7 +566,7 @@ jobs: path: ~/conda_pkgs_dir key: ${{ runner.os }}-conda-${{ env.CACHE_NUMBER }}-${{ hashFiles('requirements.txt') }} - - uses: conda-incubator/setup-miniconda@a4260408e20b96e80095f42ff7f1a15b27dd94ca # v3.0.4 + - uses: conda-incubator/setup-miniconda@d2e6a045a86077fb6cad6f5adf368e9076ddaa8d # v3.1.0 with: auto-update-conda: true activate-environment: pdftotext From 0499d4e0dc53cdbee0fdc177995d9c988a092d5b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 19:03:44 +0000 Subject: [PATCH 05/22] chore: update SBOM for Python 3.10 (#4562) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.10.json | 67 ++++++++++++++++++++--------------- sbom/cve-bin-tool-py3.10.spdx | 37 ++++++++++--------- 2 files changed, 58 insertions(+), 46 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index a6e3c0437d..11e8b80d5a 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:888833a5-aabf-426e-88d8-8eb73ab2cb9d", + "serialNumber": "urn:uuid:9d8b3f1e-c984-4279-a86b-50bcec4fda9b", "version": 1, "metadata": { - "timestamp": "2024-11-04T00:38:13Z", + "timestamp": "2024-11-11T00:37:52Z", "lifecycles": [ { "phase": "build" @@ -417,6 +417,12 @@ }, "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*", "description": "Backported and Experimental Type Hints for Python 3.8+", + "hashes": [ + { + "alg": "SHA-1", + "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/typing-extensions/4.12.2/#files", @@ -633,6 +639,12 @@ }, "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*", "description": "A modern CSS selector implementation for Beautiful Soup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990" + } + ], "externalReferences": [ { "url": "https://github.com/facelessuser/soupsieve", @@ -2234,6 +2246,12 @@ "name": "markupsafe", "version": "3.0.2", "description": "Safely add untrusted strings to HTML/XML markup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/markupsafe/3.0.2/#files", @@ -2399,7 +2417,7 @@ "type": "library", "bom-ref": "49-rpds-py", "name": "rpds-py", - "version": "0.20.1", + "version": "0.21.0", "supplier": { "name": "Julian Berman", "contact": [ @@ -2408,17 +2426,8 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } - } - ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2426,12 +2435,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.20.1/#files", + "url": "https://pypi.org/project/rpds-py/0.21.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.20.1", + "purl": "pkg:pypi/rpds-py@0.21.0", "properties": [ { "name": "language", @@ -2763,6 +2772,12 @@ }, "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", + "hashes": [ + { + "alg": "SHA-1", + "content": "43d3b04725ab9731727fb1126e35980c62f32377" + } + ], "licenses": [ { "license": { @@ -2956,7 +2971,7 @@ "type": "library", "bom-ref": "60-packaging", "name": "packaging", - "version": "24.1", + "version": "24.2", "supplier": { "name": "Donald Stufft", "contact": [ @@ -2965,22 +2980,16 @@ } ] }, - "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", - "hashes": [ - { - "alg": "SHA-1", - "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7" - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/packaging/24.1/#files", + "url": "https://pypi.org/project/packaging/24.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packaging@24.1", + "purl": "pkg:pypi/packaging@24.2", "properties": [ { "name": "language", @@ -3572,7 +3581,7 @@ "type": "library", "bom-ref": "73-zipp", "name": "zipp", - "version": "3.20.2", + "version": "3.21.0", "supplier": { "name": "Jason R .", "contact": [ @@ -3581,16 +3590,16 @@ } ] }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*", "description": "Backport of pathlib-compatible object wrapper for zip files", "externalReferences": [ { - "url": "https://pypi.org/project/zipp/3.20.2/#files", + "url": "https://pypi.org/project/zipp/3.21.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/zipp@3.20.2", + "purl": "pkg:pypi/zipp@3.21.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index 7b519501da..3450e18661 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3b2a6d00-6777-463e-bce6-aac435fde0eb +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fbb1f496-d598-4256-ad86-451dd81c5ec2 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-04T00:37:10Z +Created: 2024-11-11T00:37:01Z CreatorComment: This document has been automatically generated. ##### @@ -149,6 +149,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -229,6 +230,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/facelessuser/soupsieve +PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -756,6 +758,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. @@ -816,18 +819,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* PackageName: rpds-py SPDXID: SPDXRef-49-rpds-py -PackageVersion: 0.20.1 +PackageVersion: 0.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:* ##### PackageName: lib4sbom @@ -938,6 +941,7 @@ PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich +PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -999,18 +1003,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* PackageName: packaging SPDXID: SPDXRef-60-packaging -PackageVersion: 24.1 +PackageVersion: 24.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) -PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files +PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Core utilities for Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:* ##### PackageName: plotly @@ -1211,17 +1214,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:* PackageName: zipp SPDXID: SPDXRef-73-zipp -PackageVersion: 3.20.2 +PackageVersion: 3.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files +PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:* ##### PackageName: zstandard From 9213882091af3bfa35fb4c26bd5e1ac98897d9f3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:04:12 -0800 Subject: [PATCH 06/22] chore(deps): bump github/codeql-action from 3.27.0 to 3.27.1 (#4565) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.0 to 3.27.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/662472033e021d55d94146f66f6058822b0b39fd...4f3212b61783c3c68e8309a0f18a699764811cda) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9c0c72cf4a..aa82ed9ecf 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -51,7 +51,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -76,4 +76,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 From 43dd144a91be2091f91782d792ff5f9fcf040910 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 19:04:59 +0000 Subject: [PATCH 07/22] chore: update SBOM for Python 3.12 (#4561) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.12.json | 61 ++++++++++++++++++----------------- sbom/cve-bin-tool-py3.12.spdx | 36 +++++++++++---------- 2 files changed, 51 insertions(+), 46 deletions(-) diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index 78cbb8c8a1..60821f01a1 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:06a39a94-1422-40df-893c-b488d152ad6c", + "serialNumber": "urn:uuid:473bf76a-fad4-4e1d-858c-96c7fb94c47b", "version": 1, "metadata": { - "timestamp": "2024-11-04T00:37:49Z", + "timestamp": "2024-11-11T00:37:48Z", "lifecycles": [ { "phase": "build" @@ -541,6 +541,12 @@ }, "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*", "description": "A modern CSS selector implementation for Beautiful Soup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990" + } + ], "externalReferences": [ { "url": "https://github.com/facelessuser/soupsieve", @@ -2142,6 +2148,12 @@ "name": "markupsafe", "version": "3.0.2", "description": "Safely add untrusted strings to HTML/XML markup.", + "hashes": [ + { + "alg": "SHA-1", + "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/markupsafe/3.0.2/#files", @@ -2307,7 +2319,7 @@ "type": "library", "bom-ref": "47-rpds-py", "name": "rpds-py", - "version": "0.20.1", + "version": "0.21.0", "supplier": { "name": "Julian Berman", "contact": [ @@ -2316,17 +2328,8 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } - } - ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2334,12 +2337,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.20.1/#files", + "url": "https://pypi.org/project/rpds-py/0.21.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.20.1", + "purl": "pkg:pypi/rpds-py@0.21.0", "properties": [ { "name": "language", @@ -2671,6 +2674,12 @@ }, "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", + "hashes": [ + { + "alg": "SHA-1", + "content": "43d3b04725ab9731727fb1126e35980c62f32377" + } + ], "licenses": [ { "license": { @@ -2864,7 +2873,7 @@ "type": "library", "bom-ref": "58-packaging", "name": "packaging", - "version": "24.1", + "version": "24.2", "supplier": { "name": "Donald Stufft", "contact": [ @@ -2873,22 +2882,16 @@ } ] }, - "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", - "hashes": [ - { - "alg": "SHA-1", - "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7" - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/packaging/24.1/#files", + "url": "https://pypi.org/project/packaging/24.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packaging@24.1", + "purl": "pkg:pypi/packaging@24.2", "properties": [ { "name": "language", @@ -3422,7 +3425,7 @@ "type": "library", "bom-ref": "70-zipp", "name": "zipp", - "version": "3.20.2", + "version": "3.21.0", "supplier": { "name": "Jason R .", "contact": [ @@ -3431,16 +3434,16 @@ } ] }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*", "description": "Backport of pathlib-compatible object wrapper for zip files", "externalReferences": [ { - "url": "https://pypi.org/project/zipp/3.20.2/#files", + "url": "https://pypi.org/project/zipp/3.21.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/zipp@3.20.2", + "purl": "pkg:pypi/zipp@3.21.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index 785cc63656..132341bedb 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-6d5d65ce-7ee4-477d-bfcf-c94432e85cfb +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-780d67c5-e334-4774-85fc-7ad1e1961493 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-04T00:36:55Z +Created: 2024-11-11T00:37:00Z CreatorComment: This document has been automatically generated. ##### @@ -196,6 +196,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/facelessuser/soupsieve +PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -723,6 +724,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. @@ -783,18 +785,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* PackageName: rpds-py SPDXID: SPDXRef-47-rpds-py -PackageVersion: 0.20.1 +PackageVersion: 0.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:* ##### PackageName: lib4sbom @@ -905,6 +907,7 @@ PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich +PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -966,18 +969,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* PackageName: packaging SPDXID: SPDXRef-58-packaging -PackageVersion: 24.1 +PackageVersion: 24.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) -PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files +PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Core utilities for Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:* ##### PackageName: plotly @@ -1161,17 +1163,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:* PackageName: zipp SPDXID: SPDXRef-70-zipp -PackageVersion: 3.20.2 +PackageVersion: 3.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files +PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:* ##### PackageName: zstandard From 6918c32f225f614866ddf112cc322c167d463210 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:06:32 -0800 Subject: [PATCH 08/22] chore(deps): bump actions/setup-python from 5.2.0 to 5.3.0 (#4555) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5.2.0...v5.3.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-wheel.yml | 2 +- .github/workflows/cve_scan.yml | 2 +- .github/workflows/formatting.yml | 2 +- .github/workflows/fuzzing.yml | 2 +- .github/workflows/linting.yml | 2 +- .github/workflows/sbom.yml | 2 +- .github/workflows/testing.yml | 10 +++++----- .github/workflows/update-cache.yml | 2 +- .github/workflows/update-js-dependencies.yml | 2 +- .github/workflows/update-pre-commit.yml | 2 +- .github/workflows/validate-yml.yml | 2 +- 11 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml index 8072d5fc17..f2b0195499 100644 --- a/.github/workflows/build-wheel.yml +++ b/.github/workflows/build-wheel.yml @@ -28,7 +28,7 @@ jobs: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: ${{ matrix.python-version }} cache: 'pip' diff --git a/.github/workflows/cve_scan.yml b/.github/workflows/cve_scan.yml index 3ce69d8833..c97248eeb3 100644 --- a/.github/workflows/cve_scan.yml +++ b/.github/workflows/cve_scan.yml @@ -22,7 +22,7 @@ jobs: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.11' cache: 'pip' diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml index dc99b6d2e2..5ef52b7699 100644 --- a/.github/workflows/formatting.yml +++ b/.github/workflows/formatting.yml @@ -24,7 +24,7 @@ jobs: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.11' cache: 'pip' diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml index 478c5a8b42..b4fb4a9fcb 100644 --- a/.github/workflows/fuzzing.yml +++ b/.github/workflows/fuzzing.yml @@ -19,7 +19,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v5.2.0 + uses: actions/setup-python@v5.3.0 with: python-version: 3.9 diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 48f759c58e..c4737601f6 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -23,7 +23,7 @@ jobs: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.11' cache: 'pip' diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 05fe91de08..1d42ac5baa 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -27,7 +27,7 @@ jobs: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: ${{ matrix.python }} cache: 'pip' diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index f6dd40f734..6ed476bcb6 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -49,7 +49,7 @@ jobs: pypi.org:443 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.11' cache: 'pip' @@ -108,7 +108,7 @@ jobs: www.sqlite.org:443 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: ${{ matrix.python }} cache: 'pip' @@ -240,7 +240,7 @@ jobs: www.sqlite.org:443 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.10' cache: 'pip' @@ -397,7 +397,7 @@ jobs: www.sqlite.org:443 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.10' cache: 'pip' @@ -503,7 +503,7 @@ jobs: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.12' cache: 'pip' diff --git a/.github/workflows/update-cache.yml b/.github/workflows/update-cache.yml index 7e77e1ecf1..fa2c93fae7 100644 --- a/.github/workflows/update-cache.yml +++ b/.github/workflows/update-cache.yml @@ -31,7 +31,7 @@ jobs: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.10' cache: 'pip' diff --git a/.github/workflows/update-js-dependencies.yml b/.github/workflows/update-js-dependencies.yml index d4921f0f4d..f2b3fc0bd9 100644 --- a/.github/workflows/update-js-dependencies.yml +++ b/.github/workflows/update-js-dependencies.yml @@ -28,7 +28,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.11' diff --git a/.github/workflows/update-pre-commit.yml b/.github/workflows/update-pre-commit.yml index 23a58da58f..2b3be9cf39 100644 --- a/.github/workflows/update-pre-commit.yml +++ b/.github/workflows/update-pre-commit.yml @@ -28,7 +28,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.11' diff --git a/.github/workflows/validate-yml.yml b/.github/workflows/validate-yml.yml index 477aba9b85..b4bd97f31d 100644 --- a/.github/workflows/validate-yml.yml +++ b/.github/workflows/validate-yml.yml @@ -19,7 +19,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.11' cache: 'pip' From 377b9ca36529259048d4b8886ac34d2b20b0c6a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:06:58 -0800 Subject: [PATCH 09/22] chore(deps): bump actions/dependency-review-action from 4.3.5 to 4.4.0 (#4554) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.3.5 to 4.4.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/a6993e2c61fd5dc440b409aa1d6904921c5e1894...4081bf99e2866ebe428fc0477b69eb4fcda7220a) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 717e3e7f10..d99c952123 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -24,4 +24,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: 'Dependency Review' - uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5 + uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0 From 97569385065b84d536b749155ef46fac632683ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:08:49 -0800 Subject: [PATCH 10/22] chore(deps): bump check-spelling/check-spelling from 0.0.22 to 0.0.24 (#4553) Bumps [check-spelling/check-spelling](https://github.com/check-spelling/check-spelling) from 0.0.22 to 0.0.24. - [Release notes](https://github.com/check-spelling/check-spelling/releases) - [Changelog](https://github.com/check-spelling/check-spelling/blob/main/gh-release-downloader) - [Commits](https://github.com/check-spelling/check-spelling/compare/v0.0.22...v0.0.24) --- updated-dependencies: - dependency-name: check-spelling/check-spelling dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/spelling.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index fd7d1d7d4b..2dec16dcae 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -19,7 +19,7 @@ jobs: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: check-spelling/check-spelling@v0.0.22 + - uses: check-spelling/check-spelling@v0.0.24 with: extra_dictionaries: cspell:python/src/python/python.txt From 9712d5cfed57445b9e6462fac28042d8a4b24e9d Mon Sep 17 00:00:00 2001 From: anchita20 Date: Wed, 13 Nov 2024 01:09:59 +0530 Subject: [PATCH 11/22] docs: add docstrings to parsers/env.py and format changes (#4552) * Fixes #4539 --- cve_bin_tool/parsers/env.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/cve_bin_tool/parsers/env.py b/cve_bin_tool/parsers/env.py index 536f681752..e4cb15a55c 100644 --- a/cve_bin_tool/parsers/env.py +++ b/cve_bin_tool/parsers/env.py @@ -15,6 +15,12 @@ @dataclasses.dataclass class EnvNamespaceConfig: + """ + Configuration details for environment namespace in the CVE Bin tool + Attributes: + CVE ID associated with this namespace, vendor name, product name, version of the product, file path where product is located + """ + ad_hoc_cve_id: str vendor: str product: str @@ -24,6 +30,12 @@ class EnvNamespaceConfig: @dataclasses.dataclass class EnvConfig: + """ + Configuration for multiple environment namespaces + Attributes: + A dictionary mapping namespace names to their configurations + """ + namespaces: dict[str, EnvNamespaceConfig] @@ -40,6 +52,13 @@ class EnvParser(Parser): @staticmethod def parse_file_contents(contents): + """ + Parse the contents of an environment configuration file + Args: + contents(str): textual content of environment configuration file + Returns: + EnvConfig: EnvConfig instance containing parsed namespace configurations + """ lines = list( [ line From dafb9da81b0bf8832b5f0ec920cd9860ae11caa7 Mon Sep 17 00:00:00 2001 From: weichslgartner Date: Tue, 12 Nov 2024 23:19:52 +0100 Subject: [PATCH 12/22] fix: csv output under Windows with correct newlines (#4557) (#4558) * fixes #4557 --- cve_bin_tool/output_engine/__init__.py | 5 ++++- test/test_output_engine.py | 10 ++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/cve_bin_tool/output_engine/__init__.py b/cve_bin_tool/output_engine/__init__.py index a697785d1f..0de9c28a2e 100644 --- a/cve_bin_tool/output_engine/__init__.py +++ b/cve_bin_tool/output_engine/__init__.py @@ -882,7 +882,10 @@ def output_file(self, output_type="console"): with open(self.filename, "wb") as f: self.output_cves(f, output_type) else: - with open(self.filename, "w", encoding="utf8") as f: + # if type is csv, file should be opened with newline='' + # see https://docs.python.org/3/library/csv.html#csv.writer + newline = "" if output_type == "csv" else None + with open(self.filename, mode="w", newline=newline, encoding="utf8") as f: self.output_cves(f, output_type) def check_file_path(self, filepath: str, output_type: str, prefix: str = "output"): diff --git a/test/test_output_engine.py b/test/test_output_engine.py index 5510738a9f..5a65e5c4cd 100644 --- a/test/test_output_engine.py +++ b/test/test_output_engine.py @@ -1270,6 +1270,16 @@ def test_output_file(self): self.assertEqual(contains_filename, True) self.assertEqual(contains_msg, True) + def test_csv_output_file(self): + self.output_engine.output_file(output_type="csv") + filename = Path(self.output_engine.filename) + n_cves = sum(len(c["cves"]) for c in self.MOCK_OUTPUT.values()) + with filename.open(newline="", mode="r") as f: + n_lines = len(f.read().splitlines()) + # cvs file should have one line per cve plus a header line + assert n_lines == n_cves + 1 + filename.unlink() + def test_output_file_wrapper(self): """Test file generation logic in output_file_wrapper""" logger = logging.getLogger() From 7d0d8c84282a02b94f3604087cca0fa60037dcca Mon Sep 17 00:00:00 2001 From: veesood <123954200+vroomvee@users.noreply.github.com> Date: Wed, 13 Nov 2024 04:21:51 +0530 Subject: [PATCH 13/22] docs(available_fix/debian_cve_tracker): Add comprehensive docstrings * fixes #4540 * docs: Add docstrings for VEXGenerate class and methods Added detailed docstrings to `VEXGenerate` class, including description for class attributes, methods, and parameters. This enhances readability and provides clear guidance. * docs(available_fix/debian_cve_tracker): add docstrings fixes #4540 --- .../available_fix/debian_cve_tracker.py | 65 ++++++++++++++++++- 1 file changed, 62 insertions(+), 3 deletions(-) diff --git a/cve_bin_tool/available_fix/debian_cve_tracker.py b/cve_bin_tool/available_fix/debian_cve_tracker.py index 542fc34375..fcb0733bae 100644 --- a/cve_bin_tool/available_fix/debian_cve_tracker.py +++ b/cve_bin_tool/available_fix/debian_cve_tracker.py @@ -33,7 +33,27 @@ class DebianCVETracker: + """ + A class for tracking CVEs (Common Vulnerabilities and Exposures) for Debian-based distributions. + + This class is designed to monitor CVEs specific to a given Debian distribution, + taking into account the distribution name, codename, and whether the package is a backport. + + Attributes: + distro_name (str): The name of the Debian-based distribution (e.g., "Debian", "Ubuntu"). + distro_codename (str): The codename of the distribution release (e.g., "buster", "focal"). + is_backport (bool): Flag indicating if the package is a backport. + """ + def __init__(self, distro_name: str, distro_codename: str, is_backport: bool): + """ + Initializes a DebianCVETracker instance with distribution information. + + Parameters: + distro_name (str): The name of the Debian-based distribution. + distro_codename (str): The codename for the distribution release. + is_backport (bool): Specifies if the package is a backport. + """ self.distro_name = distro_name self.distro_codename = distro_codename self.is_backport = is_backport @@ -42,7 +62,17 @@ def cve_info( self, all_cve_data: dict[ProductInfo, CVEData], ): - """Produces the Backported fixes' info""" + """ + Generates information on backported CVE fixes for a given set of CVE data. + + This function processes CVE data and checks for resolved vulnerabilities in + the Debian or Ubuntu distributions. If a fix is available or backported, it logs + relevant information about the fix's availability and version. + + Parameters: + all_cve_data (dict[ProductInfo, CVEData]): Dictionary containing CVE data, + organized by product and version. + """ cve_data = format_output(all_cve_data, None) json_data = self.get_data() @@ -72,11 +102,30 @@ def cve_info( ) def get_data(self): + """ + Retrieves CVE data from the Debian CVE JSON file. + + This method opens and loads the Debian CVE JSON file for processing + vulnerability data, calling `check_json` to verify that the file is + up-to-date before loading. + + Returns: + dict: Loaded JSON data from the Debian CVE JSON file. + """ check_json() with open(DEB_CVE_JSON_PATH) as jsonfile: return load(jsonfile) def compute_distro(self): + """ + Computes the distribution codename based on the Debian or Ubuntu release. + + Maps the specified distribution codename to either Ubuntu or Debian based + on the provided `distro_name`. + + Returns: + str: The mapped codename for the distribution. + """ if self.distro_name == "ubuntu": return UBUNTU_DEBIAN_MAP[self.distro_codename] elif self.distro_name == "debian": @@ -84,7 +133,12 @@ def compute_distro(self): def check_json(): - """Check to update the Debian CVE JSON file""" + """ + Verifies if the Debian CVE JSON file is current and triggers an update if outdated. + + This function checks the modification time of the JSON file. If it's older than + one day, it calls `update_json` to download a fresh version. + """ if ( not DEB_CVE_JSON_PATH.exists() @@ -94,7 +148,12 @@ def check_json(): def update_json(): - """Update the Debian CVE JSON file""" + """ + Updates the Debian CVE JSON file by downloading the latest data. + + This function requests the JSON data from the specified URL and saves it to + the `DEB_CVE_JSON_PATH` location, logging the update status. + """ LOGGER.info("Updating Debian CVE JSON file for checking available fixes.") # timeout = 300s = 5min. This is a guess at a valid default From 489449e37f1c3883dd338004753358dc1040f5c9 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 18:26:36 +0000 Subject: [PATCH 14/22] chore: update SBOM for Python 3.9 (#4574) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.9.json | 293 +++++++++++++++++++++++++++-------- sbom/cve-bin-tool-py3.9.spdx | 86 +++++----- 2 files changed, 273 insertions(+), 106 deletions(-) diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index 2f66f324d6..3b323e9810 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:b533a6a5-37a1-49d0-ac98-ad45000656d8", + "serialNumber": "urn:uuid:4cd7fc8c-899c-44d7-99ce-13fd8013ebd6", "version": 1, "metadata": { - "timestamp": "2024-11-11T00:38:15Z", + "timestamp": "2024-11-18T00:41:13Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.10.10", + "version": "3.11.2", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.10.10/#files", + "url": "https://pypi.org/project/aiohttp/3.11.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.10.10", + "purl": "pkg:pypi/aiohttp@3.11.2", "properties": [ { "name": "language", @@ -165,6 +165,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-30T19:42:26.000Z" } ] }, @@ -253,6 +257,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-23T09:46:20.000Z" } ] }, @@ -260,7 +268,7 @@ "type": "library", "bom-ref": "6-async-timeout", "name": "async-timeout", - "version": "4.0.3", + "version": "5.0.1", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -269,14 +277,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*", "description": "Timeout context manager for asyncio programs", - "hashes": [ - { - "alg": "SHA-1", - "content": "a48974404c746593f78c116faceb56a0db50309e" - } - ], "licenses": [ { "license": { @@ -293,12 +295,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/async-timeout/4.0.3/#files", + "url": "https://pypi.org/project/async-timeout/5.0.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/async-timeout@4.0.3", + "purl": "pkg:pypi/async-timeout@5.0.1", "properties": [ { "name": "language", @@ -310,7 +312,7 @@ }, { "name": "package_release_date", - "value": "2023-08-10T16:35:55.000Z" + "value": "2024-11-06T16:41:37.000Z" } ] }, @@ -351,6 +353,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-08-06T14:37:36.000Z" } ] }, @@ -399,6 +405,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-09T23:47:18.000Z" } ] }, @@ -439,14 +449,18 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-06-07T18:52:13.000Z" } ] }, { "type": "library", - "bom-ref": "10-yarl", - "name": "yarl", - "version": "1.17.1", + "bom-ref": "10-propcache", + "name": "propcache", + "version": "0.2.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -455,8 +469,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*", - "description": "Yet another URL library", + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", + "description": "Accelerated property cache", "licenses": [ { "license": { @@ -468,17 +482,17 @@ ], "externalReferences": [ { - "url": "https://github.com/aio-libs/yarl", + "url": "https://github.com/aio-libs/propcache", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.17.1/#files", + "url": "https://pypi.org/project/propcache/0.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.17.1", + "purl": "pkg:pypi/propcache@0.2.0", "properties": [ { "name": "language", @@ -487,32 +501,50 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-07T12:54:02.000Z" } ] }, { "type": "library", - "bom-ref": "11-idna", - "name": "idna", - "version": "3.10", + "bom-ref": "11-yarl", + "name": "yarl", + "version": "1.17.2", "supplier": { - "name": "Kim Davies", + "name": "Andrew Svetlov", "contact": [ { - "email": "kim+pypi@gumleaf.org" + "email": "andrew.svetlov@gmail.com" } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", - "description": "Internationalized Domain Names in Applications (IDNA)", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*", + "description": "Yet another URL library", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/idna/3.10/#files", + "url": "https://github.com/aio-libs/yarl", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/yarl/1.17.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/idna@3.10", + "purl": "pkg:pypi/yarl@1.17.2", "properties": [ { "name": "language", @@ -526,41 +558,27 @@ }, { "type": "library", - "bom-ref": "12-propcache", - "name": "propcache", - "version": "0.2.0", + "bom-ref": "12-idna", + "name": "idna", + "version": "3.10", "supplier": { - "name": "Andrew Svetlov", + "name": "Kim Davies", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "kim+pypi@gumleaf.org" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", - "description": "Accelerated property cache", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } - } - ], + "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", + "description": "Internationalized Domain Names in Applications (IDNA)", "externalReferences": [ { - "url": "https://github.com/aio-libs/propcache", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/propcache/0.2.0/#files", + "url": "https://pypi.org/project/idna/3.10/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/propcache@0.2.0", + "purl": "pkg:pypi/idna@3.10", "properties": [ { "name": "language", @@ -569,6 +587,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-15T18:07:37.000Z" } ] }, @@ -684,6 +706,12 @@ }, "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", + "hashes": [ + { + "alg": "SHA-1", + "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261" + } + ], "licenses": [ { "license": { @@ -714,6 +742,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-11-01T10:05:52.000Z" } ] }, @@ -930,6 +962,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-10T15:59:06.000Z" } ] }, @@ -978,6 +1014,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-07T04:00:36.000Z" } ] }, @@ -1293,6 +1333,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-08-18T20:28:43.000Z" } ] }, @@ -1341,6 +1385,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:42:08.000Z" } ] }, @@ -1389,6 +1437,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:41:42.000Z" } ] }, @@ -1656,6 +1708,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-13T10:01:13.000Z" } ] }, @@ -1878,6 +1934,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-07-20T17:26:29.000Z" } ] }, @@ -1922,6 +1982,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:57:36.000Z" } ] }, @@ -2242,6 +2306,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-11T14:56:07.000Z" } ] }, @@ -2276,6 +2344,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-11-10T15:05:19.000Z" } ] }, @@ -2342,6 +2414,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:20:51.000Z" } ] }, @@ -2390,6 +2466,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-07-08T18:40:00.000Z" } ] }, @@ -2435,6 +2515,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-08T12:29:30.000Z" } ] }, @@ -2502,6 +2586,12 @@ }, "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", + "hashes": [ + { + "alg": "SHA-1", + "content": "73581d8dfc56a24eac6ee32c83e6759b4506bb71" + } + ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2523,6 +2613,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-11-06T13:57:41.000Z" } ] }, @@ -2619,6 +2713,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-08-06T20:31:40.000Z" } ] }, @@ -2882,6 +2980,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-11-01T16:43:55.000Z" } ] }, @@ -3072,6 +3174,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-11-08T09:47:44.000Z" } ] }, @@ -3120,6 +3226,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-12T15:36:24.000Z" } ] }, @@ -3174,6 +3284,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-07-29T12:12:25.000Z" } ] }, @@ -3192,6 +3306,12 @@ }, "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "hashes": [ + { + "alg": "SHA-1", + "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c" + } + ], "licenses": [ { "license": { @@ -3222,6 +3342,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-20T16:43:47.000Z" } ] }, @@ -3276,6 +3400,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-05-29T15:37:47.000Z" } ] }, @@ -3324,6 +3452,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-08-30T01:55:02.000Z" } ] }, @@ -3372,6 +3504,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-09T07:38:02.000Z" } ] }, @@ -3390,6 +3526,12 @@ }, "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/urllib3/2.2.3/#files", @@ -3406,6 +3548,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-12T10:52:16.000Z" } ] }, @@ -3460,6 +3606,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-07-24T21:57:45.000Z" } ] }, @@ -3467,7 +3617,7 @@ "type": "library", "bom-ref": "71-setuptools", "name": "setuptools", - "version": "75.3.0", + "version": "75.5.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3476,16 +3626,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.3.0/#files", + "url": "https://pypi.org/project/setuptools/75.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.3.0", + "purl": "pkg:pypi/setuptools@75.5.0", "properties": [ { "name": "language", @@ -3494,6 +3644,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-11-13T11:22:04.000Z" } ] }, @@ -3600,6 +3754,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-31T09:47:12.000Z" } ] }, @@ -3696,6 +3854,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-07-15T00:13:27.000Z" } ] } @@ -3747,7 +3909,8 @@ "7-attrs", "5-frozenlist", "8-multidict", - "10-yarl" + "10-propcache", + "11-yarl" ] }, { @@ -3763,11 +3926,11 @@ ] }, { - "ref": "10-yarl", + "ref": "11-yarl", "dependsOn": [ - "11-idna", + "12-idna", "8-multidict", - "12-propcache" + "10-propcache" ] }, { @@ -3975,7 +4138,7 @@ "dependsOn": [ "67-certifi", "68-charset-normalizer", - "11-idna", + "12-idna", "69-urllib3" ] }, diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index e3fee52bd3..69f0851dff 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9649f957-449f-4148-b2c1-9a5ec28d0ff8 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7537a80d-caef-4a47-a5f9-73259eba4425 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-11T00:37:24Z +Created: 2024-11-18T00:40:10Z CreatorComment: This document has been automatically generated. ##### @@ -27,10 +27,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.10.10 +PackageVersion: 3.11.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: NOASSERTION @@ -38,7 +38,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2 ##### PackageName: aiohappyeyeballs @@ -93,20 +93,19 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 PackageName: async-timeout SPDXID: SPDXRef-6-async-timeout -PackageVersion: 4.0.3 +PackageVersion: 5.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3/#files +PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/async-timeout -PackageChecksum: SHA1: a48974404c746593f78c116faceb56a0db50309e PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Timeout context manager for asyncio programs -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@4.0.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:* ##### PackageName: attrs @@ -158,24 +157,40 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:* ##### +PackageName: propcache +SPDXID: SPDXRef-10-propcache +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/propcache +PackageLicenseDeclared: Apache-2.0 +PackageLicenseConcluded: Apache-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Accelerated property cache +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* +##### + PackageName: yarl -SPDXID: SPDXRef-10-yarl -PackageVersion: 1.17.1 +SPDXID: SPDXRef-11-yarl +PackageVersion: 1.17.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-11-idna +SPDXID: SPDXRef-12-idna PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) @@ -189,22 +204,6 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### -PackageName: propcache -SPDXID: SPDXRef-12-propcache -PackageVersion: 0.2.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/propcache -PackageLicenseDeclared: Apache-2.0 -PackageLicenseConcluded: Apache-2.0 -PackageCopyrightText: NOASSERTION -PackageSummary: Accelerated property cache -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* -##### - PackageName: beautifulsoup4 SPDXID: SPDXRef-13-beautifulsoup4 PackageVersion: 4.12.3 @@ -247,6 +246,7 @@ PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redha PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss +PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. @@ -856,6 +856,7 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds +PackageChecksum: SHA1: 73581d8dfc56a24eac6ee32c83e6759b4506bb71 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1089,6 +1090,7 @@ PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/vsajip/python-gnupg +PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. @@ -1154,6 +1156,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false +PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1181,17 +1184,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-71-setuptools -PackageVersion: 75.3.0 +PackageVersion: 75.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:* ##### PackageName: toml @@ -1286,9 +1289,9 @@ Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-setuptools Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-toml Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-xmlschema Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-75-zstandard -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-11-idna -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-12-propcache -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-8-multidict +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-10-propcache +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-12-idna +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-8-multidict Relationship: SPDXRef-13-beautifulsoup4 DEPENDS_ON SPDXRef-14-soupsieve Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-20-argcomplete Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-21-crcmod @@ -1303,7 +1306,8 @@ Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-37-pyopenssl Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-41-retry-decorator Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-42-google-apitools Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-43-monotonic -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-yarl +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-propcache +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-yarl Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist @@ -1367,7 +1371,7 @@ Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-9-typing-extensions Relationship: SPDXRef-59-markdown-it-py DEPENDS_ON SPDXRef-60-mdurl Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-62-packaging Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-64-tenacity -Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-11-idna +Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-12-idna Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-67-certifi Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-68-charset-normalizer Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-69-urllib3 From 38e991d7ee1290a35e9313194c5d5380398e7cda Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 18:28:52 +0000 Subject: [PATCH 15/22] chore: update SBOM for Python 3.8 (#4573) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.8.json | 182 ++++++++++++++++++++++++++++++----- sbom/cve-bin-tool-py3.8.spdx | 23 +++-- 2 files changed, 171 insertions(+), 34 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index 8e6c4b88f2..fecc01dcdd 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:09185e60-2171-4493-a4fd-eaadb9d689b9", + "serialNumber": "urn:uuid:bfb08152-9dd5-424d-9678-3ee862935199", "version": 1, "metadata": { - "timestamp": "2024-11-11T00:37:58Z", + "timestamp": "2024-11-18T00:39:22Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.10.10", + "version": "3.10.11", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.10.10/#files", + "url": "https://pypi.org/project/aiohttp/3.10.11/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.10.10", + "purl": "pkg:pypi/aiohttp@3.10.11", "properties": [ { "name": "language", @@ -165,6 +165,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-30T19:42:26.000Z" } ] }, @@ -253,6 +257,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-10-23T09:46:20.000Z" } ] }, @@ -260,7 +268,7 @@ "type": "library", "bom-ref": "6-async-timeout", "name": "async-timeout", - "version": "4.0.3", + "version": "5.0.1", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -269,14 +277,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*", "description": "Timeout context manager for asyncio programs", - "hashes": [ - { - "alg": "SHA-1", - "content": "a48974404c746593f78c116faceb56a0db50309e" - } - ], "licenses": [ { "license": { @@ -293,12 +295,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/async-timeout/4.0.3/#files", + "url": "https://pypi.org/project/async-timeout/5.0.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/async-timeout@4.0.3", + "purl": "pkg:pypi/async-timeout@5.0.1", "properties": [ { "name": "language", @@ -310,7 +312,7 @@ }, { "name": "package_release_date", - "value": "2023-08-10T16:35:55.000Z" + "value": "2024-11-06T16:41:37.000Z" } ] }, @@ -351,6 +353,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-08-06T14:37:36.000Z" } ] }, @@ -399,6 +405,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-09T23:47:18.000Z" } ] }, @@ -439,6 +449,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-06-07T18:52:13.000Z" } ] }, @@ -527,6 +541,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-15T18:07:37.000Z" } ] }, @@ -575,6 +593,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-10-07T12:54:02.000Z" } ] }, @@ -690,6 +712,12 @@ }, "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", + "hashes": [ + { + "alg": "SHA-1", + "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261" + } + ], "licenses": [ { "license": { @@ -720,6 +748,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-11-01T10:05:52.000Z" } ] }, @@ -936,6 +968,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-10-10T15:59:06.000Z" } ] }, @@ -984,6 +1020,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-10-07T04:00:36.000Z" } ] }, @@ -1299,6 +1339,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-08-18T20:28:43.000Z" } ] }, @@ -1347,6 +1391,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:42:08.000Z" } ] }, @@ -1395,6 +1443,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:41:42.000Z" } ] }, @@ -1884,6 +1936,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-07-20T17:26:29.000Z" } ] }, @@ -1928,6 +1984,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:57:36.000Z" } ] }, @@ -2248,6 +2308,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-11T14:56:07.000Z" } ] }, @@ -2322,6 +2386,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-09T17:03:13.000Z" } ] }, @@ -2402,10 +2470,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-02-02T16:30:04.000Z" } ] }, @@ -2454,6 +2518,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-07-08T18:40:00.000Z" } ] }, @@ -2508,10 +2576,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2023-12-25T15:16:51.000Z" } ] }, @@ -2579,6 +2643,12 @@ }, "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", + "hashes": [ + { + "alg": "SHA-1", + "content": "1b5852dca46ad6ebc8ccb65e0610cc2c5d390cd9" + } + ], "licenses": [ { "license": { @@ -2748,6 +2818,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-08-06T20:31:40.000Z" } ] }, @@ -3011,6 +3085,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-11-01T16:43:55.000Z" } ] }, @@ -3201,6 +3279,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-11-08T09:47:44.000Z" } ] }, @@ -3249,6 +3331,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-12T15:36:24.000Z" } ] }, @@ -3303,6 +3389,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-07-29T12:12:25.000Z" } ] }, @@ -3321,6 +3411,12 @@ }, "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "hashes": [ + { + "alg": "SHA-1", + "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c" + } + ], "licenses": [ { "license": { @@ -3351,6 +3447,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-20T16:43:47.000Z" } ] }, @@ -3405,6 +3505,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-05-29T15:37:47.000Z" } ] }, @@ -3453,6 +3557,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-08-30T01:55:02.000Z" } ] }, @@ -3501,6 +3609,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-10-09T07:38:02.000Z" } ] }, @@ -3519,6 +3631,12 @@ }, "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/urllib3/2.2.3/#files", @@ -3535,6 +3653,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-12T10:52:16.000Z" } ] }, @@ -3589,6 +3711,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-07-24T21:57:45.000Z" } ] }, @@ -3729,6 +3855,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-10-31T09:47:12.000Z" } ] }, @@ -3825,6 +3955,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-07-15T00:13:27.000Z" } ] } diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index c66cbe5150..d2d54cd53b 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7d29612d-e195-4775-b376-646cc2514ac4 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8ea077c5-e561-4e98-a8ff-c481a83d795b LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-11T00:36:58Z +Created: 2024-11-18T00:38:18Z CreatorComment: This document has been automatically generated. ##### @@ -27,10 +27,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.10.10 +PackageVersion: 3.10.11 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.11/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: NOASSERTION @@ -38,7 +38,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.11 ##### PackageName: aiohappyeyeballs @@ -93,20 +93,19 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 PackageName: async-timeout SPDXID: SPDXRef-6-async-timeout -PackageVersion: 4.0.3 +PackageVersion: 5.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3/#files +PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/async-timeout -PackageChecksum: SHA1: a48974404c746593f78c116faceb56a0db50309e PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Timeout context manager for asyncio programs -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@4.0.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:* ##### PackageName: attrs @@ -248,6 +247,7 @@ PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redha PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss +PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. @@ -873,6 +873,7 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds +PackageChecksum: SHA1: 1b5852dca46ad6ebc8ccb65e0610cc2c5d390cd9 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -1122,6 +1123,7 @@ PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/vsajip/python-gnupg +PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. @@ -1187,6 +1189,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false +PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION From 27e8d5b489c5d294e66fbb03f964d26eefe76a51 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 18:37:17 +0000 Subject: [PATCH 16/22] chore: update SBOM for Python 3.10 (#4571) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.10.json | 289 ++++++++++++++++++++++++++-------- sbom/cve-bin-tool-py3.10.spdx | 86 +++++----- 2 files changed, 269 insertions(+), 106 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index 11e8b80d5a..5f95347048 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:9d8b3f1e-c984-4279-a86b-50bcec4fda9b", + "serialNumber": "urn:uuid:88a7c280-7920-491a-a98e-db2939f852a4", "version": 1, "metadata": { - "timestamp": "2024-11-11T00:37:52Z", + "timestamp": "2024-11-18T00:38:34Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.10.10", + "version": "3.11.2", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.10.10/#files", + "url": "https://pypi.org/project/aiohttp/3.11.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.10.10", + "purl": "pkg:pypi/aiohttp@3.11.2", "properties": [ { "name": "language", @@ -165,6 +165,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-30T19:42:26.000Z" } ] }, @@ -253,6 +257,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-23T09:46:20.000Z" } ] }, @@ -260,7 +268,7 @@ "type": "library", "bom-ref": "6-async-timeout", "name": "async-timeout", - "version": "4.0.3", + "version": "5.0.1", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -269,14 +277,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*", "description": "Timeout context manager for asyncio programs", - "hashes": [ - { - "alg": "SHA-1", - "content": "a48974404c746593f78c116faceb56a0db50309e" - } - ], "licenses": [ { "license": { @@ -293,12 +295,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/async-timeout/4.0.3/#files", + "url": "https://pypi.org/project/async-timeout/5.0.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/async-timeout@4.0.3", + "purl": "pkg:pypi/async-timeout@5.0.1", "properties": [ { "name": "language", @@ -310,7 +312,7 @@ }, { "name": "package_release_date", - "value": "2023-08-10T16:35:55.000Z" + "value": "2024-11-06T16:41:37.000Z" } ] }, @@ -351,6 +353,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-08-06T14:37:36.000Z" } ] }, @@ -399,6 +405,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-09T23:47:18.000Z" } ] }, @@ -439,14 +449,18 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-06-07T18:52:13.000Z" } ] }, { "type": "library", - "bom-ref": "10-yarl", - "name": "yarl", - "version": "1.17.1", + "bom-ref": "10-propcache", + "name": "propcache", + "version": "0.2.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -455,8 +469,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*", - "description": "Yet another URL library", + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", + "description": "Accelerated property cache", "licenses": [ { "license": { @@ -468,17 +482,17 @@ ], "externalReferences": [ { - "url": "https://github.com/aio-libs/yarl", + "url": "https://github.com/aio-libs/propcache", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.17.1/#files", + "url": "https://pypi.org/project/propcache/0.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.17.1", + "purl": "pkg:pypi/propcache@0.2.0", "properties": [ { "name": "language", @@ -487,32 +501,50 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-07T12:54:02.000Z" } ] }, { "type": "library", - "bom-ref": "11-idna", - "name": "idna", - "version": "3.10", + "bom-ref": "11-yarl", + "name": "yarl", + "version": "1.17.2", "supplier": { - "name": "Kim Davies", + "name": "Andrew Svetlov", "contact": [ { - "email": "kim+pypi@gumleaf.org" + "email": "andrew.svetlov@gmail.com" } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", - "description": "Internationalized Domain Names in Applications (IDNA)", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*", + "description": "Yet another URL library", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/idna/3.10/#files", + "url": "https://github.com/aio-libs/yarl", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/yarl/1.17.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/idna@3.10", + "purl": "pkg:pypi/yarl@1.17.2", "properties": [ { "name": "language", @@ -526,41 +558,27 @@ }, { "type": "library", - "bom-ref": "12-propcache", - "name": "propcache", - "version": "0.2.0", + "bom-ref": "12-idna", + "name": "idna", + "version": "3.10", "supplier": { - "name": "Andrew Svetlov", + "name": "Kim Davies", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "kim+pypi@gumleaf.org" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", - "description": "Accelerated property cache", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } - } - ], + "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", + "description": "Internationalized Domain Names in Applications (IDNA)", "externalReferences": [ { - "url": "https://github.com/aio-libs/propcache", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/propcache/0.2.0/#files", + "url": "https://pypi.org/project/idna/3.10/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/propcache@0.2.0", + "purl": "pkg:pypi/idna@3.10", "properties": [ { "name": "language", @@ -569,6 +587,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-15T18:07:37.000Z" } ] }, @@ -684,6 +706,12 @@ }, "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", + "hashes": [ + { + "alg": "SHA-1", + "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261" + } + ], "licenses": [ { "license": { @@ -714,6 +742,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-11-01T10:05:52.000Z" } ] }, @@ -930,6 +962,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-10T15:59:06.000Z" } ] }, @@ -978,6 +1014,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-07T04:00:36.000Z" } ] }, @@ -1293,6 +1333,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-08-18T20:28:43.000Z" } ] }, @@ -1341,6 +1385,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:42:08.000Z" } ] }, @@ -1389,6 +1437,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:41:42.000Z" } ] }, @@ -1656,6 +1708,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-13T10:01:13.000Z" } ] }, @@ -1878,6 +1934,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-07-20T17:26:29.000Z" } ] }, @@ -1922,6 +1982,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:57:36.000Z" } ] }, @@ -2268,6 +2332,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:20:51.000Z" } ] }, @@ -2316,6 +2384,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-07-08T18:40:00.000Z" } ] }, @@ -2361,6 +2433,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-08T12:29:30.000Z" } ] }, @@ -2428,6 +2504,12 @@ }, "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", + "hashes": [ + { + "alg": "SHA-1", + "content": "73581d8dfc56a24eac6ee32c83e6759b4506bb71" + } + ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2449,6 +2531,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-11-06T13:57:41.000Z" } ] }, @@ -2545,6 +2631,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-08-06T20:31:40.000Z" } ] }, @@ -2808,6 +2898,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-11-01T16:43:55.000Z" } ] }, @@ -2998,6 +3092,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-11-08T09:47:44.000Z" } ] }, @@ -3046,6 +3144,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-12T15:36:24.000Z" } ] }, @@ -3100,6 +3202,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-07-29T12:12:25.000Z" } ] }, @@ -3118,6 +3224,12 @@ }, "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "hashes": [ + { + "alg": "SHA-1", + "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c" + } + ], "licenses": [ { "license": { @@ -3148,6 +3260,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-20T16:43:47.000Z" } ] }, @@ -3202,6 +3318,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-05-29T15:37:47.000Z" } ] }, @@ -3250,6 +3370,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-08-30T01:55:02.000Z" } ] }, @@ -3298,6 +3422,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-09T07:38:02.000Z" } ] }, @@ -3316,6 +3444,12 @@ }, "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/urllib3/2.2.3/#files", @@ -3332,6 +3466,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-12T10:52:16.000Z" } ] }, @@ -3386,6 +3524,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-07-24T21:57:45.000Z" } ] }, @@ -3393,7 +3535,7 @@ "type": "library", "bom-ref": "69-setuptools", "name": "setuptools", - "version": "75.3.0", + "version": "75.5.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3402,16 +3544,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.3.0/#files", + "url": "https://pypi.org/project/setuptools/75.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.3.0", + "purl": "pkg:pypi/setuptools@75.5.0", "properties": [ { "name": "language", @@ -3420,6 +3562,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-11-13T11:22:04.000Z" } ] }, @@ -3526,6 +3672,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-31T09:47:12.000Z" } ] }, @@ -3608,6 +3758,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-11-10T15:05:19.000Z" } ] }, @@ -3656,6 +3810,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-07-15T00:13:27.000Z" } ] } @@ -3706,7 +3864,8 @@ "7-attrs", "5-frozenlist", "8-multidict", - "10-yarl" + "10-propcache", + "11-yarl" ] }, { @@ -3722,11 +3881,11 @@ ] }, { - "ref": "10-yarl", + "ref": "11-yarl", "dependsOn": [ - "11-idna", + "12-idna", "8-multidict", - "12-propcache" + "10-propcache" ] }, { @@ -3928,7 +4087,7 @@ "dependsOn": [ "65-certifi", "66-charset-normalizer", - "11-idna", + "12-idna", "67-urllib3" ] }, diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index 3450e18661..a6ebbb424d 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fbb1f496-d598-4256-ad86-451dd81c5ec2 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-53fcdacf-66b9-407a-8e03-8d9eee658c35 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-11T00:37:01Z +Created: 2024-11-18T00:37:44Z CreatorComment: This document has been automatically generated. ##### @@ -27,10 +27,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.10.10 +PackageVersion: 3.11.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: NOASSERTION @@ -38,7 +38,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2 ##### PackageName: aiohappyeyeballs @@ -93,20 +93,19 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 PackageName: async-timeout SPDXID: SPDXRef-6-async-timeout -PackageVersion: 4.0.3 +PackageVersion: 5.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3/#files +PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/async-timeout -PackageChecksum: SHA1: a48974404c746593f78c116faceb56a0db50309e PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Timeout context manager for asyncio programs -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@4.0.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:* ##### PackageName: attrs @@ -158,24 +157,40 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:* ##### +PackageName: propcache +SPDXID: SPDXRef-10-propcache +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/propcache +PackageLicenseDeclared: Apache-2.0 +PackageLicenseConcluded: Apache-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Accelerated property cache +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* +##### + PackageName: yarl -SPDXID: SPDXRef-10-yarl -PackageVersion: 1.17.1 +SPDXID: SPDXRef-11-yarl +PackageVersion: 1.17.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-11-idna +SPDXID: SPDXRef-12-idna PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) @@ -189,22 +204,6 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### -PackageName: propcache -SPDXID: SPDXRef-12-propcache -PackageVersion: 0.2.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/propcache -PackageLicenseDeclared: Apache-2.0 -PackageLicenseConcluded: Apache-2.0 -PackageCopyrightText: NOASSERTION -PackageSummary: Accelerated property cache -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* -##### - PackageName: beautifulsoup4 SPDXID: SPDXRef-13-beautifulsoup4 PackageVersion: 4.12.3 @@ -247,6 +246,7 @@ PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redha PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss +PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. @@ -825,6 +825,7 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds +PackageChecksum: SHA1: 73581d8dfc56a24eac6ee32c83e6759b4506bb71 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1058,6 +1059,7 @@ PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/vsajip/python-gnupg +PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. @@ -1123,6 +1125,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false +PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1150,17 +1153,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-69-setuptools -PackageVersion: 75.3.0 +PackageVersion: 75.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:* ##### PackageName: toml @@ -1269,9 +1272,9 @@ Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-toml Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-xmlschema Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-zipp Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-74-zstandard -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-11-idna -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-12-propcache -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-8-multidict +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-10-propcache +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-12-idna +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-8-multidict Relationship: SPDXRef-13-beautifulsoup4 DEPENDS_ON SPDXRef-14-soupsieve Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-20-argcomplete Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-21-crcmod @@ -1286,7 +1289,8 @@ Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-37-pyopenssl Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-41-retry-decorator Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-42-google-apitools Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-43-monotonic -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-yarl +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-propcache +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-yarl Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist @@ -1349,7 +1353,7 @@ Relationship: SPDXRef-56-rich DEPENDS_ON SPDXRef-9-typing-extensions Relationship: SPDXRef-57-markdown-it-py DEPENDS_ON SPDXRef-58-mdurl Relationship: SPDXRef-61-plotly DEPENDS_ON SPDXRef-60-packaging Relationship: SPDXRef-61-plotly DEPENDS_ON SPDXRef-62-tenacity -Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-11-idna +Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-12-idna Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-65-certifi Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-66-charset-normalizer Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-67-urllib3 From 71c5a8fb56e9fc4b53aae9997045a93b9d4802bd Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 18:38:29 +0000 Subject: [PATCH 17/22] chore: update SBOM for Python 3.11 (#4572) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.11.json | 269 +++++++++++++++++++++++++++------- sbom/cve-bin-tool-py3.11.spdx | 77 +++++----- 2 files changed, 256 insertions(+), 90 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index 5ba8175fb4..c0ec7aafc2 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:427b46ae-e987-4f40-8517-9a8d3fcec56e", + "serialNumber": "urn:uuid:9445364b-91e6-4789-8aca-9a9c8deaafed", "version": 1, "metadata": { - "timestamp": "2024-11-11T00:37:40Z", + "timestamp": "2024-11-18T00:39:23Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.10.10", + "version": "3.11.2", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.10.10/#files", + "url": "https://pypi.org/project/aiohttp/3.11.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.10.10", + "purl": "pkg:pypi/aiohttp@3.11.2", "properties": [ { "name": "language", @@ -165,6 +165,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-09-30T19:42:26.000Z" } ] }, @@ -253,6 +257,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-23T09:46:20.000Z" } ] }, @@ -293,6 +301,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-08-06T14:37:36.000Z" } ] }, @@ -341,14 +353,18 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-09-09T23:47:18.000Z" } ] }, { "type": "library", - "bom-ref": "8-yarl", - "name": "yarl", - "version": "1.17.1", + "bom-ref": "8-propcache", + "name": "propcache", + "version": "0.2.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -357,8 +373,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*", - "description": "Yet another URL library", + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", + "description": "Accelerated property cache", "licenses": [ { "license": { @@ -370,17 +386,17 @@ ], "externalReferences": [ { - "url": "https://github.com/aio-libs/yarl", + "url": "https://github.com/aio-libs/propcache", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.17.1/#files", + "url": "https://pypi.org/project/propcache/0.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.17.1", + "purl": "pkg:pypi/propcache@0.2.0", "properties": [ { "name": "language", @@ -389,32 +405,50 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-07T12:54:02.000Z" } ] }, { "type": "library", - "bom-ref": "9-idna", - "name": "idna", - "version": "3.10", + "bom-ref": "9-yarl", + "name": "yarl", + "version": "1.17.2", "supplier": { - "name": "Kim Davies", + "name": "Andrew Svetlov", "contact": [ { - "email": "kim+pypi@gumleaf.org" + "email": "andrew.svetlov@gmail.com" } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", - "description": "Internationalized Domain Names in Applications (IDNA)", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*", + "description": "Yet another URL library", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/idna/3.10/#files", + "url": "https://github.com/aio-libs/yarl", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/yarl/1.17.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/idna@3.10", + "purl": "pkg:pypi/yarl@1.17.2", "properties": [ { "name": "language", @@ -428,41 +462,27 @@ }, { "type": "library", - "bom-ref": "10-propcache", - "name": "propcache", - "version": "0.2.0", + "bom-ref": "10-idna", + "name": "idna", + "version": "3.10", "supplier": { - "name": "Andrew Svetlov", + "name": "Kim Davies", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "kim+pypi@gumleaf.org" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", - "description": "Accelerated property cache", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } - } - ], + "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", + "description": "Internationalized Domain Names in Applications (IDNA)", "externalReferences": [ { - "url": "https://github.com/aio-libs/propcache", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/propcache/0.2.0/#files", + "url": "https://pypi.org/project/idna/3.10/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/propcache@0.2.0", + "purl": "pkg:pypi/idna@3.10", "properties": [ { "name": "language", @@ -471,6 +491,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-09-15T18:07:37.000Z" } ] }, @@ -586,6 +610,12 @@ }, "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", + "hashes": [ + { + "alg": "SHA-1", + "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261" + } + ], "licenses": [ { "license": { @@ -616,6 +646,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-11-01T10:05:52.000Z" } ] }, @@ -832,6 +866,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-10T15:59:06.000Z" } ] }, @@ -880,6 +918,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-07T04:00:36.000Z" } ] }, @@ -1195,6 +1237,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-08-18T20:28:43.000Z" } ] }, @@ -1243,6 +1289,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:42:08.000Z" } ] }, @@ -1291,6 +1341,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:41:42.000Z" } ] }, @@ -1558,6 +1612,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-13T10:01:13.000Z" } ] }, @@ -1780,6 +1838,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-07-20T17:26:29.000Z" } ] }, @@ -1824,6 +1886,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:57:36.000Z" } ] }, @@ -2170,6 +2236,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:20:51.000Z" } ] }, @@ -2218,6 +2288,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-07-08T18:40:00.000Z" } ] }, @@ -2263,6 +2337,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-08T12:29:30.000Z" } ] }, @@ -2330,6 +2408,12 @@ }, "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", + "hashes": [ + { + "alg": "SHA-1", + "content": "73581d8dfc56a24eac6ee32c83e6759b4506bb71" + } + ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2351,6 +2435,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-11-06T13:57:41.000Z" } ] }, @@ -2447,6 +2535,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-08-06T20:31:40.000Z" } ] }, @@ -2710,6 +2802,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-11-01T16:43:55.000Z" } ] }, @@ -2900,6 +2996,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-11-08T09:47:44.000Z" } ] }, @@ -2948,6 +3048,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-09-12T15:36:24.000Z" } ] }, @@ -3002,6 +3106,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-07-29T12:12:25.000Z" } ] }, @@ -3020,6 +3128,12 @@ }, "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "hashes": [ + { + "alg": "SHA-1", + "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c" + } + ], "licenses": [ { "license": { @@ -3050,6 +3164,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-09-20T16:43:47.000Z" } ] }, @@ -3104,6 +3222,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-05-29T15:37:47.000Z" } ] }, @@ -3152,6 +3274,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-08-30T01:55:02.000Z" } ] }, @@ -3200,6 +3326,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-09T07:38:02.000Z" } ] }, @@ -3218,6 +3348,12 @@ }, "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/urllib3/2.2.3/#files", @@ -3234,6 +3370,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-09-12T10:52:16.000Z" } ] }, @@ -3288,6 +3428,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-07-24T21:57:45.000Z" } ] }, @@ -3295,7 +3439,7 @@ "type": "library", "bom-ref": "67-setuptools", "name": "setuptools", - "version": "75.3.0", + "version": "75.5.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3304,16 +3448,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.3.0/#files", + "url": "https://pypi.org/project/setuptools/75.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.3.0", + "purl": "pkg:pypi/setuptools@75.5.0", "properties": [ { "name": "language", @@ -3322,6 +3466,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-11-13T11:22:04.000Z" } ] }, @@ -3370,6 +3518,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-31T09:47:12.000Z" } ] }, @@ -3452,6 +3604,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-11-10T15:05:19.000Z" } ] }, @@ -3500,6 +3656,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-07-15T00:13:27.000Z" } ] } @@ -3548,7 +3708,8 @@ "6-attrs", "5-frozenlist", "7-multidict", - "8-yarl" + "8-propcache", + "9-yarl" ] }, { @@ -3558,11 +3719,11 @@ ] }, { - "ref": "8-yarl", + "ref": "9-yarl", "dependsOn": [ - "9-idna", + "10-idna", "7-multidict", - "10-propcache" + "8-propcache" ] }, { @@ -3763,7 +3924,7 @@ "dependsOn": [ "63-certifi", "64-charset-normalizer", - "9-idna", + "10-idna", "65-urllib3" ] }, diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index 272ff4e086..e37b1e32bc 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-efe4b143-b05c-44c4-852e-b6b21a68340f +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-75f97134-ae0b-4742-83bb-e1072b2baaf1 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-11T00:37:01Z +Created: 2024-11-18T00:38:42Z CreatorComment: This document has been automatically generated. ##### @@ -27,10 +27,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.10.10 +PackageVersion: 3.11.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: NOASSERTION @@ -38,7 +38,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2 ##### PackageName: aiohappyeyeballs @@ -124,24 +124,40 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* ##### +PackageName: propcache +SPDXID: SPDXRef-8-propcache +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/propcache +PackageLicenseDeclared: Apache-2.0 +PackageLicenseConcluded: Apache-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Accelerated property cache +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* +##### + PackageName: yarl -SPDXID: SPDXRef-8-yarl -PackageVersion: 1.17.1 +SPDXID: SPDXRef-9-yarl +PackageVersion: 1.17.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-9-idna +SPDXID: SPDXRef-10-idna PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) @@ -155,22 +171,6 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### -PackageName: propcache -SPDXID: SPDXRef-10-propcache -PackageVersion: 0.2.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/propcache -PackageLicenseDeclared: Apache-2.0 -PackageLicenseConcluded: Apache-2.0 -PackageCopyrightText: NOASSERTION -PackageSummary: Accelerated property cache -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* -##### - PackageName: beautifulsoup4 SPDXID: SPDXRef-11-beautifulsoup4 PackageVersion: 4.12.3 @@ -213,6 +213,7 @@ PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redha PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss +PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. @@ -791,6 +792,7 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds +PackageChecksum: SHA1: 73581d8dfc56a24eac6ee32c83e6759b4506bb71 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1024,6 +1026,7 @@ PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/vsajip/python-gnupg +PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. @@ -1089,6 +1092,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false +PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1116,17 +1120,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-67-setuptools -PackageVersion: 75.3.0 +PackageVersion: 75.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:* ##### PackageName: xmlschema @@ -1236,7 +1240,8 @@ Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-multidict -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-yarl +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-propcache +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-9-yarl Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-22-boto Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-23-google-auth Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-rsa @@ -1292,12 +1297,12 @@ Relationship: SPDXRef-54-rich DEPENDS_ON SPDXRef-57-pygments Relationship: SPDXRef-55-markdown-it-py DEPENDS_ON SPDXRef-56-mdurl Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-58-packaging Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-60-tenacity +Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-10-idna Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-63-certifi Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-64-charset-normalizer Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-65-urllib3 -Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-9-idna Relationship: SPDXRef-68-xmlschema DEPENDS_ON SPDXRef-69-elementpath -Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-10-propcache -Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-7-multidict -Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-9-idna +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-10-idna +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-7-multidict +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-8-propcache Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool From 3133138e289bf0049244f768ac88a392e7e26d63 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 18:41:50 +0000 Subject: [PATCH 18/22] chore: update SBOM for Python 3.12 (#4570) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.12.json | 269 +++++++++++++++++++++++++++------- sbom/cve-bin-tool-py3.12.spdx | 77 +++++----- 2 files changed, 256 insertions(+), 90 deletions(-) diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index 60821f01a1..4c2b0f704a 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:473bf76a-fad4-4e1d-858c-96c7fb94c47b", + "serialNumber": "urn:uuid:b68a2b85-9212-4889-b7b2-84f3edf441ff", "version": 1, "metadata": { - "timestamp": "2024-11-11T00:37:48Z", + "timestamp": "2024-11-18T00:38:25Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.10.10", + "version": "3.11.2", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.10.10/#files", + "url": "https://pypi.org/project/aiohttp/3.11.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.10.10", + "purl": "pkg:pypi/aiohttp@3.11.2", "properties": [ { "name": "language", @@ -165,6 +165,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-30T19:42:26.000Z" } ] }, @@ -253,6 +257,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-23T09:46:20.000Z" } ] }, @@ -293,6 +301,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-08-06T14:37:36.000Z" } ] }, @@ -341,14 +353,18 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-09T23:47:18.000Z" } ] }, { "type": "library", - "bom-ref": "8-yarl", - "name": "yarl", - "version": "1.17.1", + "bom-ref": "8-propcache", + "name": "propcache", + "version": "0.2.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -357,8 +373,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*", - "description": "Yet another URL library", + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", + "description": "Accelerated property cache", "licenses": [ { "license": { @@ -370,17 +386,17 @@ ], "externalReferences": [ { - "url": "https://github.com/aio-libs/yarl", + "url": "https://github.com/aio-libs/propcache", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.17.1/#files", + "url": "https://pypi.org/project/propcache/0.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.17.1", + "purl": "pkg:pypi/propcache@0.2.0", "properties": [ { "name": "language", @@ -389,32 +405,50 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-07T12:54:02.000Z" } ] }, { "type": "library", - "bom-ref": "9-idna", - "name": "idna", - "version": "3.10", + "bom-ref": "9-yarl", + "name": "yarl", + "version": "1.17.2", "supplier": { - "name": "Kim Davies", + "name": "Andrew Svetlov", "contact": [ { - "email": "kim+pypi@gumleaf.org" + "email": "andrew.svetlov@gmail.com" } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", - "description": "Internationalized Domain Names in Applications (IDNA)", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*", + "description": "Yet another URL library", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/idna/3.10/#files", + "url": "https://github.com/aio-libs/yarl", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/yarl/1.17.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/idna@3.10", + "purl": "pkg:pypi/yarl@1.17.2", "properties": [ { "name": "language", @@ -428,41 +462,27 @@ }, { "type": "library", - "bom-ref": "10-propcache", - "name": "propcache", - "version": "0.2.0", + "bom-ref": "10-idna", + "name": "idna", + "version": "3.10", "supplier": { - "name": "Andrew Svetlov", + "name": "Kim Davies", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "kim+pypi@gumleaf.org" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", - "description": "Accelerated property cache", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } - } - ], + "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", + "description": "Internationalized Domain Names in Applications (IDNA)", "externalReferences": [ { - "url": "https://github.com/aio-libs/propcache", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/propcache/0.2.0/#files", + "url": "https://pypi.org/project/idna/3.10/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/propcache@0.2.0", + "purl": "pkg:pypi/idna@3.10", "properties": [ { "name": "language", @@ -471,6 +491,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-15T18:07:37.000Z" } ] }, @@ -586,6 +610,12 @@ }, "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", + "hashes": [ + { + "alg": "SHA-1", + "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261" + } + ], "licenses": [ { "license": { @@ -616,6 +646,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-01T10:05:52.000Z" } ] }, @@ -832,6 +866,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-10T15:59:06.000Z" } ] }, @@ -880,6 +918,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-07T04:00:36.000Z" } ] }, @@ -1195,6 +1237,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-08-18T20:28:43.000Z" } ] }, @@ -1243,6 +1289,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:42:08.000Z" } ] }, @@ -1291,6 +1341,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:41:42.000Z" } ] }, @@ -1558,6 +1612,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-13T10:01:13.000Z" } ] }, @@ -1780,6 +1838,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-07-20T17:26:29.000Z" } ] }, @@ -1824,6 +1886,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:57:36.000Z" } ] }, @@ -2170,6 +2236,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:20:51.000Z" } ] }, @@ -2218,6 +2288,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-07-08T18:40:00.000Z" } ] }, @@ -2263,6 +2337,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-08T12:29:30.000Z" } ] }, @@ -2330,6 +2408,12 @@ }, "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", + "hashes": [ + { + "alg": "SHA-1", + "content": "73581d8dfc56a24eac6ee32c83e6759b4506bb71" + } + ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2351,6 +2435,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-06T13:57:41.000Z" } ] }, @@ -2447,6 +2535,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-08-06T20:31:40.000Z" } ] }, @@ -2710,6 +2802,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-01T16:43:55.000Z" } ] }, @@ -2900,6 +2996,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-08T09:47:44.000Z" } ] }, @@ -2948,6 +3048,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-12T15:36:24.000Z" } ] }, @@ -3002,6 +3106,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-07-29T12:12:25.000Z" } ] }, @@ -3020,6 +3128,12 @@ }, "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "hashes": [ + { + "alg": "SHA-1", + "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c" + } + ], "licenses": [ { "license": { @@ -3050,6 +3164,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-20T16:43:47.000Z" } ] }, @@ -3104,6 +3222,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-05-29T15:37:47.000Z" } ] }, @@ -3152,6 +3274,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-08-30T01:55:02.000Z" } ] }, @@ -3200,6 +3326,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-09T07:38:02.000Z" } ] }, @@ -3218,6 +3348,12 @@ }, "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/urllib3/2.2.3/#files", @@ -3234,6 +3370,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-12T10:52:16.000Z" } ] }, @@ -3288,6 +3428,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-07-24T21:57:45.000Z" } ] }, @@ -3295,7 +3439,7 @@ "type": "library", "bom-ref": "67-setuptools", "name": "setuptools", - "version": "75.3.0", + "version": "75.5.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3304,16 +3448,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.3.0/#files", + "url": "https://pypi.org/project/setuptools/75.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.3.0", + "purl": "pkg:pypi/setuptools@75.5.0", "properties": [ { "name": "language", @@ -3322,6 +3466,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-13T11:22:04.000Z" } ] }, @@ -3370,6 +3518,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-31T09:47:12.000Z" } ] }, @@ -3452,6 +3604,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-10T15:05:19.000Z" } ] }, @@ -3500,6 +3656,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-07-15T00:13:27.000Z" } ] } @@ -3548,7 +3708,8 @@ "6-attrs", "5-frozenlist", "7-multidict", - "8-yarl" + "8-propcache", + "9-yarl" ] }, { @@ -3558,11 +3719,11 @@ ] }, { - "ref": "8-yarl", + "ref": "9-yarl", "dependsOn": [ - "9-idna", + "10-idna", "7-multidict", - "10-propcache" + "8-propcache" ] }, { @@ -3763,7 +3924,7 @@ "dependsOn": [ "63-certifi", "64-charset-normalizer", - "9-idna", + "10-idna", "65-urllib3" ] }, diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index 132341bedb..495c06d14d 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-780d67c5-e334-4774-85fc-7ad1e1961493 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-babbb628-7d9c-4a26-8587-854eedfee7d8 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-11T00:37:00Z +Created: 2024-11-18T00:37:38Z CreatorComment: This document has been automatically generated. ##### @@ -27,10 +27,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.10.10 +PackageVersion: 3.11.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: NOASSERTION @@ -38,7 +38,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2 ##### PackageName: aiohappyeyeballs @@ -124,24 +124,40 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* ##### +PackageName: propcache +SPDXID: SPDXRef-8-propcache +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/propcache +PackageLicenseDeclared: Apache-2.0 +PackageLicenseConcluded: Apache-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Accelerated property cache +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* +##### + PackageName: yarl -SPDXID: SPDXRef-8-yarl -PackageVersion: 1.17.1 +SPDXID: SPDXRef-9-yarl +PackageVersion: 1.17.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-9-idna +SPDXID: SPDXRef-10-idna PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) @@ -155,22 +171,6 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### -PackageName: propcache -SPDXID: SPDXRef-10-propcache -PackageVersion: 0.2.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/propcache -PackageLicenseDeclared: Apache-2.0 -PackageLicenseConcluded: Apache-2.0 -PackageCopyrightText: NOASSERTION -PackageSummary: Accelerated property cache -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* -##### - PackageName: beautifulsoup4 SPDXID: SPDXRef-11-beautifulsoup4 PackageVersion: 4.12.3 @@ -213,6 +213,7 @@ PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redha PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss +PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. @@ -791,6 +792,7 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds +PackageChecksum: SHA1: 73581d8dfc56a24eac6ee32c83e6759b4506bb71 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1024,6 +1026,7 @@ PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/vsajip/python-gnupg +PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. @@ -1089,6 +1092,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false +PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1116,17 +1120,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-67-setuptools -PackageVersion: 75.3.0 +PackageVersion: 75.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:* ##### PackageName: xmlschema @@ -1236,7 +1240,8 @@ Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-multidict -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-yarl +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-propcache +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-9-yarl Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-22-boto Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-23-google-auth Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-rsa @@ -1292,12 +1297,12 @@ Relationship: SPDXRef-54-rich DEPENDS_ON SPDXRef-57-pygments Relationship: SPDXRef-55-markdown-it-py DEPENDS_ON SPDXRef-56-mdurl Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-58-packaging Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-60-tenacity +Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-10-idna Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-63-certifi Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-64-charset-normalizer Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-65-urllib3 -Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-9-idna Relationship: SPDXRef-68-xmlschema DEPENDS_ON SPDXRef-69-elementpath -Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-10-propcache -Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-7-multidict -Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-9-idna +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-10-idna +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-7-multidict +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-8-propcache Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool From 03186e797cf9f8ed6dd6c1da4d08987e04438fe5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 10:45:13 -0800 Subject: [PATCH 19/22] chore(deps): bump actions/attest-build-provenance from 1.4.3 to 1.4.4 (#4576) Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 1.4.3 to 1.4.4. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/1c608d11d69870c2092266b3f9a6f3abbf17002c...ef244123eb79f2f7a7e75d99086184180e6d0018) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-wheel.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml index f2b0195499..6cf415295b 100644 --- a/.github/workflows/build-wheel.yml +++ b/.github/workflows/build-wheel.yml @@ -44,11 +44,11 @@ jobs: echo "tar=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT echo "whl=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT - name: Attest Build Provenance for tar - uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 + uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4 with: subject-path: "dist/${{ steps.filename.outputs.tar }}" - name: Attest Build Provenance for whl - uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 + uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4 with: subject-path: "dist/${{ steps.filename.outputs.whl }}" # TODO Upload to pypi on release creation From a9c03b6f09b557194696d27e9154d2e615cf1909 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 10:45:44 -0800 Subject: [PATCH 20/22] chore(deps): bump github/codeql-action from 3.27.1 to 3.27.4 (#4575) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.1 to 3.27.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4f3212b61783c3c68e8309a0f18a699764811cda...ea9e4e37992a54ee68a9622e985e60c8e8f12d9f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index aa82ed9ecf..8e21d96eda 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -51,7 +51,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -76,4 +76,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 From 374069a10b9273d854cb489e8652eddffa3259d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 10:47:37 -0800 Subject: [PATCH 21/22] chore(deps): bump codecov/codecov-action from 4.6.0 to 5.0.2 (#4577) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.6.0 to 5.0.2. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238...5c47607acb93fed5485fdbf7232e8a31425f672a) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/testing.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 6ed476bcb6..dbfe66a755 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -339,7 +339,7 @@ jobs: test/test_cvedb.py - name: Upload code coverage to codecov if: env.sbom != 'true' - uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 + uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2 with: files: ./coverage.xml flags: longtests @@ -583,7 +583,7 @@ jobs: - name: Test PDF generation on Windows run: pytest test/test_output_engine.py -k test_output_pdf --cov --cov-append --cov-report=xml --durations=50 - name: Upload code coverage to codecov - uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 + uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2 with: files: ./coverage.xml flags: win-longtests From 28cf48d760aacfa6ccc35dd976a7e575e4d37beb Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Tue, 19 Nov 2024 19:48:18 +0100 Subject: [PATCH 22/22] fix: drop .fr from debian urls (#4533) Drop .fr from debian urls as there is no reason to prefer the French mirror Updated by: sed -i 's/\.fr//g' test/test_data/*py Signed-off-by: Fabrice Fontaine --- test/test_data/acpid.py | 4 ++-- test/test_data/apache_http_server.py | 2 +- test/test_data/apcupsd.py | 4 ++-- test/test_data/apparmor.py | 2 +- test/test_data/asn1c.py | 4 ++-- test/test_data/avahi.py | 2 +- test/test_data/axel.py | 2 +- test/test_data/bind.py | 2 +- test/test_data/bison.py | 4 ++-- test/test_data/bluez.py | 2 +- test/test_data/boinc.py | 2 +- test/test_data/botan.py | 2 +- test/test_data/bro.py | 4 ++-- test/test_data/bwm_ng.py | 2 +- test/test_data/c_ares.py | 2 +- test/test_data/capnproto.py | 2 +- test/test_data/ceph.py | 2 +- test/test_data/chess.py | 4 ++-- test/test_data/chrony.py | 4 ++-- test/test_data/civetweb.py | 2 +- test/test_data/clamav.py | 2 +- test/test_data/collectd.py | 4 ++-- test/test_data/coreutils.py | 2 +- test/test_data/cpio.py | 2 +- test/test_data/cryptsetup.py | 2 +- test/test_data/cvs.py | 4 ++-- test/test_data/dav1d.py | 2 +- test/test_data/davfs2.py | 4 ++-- test/test_data/dbus.py | 2 +- test/test_data/dhclient.py | 2 +- test/test_data/dhcpcd.py | 2 +- test/test_data/dhcpd.py | 2 +- test/test_data/dmidecode.py | 2 +- test/test_data/dnsmasq.py | 2 +- test/test_data/dovecot.py | 2 +- test/test_data/doxygen.py | 2 +- test/test_data/dropbear.py | 2 +- test/test_data/e2fsprogs.py | 4 ++-- test/test_data/ed.py | 2 +- test/test_data/elfutils.py | 4 ++-- test/test_data/exfatprogs.py | 2 +- test/test_data/f2fs_tools.py | 4 ++-- test/test_data/faad2.py | 2 +- test/test_data/fastd.py | 4 ++-- test/test_data/ffmpeg.py | 2 +- test/test_data/file.py | 4 ++-- test/test_data/firefox.py | 2 +- test/test_data/flac.py | 2 +- test/test_data/fluidsynth.py | 4 ++-- test/test_data/freerdp.py | 2 +- test/test_data/fribidi.py | 4 ++-- test/test_data/frr.py | 2 +- test/test_data/gdal.py | 2 +- test/test_data/gdb.py | 4 ++-- test/test_data/gdk_pixbuf.py | 2 +- test/test_data/ghostscript.py | 2 +- test/test_data/git.py | 2 +- test/test_data/glib.py | 2 +- test/test_data/glibc.py | 4 ++-- test/test_data/gmp.py | 4 ++-- test/test_data/go.py | 2 +- test/test_data/gpsd.py | 4 ++-- test/test_data/grep.py | 2 +- test/test_data/grub2.py | 4 ++-- test/test_data/gstreamer.py | 2 +- test/test_data/gvfs.py | 4 ++-- test/test_data/gzip.py | 2 +- test/test_data/harfbuzz.py | 6 +++--- test/test_data/haserl.py | 4 ++-- test/test_data/heimdal.py | 2 +- test/test_data/hwloc.py | 2 +- test/test_data/i2pd.py | 4 ++-- test/test_data/icecast.py | 2 +- test/test_data/iperf3.py | 2 +- test/test_data/ipmitool.py | 2 +- test/test_data/ipsec_tools.py | 2 +- test/test_data/iptables.py | 4 ++-- test/test_data/iucode_tool.py | 4 ++-- test/test_data/iwd.py | 2 +- test/test_data/jack2.py | 2 +- test/test_data/janus.py | 2 +- test/test_data/jhead.py | 4 ++-- test/test_data/jq.py | 4 ++-- test/test_data/json_c.py | 4 ++-- test/test_data/keepalived.py | 4 ++-- test/test_data/kerberos.py | 2 +- test/test_data/kodi.py | 2 +- test/test_data/kubernetes.py | 2 +- test/test_data/ldns.py | 2 +- test/test_data/lftp.py | 4 ++-- test/test_data/libass.py | 2 +- test/test_data/libcoap.py | 4 ++-- test/test_data/libconfuse.py | 2 +- test/test_data/libde265.py | 2 +- test/test_data/libevent.py | 2 +- test/test_data/libgd.py | 2 +- test/test_data/libgit2.py | 4 ++-- test/test_data/libheif.py | 2 +- test/test_data/libidn2.py | 4 ++-- test/test_data/libinput.py | 2 +- test/test_data/libjpeg.py | 2 +- test/test_data/libjpeg_turbo.py | 2 +- test/test_data/libksba.py | 2 +- test/test_data/libmatroska.py | 4 ++-- test/test_data/libmemcached.py | 4 ++-- test/test_data/libmicrohttpd.py | 2 +- test/test_data/libmodbus.py | 2 +- test/test_data/libopenmpt.py | 2 +- test/test_data/libpcap.py | 4 ++-- test/test_data/libraw.py | 4 ++-- test/test_data/librsync.py | 4 ++-- test/test_data/libsamplerate.py | 4 ++-- test/test_data/libssh.py | 4 ++-- test/test_data/libtasn1.py | 2 +- test/test_data/libtiff.py | 2 +- test/test_data/libtomcrypt.py | 4 ++-- test/test_data/libupnp.py | 2 +- test/test_data/libuv.py | 2 +- test/test_data/libvips.py | 2 +- test/test_data/libvirt.py | 2 +- test/test_data/libvorbis.py | 4 ++-- test/test_data/libvpx.py | 2 +- test/test_data/libyaml.py | 2 +- test/test_data/linux_kernel.py | 4 ++-- test/test_data/lldpd.py | 4 ++-- test/test_data/logrotate.py | 2 +- test/test_data/lrzip.py | 2 +- test/test_data/lxc.py | 4 ++-- test/test_data/lynx.py | 2 +- test/test_data/lz4.py | 4 ++-- test/test_data/mailx.py | 4 ++-- test/test_data/mbedtls.py | 2 +- test/test_data/mdadm.py | 2 +- test/test_data/micropython.py | 2 +- test/test_data/minetest.py | 2 +- test/test_data/mini_httpd.py | 2 +- test/test_data/minicom.py | 4 ++-- test/test_data/minidlna.py | 4 ++-- test/test_data/modsecurity.py | 2 +- test/test_data/monit.py | 2 +- test/test_data/motion.py | 4 ++-- test/test_data/mpg123.py | 2 +- test/test_data/mpv.py | 4 ++-- test/test_data/msmtp.py | 2 +- test/test_data/mupdf.py | 2 +- test/test_data/mutt.py | 4 ++-- test/test_data/nano.py | 2 +- test/test_data/nasm.py | 2 +- test/test_data/nbd.py | 4 ++-- test/test_data/neon.py | 2 +- test/test_data/netatalk.py | 4 ++-- test/test_data/netdata.py | 2 +- test/test_data/netkit_ftp.py | 2 +- test/test_data/netpbm.py | 4 ++-- test/test_data/nghttp2.py | 4 ++-- test/test_data/nginx.py | 2 +- test/test_data/ngircd.py | 2 +- test/test_data/nmap.py | 2 +- test/test_data/node.py | 2 +- test/test_data/ntfs_3g.py | 2 +- test/test_data/ntpsec.py | 2 +- test/test_data/open_iscsi.py | 2 +- test/test_data/opencv.py | 4 ++-- test/test_data/openjpeg.py | 2 +- test/test_data/opensc.py | 2 +- test/test_data/openssh.py | 2 +- test/test_data/pango.py | 2 +- test/test_data/patch.py | 4 ++-- test/test_data/pcre2.py | 2 +- test/test_data/perl.py | 2 +- test/test_data/php.py | 2 +- test/test_data/picocom.py | 2 +- test/test_data/pigz.py | 2 +- test/test_data/pixman.py | 2 +- test/test_data/png.py | 2 +- test/test_data/ppp.py | 4 ++-- test/test_data/privoxy.py | 4 ++-- test/test_data/procps_ng.py | 2 +- test/test_data/protobuf_c.py | 2 +- test/test_data/pure_ftpd.py | 2 +- test/test_data/putty.py | 2 +- test/test_data/python.py | 4 ++-- test/test_data/qemu.py | 2 +- test/test_data/qpdf.py | 2 +- test/test_data/quagga.py | 4 ++-- test/test_data/radvd.py | 2 +- test/test_data/raptor.py | 4 ++-- test/test_data/rauc.py | 4 ++-- test/test_data/rdesktop.py | 4 ++-- test/test_data/readline.py | 2 +- test/test_data/rpm.py | 2 +- test/test_data/rsync.py | 2 +- test/test_data/rtl_433.py | 2 +- test/test_data/rtmpdump.py | 2 +- test/test_data/runc.py | 2 +- test/test_data/sdl.py | 2 +- test/test_data/shadowsocks_libev.py | 4 ++-- test/test_data/snapd.py | 2 +- test/test_data/sngrep.py | 2 +- test/test_data/snort.py | 4 ++-- test/test_data/socat.py | 4 ++-- test/test_data/sofia_sip.py | 4 ++-- test/test_data/speex.py | 2 +- test/test_data/spice.py | 4 ++-- test/test_data/squashfs.py | 4 ++-- test/test_data/squid.py | 4 ++-- test/test_data/sslh.py | 2 +- test/test_data/stellarium.py | 2 +- test/test_data/sudo.py | 2 +- test/test_data/sylpheed.py | 2 +- test/test_data/sysstat.py | 2 +- test/test_data/tar.py | 2 +- test/test_data/tcpdump.py | 6 +++--- test/test_data/tcpreplay.py | 2 +- test/test_data/terminology.py | 2 +- test/test_data/tesseract.py | 2 +- test/test_data/thrift.py | 4 ++-- test/test_data/thunderbird.py | 2 +- test/test_data/tinyproxy.py | 4 ++-- test/test_data/tor.py | 2 +- test/test_data/tpm2_tss.py | 2 +- test/test_data/traceroute.py | 2 +- test/test_data/transmission.py | 4 ++-- test/test_data/ttyd.py | 2 +- test/test_data/u_boot.py | 4 ++-- test/test_data/udisks.py | 2 +- test/test_data/unbound.py | 2 +- test/test_data/unixodbc.py | 2 +- test/test_data/upx.py | 2 +- test/test_data/util_linux.py | 4 ++-- test/test_data/vlc.py | 2 +- test/test_data/vorbis_tools.py | 2 +- test/test_data/vsftpd.py | 4 ++-- test/test_data/wireshark.py | 2 +- test/test_data/wolfssl.py | 4 ++-- test/test_data/xscreensaver.py | 2 +- test/test_data/xwayland.py | 2 +- test/test_data/yasm.py | 2 +- test/test_data/zabbix.py | 2 +- test/test_data/zchunk.py | 2 +- test/test_data/zeek.py | 2 +- test/test_data/znc.py | 2 +- test/test_data/zstandard.py | 2 +- 243 files changed, 328 insertions(+), 328 deletions(-) diff --git a/test/test_data/acpid.py b/test/test_data/acpid.py index 944b7f84cc..afb0e3091a 100644 --- a/test/test_data/acpid.py +++ b/test/test_data/acpid.py @@ -18,13 +18,13 @@ "version": "2.0.34", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/acpid/", + "url": "http://ftp.debian.org/debian/pool/main/a/acpid/", "package_name": "acpid_2.0.23-2_amd64.deb", "product": "acpid2", "version": "2.0.23", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/acpid/", + "url": "http://ftp.debian.org/debian/pool/main/a/acpid/", "package_name": "acpid_2.0.23-2_armel.deb", "product": "acpid2", "version": "2.0.23", diff --git a/test/test_data/apache_http_server.py b/test/test_data/apache_http_server.py index 7f3c8d08fb..c1f28b88fd 100644 --- a/test/test_data/apache_http_server.py +++ b/test/test_data/apache_http_server.py @@ -17,7 +17,7 @@ "version": "2.4.51", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/apache2/", + "url": "http://ftp.debian.org/debian/pool/main/a/apache2/", "package_name": "apache2-bin_2.4.10-10+deb8u12_amd64.deb", "product": "http_server", "version": "2.4.10", diff --git a/test/test_data/apcupsd.py b/test/test_data/apcupsd.py index 42060ded21..bf0fee56f0 100644 --- a/test/test_data/apcupsd.py +++ b/test/test_data/apcupsd.py @@ -22,13 +22,13 @@ "version": "3.14.14", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/apcupsd/", + "url": "http://ftp.debian.org/debian/pool/main/a/apcupsd/", "package_name": "apcupsd_3.14.12-1.1_amd64.deb", "product": "apcupsd", "version": "3.14.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/apcupsd/", + "url": "http://ftp.debian.org/debian/pool/main/a/apcupsd/", "package_name": "apcupsd_3.14.12-1.1_armel.deb", "product": "apcupsd", "version": "3.14.12", diff --git a/test/test_data/apparmor.py b/test/test_data/apparmor.py index bea99f5f4f..1e4b987715 100644 --- a/test/test_data/apparmor.py +++ b/test/test_data/apparmor.py @@ -10,7 +10,7 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/apparmor/", + "url": "http://ftp.debian.org/debian/pool/main/a/apparmor/", "package_name": "apparmor_2.9.0-3_amd64.deb", "product": "apparmor", "version": "2.9.0", diff --git a/test/test_data/asn1c.py b/test/test_data/asn1c.py index d482ff606d..64edbc351e 100644 --- a/test/test_data/asn1c.py +++ b/test/test_data/asn1c.py @@ -18,13 +18,13 @@ "version": "0.9.28", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/asn1c/", + "url": "http://ftp.debian.org/debian/pool/main/a/asn1c/", "package_name": "asn1c_0.9.24+dfsg-1_amd64.deb", "product": "asn1c", "version": "0.9.24", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/asn1c/", + "url": "http://ftp.debian.org/debian/pool/main/a/asn1c/", "package_name": "asn1c_0.9.24+dfsg-1_armel.deb", "product": "asn1c", "version": "0.9.24", diff --git a/test/test_data/avahi.py b/test/test_data/avahi.py index b19926e3bd..2667c32c77 100644 --- a/test/test_data/avahi.py +++ b/test/test_data/avahi.py @@ -25,7 +25,7 @@ "version": "0.6.31", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/avahi/", + "url": "http://ftp.debian.org/debian/pool/main/a/avahi/", "package_name": "avahi-daemon_0.6.31-5_amd64.deb", "product": "avahi", "version": "0.6.31", diff --git a/test/test_data/axel.py b/test/test_data/axel.py index 07a12b0522..48e083433c 100644 --- a/test/test_data/axel.py +++ b/test/test_data/axel.py @@ -12,7 +12,7 @@ "version": "2.17.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/axel/", + "url": "http://ftp.debian.org/debian/pool/main/a/axel/", "package_name": "axel_2.16.1-4_amd64.deb", "product": "axel", "version": "2.16.1", diff --git a/test/test_data/bind.py b/test/test_data/bind.py index 0bdcb4a6ac..e70d8e5221 100644 --- a/test/test_data/bind.py +++ b/test/test_data/bind.py @@ -24,7 +24,7 @@ "version": "9.11.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/bind9/", + "url": "http://ftp.debian.org/debian/pool/main/b/bind9/", "package_name": "bind9-libs_9.16.27-1~deb11u1~bpo10+1_amd64.deb", "product": "bind", "version": "9.16.27", diff --git a/test/test_data/bison.py b/test/test_data/bison.py index 18567a9aa9..0d76a7b126 100644 --- a/test/test_data/bison.py +++ b/test/test_data/bison.py @@ -18,13 +18,13 @@ "version": "3.8.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/bison/", + "url": "http://ftp.debian.org/debian/pool/main/b/bison/", "package_name": "bison_3.0.2.dfsg-2_amd64.deb", "product": "bison", "version": "3.0.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/bison/", + "url": "http://ftp.debian.org/debian/pool/main/b/bison/", "package_name": "bison_3.0.2.dfsg-2_armel.deb", "product": "bison", "version": "3.0.2", diff --git a/test/test_data/bluez.py b/test/test_data/bluez.py index b3d2ae8f68..6ffaaed843 100644 --- a/test/test_data/bluez.py +++ b/test/test_data/bluez.py @@ -19,7 +19,7 @@ "version": "5.66", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/bluez/", + "url": "http://ftp.debian.org/debian/pool/main/b/bluez/", "package_name": "bluez_5.50-1.2~deb10u2_amd64.deb", "product": "bluez", "version": "5.50", diff --git a/test/test_data/boinc.py b/test/test_data/boinc.py index 26370eca4f..16e20dbc8a 100644 --- a/test/test_data/boinc.py +++ b/test/test_data/boinc.py @@ -13,7 +13,7 @@ "version": "7.20.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/boinc/", + "url": "http://ftp.debian.org/debian/pool/main/b/boinc/", "package_name": "boinc-client_7.10.2+dfsg-2~bpo9+1_amd64.deb", "product": "boinc", "version": "7.10.2", diff --git a/test/test_data/botan.py b/test/test_data/botan.py index 37ce16c503..df1e2888e7 100644 --- a/test/test_data/botan.py +++ b/test/test_data/botan.py @@ -12,7 +12,7 @@ "version": "2.19.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/botan/", + "url": "http://ftp.debian.org/debian/pool/main/b/botan/", "package_name": "libbotan-2-4_2.4.0-5~bpo9+1_amd64.deb", "product": "botan", "version": "2.4.0", diff --git a/test/test_data/bro.py b/test/test_data/bro.py index dd1e1484b7..f10ffc4544 100644 --- a/test/test_data/bro.py +++ b/test/test_data/bro.py @@ -14,13 +14,13 @@ "other_products": ["sqlite"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/bro/", + "url": "http://ftp.debian.org/debian/pool/main/b/bro/", "package_name": "bro_2.5-1_amd64.deb", "product": "bro", "version": "2.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/bro/", + "url": "http://ftp.debian.org/debian/pool/main/b/bro/", "package_name": "bro_2.5.5-1+deb10u1_arm64.deb", "product": "bro", "version": "2.5.5", diff --git a/test/test_data/bwm_ng.py b/test/test_data/bwm_ng.py index 36ec23cc83..8191aa4314 100644 --- a/test/test_data/bwm_ng.py +++ b/test/test_data/bwm_ng.py @@ -12,7 +12,7 @@ "version": "0.6.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/bwm-ng/", + "url": "http://ftp.debian.org/debian/pool/main/b/bwm-ng/", "package_name": "bwm-ng_0.6.1-6_amd64.deb", "product": "bwm-ng", "version": "0.6.1", diff --git a/test/test_data/c_ares.py b/test/test_data/c_ares.py index 04cd7198d7..10e2bdce70 100644 --- a/test/test_data/c_ares.py +++ b/test/test_data/c_ares.py @@ -25,7 +25,7 @@ "version": "1.17.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/c-ares/", + "url": "http://ftp.debian.org/debian/pool/main/c/c-ares/", "package_name": "libc-ares2_1.10.0-2%2Bdeb8u2_amd64.deb", "product": "c-ares", "version": "1.10.0", diff --git a/test/test_data/capnproto.py b/test/test_data/capnproto.py index 1c8f42de3e..887db158d6 100644 --- a/test/test_data/capnproto.py +++ b/test/test_data/capnproto.py @@ -17,7 +17,7 @@ "version": "0.10.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/capnproto/", + "url": "http://ftp.debian.org/debian/pool/main/c/capnproto/", "package_name": "libcapnp-0.5.3_0.5.3-2_amd64.deb", "product": "capnproto", "version": "0.5.3", diff --git a/test/test_data/ceph.py b/test/test_data/ceph.py index 16524d6a60..edbd364d3c 100644 --- a/test/test_data/ceph.py +++ b/test/test_data/ceph.py @@ -13,7 +13,7 @@ "version": "18.2.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/ceph/", + "url": "http://ftp.debian.org/debian/pool/main/c/ceph/", "package_name": "ceph-base_12.2.11+dfsg1-2.1+b1_amd64.deb", "product": "ceph", "version": "12.2.11", diff --git a/test/test_data/chess.py b/test/test_data/chess.py index 2ecbd0eb75..a3c5926c1b 100644 --- a/test/test_data/chess.py +++ b/test/test_data/chess.py @@ -18,13 +18,13 @@ "version": "6.2.9", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gnuchess/", + "url": "http://ftp.debian.org/debian/pool/main/g/gnuchess/", "package_name": "gnuchess_6.1.2-1_amd64.deb", "product": "chess", "version": "6.1.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gnuchess/", + "url": "http://ftp.debian.org/debian/pool/main/g/gnuchess/", "package_name": "gnuchess_6.1.2-1_armel.deb", "product": "chess", "version": "6.1.2", diff --git a/test/test_data/chrony.py b/test/test_data/chrony.py index 52d1d247c4..9727407813 100644 --- a/test/test_data/chrony.py +++ b/test/test_data/chrony.py @@ -7,13 +7,13 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/chrony/", + "url": "http://ftp.debian.org/debian/pool/main/c/chrony/", "package_name": "chrony_1.30-2+deb8u2_amd64.deb", "product": "chrony", "version": "1.30", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/chrony/", + "url": "http://ftp.debian.org/debian/pool/main/c/chrony/", "package_name": "chrony_1.30-2+deb8u2_armel.deb", "product": "chrony", "version": "1.30", diff --git a/test/test_data/civetweb.py b/test/test_data/civetweb.py index ebbc98a12e..3a26c673a7 100644 --- a/test/test_data/civetweb.py +++ b/test/test_data/civetweb.py @@ -12,7 +12,7 @@ "version": "1.16", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/civetweb/", + "url": "http://ftp.debian.org/debian/pool/main/c/civetweb/", "package_name": "libcivetweb1_1.13+dfsg-5_amd64.deb", "product": "civetweb", "version": "1.13", diff --git a/test/test_data/clamav.py b/test/test_data/clamav.py index 76d7551a17..829ac25d29 100644 --- a/test/test_data/clamav.py +++ b/test/test_data/clamav.py @@ -27,7 +27,7 @@ "other_products": ["rust"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/clamav/", + "url": "http://ftp.debian.org/debian/pool/main/c/clamav/", "package_name": "clamav_0.102.3+dfsg-0~deb9u1_arm64.deb", "product": "clamav", "version": "0.102.3", diff --git a/test/test_data/collectd.py b/test/test_data/collectd.py index 4daaf4afb5..c0be1a8786 100644 --- a/test/test_data/collectd.py +++ b/test/test_data/collectd.py @@ -18,13 +18,13 @@ "version": "5.12.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/collectd/", + "url": "http://ftp.debian.org/debian/pool/main/c/collectd/", "package_name": "collectd-core_5.11.0-7~bpo9+1_amd64.deb", "product": "collectd", "version": "5.11.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/collectd/", + "url": "http://ftp.debian.org/debian/pool/main/c/collectd/", "package_name": "collectd-core_5.11.0-7~bpo9+1_arm64.deb", "product": "collectd", "version": "5.11.0", diff --git a/test/test_data/coreutils.py b/test/test_data/coreutils.py index fcd78ddf10..2908fc631d 100644 --- a/test/test_data/coreutils.py +++ b/test/test_data/coreutils.py @@ -13,7 +13,7 @@ "version": "9.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/coreutils/", + "url": "http://ftp.debian.org/debian/pool/main/c/coreutils/", "package_name": "coreutils_8.30-3_amd64.deb", "product": "coreutils", "version": "8.30", diff --git a/test/test_data/cpio.py b/test/test_data/cpio.py index ea291e59b7..ea2674b959 100644 --- a/test/test_data/cpio.py +++ b/test/test_data/cpio.py @@ -12,7 +12,7 @@ "version": "2.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/cpio/", + "url": "http://ftp.debian.org/debian/pool/main/c/cpio/", "package_name": "cpio_2.12+dfsg-9_amd64.deb", "product": "cpio", "version": "2.12", diff --git a/test/test_data/cryptsetup.py b/test/test_data/cryptsetup.py index 018e788f5e..bdb5f837d0 100644 --- a/test/test_data/cryptsetup.py +++ b/test/test_data/cryptsetup.py @@ -35,7 +35,7 @@ "version": "2.0.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/cryptsetup/", + "url": "http://ftp.debian.org/debian/pool/main/c/cryptsetup/", "package_name": "libcryptsetup12_2.1.0-5+deb10u2_arm64.deb", "product": "cryptsetup", "version": "2.1.0", diff --git a/test/test_data/cvs.py b/test/test_data/cvs.py index 2154618302..854e7ba5cb 100644 --- a/test/test_data/cvs.py +++ b/test/test_data/cvs.py @@ -22,13 +22,13 @@ "version": "1.12.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/cvs/", + "url": "http://ftp.debian.org/debian/pool/main/c/cvs/", "package_name": "cvs_1.12.13+real-15+deb8u1_amd64.deb", "product": "cvs", "version": "1.12.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/cvs/", + "url": "http://ftp.debian.org/debian/pool/main/c/cvs/", "package_name": "cvs_1.12.13+real-15+deb8u1_armel.deb", "product": "cvs", "version": "1.12.13", diff --git a/test/test_data/dav1d.py b/test/test_data/dav1d.py index da0d8bb29d..92dd59748f 100644 --- a/test/test_data/dav1d.py +++ b/test/test_data/dav1d.py @@ -12,7 +12,7 @@ "version": "1.2.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/dav1d/", + "url": "http://ftp.debian.org/debian/pool/main/d/dav1d/", "package_name": "dav1d_0.7.1-3_amd64.deb", "product": "dav1d", "version": "0.7.1", diff --git a/test/test_data/davfs2.py b/test/test_data/davfs2.py index a37c94b2e9..e52faf59e8 100644 --- a/test/test_data/davfs2.py +++ b/test/test_data/davfs2.py @@ -18,13 +18,13 @@ "version": "1.6.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/davfs2/", + "url": "http://ftp.debian.org/debian/pool/main/d/davfs2/", "package_name": "davfs2_1.5.2-1_amd64.deb", "product": "davfs2", "version": "1.5.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/davfs2/", + "url": "http://ftp.debian.org/debian/pool/main/d/davfs2/", "package_name": "davfs2_1.5.2-1_armel.deb", "product": "davfs2", "version": "1.5.2", diff --git a/test/test_data/dbus.py b/test/test_data/dbus.py index c04dc2d6dc..88cfad5517 100644 --- a/test/test_data/dbus.py +++ b/test/test_data/dbus.py @@ -37,7 +37,7 @@ "other_products": ["libdbus"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/dbus/", + "url": "http://ftp.debian.org/debian/pool/main/d/dbus/", "package_name": "dbus_1.8.22-0+deb8u1_amd64.deb", "product": "dbus", "version": "1.8.22", diff --git a/test/test_data/dhclient.py b/test/test_data/dhclient.py index bc6fb47f64..af4a198544 100644 --- a/test/test_data/dhclient.py +++ b/test/test_data/dhclient.py @@ -13,7 +13,7 @@ "version": "4.4.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/isc-dhcp/", + "url": "http://ftp.debian.org/debian/pool/main/i/isc-dhcp/", "package_name": "isc-dhcp-client_4.3.1-6+deb8u3_amd64.deb", "product": "dhcp", "version": "4.3.1", diff --git a/test/test_data/dhcpcd.py b/test/test_data/dhcpcd.py index 7fc809c9c2..aa45271d13 100644 --- a/test/test_data/dhcpcd.py +++ b/test/test_data/dhcpcd.py @@ -12,7 +12,7 @@ "version": "9.4.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/dhcpcd5/", + "url": "http://ftp.debian.org/debian/pool/main/d/dhcpcd5/", "package_name": "dhcpcd5_7.1.0-2+b1_amd64.deb", "product": "dhcpcd", "version": "7.1.0", diff --git a/test/test_data/dhcpd.py b/test/test_data/dhcpd.py index af05fdcb4a..cfb13a37ba 100644 --- a/test/test_data/dhcpd.py +++ b/test/test_data/dhcpd.py @@ -18,7 +18,7 @@ "other_products": ["dhcp"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/isc-dhcp/", + "url": "http://ftp.debian.org/debian/pool/main/i/isc-dhcp/", "package_name": "isc-dhcp-server_4.3.5-3+deb9u1_arm64.deb", "product": "dhcpd", "version": "4.3.5", diff --git a/test/test_data/dmidecode.py b/test/test_data/dmidecode.py index eda89711af..72f61d21cb 100644 --- a/test/test_data/dmidecode.py +++ b/test/test_data/dmidecode.py @@ -13,7 +13,7 @@ "version": "3.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/dmidecode/", + "url": "http://ftp.debian.org/debian/pool/main/d/dmidecode/", "package_name": "dmidecode_3.0-4_amd64.deb", "product": "dmidecode", "version": "3.0", diff --git a/test/test_data/dnsmasq.py b/test/test_data/dnsmasq.py index 72e507256a..a47499252c 100644 --- a/test/test_data/dnsmasq.py +++ b/test/test_data/dnsmasq.py @@ -36,7 +36,7 @@ "version": "2.84", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/dnsmasq/", + "url": "http://ftp.debian.org/debian/pool/main/d/dnsmasq/", "package_name": "dnsmasq-base_2.72-3+deb8u2_amd64.deb", "product": "dnsmasq", "version": "2.72", diff --git a/test/test_data/dovecot.py b/test/test_data/dovecot.py index 653990acd4..77730ca144 100644 --- a/test/test_data/dovecot.py +++ b/test/test_data/dovecot.py @@ -39,7 +39,7 @@ "version": "2.3.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/dovecot/", + "url": "http://ftp.debian.org/debian/pool/main/d/dovecot/", "package_name": "dovecot-core_2.3.21.1%2Bdfsg1-1_arm64.deb", "product": "dovecot", "version": "2.3.21.1", diff --git a/test/test_data/doxygen.py b/test/test_data/doxygen.py index ad6af79ba8..7324064a5f 100644 --- a/test/test_data/doxygen.py +++ b/test/test_data/doxygen.py @@ -12,7 +12,7 @@ "version": "1.9.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/doxygen/", + "url": "http://ftp.debian.org/debian/pool/main/d/doxygen/", "package_name": "doxygen_1.8.13-4+b1_amd64.deb", "product": "doxygen", "version": "1.8.13", diff --git a/test/test_data/dropbear.py b/test/test_data/dropbear.py index 51ed10621d..7eb09d95d6 100644 --- a/test/test_data/dropbear.py +++ b/test/test_data/dropbear.py @@ -21,7 +21,7 @@ "version": "2022.82", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/dropbear/", + "url": "http://ftp.debian.org/debian/pool/main/d/dropbear/", "package_name": "dropbear_2014.65-1+deb8u2_amd64.deb", "product": "dropbear_ssh", "version": "2014.65", diff --git a/test/test_data/e2fsprogs.py b/test/test_data/e2fsprogs.py index 7778ddb3d0..1b08287514 100644 --- a/test/test_data/e2fsprogs.py +++ b/test/test_data/e2fsprogs.py @@ -37,13 +37,13 @@ "version": "1.46.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/e/e2fsprogs/", + "url": "http://ftp.debian.org/debian/pool/main/e/e2fsprogs/", "package_name": "e2fsprogs_1.42.12-2+b1_amd64.deb", "product": "e2fsprogs", "version": "1.42.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/e/e2fsprogs/", + "url": "http://ftp.debian.org/debian/pool/main/e/e2fsprogs/", "package_name": "libext2fs2_1.46.2-2_arm64.deb", "product": "e2fsprogs", "version": "1.46.2", diff --git a/test/test_data/ed.py b/test/test_data/ed.py index 1d625753f9..31ae953d2e 100644 --- a/test/test_data/ed.py +++ b/test/test_data/ed.py @@ -13,7 +13,7 @@ "version": "1.19", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/e/ed/", + "url": "http://ftp.debian.org/debian/pool/main/e/ed/", "package_name": "ed_1.15-1_amd64.deb", "product": "ed", "version": "1.15", diff --git a/test/test_data/elfutils.py b/test/test_data/elfutils.py index 797874c0d4..7870e3db55 100644 --- a/test/test_data/elfutils.py +++ b/test/test_data/elfutils.py @@ -19,13 +19,13 @@ "version": "0.187", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/e/elfutils/", + "url": "http://ftp.debian.org/debian/pool/main/e/elfutils/", "package_name": "elfutils_0.159-4.2_amd64.deb", "product": "elfutils", "version": "0.159", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/e/elfutils/", + "url": "http://ftp.debian.org/debian/pool/main/e/elfutils/", "package_name": "elfutils_0.159-4.2_armel.deb", "product": "elfutils", "version": "0.159", diff --git a/test/test_data/exfatprogs.py b/test/test_data/exfatprogs.py index c005e37e6f..1d09b90a3b 100644 --- a/test/test_data/exfatprogs.py +++ b/test/test_data/exfatprogs.py @@ -16,7 +16,7 @@ "version": "1.2.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/e/exfatprogs/", + "url": "http://ftp.debian.org/debian/pool/main/e/exfatprogs/", "package_name": "exfatprogs_1.1.0-1_amd64.deb", "product": "exfatprogs", "version": "1.1.0", diff --git a/test/test_data/f2fs_tools.py b/test/test_data/f2fs_tools.py index 3568d1c451..b7ece93dcf 100644 --- a/test/test_data/f2fs_tools.py +++ b/test/test_data/f2fs_tools.py @@ -21,13 +21,13 @@ "version": "1.15.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/f2fs-tools/", + "url": "http://ftp.debian.org/debian/pool/main/f/f2fs-tools/", "package_name": "f2fs-tools_1.4.0-2_amd64.deb", "product": "f2fs-tools", "version": "1.4.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/f2fs-tools/", + "url": "http://ftp.debian.org/debian/pool/main/f/f2fs-tools/", "package_name": "f2fs-tools_1.15.0-1_amd64.deb", "product": "f2fs-tools", "version": "1.15.0", diff --git a/test/test_data/faad2.py b/test/test_data/faad2.py index 86ea85550f..8c25cb887b 100644 --- a/test/test_data/faad2.py +++ b/test/test_data/faad2.py @@ -25,7 +25,7 @@ "version": "2.10.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/faad2/", + "url": "http://ftp.debian.org/debian/pool/main/f/faad2/", "package_name": "libfaad2_2.10.0-1_amd64.deb", "product": "freeware_advanced_audio_decoder_2", "version": "2.10.0", diff --git a/test/test_data/fastd.py b/test/test_data/fastd.py index bd5fabd782..06629b8cb8 100644 --- a/test/test_data/fastd.py +++ b/test/test_data/fastd.py @@ -18,13 +18,13 @@ "version": "22", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/fastd/", + "url": "http://ftp.debian.org/debian/pool/main/f/fastd/", "package_name": "fastd_18-2+b1_amd64.deb", "product": "fastd", "version": "18", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/fastd/", + "url": "http://ftp.debian.org/debian/pool/main/f/fastd/", "package_name": "fastd_18-2+b1_arm64.deb", "product": "fastd", "version": "18", diff --git a/test/test_data/ffmpeg.py b/test/test_data/ffmpeg.py index fcff6cd8a5..9300de70e6 100644 --- a/test/test_data/ffmpeg.py +++ b/test/test_data/ffmpeg.py @@ -37,7 +37,7 @@ "version": "4.3.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/ffmpeg/", + "url": "http://ftp.debian.org/debian/pool/main/f/ffmpeg/", "package_name": "ffmpeg_3.2.14-1~deb9u1_amd64.deb", "product": "ffmpeg", "version": "3.2.14", diff --git a/test/test_data/file.py b/test/test_data/file.py index 34df1faa66..3a24d7a7a1 100644 --- a/test/test_data/file.py +++ b/test/test_data/file.py @@ -23,13 +23,13 @@ "version": "5.43", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/file/", + "url": "http://ftp.debian.org/debian/pool/main/f/file/", "package_name": "file_5.22+15-2+deb8u4_amd64.deb", "product": "file", "version": "5.22", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/file/", + "url": "http://ftp.debian.org/debian/pool/main/f/file/", "package_name": "file_5.22+15-2+deb8u4_armel.deb", "product": "file", "version": "5.22", diff --git a/test/test_data/firefox.py b/test/test_data/firefox.py index 737a3bb99c..1a8368aeeb 100644 --- a/test/test_data/firefox.py +++ b/test/test_data/firefox.py @@ -24,7 +24,7 @@ ], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/firefox/", + "url": "http://ftp.debian.org/debian/pool/main/f/firefox/", "package_name": "firefox_83.0-1_mipsel.deb", "product": "firefox", "version": "83.0", diff --git a/test/test_data/flac.py b/test/test_data/flac.py index 4dead22efa..d29437dee7 100644 --- a/test/test_data/flac.py +++ b/test/test_data/flac.py @@ -17,7 +17,7 @@ "version": "1.4.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/flac/", + "url": "http://ftp.debian.org/debian/pool/main/f/flac/", "package_name": "libflac8_1.3.0-3_amd64.deb", "product": "flac", "version": "1.3.0", diff --git a/test/test_data/fluidsynth.py b/test/test_data/fluidsynth.py index 41c843c8de..5b71ec0743 100644 --- a/test/test_data/fluidsynth.py +++ b/test/test_data/fluidsynth.py @@ -26,13 +26,13 @@ "version": "2.3.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/fluidsynth/", + "url": "http://ftp.debian.org/debian/pool/main/f/fluidsynth/", "package_name": "fluidsynth_1.1.11-1+deb10u1_amd64.deb", "product": "fluidsynth", "version": "1.1.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/fluidsynth/", + "url": "http://ftp.debian.org/debian/pool/main/f/fluidsynth/", "package_name": "libfluidsynth1_1.1.11-1+deb10u1_arm64.deb", "product": "fluidsynth", "version": "1.1.11", diff --git a/test/test_data/freerdp.py b/test/test_data/freerdp.py index 1c65d2223b..60eba373a3 100644 --- a/test/test_data/freerdp.py +++ b/test/test_data/freerdp.py @@ -13,7 +13,7 @@ "version": "2.8.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/freerdp2/", + "url": "http://ftp.debian.org/debian/pool/main/f/freerdp2/", "package_name": "libfreerdp-client2-2_2.0.0~git20190204.1.2693389a%2Bdfsg1-1~bpo9%2B1_amd64.deb", "product": "freerdp", "version": "2.0.0", diff --git a/test/test_data/fribidi.py b/test/test_data/fribidi.py index d7eb3396c5..fdd14f6b41 100644 --- a/test/test_data/fribidi.py +++ b/test/test_data/fribidi.py @@ -17,13 +17,13 @@ "version": "0.10.7", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/fribidi/", + "url": "http://ftp.debian.org/debian/pool/main/f/fribidi/", "package_name": "libfribidi0_0.19.6-3_amd64.deb", "product": "fribidi", "version": "0.19.6", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/fribidi/", + "url": "http://ftp.debian.org/debian/pool/main/f/fribidi/", "package_name": "libfribidi0_1.0.8-2.1_mips64el.deb", "product": "fribidi", "version": "1.0.8", diff --git a/test/test_data/frr.py b/test/test_data/frr.py index f1a3fc2791..2b83bbd637 100644 --- a/test/test_data/frr.py +++ b/test/test_data/frr.py @@ -21,7 +21,7 @@ "version": "8.4.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/frr/", + "url": "http://ftp.debian.org/debian/pool/main/f/frr/", "package_name": "frr_6.0.2-2+deb10u1_amd64.deb", "product": "free_range_routing", "version": "6.0.2", diff --git a/test/test_data/gdal.py b/test/test_data/gdal.py index 74e4438f35..54052b24fe 100644 --- a/test/test_data/gdal.py +++ b/test/test_data/gdal.py @@ -12,7 +12,7 @@ "version": "3.7.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gdal/", + "url": "http://ftp.debian.org/debian/pool/main/g/gdal/", "package_name": "libgdal20_2.4.0+dfsg-1+b1_amd64.deb", "product": "gdal", "version": "2.4.0", diff --git a/test/test_data/gdb.py b/test/test_data/gdb.py index b150527f36..b220cb4077 100644 --- a/test/test_data/gdb.py +++ b/test/test_data/gdb.py @@ -13,13 +13,13 @@ "version": "12.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gdb/", + "url": "http://ftp.debian.org/debian/pool/main/g/gdb/", "package_name": "gdb_7.12-6_amd64.deb", "product": "gdb", "version": "7.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gdb/", + "url": "http://ftp.debian.org/debian/pool/main/g/gdb/", "package_name": "gdb_8.2.1-2+b3_mips64el.deb", "product": "gdb", "version": "8.2.1", diff --git a/test/test_data/gdk_pixbuf.py b/test/test_data/gdk_pixbuf.py index c05a68ec9d..2918ec0e45 100644 --- a/test/test_data/gdk_pixbuf.py +++ b/test/test_data/gdk_pixbuf.py @@ -16,7 +16,7 @@ "version": "2.42.10", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gdk-pixbuf/", + "url": "http://ftp.debian.org/debian/pool/main/g/gdk-pixbuf/", "package_name": "libgdk-pixbuf2.0-0_2.38.1+dfsg-1_amd64.deb", "product": "gdk-pixbuf", "version": "2.38.1", diff --git a/test/test_data/ghostscript.py b/test/test_data/ghostscript.py index a91aab916b..ff391233ed 100644 --- a/test/test_data/ghostscript.py +++ b/test/test_data/ghostscript.py @@ -15,7 +15,7 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/ghostscript/", + "url": "http://ftp.debian.org/debian/pool/main/g/ghostscript/", "package_name": "libgs9_9.27~dfsg-2+deb10u5_amd64.deb", "product": "ghostscript", "version": "9.27", diff --git a/test/test_data/git.py b/test/test_data/git.py index e441a70bf3..f068b018b9 100644 --- a/test/test_data/git.py +++ b/test/test_data/git.py @@ -13,7 +13,7 @@ "version": "1.8.5.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/git/", + "url": "http://ftp.debian.org/debian/pool/main/g/git/", "package_name": "git_2.1.4-2.1+deb8u6_amd64.deb", "product": "git", "version": "2.1.4", diff --git a/test/test_data/glib.py b/test/test_data/glib.py index af78ea8918..240fdd5789 100644 --- a/test/test_data/glib.py +++ b/test/test_data/glib.py @@ -19,7 +19,7 @@ "version": "2.74.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/glib2.0/", + "url": "http://ftp.debian.org/debian/pool/main/g/glib2.0/", "package_name": "libglib2.0-0_2.50.3-2+deb9u2_arm64.deb", "product": "glib", "version": "2.50.3", diff --git a/test/test_data/glibc.py b/test/test_data/glibc.py index 286a599e6a..41ec7ff28a 100644 --- a/test/test_data/glibc.py +++ b/test/test_data/glibc.py @@ -29,13 +29,13 @@ "other_products": ["gcc"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/glibc/", + "url": "http://ftp.debian.org/debian/pool/main/g/glibc/", "package_name": "libc-bin_2.19-18+deb8u10_amd64.deb", "product": "glibc", "version": "2.19", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/glibc/", + "url": "http://ftp.debian.org/debian/pool/main/g/glibc/", "package_name": "libc6-amd64_2.24-11+deb9u4_i386.deb", "product": "glibc", "version": "2.24", diff --git a/test/test_data/gmp.py b/test/test_data/gmp.py index ea4d5e425b..2379660add 100644 --- a/test/test_data/gmp.py +++ b/test/test_data/gmp.py @@ -29,13 +29,13 @@ "version": "6.2.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gmp/", + "url": "http://ftp.debian.org/debian/pool/main/g/gmp/", "package_name": "libgmp10_6.0.0+dfsg-6_amd64.deb", "product": "gmp", "version": "6.0.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gmp/", + "url": "http://ftp.debian.org/debian/pool/main/g/gmp/", "package_name": "libgmp10_6.2.1+dfsg-1+deb11u1_mipsel.deb", "product": "gmp", "version": "6.2.1", diff --git a/test/test_data/go.py b/test/test_data/go.py index 1264cb8ff0..689f282dc5 100644 --- a/test/test_data/go.py +++ b/test/test_data/go.py @@ -6,7 +6,7 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/golang-1.11/", + "url": "http://ftp.debian.org/debian/pool/main/g/golang-1.11/", "package_name": "golang-1.11-go_1.11.6-1+deb10u4_amd64.deb", "product": "go", "version": "1.11.6", diff --git a/test/test_data/gpsd.py b/test/test_data/gpsd.py index b6af87ecb8..ad42142b05 100644 --- a/test/test_data/gpsd.py +++ b/test/test_data/gpsd.py @@ -18,13 +18,13 @@ "version": "3.24", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gpsd/", + "url": "http://ftp.debian.org/debian/pool/main/g/gpsd/", "package_name": "gpsd_3.11-3_amd64.deb", "product": "gpsd", "version": "3.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gpsd/", + "url": "http://ftp.debian.org/debian/pool/main/g/gpsd/", "package_name": "gpsd_3.11-3_armel.deb", "product": "gpsd", "version": "3.11", diff --git a/test/test_data/grep.py b/test/test_data/grep.py index f0a7eaa15b..68eaadc6bd 100644 --- a/test/test_data/grep.py +++ b/test/test_data/grep.py @@ -13,7 +13,7 @@ "version": "3.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/grep/", + "url": "http://ftp.debian.org/debian/pool/main/g/grep/", "package_name": "grep_3.3-1_amd64.deb", "product": "grep", "version": "3.3", diff --git a/test/test_data/grub2.py b/test/test_data/grub2.py index 05e51c7bc0..7684d3ace8 100644 --- a/test/test_data/grub2.py +++ b/test/test_data/grub2.py @@ -20,13 +20,13 @@ "other_products": ["zstandard"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/grub2/", + "url": "http://ftp.debian.org/debian/pool/main/g/grub2/", "package_name": "grub-common_2.02+dfsg1-20+deb10u1_amd64.deb", "product": "grub2", "version": "2.02", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/grub2/", + "url": "http://ftp.debian.org/debian/pool/main/g/grub2/", "package_name": "grub-common_2.02+dfsg1-20+deb10u1_arm64.deb", "product": "grub2", "version": "2.02", diff --git a/test/test_data/gstreamer.py b/test/test_data/gstreamer.py index ec26826bc1..77e0fd319d 100644 --- a/test/test_data/gstreamer.py +++ b/test/test_data/gstreamer.py @@ -21,7 +21,7 @@ "version": "0.10.36", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gstreamer1.0/", + "url": "http://ftp.debian.org/debian/pool/main/g/gstreamer1.0/", "package_name": "libgstreamer1.0-0_1.10.4-1_amd64.deb", "product": "gstreamer", "version": "1.10.4", diff --git a/test/test_data/gvfs.py b/test/test_data/gvfs.py index 7bce403192..c79671c0f2 100644 --- a/test/test_data/gvfs.py +++ b/test/test_data/gvfs.py @@ -19,13 +19,13 @@ "version": "1.50.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gvfs/", + "url": "http://ftp.debian.org/debian/pool/main/g/gvfs/", "package_name": "gvfs-backends_1.22.2-1_amd64.deb", "product": "gvfs", "version": "1.22.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gvfs/", + "url": "http://ftp.debian.org/debian/pool/main/g/gvfs/", "package_name": "gvfs-backends_1.22.2-1_armel.deb", "product": "gvfs", "version": "1.22.2", diff --git a/test/test_data/gzip.py b/test/test_data/gzip.py index bed87b1512..076b721e6e 100644 --- a/test/test_data/gzip.py +++ b/test/test_data/gzip.py @@ -21,7 +21,7 @@ "version": "1.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gzip/", + "url": "http://ftp.debian.org/debian/pool/main/g/gzip/", "package_name": "gzip_1.9-3+deb10u1_amd64.deb", "product": "gzip", "version": "1.9", diff --git a/test/test_data/harfbuzz.py b/test/test_data/harfbuzz.py index a372d162d0..3111fcaff9 100644 --- a/test/test_data/harfbuzz.py +++ b/test/test_data/harfbuzz.py @@ -23,19 +23,19 @@ "version": "7.0.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/harfbuzz/", + "url": "http://ftp.debian.org/debian/pool/main/h/harfbuzz/", "package_name": "libharfbuzz0b_0.9.35-2_amd64.deb", "product": "harfbuzz", "version": "0.9.35", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/harfbuzz/", + "url": "http://ftp.debian.org/debian/pool/main/h/harfbuzz/", "package_name": "libharfbuzz-bin_1.4.2-1_amd64.deb", "product": "harfbuzz", "version": "1.4.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/harfbuzz/", + "url": "http://ftp.debian.org/debian/pool/main/h/harfbuzz/", "package_name": "libharfbuzz0b_6.0.0+dfsg-3_amd64.deb", "product": "harfbuzz", "version": "6.0.0", diff --git a/test/test_data/haserl.py b/test/test_data/haserl.py index 3d4f9feeeb..79cef24223 100644 --- a/test/test_data/haserl.py +++ b/test/test_data/haserl.py @@ -22,13 +22,13 @@ "version": "0.9.36", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/haserl/", + "url": "http://ftp.debian.org/debian/pool/main/h/haserl/", "package_name": "haserl_0.9.33-1_amd64.deb", "product": "haserl", "version": "0.9.33", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/haserl/", + "url": "http://ftp.debian.org/debian/pool/main/h/haserl/", "package_name": "haserl_0.9.33-1_armel.deb", "product": "haserl", "version": "0.9.33", diff --git a/test/test_data/heimdal.py b/test/test_data/heimdal.py index 936089f05c..47dc24502e 100644 --- a/test/test_data/heimdal.py +++ b/test/test_data/heimdal.py @@ -12,7 +12,7 @@ "version": "7.7.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/heimdal/", + "url": "http://ftp.debian.org/debian/pool/main/h/heimdal/", "package_name": "libkrb5-26-heimdal_7.5.0+dfsg-3_amd64.deb", "product": "heimdal", "version": "7.5.0", diff --git a/test/test_data/hwloc.py b/test/test_data/hwloc.py index 4a145e7220..6473a23961 100644 --- a/test/test_data/hwloc.py +++ b/test/test_data/hwloc.py @@ -12,7 +12,7 @@ "version": "2.9.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/hwloc/", + "url": "http://ftp.debian.org/debian/pool/main/h/hwloc/", "package_name": "libhwloc15_2.4.1+dfsg-1_amd64.deb", "product": "hwloc", "version": "2.4.1", diff --git a/test/test_data/i2pd.py b/test/test_data/i2pd.py index 00d65cdd3b..3daf1650c9 100644 --- a/test/test_data/i2pd.py +++ b/test/test_data/i2pd.py @@ -19,13 +19,13 @@ "version": "2.42.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/i2pd/", + "url": "http://ftp.debian.org/debian/pool/main/i/i2pd/", "package_name": "i2pd_2.23.0-1_amd64.deb", "product": "i2pd", "version": "2.23.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/i2pd/", + "url": "http://ftp.debian.org/debian/pool/main/i/i2pd/", "package_name": "i2pd_2.23.0-1_arm64.deb", "product": "i2pd", "version": "2.23.0", diff --git a/test/test_data/icecast.py b/test/test_data/icecast.py index 161c98a47c..54ecfd4e5e 100644 --- a/test/test_data/icecast.py +++ b/test/test_data/icecast.py @@ -22,7 +22,7 @@ "version": "2.4.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/icecast2/", + "url": "http://ftp.debian.org/debian/pool/main/i/icecast2/", "package_name": "icecast2_2.4.0-1.1+deb8u1_amd64.deb", "product": "icecast", "version": "2.4.0", diff --git a/test/test_data/iperf3.py b/test/test_data/iperf3.py index 058411f527..59f7556c5a 100644 --- a/test/test_data/iperf3.py +++ b/test/test_data/iperf3.py @@ -19,7 +19,7 @@ "version": "3.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/iperf3/", + "url": "http://ftp.debian.org/debian/pool/main/i/iperf3/", "package_name": "libiperf0_3.0.7-1_amd64.deb", "product": "iperf3", "version": "3.0.7", diff --git a/test/test_data/ipmitool.py b/test/test_data/ipmitool.py index 63df29b338..adc5ea240d 100644 --- a/test/test_data/ipmitool.py +++ b/test/test_data/ipmitool.py @@ -16,7 +16,7 @@ "version": "1.8.19", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/ipmitool/", + "url": "http://ftp.debian.org/debian/pool/main/i/ipmitool/", "package_name": "ipmitool_1.8.14-4_amd64.deb", "product": "ipmitool", "version": "1.8.14", diff --git a/test/test_data/ipsec_tools.py b/test/test_data/ipsec_tools.py index 1972e67492..3eb7a04bb9 100644 --- a/test/test_data/ipsec_tools.py +++ b/test/test_data/ipsec_tools.py @@ -16,7 +16,7 @@ "version": "0.8.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/ipsec-tools/", + "url": "http://ftp.debian.org/debian/pool/main/i/ipsec-tools/", "package_name": "ipsec-tools_0.8.2+20140711-2+deb8u1_amd64.deb", "product": "ipsec-tools", "version": "0.8.2", diff --git a/test/test_data/iptables.py b/test/test_data/iptables.py index 7afc447f65..b2bfae518a 100644 --- a/test/test_data/iptables.py +++ b/test/test_data/iptables.py @@ -40,13 +40,13 @@ "version": "1.8.8", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/iptables/", + "url": "http://ftp.debian.org/debian/pool/main/i/iptables/", "package_name": "iptables-nftables-compat_1.6.2-1.1~bpo9+1_i386.deb", "product": "iptables", "version": "1.6.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/iptables/", + "url": "http://ftp.debian.org/debian/pool/main/i/iptables/", "package_name": "iptables-nftables-compat_1.6.2-1.1~bpo9+1_mips.deb", "product": "iptables", "version": "1.6.2", diff --git a/test/test_data/iucode_tool.py b/test/test_data/iucode_tool.py index cd56997080..5857d2a86a 100644 --- a/test/test_data/iucode_tool.py +++ b/test/test_data/iucode_tool.py @@ -22,13 +22,13 @@ "version": "2.3.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/contrib/i/iucode-tool/", + "url": "http://ftp.debian.org/debian/pool/contrib/i/iucode-tool/", "package_name": "iucode-tool_1.1.1-1_amd64.deb", "product": "iucode-tool", "version": "1.1.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/contrib/i/iucode-tool/", + "url": "http://ftp.debian.org/debian/pool/contrib/i/iucode-tool/", "package_name": "iucode-tool_1.1.1-1_i386.deb", "product": "iucode-tool", "version": "1.1.1", diff --git a/test/test_data/iwd.py b/test/test_data/iwd.py index 43806d4c80..3f5b58102d 100644 --- a/test/test_data/iwd.py +++ b/test/test_data/iwd.py @@ -21,7 +21,7 @@ "version": "2.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/iwd/", + "url": "http://ftp.debian.org/debian/pool/main/i/iwd/", "package_name": "iwd_0.14-2_amd64.deb", "product": "inet_wireless_daemon", "version": "0.14", diff --git a/test/test_data/jack2.py b/test/test_data/jack2.py index d28663e211..5ca9ea957f 100644 --- a/test/test_data/jack2.py +++ b/test/test_data/jack2.py @@ -18,7 +18,7 @@ "version": "1.9.21", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/j/jackd2/", + "url": "http://ftp.debian.org/debian/pool/main/j/jackd2/", "package_name": "jackd2_1.9.12~dfsg-2_amd64.deb", "product": "jack2", "version": "1.9.12", diff --git a/test/test_data/janus.py b/test/test_data/janus.py index 472b585a61..82c4fbfe9e 100644 --- a/test/test_data/janus.py +++ b/test/test_data/janus.py @@ -23,7 +23,7 @@ "version": "1.1.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/j/janus/", + "url": "http://ftp.debian.org/debian/pool/main/j/janus/", "package_name": "janus_0.9.2-1~bpo10+1_amd64.deb", "product": "janus", "version": "0.9.2", diff --git a/test/test_data/jhead.py b/test/test_data/jhead.py index c301b96aa2..93c77a67d1 100644 --- a/test/test_data/jhead.py +++ b/test/test_data/jhead.py @@ -12,13 +12,13 @@ "version": "3.04", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/j/jhead/", + "url": "http://ftp.debian.org/debian/pool/main/j/jhead/", "package_name": "jhead_2.97-1+deb8u1_amd64.deb", "product": "jhead", "version": "2.97", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/j/jhead/", + "url": "http://ftp.debian.org/debian/pool/main/j/jhead/", "package_name": "jhead_2.97-1+deb8u1_armel.deb", "product": "jhead", "version": "2.97", diff --git a/test/test_data/jq.py b/test/test_data/jq.py index 9baf6ccfa9..b54d9c5526 100644 --- a/test/test_data/jq.py +++ b/test/test_data/jq.py @@ -13,13 +13,13 @@ "version": "1.6", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/j/jq/", + "url": "http://ftp.debian.org/debian/pool/main/j/jq/", "package_name": "jq_1.5+dfsg-2+b1_amd64.deb", "product": "jq", "version": "1.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/j/jq/", + "url": "http://ftp.debian.org/debian/pool/main/j/jq/", "package_name": "jq_1.7.1-3_arm64.deb", "product": "jq", "version": "1.7.1", diff --git a/test/test_data/json_c.py b/test/test_data/json_c.py index 9236e8c31e..f0ca525802 100644 --- a/test/test_data/json_c.py +++ b/test/test_data/json_c.py @@ -26,13 +26,13 @@ "version": "0.16", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/j/json-c/", + "url": "http://ftp.debian.org/debian/pool/main/j/json-c/", "package_name": "libjson-c5_0.15-2_amd64.deb", "product": "json-c", "version": "0.15", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/j/json-c/", + "url": "http://ftp.debian.org/debian/pool/main/j/json-c/", "package_name": "libjson-c3_0.12.1-1.1_ppc64el.deb", "product": "json-c", "version": "0.12.1", diff --git a/test/test_data/keepalived.py b/test/test_data/keepalived.py index ad31d9e604..402d8d9e03 100644 --- a/test/test_data/keepalived.py +++ b/test/test_data/keepalived.py @@ -22,13 +22,13 @@ "version": "2.2.7", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/k/keepalived/", + "url": "http://ftp.debian.org/debian/pool/main/k/keepalived/", "package_name": "keepalived_1.2.13-1_amd64.deb", "product": "keepalived", "version": "1.2.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/k/keepalived/", + "url": "http://ftp.debian.org/debian/pool/main/k/keepalived/", "package_name": "keepalived_1.2.13-1_armel.deb", "product": "keepalived", "version": "1.2.13", diff --git a/test/test_data/kerberos.py b/test/test_data/kerberos.py index b629c0d465..6686ee258f 100644 --- a/test/test_data/kerberos.py +++ b/test/test_data/kerberos.py @@ -29,7 +29,7 @@ "version": "1.15.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/k/krb5/", + "url": "http://ftp.debian.org/debian/pool/main/k/krb5/", "package_name": "libkrb5-3_1.12.1+dfsg-19+deb8u4_amd64.deb", "product": "kerberos_5", "version": "1.12.1", diff --git a/test/test_data/kodi.py b/test/test_data/kodi.py index bf0c1f8273..cdd214cca1 100644 --- a/test/test_data/kodi.py +++ b/test/test_data/kodi.py @@ -13,7 +13,7 @@ "version": "20.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/k/kodi/", + "url": "http://ftp.debian.org/debian/pool/main/k/kodi/", "package_name": "kodi-bin_17.1+dfsg1-3_amd64.deb", "product": "kodi", "version": "17.1", diff --git a/test/test_data/kubernetes.py b/test/test_data/kubernetes.py index eff9776d36..49c3e39d65 100644 --- a/test/test_data/kubernetes.py +++ b/test/test_data/kubernetes.py @@ -17,7 +17,7 @@ "other_products": ["go"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/k/kubernetes/", + "url": "http://ftp.debian.org/debian/pool/main/k/kubernetes/", "package_name": "kubernetes-client_1.20.5+really1.20.2-1_amd64.deb", "product": "kubernetes", "version": "1.20.5", diff --git a/test/test_data/ldns.py b/test/test_data/ldns.py index a4f6f49f69..4be609453e 100644 --- a/test/test_data/ldns.py +++ b/test/test_data/ldns.py @@ -16,7 +16,7 @@ "version": "1.8.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/ldns/", + "url": "http://ftp.debian.org/debian/pool/main/l/ldns/", "package_name": "libldns2_1.7.0-4_amd64.deb", "product": "ldns", "version": "1.7.0", diff --git a/test/test_data/lftp.py b/test/test_data/lftp.py index d53f17f37a..3a2e496e39 100644 --- a/test/test_data/lftp.py +++ b/test/test_data/lftp.py @@ -18,13 +18,13 @@ "version": "4.9.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lftp/", + "url": "http://ftp.debian.org/debian/pool/main/l/lftp/", "package_name": "lftp_4.6.0-1+deb8u1_amd64.deb", "product": "lftp", "version": "4.6.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lftp/", + "url": "http://ftp.debian.org/debian/pool/main/l/lftp/", "package_name": "lftp_4.6.0-1+deb8u1_armel.deb", "product": "lftp", "version": "4.6.0", diff --git a/test/test_data/libass.py b/test/test_data/libass.py index 0f54ef80c6..c880d95085 100644 --- a/test/test_data/libass.py +++ b/test/test_data/libass.py @@ -18,7 +18,7 @@ "version": "0.16.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/liba/libass/", + "url": "http://ftp.debian.org/debian/pool/main/liba/libass/", "package_name": "libass9_0.16.0-1_amd64.deb", "product": "libass", "version": "0.16.0", diff --git a/test/test_data/libcoap.py b/test/test_data/libcoap.py index 7896d46405..fc4b4833b6 100644 --- a/test/test_data/libcoap.py +++ b/test/test_data/libcoap.py @@ -12,13 +12,13 @@ "version": "4.3.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libc/libcoap/", + "url": "http://ftp.debian.org/debian/pool/main/libc/libcoap/", "package_name": "libcoap-1-0_4.1.2-1_amd64.deb", "product": "libcoap", "version": "4.1.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libc/libcoap3/", + "url": "http://ftp.debian.org/debian/pool/main/libc/libcoap3/", "package_name": "libcoap3_4.3.1-1_amd64.deb", "product": "libcoap", "version": "4.3.1", diff --git a/test/test_data/libconfuse.py b/test/test_data/libconfuse.py index 232d92036d..d7a37938d7 100644 --- a/test/test_data/libconfuse.py +++ b/test/test_data/libconfuse.py @@ -18,7 +18,7 @@ "version": "3.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libc/libconfuse/", + "url": "http://ftp.debian.org/debian/pool/main/libc/libconfuse/", "package_name": "libconfuse2_3.3-2_arm64.deb", "product": "libconfuse", "version": "3.3", diff --git a/test/test_data/libde265.py b/test/test_data/libde265.py index 5246bacf22..eb37dc4ae7 100644 --- a/test/test_data/libde265.py +++ b/test/test_data/libde265.py @@ -12,7 +12,7 @@ "version": "1.0.14", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libd/libde265/", + "url": "http://ftp.debian.org/debian/pool/main/libd/libde265/", "package_name": "libde265-0_1.0.3-1+b1_amd64.deb", "product": "libde265", "version": "1.0.3", diff --git a/test/test_data/libevent.py b/test/test_data/libevent.py index ae0f6ebe95..57c14e7071 100644 --- a/test/test_data/libevent.py +++ b/test/test_data/libevent.py @@ -16,7 +16,7 @@ "version": "2.1.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libe/libevent/", + "url": "http://ftp.debian.org/debian/pool/main/libe/libevent/", "package_name": "libevent-2.0-5_2.0.21-stable-3_amd64.deb", "product": "libevent", "version": "2.0.21", diff --git a/test/test_data/libgd.py b/test/test_data/libgd.py index 9593100e96..62edff4c58 100644 --- a/test/test_data/libgd.py +++ b/test/test_data/libgd.py @@ -16,7 +16,7 @@ "version": "2.3.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libg/libgd2/", + "url": "http://ftp.debian.org/debian/pool/main/libg/libgd2/", "package_name": "libgd3_2.2.5-5.2_amd64.deb", "product": "libgd", "version": "2.2.5", diff --git a/test/test_data/libgit2.py b/test/test_data/libgit2.py index 9c81a4e8e6..ad55698702 100644 --- a/test/test_data/libgit2.py +++ b/test/test_data/libgit2.py @@ -18,13 +18,13 @@ "version": "1.5.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libg/libgit2/", + "url": "http://ftp.debian.org/debian/pool/main/libg/libgit2/", "package_name": "libgit2-1.1_1.1.0+dfsg.1-4.1+b1_amd64.deb", "product": "libgit2", "version": "1.1.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libg/libgit2/", + "url": "http://ftp.debian.org/debian/pool/main/libg/libgit2/", "package_name": "libgit2-1.1_1.1.0+dfsg.1-4.1+b1_arm64.deb", "product": "libgit2", "version": "1.1.0", diff --git a/test/test_data/libheif.py b/test/test_data/libheif.py index 510315a53f..7a5b329adc 100644 --- a/test/test_data/libheif.py +++ b/test/test_data/libheif.py @@ -12,7 +12,7 @@ "version": "1.17.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libh/libheif/", + "url": "http://ftp.debian.org/debian/pool/main/libh/libheif/", "package_name": "libheif1_1.3.2-2~deb10u1_amd64.deb", "product": "libheif", "version": "1.3.2", diff --git a/test/test_data/libidn2.py b/test/test_data/libidn2.py index 786c087f0e..cb84e6e6db 100644 --- a/test/test_data/libidn2.py +++ b/test/test_data/libidn2.py @@ -32,13 +32,13 @@ "version": "2.3.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libi/libidn2/", + "url": "http://ftp.debian.org/debian/pool/main/libi/libidn2/", "package_name": "libidn2-0_2.0.5-1+deb10u1_amd64.deb", "product": "libidn2", "version": "2.0.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libi/libidn2/", + "url": "http://ftp.debian.org/debian/pool/main/libi/libidn2/", "package_name": "libidn2-0_2.3.0-5_mips64el.deb", "product": "libidn2", "version": "2.3.0", diff --git a/test/test_data/libinput.py b/test/test_data/libinput.py index 5a23ed492f..5111aacce5 100644 --- a/test/test_data/libinput.py +++ b/test/test_data/libinput.py @@ -22,7 +22,7 @@ "version": "1.21.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libi/libinput/", + "url": "http://ftp.debian.org/debian/pool/main/libi/libinput/", "package_name": "libinput10_1.12.6-2+deb10u1_arm64.deb", "product": "libinput", "version": "1.12.6", diff --git a/test/test_data/libjpeg.py b/test/test_data/libjpeg.py index c749a8fe0c..b3a71f6680 100644 --- a/test/test_data/libjpeg.py +++ b/test/test_data/libjpeg.py @@ -6,7 +6,7 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/libj/libjpeg9/", + "url": "http://ftp.debian.org/debian/pool/main/libj/libjpeg9/", "package_name": "libjpeg9_9d-1_amd64.deb", "product": "libjpeg", "version": "9d", diff --git a/test/test_data/libjpeg_turbo.py b/test/test_data/libjpeg_turbo.py index 2e5a94280b..cd72f73bce 100644 --- a/test/test_data/libjpeg_turbo.py +++ b/test/test_data/libjpeg_turbo.py @@ -20,7 +20,7 @@ "other_products": ["libjpeg"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libj/libjpeg-turbo/", + "url": "http://ftp.debian.org/debian/pool/main/libj/libjpeg-turbo/", "package_name": "libjpeg62-turbo_1.5.1-2_amd64.deb", "product": "libjpeg-turbo", "version": "1.5.1", diff --git a/test/test_data/libksba.py b/test/test_data/libksba.py index 389e82162a..8b96b5088f 100644 --- a/test/test_data/libksba.py +++ b/test/test_data/libksba.py @@ -12,7 +12,7 @@ "version": "1.6.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libk/libksba/", + "url": "http://ftp.debian.org/debian/pool/main/libk/libksba/", "package_name": "libksba8_1.5.0-3_amd64.deb", "product": "libksba", "version": "1.5.0", diff --git a/test/test_data/libmatroska.py b/test/test_data/libmatroska.py index 41d1fbc3ec..dc3fa07331 100644 --- a/test/test_data/libmatroska.py +++ b/test/test_data/libmatroska.py @@ -22,13 +22,13 @@ "version": "1.6.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmatroska/", + "url": "http://ftp.debian.org/debian/pool/main/libm/libmatroska/", "package_name": "libmatroska6_1.4.1-2+deb8u1_amd64.deb", "product": "libmatroska", "version": "1.4.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmatroska/", + "url": "http://ftp.debian.org/debian/pool/main/libm/libmatroska/", "package_name": "libmatroska6_1.4.1-2+deb8u1_armel.deb", "product": "libmatroska", "version": "1.4.1", diff --git a/test/test_data/libmemcached.py b/test/test_data/libmemcached.py index f26ba23c0f..69fed6c25d 100644 --- a/test/test_data/libmemcached.py +++ b/test/test_data/libmemcached.py @@ -21,13 +21,13 @@ "version": "1.0.18", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmemcached/", + "url": "http://ftp.debian.org/debian/pool/main/libm/libmemcached/", "package_name": "libmemcached11_1.0.18-4.1_amd64.deb", "product": "libmemcached", "version": "1.0.18", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmemcached/", + "url": "http://ftp.debian.org/debian/pool/main/libm/libmemcached/", "package_name": "libmemcached11_1.1.4-1_arm64.deb", "product": "libmemcached", "version": "1.1.4", diff --git a/test/test_data/libmicrohttpd.py b/test/test_data/libmicrohttpd.py index afe092c86e..4bf31ee5f9 100644 --- a/test/test_data/libmicrohttpd.py +++ b/test/test_data/libmicrohttpd.py @@ -16,7 +16,7 @@ "version": "0.9.76", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmicrohttpd/", + "url": "http://ftp.debian.org/debian/pool/main/libm/libmicrohttpd/", "package_name": "libmicrohttpd12_0.9.62-1_amd64.deb", "product": "libmicrohttpd", "version": "0.9.62", diff --git a/test/test_data/libmodbus.py b/test/test_data/libmodbus.py index 8c3a2c0f52..9b9615f543 100644 --- a/test/test_data/libmodbus.py +++ b/test/test_data/libmodbus.py @@ -12,7 +12,7 @@ "version": "3.1.6", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmodbus/", + "url": "http://ftp.debian.org/debian/pool/main/libm/libmodbus/", "package_name": "libmodbus5_3.1.4-2+deb10u1_amd64.deb", "product": "libmodbus", "version": "3.1.4", diff --git a/test/test_data/libopenmpt.py b/test/test_data/libopenmpt.py index c407d6734f..776966e908 100644 --- a/test/test_data/libopenmpt.py +++ b/test/test_data/libopenmpt.py @@ -16,7 +16,7 @@ "version": "0.7.8", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libo/libopenmpt/", + "url": "http://ftp.debian.org/debian/pool/main/libo/libopenmpt/", "package_name": "libopenmpt0_0.4.3-1+deb10u1_amd64.deb", "product": "libopenmpt", "version": "0.4.3", diff --git a/test/test_data/libpcap.py b/test/test_data/libpcap.py index 1e3af4f380..a9dc5e0465 100644 --- a/test/test_data/libpcap.py +++ b/test/test_data/libpcap.py @@ -22,13 +22,13 @@ "version": "1.10.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libp/libpcap/", + "url": "http://ftp.debian.org/debian/pool/main/libp/libpcap/", "package_name": "libpcap0.8_1.10.0-2_amd64.deb", "product": "libpcap", "version": "1.10.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libp/libpcap/", + "url": "http://ftp.debian.org/debian/pool/main/libp/libpcap/", "package_name": "libpcap0.8_1.10.0-2_arm64.deb", "product": "libpcap", "version": "1.10.0", diff --git a/test/test_data/libraw.py b/test/test_data/libraw.py index bba00e8cd1..22af8af34f 100644 --- a/test/test_data/libraw.py +++ b/test/test_data/libraw.py @@ -31,13 +31,13 @@ "version": "0.20.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libr/libraw/", + "url": "http://ftp.debian.org/debian/pool/main/libr/libraw/", "package_name": "libraw10_0.16.0-9+deb8u3_armel.deb", "product": "libraw", "version": "0.16.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libr/libraw/", + "url": "http://ftp.debian.org/debian/pool/main/libr/libraw/", "package_name": "libraw20_0.20.2-2+b1_arm64.deb", "product": "libraw", "version": "0.20.2", diff --git a/test/test_data/librsync.py b/test/test_data/librsync.py index a5f8a03539..bc344bd3c3 100644 --- a/test/test_data/librsync.py +++ b/test/test_data/librsync.py @@ -18,13 +18,13 @@ "version": "2.3.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libr/librsync/", + "url": "http://ftp.debian.org/debian/pool/main/libr/librsync/", "package_name": "librsync1_0.9.7-10+b1_amd64.deb", "product": "librsync", "version": "0.9.7", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libr/librsync/", + "url": "http://ftp.debian.org/debian/pool/main/libr/librsync/", "package_name": "librsync1_0.9.7-10+b1_arm64.deb", "product": "librsync", "version": "0.9.7", diff --git a/test/test_data/libsamplerate.py b/test/test_data/libsamplerate.py index 74be72ad54..e4503534eb 100644 --- a/test/test_data/libsamplerate.py +++ b/test/test_data/libsamplerate.py @@ -22,13 +22,13 @@ "version": "0.2.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libs/libsamplerate/", + "url": "http://ftp.debian.org/debian/pool/main/libs/libsamplerate/", "package_name": "libsamplerate0_0.1.8-8+b2_amd64.deb", "product": "libsamplerate", "version": "0.1.8", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libs/libsamplerate/", + "url": "http://ftp.debian.org/debian/pool/main/libs/libsamplerate/", "package_name": "libsamplerate0_0.1.8-8+b2_arm64.deb", "product": "libsamplerate", "version": "0.1.8", diff --git a/test/test_data/libssh.py b/test/test_data/libssh.py index d4853ed13a..8c71de48b7 100644 --- a/test/test_data/libssh.py +++ b/test/test_data/libssh.py @@ -27,13 +27,13 @@ "version": "0.10.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libs/libssh/", + "url": "http://ftp.debian.org/debian/pool/main/libs/libssh/", "package_name": "libssh-4_0.10.4-2_amd64.deb", "product": "libssh", "version": "0.10.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libs/libssh/", + "url": "http://ftp.debian.org/debian/pool/main/libs/libssh/", "package_name": "libssh-4_0.10.4-2_arm64.deb", "product": "libssh", "version": "0.10.4", diff --git a/test/test_data/libtasn1.py b/test/test_data/libtasn1.py index 06156d2f17..fca0f286f9 100644 --- a/test/test_data/libtasn1.py +++ b/test/test_data/libtasn1.py @@ -16,7 +16,7 @@ "version": "4.19.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libt/libtasn1-6/", + "url": "http://ftp.debian.org/debian/pool/main/libt/libtasn1-6/", "package_name": "libtasn1-6_4.13-3_arm64.deb", "product": "libtasn1", "version": "4.13", diff --git a/test/test_data/libtiff.py b/test/test_data/libtiff.py index f8e07a8c90..6e078880ba 100644 --- a/test/test_data/libtiff.py +++ b/test/test_data/libtiff.py @@ -25,7 +25,7 @@ "version": "4.0.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tiff/", + "url": "http://ftp.debian.org/debian/pool/main/t/tiff/", "package_name": "libtiff5_4.2.0-1+deb11u4_amd64.deb", "product": "libtiff", "version": "4.2.0", diff --git a/test/test_data/libtomcrypt.py b/test/test_data/libtomcrypt.py index b428a71bf8..cf317b8e99 100644 --- a/test/test_data/libtomcrypt.py +++ b/test/test_data/libtomcrypt.py @@ -27,13 +27,13 @@ "version": "1.18.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libt/libtomcrypt/", + "url": "http://ftp.debian.org/debian/pool/main/libt/libtomcrypt/", "package_name": "libtomcrypt0_1.17-6_amd64.deb", "product": "libtomcrypt", "version": "1.17", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libt/libtomcrypt/", + "url": "http://ftp.debian.org/debian/pool/main/libt/libtomcrypt/", "package_name": "libtomcrypt0_1.17-6_armel.deb", "product": "libtomcrypt", "version": "1.17", diff --git a/test/test_data/libupnp.py b/test/test_data/libupnp.py index f2476905e1..b85f99ecc2 100644 --- a/test/test_data/libupnp.py +++ b/test/test_data/libupnp.py @@ -18,7 +18,7 @@ "version": "1.14.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/pupnp-1.8/", + "url": "http://ftp.debian.org/debian/pool/main/p/pupnp-1.8/", "package_name": "libupnp-dev_1.8.4-2_amd64.deb", "product": "libupnp", "version": "1.8.4", diff --git a/test/test_data/libuv.py b/test/test_data/libuv.py index 32016f8ba7..104f9989fe 100644 --- a/test/test_data/libuv.py +++ b/test/test_data/libuv.py @@ -12,7 +12,7 @@ "version": "1.48.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libu/libuv1/", + "url": "http://ftp.debian.org/debian/pool/main/libu/libuv1/", "package_name": "libuv1_1.24.1-1+deb10u1_amd64.deb", "product": "libuv", "version": "1.24.1", diff --git a/test/test_data/libvips.py b/test/test_data/libvips.py index 2324a4ade9..bace09dbec 100644 --- a/test/test_data/libvips.py +++ b/test/test_data/libvips.py @@ -12,7 +12,7 @@ "version": "8.15.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/v/vips/", + "url": "http://ftp.debian.org/debian/pool/main/v/vips/", "package_name": "libvips42_8.7.4-1%2Bdeb10u1_amd64.deb", "product": "libvips", "version": "8.7.4", diff --git a/test/test_data/libvirt.py b/test/test_data/libvirt.py index 7da24104b6..d831e31e5b 100644 --- a/test/test_data/libvirt.py +++ b/test/test_data/libvirt.py @@ -21,7 +21,7 @@ "version": "1.2.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libv/libvirt/", + "url": "http://ftp.debian.org/debian/pool/main/libv/libvirt/", "package_name": "libvirt0_1.2.9-9+deb8u5_amd64.deb", "product": "libvirt", "version": "1.2.9", diff --git a/test/test_data/libvorbis.py b/test/test_data/libvorbis.py index c0b8e3595d..1a77e5d6ea 100644 --- a/test/test_data/libvorbis.py +++ b/test/test_data/libvorbis.py @@ -18,13 +18,13 @@ "version": "1.3.7", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libv/libvorbis/", + "url": "http://ftp.debian.org/debian/pool/main/libv/libvorbis/", "package_name": "libvorbis0a_1.3.4-2+deb8u1_amd64.deb", "product": "libvorbis", "version": "1.3.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libv/libvorbis/", + "url": "http://ftp.debian.org/debian/pool/main/libv/libvorbis/", "package_name": "libvorbis0a_1.3.4-2+deb8u1_armel.deb", "product": "libvorbis", "version": "1.3.4", diff --git a/test/test_data/libvpx.py b/test/test_data/libvpx.py index 16be89b61e..6d31979be6 100644 --- a/test/test_data/libvpx.py +++ b/test/test_data/libvpx.py @@ -16,7 +16,7 @@ "version": "1.13.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libv/libvpx/", + "url": "http://ftp.debian.org/debian/pool/main/libv/libvpx/", "package_name": "libvpx5_1.7.0-3+deb10u1_amd64.deb", "product": "libvpx", "version": "1.7.0", diff --git a/test/test_data/libyaml.py b/test/test_data/libyaml.py index 21ee950e3a..41df08e6e1 100644 --- a/test/test_data/libyaml.py +++ b/test/test_data/libyaml.py @@ -12,7 +12,7 @@ "version": "0.2.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/liby/libyaml/", + "url": "http://ftp.debian.org/debian/pool/main/liby/libyaml/", "package_name": "libyaml-0-2_0.2.1-1_amd64.deb", "product": "libyaml", "version": "0.2.1", diff --git a/test/test_data/linux_kernel.py b/test/test_data/linux_kernel.py index 43e0ab2d3d..98f1951ade 100644 --- a/test/test_data/linux_kernel.py +++ b/test/test_data/linux_kernel.py @@ -23,13 +23,13 @@ "version": "2.6.18", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/linux/", + "url": "http://ftp.debian.org/debian/pool/main/l/linux/", "package_name": "linux-image-3.16.0-6-586_3.16.56-1+deb8u1_i386.deb", "product": "linux_kernel", "version": "3.16.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/linux/", + "url": "http://ftp.debian.org/debian/pool/main/l/linux/", "package_name": "linux-image-5.10.0-21-s390x_5.10.162-1_s390x.deb", "product": "linux_kernel", "version": "5.10.0", diff --git a/test/test_data/lldpd.py b/test/test_data/lldpd.py index 049d9105c6..c0bae85f19 100644 --- a/test/test_data/lldpd.py +++ b/test/test_data/lldpd.py @@ -18,13 +18,13 @@ "version": "1.0.15", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lldpd/", + "url": "http://ftp.debian.org/debian/pool/main/l/lldpd/", "package_name": "lldpd_0.7.11-2+deb8u1_amd64.deb", "product": "lldpd", "version": "0.7.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lldpd/", + "url": "http://ftp.debian.org/debian/pool/main/l/lldpd/", "package_name": "lldpd_0.7.11-2+deb8u1_armel.deb", "product": "lldpd", "version": "0.7.11", diff --git a/test/test_data/logrotate.py b/test/test_data/logrotate.py index 59f9aacf24..2332f40422 100644 --- a/test/test_data/logrotate.py +++ b/test/test_data/logrotate.py @@ -35,7 +35,7 @@ "version": "3.14.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/logrotate/", + "url": "http://ftp.debian.org/debian/pool/main/l/logrotate/", "package_name": "logrotate_3.11.0-0.1_amd64.deb", "product": "logrotate", "version": "3.11.0", diff --git a/test/test_data/lrzip.py b/test/test_data/lrzip.py index d1da3259ac..97e64d5056 100644 --- a/test/test_data/lrzip.py +++ b/test/test_data/lrzip.py @@ -21,7 +21,7 @@ "version": "0.651", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lrzip/", + "url": "http://ftp.debian.org/debian/pool/main/l/lrzip/", "package_name": "lrzip_0.631+git180528-1+deb10u1_amd64.deb", "product": "long_range_zip", "version": "0.631", diff --git a/test/test_data/lxc.py b/test/test_data/lxc.py index ed8cb6705d..15db01ea83 100644 --- a/test/test_data/lxc.py +++ b/test/test_data/lxc.py @@ -22,13 +22,13 @@ "version": "4.0.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lxc/", + "url": "http://ftp.debian.org/debian/pool/main/l/lxc/", "package_name": "liblxc-common_5.0.1-1+b1_amd64.deb", "product": "lxc", "version": "5.0.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lxc/", + "url": "http://ftp.debian.org/debian/pool/main/l/lxc/", "package_name": "liblxc-common_5.0.1-1+b1_arm64.deb", "product": "lxc", "version": "5.0.1", diff --git a/test/test_data/lynx.py b/test/test_data/lynx.py index a0dcc9ba50..0eb145ce2c 100644 --- a/test/test_data/lynx.py +++ b/test/test_data/lynx.py @@ -27,7 +27,7 @@ "version": "2.9.0dev.10", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lynx/", + "url": "http://ftp.debian.org/debian/pool/main/l/lynx/", "package_name": "lynx_2.8.9dev11-1_arm64.deb", "product": "lynx", "version": "2.8.9dev.11", diff --git a/test/test_data/lz4.py b/test/test_data/lz4.py index ffa081439e..7160e651d7 100644 --- a/test/test_data/lz4.py +++ b/test/test_data/lz4.py @@ -23,13 +23,13 @@ "version": "1.9.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lz4/", + "url": "http://ftp.debian.org/debian/pool/main/l/lz4/", "package_name": "liblz4-1_1.8.3-1+deb10u1_mips64el.deb", "product": "lz4", "version": "1.8.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lz4/", + "url": "http://ftp.debian.org/debian/pool/main/l/lz4/", "package_name": "liblz4-1_1.9.3-2_amd64.deb", "product": "lz4", "version": "1.9.3", diff --git a/test/test_data/mailx.py b/test/test_data/mailx.py index dfd3bea195..2e7120f929 100644 --- a/test/test_data/mailx.py +++ b/test/test_data/mailx.py @@ -18,13 +18,13 @@ "version": "12.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/heirloom-mailx/", + "url": "http://ftp.debian.org/debian/pool/main/h/heirloom-mailx/", "package_name": "heirloom-mailx_12.5-4_amd64.deb", "product": "mailx", "version": "12.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/heirloom-mailx/", + "url": "http://ftp.debian.org/debian/pool/main/h/heirloom-mailx/", "package_name": "heirloom-mailx_12.5-4_armel.deb", "product": "mailx", "version": "12.5", diff --git a/test/test_data/mbedtls.py b/test/test_data/mbedtls.py index ec68287a88..f7b38031f8 100644 --- a/test/test_data/mbedtls.py +++ b/test/test_data/mbedtls.py @@ -21,7 +21,7 @@ "version": "2.28.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mbedtls/", + "url": "http://ftp.debian.org/debian/pool/main/m/mbedtls/", "package_name": "libmbedcrypto3_2.16.0-1_amd64.deb", "product": "mbed_tls", "version": "2.16.0", diff --git a/test/test_data/mdadm.py b/test/test_data/mdadm.py index 869cd302c4..c209638a65 100644 --- a/test/test_data/mdadm.py +++ b/test/test_data/mdadm.py @@ -37,7 +37,7 @@ "version": "4.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mdadm/", + "url": "http://ftp.debian.org/debian/pool/main/m/mdadm/", "package_name": "mdadm_3.3.2-5+deb8u2_amd64.deb", "product": "mdadm", "version": "3.3.2", diff --git a/test/test_data/micropython.py b/test/test_data/micropython.py index 1da02800d3..4f65ac70b2 100644 --- a/test/test_data/micropython.py +++ b/test/test_data/micropython.py @@ -16,7 +16,7 @@ "version": "1.21.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/micropython/", + "url": "http://ftp.debian.org/debian/pool/main/m/micropython/", "package_name": "micropython_1.19.1+ds-1_amd64.deb", "product": "micropython", "version": "1.19.1", diff --git a/test/test_data/minetest.py b/test/test_data/minetest.py index 29ad423d33..0726f7112f 100644 --- a/test/test_data/minetest.py +++ b/test/test_data/minetest.py @@ -16,7 +16,7 @@ "version": "5.7.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/minetest/", + "url": "http://ftp.debian.org/debian/pool/main/m/minetest/", "package_name": "minetest_0.4.17.1+repack-1+deb10u1_amd64.deb", "product": "minetest", "version": "0.4.17.1", diff --git a/test/test_data/mini_httpd.py b/test/test_data/mini_httpd.py index 1a8490ed81..c485285137 100644 --- a/test/test_data/mini_httpd.py +++ b/test/test_data/mini_httpd.py @@ -12,7 +12,7 @@ "version": "1.30", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mini-httpd/", + "url": "http://ftp.debian.org/debian/pool/main/m/mini-httpd/", "package_name": "mini-httpd_1.30-0.2_amd64.deb", "product": "mini_httpd", "version": "1.30", diff --git a/test/test_data/minicom.py b/test/test_data/minicom.py index 80f2c35a2b..447ea001f0 100644 --- a/test/test_data/minicom.py +++ b/test/test_data/minicom.py @@ -18,13 +18,13 @@ "version": "2.8", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/minicom/", + "url": "http://ftp.debian.org/debian/pool/main/m/minicom/", "package_name": "minicom_2.7-1+deb8u1_amd64.deb", "product": "minicom", "version": "2.7", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/minicom/", + "url": "http://ftp.debian.org/debian/pool/main/m/minicom/", "package_name": "minicom_2.7-1+deb8u1_armel.deb", "product": "minicom", "version": "2.7", diff --git a/test/test_data/minidlna.py b/test/test_data/minidlna.py index 98c33ca03d..0655ce4be0 100644 --- a/test/test_data/minidlna.py +++ b/test/test_data/minidlna.py @@ -12,13 +12,13 @@ "version": "1.3.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/minidlna/", + "url": "http://ftp.debian.org/debian/pool/main/m/minidlna/", "package_name": "minidlna_1.1.2+dfsg-1.1+b3_amd64.deb", "product": "minidlna", "version": "1.1.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/minidlna/", + "url": "http://ftp.debian.org/debian/pool/main/m/minidlna/", "package_name": "minidlna_1.1.2+dfsg-1.1+b3_armel.deb", "product": "minidlna", "version": "1.1.2", diff --git a/test/test_data/modsecurity.py b/test/test_data/modsecurity.py index b67483ff23..884786c5a6 100644 --- a/test/test_data/modsecurity.py +++ b/test/test_data/modsecurity.py @@ -16,7 +16,7 @@ "version": "3.0.8", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/modsecurity/", + "url": "http://ftp.debian.org/debian/pool/main/m/modsecurity/", "package_name": "libmodsecurity3_3.0.3-1+deb10u2_amd64.deb", "product": "modsecurity", "version": "3.0.3", diff --git a/test/test_data/monit.py b/test/test_data/monit.py index 90adf9acb7..e96925d83d 100644 --- a/test/test_data/monit.py +++ b/test/test_data/monit.py @@ -12,7 +12,7 @@ "version": "5.32.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/monit/", + "url": "http://ftp.debian.org/debian/pool/main/m/monit/", "package_name": "monit_5.27.1-1~bpo10+1_amd64.deb", "product": "monit", "version": "5.27.1", diff --git a/test/test_data/motion.py b/test/test_data/motion.py index 11238d70ee..72eba92922 100644 --- a/test/test_data/motion.py +++ b/test/test_data/motion.py @@ -18,13 +18,13 @@ "version": "4.4.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/motion/", + "url": "http://ftp.debian.org/debian/pool/main/m/motion/", "package_name": "motion_3.2.12+git20140228-4+b3_amd64.deb", "product": "motion", "version": "3.2.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/motion/", + "url": "http://ftp.debian.org/debian/pool/main/m/motion/", "package_name": "motion_3.2.12+git20140228-4+b3_armel.deb", "product": "motion", "version": "3.2.12", diff --git a/test/test_data/mpg123.py b/test/test_data/mpg123.py index c0b677ddc3..ae3339bc4d 100644 --- a/test/test_data/mpg123.py +++ b/test/test_data/mpg123.py @@ -12,7 +12,7 @@ "version": "1.31.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mpg123/", + "url": "http://ftp.debian.org/debian/pool/main/m/mpg123/", "package_name": "mpg123_1.25.10-2_amd64.deb", "product": "mpg123", "version": "1.25.10", diff --git a/test/test_data/mpv.py b/test/test_data/mpv.py index cfbc7b740e..6612a2f906 100644 --- a/test/test_data/mpv.py +++ b/test/test_data/mpv.py @@ -18,13 +18,13 @@ "version": "0.34.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mpv/", + "url": "http://ftp.debian.org/debian/pool/main/m/mpv/", "package_name": "libmpv1_0.23.0-2+deb9u2_amd64.deb", "product": "mpv", "version": "0.23.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mpv/", + "url": "http://ftp.debian.org/debian/pool/main/m/mpv/", "package_name": "libmpv1_0.23.0-2+deb9u2_arm64.deb", "product": "mpv", "version": "0.23.0", diff --git a/test/test_data/msmtp.py b/test/test_data/msmtp.py index 053449cc1f..d7408997b2 100644 --- a/test/test_data/msmtp.py +++ b/test/test_data/msmtp.py @@ -17,7 +17,7 @@ "version": "1.8.22", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/msmtp/", + "url": "http://ftp.debian.org/debian/pool/main/m/msmtp/", "package_name": "msmtp_1.6.6-1_amd64.deb", "product": "msmtp", "version": "1.6.6", diff --git a/test/test_data/mupdf.py b/test/test_data/mupdf.py index d0f0593876..9a50b1b705 100644 --- a/test/test_data/mupdf.py +++ b/test/test_data/mupdf.py @@ -12,7 +12,7 @@ "version": "1.22.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mupdf/", + "url": "http://ftp.debian.org/debian/pool/main/m/mupdf/", "package_name": "mupdf_1.14.0+ds1-4+deb10u3_amd64.deb", "product": "mupdf", "version": "1.14.0", diff --git a/test/test_data/mutt.py b/test/test_data/mutt.py index 2fa2f91f18..d9e0a789fc 100644 --- a/test/test_data/mutt.py +++ b/test/test_data/mutt.py @@ -32,13 +32,13 @@ "version": "2.2.7", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mutt/", + "url": "http://ftp.debian.org/debian/pool/main/m/mutt/", "package_name": "mutt-patched_1.5.23-3_amd64.deb", "product": "mutt", "version": "1.5.23", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mutt/", + "url": "http://ftp.debian.org/debian/pool/main/m/mutt/", "package_name": "mutt-patched_1.5.23-3_armel.deb", "product": "mutt", "version": "1.5.23", diff --git a/test/test_data/nano.py b/test/test_data/nano.py index 9382236cb8..854241815e 100644 --- a/test/test_data/nano.py +++ b/test/test_data/nano.py @@ -40,7 +40,7 @@ "version": "4.6", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nano/", + "url": "http://ftp.debian.org/debian/pool/main/n/nano/", "package_name": "nano_2.2.6-3_amd64.deb", "product": "nano", "version": "2.2.6", diff --git a/test/test_data/nasm.py b/test/test_data/nasm.py index 104b7fe988..0158074464 100644 --- a/test/test_data/nasm.py +++ b/test/test_data/nasm.py @@ -16,7 +16,7 @@ "version": "2.15.05", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nasm/", + "url": "http://ftp.debian.org/debian/pool/main/n/nasm/", "package_name": "nasm_2.12.01-1+b1_amd64.deb", "product": "netwide_assembler", "version": "2.12.01", diff --git a/test/test_data/nbd.py b/test/test_data/nbd.py index 98312b8853..dc61bbbe09 100644 --- a/test/test_data/nbd.py +++ b/test/test_data/nbd.py @@ -27,13 +27,13 @@ "version": "3.24", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nbd/", + "url": "http://ftp.debian.org/debian/pool/main/n/nbd/", "package_name": "nbd-server_3.15.2-3_amd64.deb", "product": "network_block_device", "version": "3.15.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nbd/", + "url": "http://ftp.debian.org/debian/pool/main/n/nbd/", "package_name": "nbd-client_3.15.2-3_arm64.deb", "product": "network_block_device", "version": "3.15.2", diff --git a/test/test_data/neon.py b/test/test_data/neon.py index d2569620ed..1a89f8513c 100644 --- a/test/test_data/neon.py +++ b/test/test_data/neon.py @@ -18,7 +18,7 @@ "version": "0.32.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/neon27/", + "url": "http://ftp.debian.org/debian/pool/main/n/neon27/", "package_name": "libneon27_0.30.1-1_amd64.deb", "product": "neon", "version": "0.30.1", diff --git a/test/test_data/netatalk.py b/test/test_data/netatalk.py index f375a63c8d..021890bc3c 100644 --- a/test/test_data/netatalk.py +++ b/test/test_data/netatalk.py @@ -22,13 +22,13 @@ "version": "3.1.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/netatalk/", + "url": "http://ftp.debian.org/debian/pool/main/n/netatalk/", "package_name": "netatalk_2.2.5-2+deb9u1_amd64.deb", "product": "netatalk", "version": "2.2.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/netatalk/", + "url": "http://ftp.debian.org/debian/pool/main/n/netatalk/", "package_name": "netatalk_2.2.5-2+deb9u1_arm64.deb", "product": "netatalk", "version": "2.2.5", diff --git a/test/test_data/netdata.py b/test/test_data/netdata.py index 477849eb89..4b51eadd72 100644 --- a/test/test_data/netdata.py +++ b/test/test_data/netdata.py @@ -13,7 +13,7 @@ "other_products": ["sqlite"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/netdata/", + "url": "http://ftp.debian.org/debian/pool/main/n/netdata/", "package_name": "netdata-core_1.12.0-1+deb10u1_amd64.deb", "product": "netdata", "version": "1.12.0", diff --git a/test/test_data/netkit_ftp.py b/test/test_data/netkit_ftp.py index ed265c0d08..85c1ae0a38 100644 --- a/test/test_data/netkit_ftp.py +++ b/test/test_data/netkit_ftp.py @@ -16,7 +16,7 @@ "version": "0.17", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/netkit-ftp/", + "url": "http://ftp.debian.org/debian/pool/main/n/netkit-ftp/", "package_name": "ftp_0.17-31_amd64.deb", "product": "netkit_ftp", "version": "0.17", diff --git a/test/test_data/netpbm.py b/test/test_data/netpbm.py index af70414ef9..f893aa6a12 100644 --- a/test/test_data/netpbm.py +++ b/test/test_data/netpbm.py @@ -23,13 +23,13 @@ "version": "10.35.58", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/netpbm-free/", + "url": "http://ftp.debian.org/debian/pool/main/n/netpbm-free/", "package_name": "libnetpbm10_10.0-15.2_amd64.deb", "product": "netpbm", "version": "10.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/netpbm-free/", + "url": "http://ftp.debian.org/debian/pool/main/n/netpbm-free/", "package_name": "netpbm_10.0-15.3+b2_amd64.deb", "product": "netpbm", "version": "10.0", diff --git a/test/test_data/nghttp2.py b/test/test_data/nghttp2.py index d82c0e360f..6dea3000d1 100644 --- a/test/test_data/nghttp2.py +++ b/test/test_data/nghttp2.py @@ -23,13 +23,13 @@ "version": "1.50.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nghttp2/", + "url": "http://ftp.debian.org/debian/pool/main/n/nghttp2/", "package_name": "libnghttp2-14_1.18.1-1+deb9u1_amd64.deb", "product": "nghttp2", "version": "1.18.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nghttp2/", + "url": "http://ftp.debian.org/debian/pool/main/n/nghttp2/", "package_name": "libnghttp2-14_1.18.1-1+deb9u1_arm64.deb", "product": "nghttp2", "version": "1.18.1", diff --git a/test/test_data/nginx.py b/test/test_data/nginx.py index 84745aec04..aae76464e9 100644 --- a/test/test_data/nginx.py +++ b/test/test_data/nginx.py @@ -16,7 +16,7 @@ "version": "1.8.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nginx/", + "url": "http://ftp.debian.org/debian/pool/main/n/nginx/", "package_name": "nginx-full_1.10.3-1+deb9u4_amd64.deb", "product": "nginx", "version": "1.10.3", diff --git a/test/test_data/ngircd.py b/test/test_data/ngircd.py index a84934eedb..d3bd8105d3 100644 --- a/test/test_data/ngircd.py +++ b/test/test_data/ngircd.py @@ -17,7 +17,7 @@ "version": "26.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/ngircd/", + "url": "http://ftp.debian.org/debian/pool/main/n/ngircd/", "package_name": "ngircd_26.1-1_amd64.deb", "product": "ngircd", "version": "26.1", diff --git a/test/test_data/nmap.py b/test/test_data/nmap.py index 8423fe1411..a0cabe76f6 100644 --- a/test/test_data/nmap.py +++ b/test/test_data/nmap.py @@ -20,7 +20,7 @@ "other_products": ["lua"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nmap/", + "url": "http://ftp.debian.org/debian/pool/main/n/nmap/", "package_name": "nmap_7.40-1_amd64.deb", "product": "nmap", "version": "7.40", diff --git a/test/test_data/node.py b/test/test_data/node.py index 6c30f88090..b1104885b0 100644 --- a/test/test_data/node.py +++ b/test/test_data/node.py @@ -17,7 +17,7 @@ "other_products": ["libuv", "zlib"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nodejs/", + "url": "http://ftp.debian.org/debian/pool/main/n/nodejs/", "package_name": "nodejs_0.10.29~dfsg-2_amd64.deb", "product": "node.js", "version": "0.10.29", diff --git a/test/test_data/ntfs_3g.py b/test/test_data/ntfs_3g.py index 9a4038f55e..bfb4da2bb2 100644 --- a/test/test_data/ntfs_3g.py +++ b/test/test_data/ntfs_3g.py @@ -21,7 +21,7 @@ "version": "2022.10.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/ntfs-3g/", + "url": "http://ftp.debian.org/debian/pool/main/n/ntfs-3g/", "package_name": "ntfs-3g_2017.3.23AR.3-3+deb10u2_amd64.deb", "product": "ntfs-3g", "version": "2017.3.23", diff --git a/test/test_data/ntpsec.py b/test/test_data/ntpsec.py index 4336462748..1e5f637cd3 100644 --- a/test/test_data/ntpsec.py +++ b/test/test_data/ntpsec.py @@ -23,7 +23,7 @@ "version": "1.2.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/ntpsec/", + "url": "http://ftp.debian.org/debian/pool/main/n/ntpsec/", "package_name": "ntpsec_1.1.3+dfsg1-2+deb10u1_amd64.deb", "product": "ntpsec", "version": "1.1.3", diff --git a/test/test_data/open_iscsi.py b/test/test_data/open_iscsi.py index dd87db76f1..13273df481 100644 --- a/test/test_data/open_iscsi.py +++ b/test/test_data/open_iscsi.py @@ -16,7 +16,7 @@ "version": "2.1.8", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/o/open-iscsi/", + "url": "http://ftp.debian.org/debian/pool/main/o/open-iscsi/", "package_name": "open-iscsi_2.1.3-5_amd64.deb", "product": "open-iscsi", "version": "2.1.3", diff --git a/test/test_data/opencv.py b/test/test_data/opencv.py index 5607c5fb42..e29e683cdd 100644 --- a/test/test_data/opencv.py +++ b/test/test_data/opencv.py @@ -18,13 +18,13 @@ "version": "4.5.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/o/opencv/", + "url": "http://ftp.debian.org/debian/pool/main/o/opencv/", "package_name": "libopencv-calib3d2.4v5_2.4.9.1+dfsg1-2_amd64.deb", "product": "opencv", "version": "2.4.9.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/o/opencv/", + "url": "http://ftp.debian.org/debian/pool/main/o/opencv/", "package_name": "libopencv-calib3d2.4v5_2.4.9.1+dfsg1-2_arm64.deb", "product": "opencv", "version": "2.4.9.1", diff --git a/test/test_data/openjpeg.py b/test/test_data/openjpeg.py index e08410565e..7ae8caa42f 100644 --- a/test/test_data/openjpeg.py +++ b/test/test_data/openjpeg.py @@ -19,7 +19,7 @@ "version": "1.5.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/o/openjpeg2/", + "url": "http://ftp.debian.org/debian/pool/main/o/openjpeg2/", "package_name": "libopenjp2-7_2.1.0-2+deb8u3+b1_amd64.deb", "product": "openjpeg", "version": "2.1.0", diff --git a/test/test_data/opensc.py b/test/test_data/opensc.py index 39abe975b6..88afdec445 100644 --- a/test/test_data/opensc.py +++ b/test/test_data/opensc.py @@ -12,7 +12,7 @@ "version": "0.23.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/o/opensc/", + "url": "http://ftp.debian.org/debian/pool/main/o/opensc/", "package_name": "opensc_0.14.0-2_amd64.deb", "product": "opensc", "version": "0.14.0", diff --git a/test/test_data/openssh.py b/test/test_data/openssh.py index 2593b5e3d7..9924f96fa3 100644 --- a/test/test_data/openssh.py +++ b/test/test_data/openssh.py @@ -12,7 +12,7 @@ "version": "6.8p1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/o/openssh/", + "url": "http://ftp.debian.org/debian/pool/main/o/openssh/", "package_name": "openssh-client_6.7p1-5+deb8u4_amd64.deb", "product": "openssh", "version": "6.7p1", diff --git a/test/test_data/pango.py b/test/test_data/pango.py index 2281029047..6444448c83 100644 --- a/test/test_data/pango.py +++ b/test/test_data/pango.py @@ -27,7 +27,7 @@ "version": "1.50.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/pango1.0/", + "url": "http://ftp.debian.org/debian/pool/main/p/pango1.0/", "package_name": "libpango-1.0-0_1.40.5-1_arm64.deb", "product": "pango", "version": "1.40.5", diff --git a/test/test_data/patch.py b/test/test_data/patch.py index 9bfe83f69b..fab7fce6e4 100644 --- a/test/test_data/patch.py +++ b/test/test_data/patch.py @@ -19,13 +19,13 @@ "version": "2.7.6", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/patch/", + "url": "http://ftp.debian.org/debian/pool/main/p/patch/", "package_name": "patch_2.7.5-1+deb8u1_amd64.deb", "product": "patch", "version": "2.7.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/patch/", + "url": "http://ftp.debian.org/debian/pool/main/p/patch/", "package_name": "patch_2.7.5-1+deb8u1_armel.deb", "product": "patch", "version": "2.7.5", diff --git a/test/test_data/pcre2.py b/test/test_data/pcre2.py index 46cdd4c4eb..424b75f11c 100644 --- a/test/test_data/pcre2.py +++ b/test/test_data/pcre2.py @@ -12,7 +12,7 @@ "version": "10.42", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/pcre2/", + "url": "http://ftp.debian.org/debian/pool/main/p/pcre2/", "package_name": "libpcre2-16-0_10.22-3_amd64.deb", "product": "pcre2", "version": "10.22", diff --git a/test/test_data/perl.py b/test/test_data/perl.py index 7189dbddb6..e7488f59b4 100644 --- a/test/test_data/perl.py +++ b/test/test_data/perl.py @@ -17,7 +17,7 @@ "version": "5.36.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/perl/", + "url": "http://ftp.debian.org/debian/pool/main/p/perl/", "package_name": "perl-base_5.20.2-3+deb8u11_amd64.deb", "product": "perl", "version": "5.20.2", diff --git a/test/test_data/php.py b/test/test_data/php.py index b4e754c7dc..46394a27ed 100644 --- a/test/test_data/php.py +++ b/test/test_data/php.py @@ -12,7 +12,7 @@ "version": "8.2.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/php7.3/", + "url": "http://ftp.debian.org/debian/pool/main/p/php7.3/", "package_name": "libphp7.3-embed_7.3.31-1~deb10u1_amd64.deb", "product": "php", "version": "7.3.31", diff --git a/test/test_data/picocom.py b/test/test_data/picocom.py index c4fbc19e86..0be088cd8d 100644 --- a/test/test_data/picocom.py +++ b/test/test_data/picocom.py @@ -13,7 +13,7 @@ "version": "3.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/picocom/", + "url": "http://ftp.debian.org/debian/pool/main/p/picocom/", "package_name": "picocom_1.7-1_amd64.deb", "product": "picocom", "version": "1.7", diff --git a/test/test_data/pigz.py b/test/test_data/pigz.py index 4b1b9afed8..3f298351d5 100644 --- a/test/test_data/pigz.py +++ b/test/test_data/pigz.py @@ -39,7 +39,7 @@ "version": "2.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/pigz/", + "url": "http://ftp.debian.org/debian/pool/main/p/pigz/", "package_name": "pigz_2.3.1-2_amd64.deb", "product": "pigz", "version": "2.3.1", diff --git a/test/test_data/pixman.py b/test/test_data/pixman.py index eb8718255d..c10869b16e 100644 --- a/test/test_data/pixman.py +++ b/test/test_data/pixman.py @@ -21,7 +21,7 @@ "version": "0.42.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/pixman/", + "url": "http://ftp.debian.org/debian/pool/main/p/pixman/", "package_name": "libpixman-1-0_0.36.0-1_amd64.deb", "product": "pixman", "version": "0.36.0", diff --git a/test/test_data/png.py b/test/test_data/png.py index fa4bc53b4d..c617677d11 100644 --- a/test/test_data/png.py +++ b/test/test_data/png.py @@ -26,7 +26,7 @@ "version": "1.5.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libp/libpng/", + "url": "http://ftp.debian.org/debian/pool/main/libp/libpng/", "package_name": "libpng12-0_1.2.50-2+deb8u3_amd64.deb", "product": "libpng", "version": "1.2.50", diff --git a/test/test_data/ppp.py b/test/test_data/ppp.py index baa736c056..2e753ea74b 100644 --- a/test/test_data/ppp.py +++ b/test/test_data/ppp.py @@ -32,13 +32,13 @@ "version": "2.4.9", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/ppp/", + "url": "http://ftp.debian.org/debian/pool/main/p/ppp/", "package_name": "ppp_2.4.6-3.1_amd64.deb", "product": "point-to-point_protocol", "version": "2.4.6", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/ppp/", + "url": "http://ftp.debian.org/debian/pool/main/p/ppp/", "package_name": "ppp_2.4.6-3.1_armel.deb", "product": "point-to-point_protocol", "version": "2.4.6", diff --git a/test/test_data/privoxy.py b/test/test_data/privoxy.py index d51d1eaa8e..91aa6c24f7 100644 --- a/test/test_data/privoxy.py +++ b/test/test_data/privoxy.py @@ -22,13 +22,13 @@ "version": "3.0.33", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/privoxy/", + "url": "http://ftp.debian.org/debian/pool/main/p/privoxy/", "package_name": "privoxy_3.0.21-7+deb8u1_amd64.deb", "product": "privoxy", "version": "3.0.21", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/privoxy/", + "url": "http://ftp.debian.org/debian/pool/main/p/privoxy/", "package_name": "privoxy_3.0.21-7+deb8u1_armel.deb", "product": "privoxy", "version": "3.0.21", diff --git a/test/test_data/procps_ng.py b/test/test_data/procps_ng.py index 0f17662e40..e0de6032a4 100644 --- a/test/test_data/procps_ng.py +++ b/test/test_data/procps_ng.py @@ -18,7 +18,7 @@ "version": "4.0.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/procps/", + "url": "http://ftp.debian.org/debian/pool/main/p/procps/", "package_name": "procps_3.3.12-3+deb9u1_amd64.deb", "product": "procps-ng", "version": "3.3.12", diff --git a/test/test_data/protobuf_c.py b/test/test_data/protobuf_c.py index 22ffaf2dff..1f1cc92cd6 100644 --- a/test/test_data/protobuf_c.py +++ b/test/test_data/protobuf_c.py @@ -16,7 +16,7 @@ "version": "1.4.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/protobuf-c/", + "url": "http://ftp.debian.org/debian/pool/main/p/protobuf-c/", "package_name": "libprotobuf-c1_1.3.1-1+b1_amd64.deb", "product": "protobuf-c", "version": "1.3.1", diff --git a/test/test_data/pure_ftpd.py b/test/test_data/pure_ftpd.py index 10381927b0..cf4879f2f9 100644 --- a/test/test_data/pure_ftpd.py +++ b/test/test_data/pure_ftpd.py @@ -22,7 +22,7 @@ "version": "1.0.51", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/pure-ftpd/", + "url": "http://ftp.debian.org/debian/pool/main/p/pure-ftpd/", "package_name": "pure-ftpd_1.0.43-3_arm64.deb", "product": "pure-ftpd", "version": "1.0.43", diff --git a/test/test_data/putty.py b/test/test_data/putty.py index 5b35e1215c..8c966c5e01 100644 --- a/test/test_data/putty.py +++ b/test/test_data/putty.py @@ -19,7 +19,7 @@ "version": "0.77", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/putty/", + "url": "http://ftp.debian.org/debian/pool/main/p/putty/", "package_name": "putty_0.70-6_arm64.deb", "product": "putty", "version": "0.70", diff --git a/test/test_data/python.py b/test/test_data/python.py index 91a1569b9e..d91c16d970 100644 --- a/test/test_data/python.py +++ b/test/test_data/python.py @@ -42,13 +42,13 @@ "version": "3.9.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/python2.7/", + "url": "http://ftp.debian.org/debian/pool/main/p/python2.7/", "package_name": "python2.7-minimal_2.7.13-2+deb9u3_amd64.deb", "product": "python", "version": "2.7.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/python3.11/", + "url": "http://ftp.debian.org/debian/pool/main/p/python3.11/", "package_name": "python3.11-minimal_3.11.1-2_amd64.deb", "product": "python", "version": "3.11.1", diff --git a/test/test_data/qemu.py b/test/test_data/qemu.py index 2fa99210a9..3dd3743047 100644 --- a/test/test_data/qemu.py +++ b/test/test_data/qemu.py @@ -17,7 +17,7 @@ "other_products": ["gcc"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/q/qemu/", + "url": "http://ftp.debian.org/debian/pool/main/q/qemu/", "package_name": "qemu-system-x86_7.2+dfsg-1_amd64.deb", "product": "qemu", "version": "7.2.0", diff --git a/test/test_data/qpdf.py b/test/test_data/qpdf.py index 358aeaeeb7..09b47339c7 100644 --- a/test/test_data/qpdf.py +++ b/test/test_data/qpdf.py @@ -17,7 +17,7 @@ "version": "11.5.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/q/qpdf/", + "url": "http://ftp.debian.org/debian/pool/main/q/qpdf/", "package_name": "libqpdf21_8.4.0-2_amd64.deb", "product": "qpdf", "version": "8.4.0", diff --git a/test/test_data/quagga.py b/test/test_data/quagga.py index 7fb49d5b84..f1579261d5 100644 --- a/test/test_data/quagga.py +++ b/test/test_data/quagga.py @@ -22,13 +22,13 @@ "version": "1.2.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/q/quagga/", + "url": "http://ftp.debian.org/debian/pool/main/q/quagga/", "package_name": "quagga-core_1.1.1-3+deb9u2_amd64.deb", "product": "quagga", "version": "1.1.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/q/quagga/", + "url": "http://ftp.debian.org/debian/pool/main/q/quagga/", "package_name": "quagga-core_1.1.1-3+deb9u2_arm64.deb", "product": "quagga", "version": "1.1.1", diff --git a/test/test_data/radvd.py b/test/test_data/radvd.py index 6183cb0311..7babe63ce1 100644 --- a/test/test_data/radvd.py +++ b/test/test_data/radvd.py @@ -21,7 +21,7 @@ "version": "2.19", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/radvd/", + "url": "http://ftp.debian.org/debian/pool/main/r/radvd/", "package_name": "radvd_1.9.1-1.3_amd64.deb", "product": "router_advertisement_daemon", "version": "1.9.1", diff --git a/test/test_data/raptor.py b/test/test_data/raptor.py index 47b2a1a24e..51fd2761cd 100644 --- a/test/test_data/raptor.py +++ b/test/test_data/raptor.py @@ -21,13 +21,13 @@ "version": "2.0.15", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/raptor/", + "url": "http://ftp.debian.org/debian/pool/main/r/raptor/", "package_name": "libraptor1_1.4.21-11+b1_amd64.deb", "product": "raptor_rdf_syntax_library", "version": "1.4.21", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/raptor2/", + "url": "http://ftp.debian.org/debian/pool/main/r/raptor2/", "package_name": "libraptor2-0_2.0.14-1+b1_amd64.deb", "product": "raptor_rdf_syntax_library", "version": "2.0.14", diff --git a/test/test_data/rauc.py b/test/test_data/rauc.py index 1542dd43df..700fe73558 100644 --- a/test/test_data/rauc.py +++ b/test/test_data/rauc.py @@ -7,13 +7,13 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/rauc/", + "url": "http://ftp.debian.org/debian/pool/main/r/rauc/", "package_name": "rauc_1.5.1-1_amd64.deb", "product": "rauc", "version": "1.5.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/rauc/", + "url": "http://ftp.debian.org/debian/pool/main/r/rauc/", "package_name": "rauc_1.8-2_arm64.deb", "product": "rauc", "version": "1.8", diff --git a/test/test_data/rdesktop.py b/test/test_data/rdesktop.py index 28f7b6f5ea..3da8c3bc30 100644 --- a/test/test_data/rdesktop.py +++ b/test/test_data/rdesktop.py @@ -24,13 +24,13 @@ "version": "1.9.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/rdesktop/", + "url": "http://ftp.debian.org/debian/pool/main/r/rdesktop/", "package_name": "rdesktop_1.8.2-3+deb8u1_amd64.deb", "product": "rdesktop", "version": "1.8.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/rdesktop/", + "url": "http://ftp.debian.org/debian/pool/main/r/rdesktop/", "package_name": "rdesktop_1.8.2-3+deb8u1_armel.deb", "product": "rdesktop", "version": "1.8.2", diff --git a/test/test_data/readline.py b/test/test_data/readline.py index 456ae98f42..798a54255c 100644 --- a/test/test_data/readline.py +++ b/test/test_data/readline.py @@ -21,7 +21,7 @@ "version": "8.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/readline/", + "url": "http://ftp.debian.org/debian/pool/main/r/readline/", "package_name": "libreadline7_7.0-5_amd64.deb", "product": "readline", "version": "7.0", diff --git a/test/test_data/rpm.py b/test/test_data/rpm.py index 1f8c9ca677..5e6732b981 100644 --- a/test/test_data/rpm.py +++ b/test/test_data/rpm.py @@ -12,7 +12,7 @@ "version": "4.18.92", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/rpm/", + "url": "http://ftp.debian.org/debian/pool/main/r/rpm/", "package_name": "librpm8_4.14.2.1+dfsg1-1_amd64.deb", "product": "rpm", "version": "4.14.2.1", diff --git a/test/test_data/rsync.py b/test/test_data/rsync.py index f287e3e413..453ee12111 100644 --- a/test/test_data/rsync.py +++ b/test/test_data/rsync.py @@ -19,7 +19,7 @@ "version": "3.2.6", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/rsync/", + "url": "http://ftp.debian.org/debian/pool/main/r/rsync/", "package_name": "rsync_3.1.1-3+deb8u1_armel.deb", "product": "rsync", "version": "3.1.1", diff --git a/test/test_data/rtl_433.py b/test/test_data/rtl_433.py index 2038cb0371..02ea9d8566 100644 --- a/test/test_data/rtl_433.py +++ b/test/test_data/rtl_433.py @@ -13,7 +13,7 @@ "version": "21.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/rtl-433/", + "url": "http://ftp.debian.org/debian/pool/main/r/rtl-433/", "package_name": "rtl-433_20.11-1_amd64.deb", "product": "rtl_433", "version": "20.11", diff --git a/test/test_data/rtmpdump.py b/test/test_data/rtmpdump.py index 158c5fb532..7a4d06277a 100644 --- a/test/test_data/rtmpdump.py +++ b/test/test_data/rtmpdump.py @@ -12,7 +12,7 @@ "version": "2.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/rtmpdump/", + "url": "http://ftp.debian.org/debian/pool/main/r/rtmpdump/", "package_name": "rtmpdump_2.4%2B20151223.gitfa8646d.1-1%2Bb1_amd64.deb", "product": "rtmpdump", "version": "2.4", diff --git a/test/test_data/runc.py b/test/test_data/runc.py index 6f26ed464d..203a1ddbdd 100644 --- a/test/test_data/runc.py +++ b/test/test_data/runc.py @@ -13,7 +13,7 @@ "other_products": ["go"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/runc/", + "url": "http://ftp.debian.org/debian/pool/main/r/runc/", "package_name": "runc_0.1.1+dfsg1-2+deb9u1_amd64.deb", "product": "runc", "version": "0.1.1", diff --git a/test/test_data/sdl.py b/test/test_data/sdl.py index 181f6913c3..b5fb6fe738 100644 --- a/test/test_data/sdl.py +++ b/test/test_data/sdl.py @@ -21,7 +21,7 @@ "version": "2.26.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libs/libsdl2/", + "url": "http://ftp.debian.org/debian/pool/main/libs/libsdl2/", "package_name": "libsdl2-2.0-0_2.0.2+dfsg1-6_amd64.deb", "product": "simple_directmedia_layer", "version": "2.0.2", diff --git a/test/test_data/shadowsocks_libev.py b/test/test_data/shadowsocks_libev.py index 1ec719486c..ebe0dda75f 100644 --- a/test/test_data/shadowsocks_libev.py +++ b/test/test_data/shadowsocks_libev.py @@ -27,14 +27,14 @@ "version": "3.3.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/shadowsocks-libev/", + "url": "http://ftp.debian.org/debian/pool/main/s/shadowsocks-libev/", "package_name": "libshadowsocks-libev2_2.6.3+ds-3+deb9u1_amd64.deb", "product": "shadowsocks-libev", "version": "2.6.3", "other_products": ["mbed_tls"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/shadowsocks-libev/", + "url": "http://ftp.debian.org/debian/pool/main/s/shadowsocks-libev/", "package_name": "libshadowsocks-libev2_2.6.3+ds-3+deb9u1_arm64.deb", "product": "shadowsocks-libev", "version": "2.6.3", diff --git a/test/test_data/snapd.py b/test/test_data/snapd.py index 9717a9be64..043050a8e5 100644 --- a/test/test_data/snapd.py +++ b/test/test_data/snapd.py @@ -6,7 +6,7 @@ ] package_test_data = [ { - "url": "https://distrib-coffee.ipsl.jussieu.fr/pub/linux/altlinux/p10/branch/aarch64/RPMS.classic/", + "url": "https://distrib-coffee.ipsl.jussieu/pub/linux/altlinux/p10/branch/aarch64/RPMS.classic/", "package_name": "snapd-2.56-alt1.aarch64.rpm", "product": "snapd", "version": "2.56", diff --git a/test/test_data/sngrep.py b/test/test_data/sngrep.py index dc59bf90a7..cae0099d95 100644 --- a/test/test_data/sngrep.py +++ b/test/test_data/sngrep.py @@ -12,7 +12,7 @@ "version": "1.7.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/sngrep/", + "url": "http://ftp.debian.org/debian/pool/main/s/sngrep/", "package_name": "sngrep_1.4.6-1_amd64.deb", "product": "sngrep", "version": "1.4.6", diff --git a/test/test_data/snort.py b/test/test_data/snort.py index 3a5d514f4e..5ba06a2b80 100644 --- a/test/test_data/snort.py +++ b/test/test_data/snort.py @@ -23,13 +23,13 @@ "version": "3.1.43.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/snort/", + "url": "http://ftp.debian.org/debian/pool/main/s/snort/", "package_name": "snort_2.9.7.0-5_arm64.deb", "product": "snort", "version": "2.9.7.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/snort/", + "url": "http://ftp.debian.org/debian/pool/main/s/snort/", "package_name": "snort_2.9.15.1-5_amd64.deb", "product": "snort", "version": "2.9.15.1", diff --git a/test/test_data/socat.py b/test/test_data/socat.py index e645391b65..eafd1dc397 100644 --- a/test/test_data/socat.py +++ b/test/test_data/socat.py @@ -18,13 +18,13 @@ "version": "2.0.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/socat/", + "url": "http://ftp.debian.org/debian/pool/main/s/socat/", "package_name": "socat_1.7.2.4-2_amd64.deb", "product": "socat", "version": "1.7.2.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/socat/", + "url": "http://ftp.debian.org/debian/pool/main/s/socat/", "package_name": "socat_1.7.2.4-2_armel.deb", "product": "socat", "version": "1.7.2.4", diff --git a/test/test_data/sofia_sip.py b/test/test_data/sofia_sip.py index cd107d5f4a..550d26c5d6 100644 --- a/test/test_data/sofia_sip.py +++ b/test/test_data/sofia_sip.py @@ -16,13 +16,13 @@ "version": "1.13.9", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/sofia-sip/", + "url": "http://ftp.debian.org/debian/pool/main/s/sofia-sip/", "package_name": "libsofia-sip-ua0_1.12.11+20110422.1-2_amd64.deb", "product": "sofia-sip", "version": "1.12.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/sofia-sip/", + "url": "http://ftp.debian.org/debian/pool/main/s/sofia-sip/", "package_name": "libsofia-sip-ua0_1.12.11+20110422.1-2_armel.deb", "product": "sofia-sip", "version": "1.12.11", diff --git a/test/test_data/speex.py b/test/test_data/speex.py index 7a01585a1e..e877dd572a 100644 --- a/test/test_data/speex.py +++ b/test/test_data/speex.py @@ -22,7 +22,7 @@ "version": "1.2.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/speex/", + "url": "http://ftp.debian.org/debian/pool/main/s/speex/", "package_name": "libspeex1_1.2~rc1.2-1+b2_amd64.deb", "product": "speex", "version": "1.2", diff --git a/test/test_data/spice.py b/test/test_data/spice.py index a6c6ac21f9..9614c055d4 100644 --- a/test/test_data/spice.py +++ b/test/test_data/spice.py @@ -18,13 +18,13 @@ "version": "0.14.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/spice/", + "url": "http://ftp.debian.org/debian/pool/main/s/spice/", "package_name": "libspice-server1_0.12.5-1+deb8u5_amd64.deb", "product": "spice", "version": "0.12.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/spice/", + "url": "http://ftp.debian.org/debian/pool/main/s/spice/", "package_name": "libspice-server1_0.12.5-1+deb8u5_i386.deb", "product": "spice", "version": "0.12.5", diff --git a/test/test_data/squashfs.py b/test/test_data/squashfs.py index 08e32feafd..6fb7de29ab 100644 --- a/test/test_data/squashfs.py +++ b/test/test_data/squashfs.py @@ -22,13 +22,13 @@ "version": "4.5.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/squashfs-tools/", + "url": "http://ftp.debian.org/debian/pool/main/s/squashfs-tools/", "package_name": "squashfs-tools_4.3-12+deb10u2_amd64.deb", "product": "squashfs", "version": "4.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/squashfs-tools/", + "url": "http://ftp.debian.org/debian/pool/main/s/squashfs-tools/", "package_name": "squashfs-tools_4.5.1-1_arm64.deb", "product": "squashfs", "version": "4.5.1", diff --git a/test/test_data/squid.py b/test/test_data/squid.py index a1141402ff..c5aad8e000 100644 --- a/test/test_data/squid.py +++ b/test/test_data/squid.py @@ -18,13 +18,13 @@ "version": "5.7", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/squid/", + "url": "http://ftp.debian.org/debian/pool/main/s/squid/", "package_name": "squid_4.11-2~bpo10+1_amd64.deb", "product": "squid", "version": "4.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/squid/", + "url": "http://ftp.debian.org/debian/pool/main/s/squid/", "package_name": "squid_4.11-2~bpo10+1_arm64.deb", "product": "squid", "version": "4.11", diff --git a/test/test_data/sslh.py b/test/test_data/sslh.py index 3ba1269883..3de24306b4 100644 --- a/test/test_data/sslh.py +++ b/test/test_data/sslh.py @@ -14,7 +14,7 @@ "version": "1.22c", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/sslh/", + "url": "http://ftp.debian.org/debian/pool/main/s/sslh/", "package_name": "sslh_1.16-2_amd64.deb", "product": "sslh", "version": "1.16", diff --git a/test/test_data/stellarium.py b/test/test_data/stellarium.py index 3d5e7bf548..e9ed3ba08b 100644 --- a/test/test_data/stellarium.py +++ b/test/test_data/stellarium.py @@ -12,7 +12,7 @@ "version": "1.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/stellarium/", + "url": "http://ftp.debian.org/debian/pool/main/s/stellarium/", "package_name": "stellarium_0.13.1-1_amd64.deb", "product": "stellarium", "version": "0.13.1", diff --git a/test/test_data/sudo.py b/test/test_data/sudo.py index bc2c4692d5..7bb38e343b 100644 --- a/test/test_data/sudo.py +++ b/test/test_data/sudo.py @@ -31,7 +31,7 @@ "other_products": ["protobuf-c"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/sudo/", + "url": "http://ftp.debian.org/debian/pool/main/s/sudo/", "package_name": "sudo_1.8.10p3-1+deb8u5_amd64.deb", "product": "sudo", "version": "1.8.10p3", diff --git a/test/test_data/sylpheed.py b/test/test_data/sylpheed.py index 729f8ecabc..22d8f81292 100644 --- a/test/test_data/sylpheed.py +++ b/test/test_data/sylpheed.py @@ -18,7 +18,7 @@ "version": "3.7.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/sylpheed/", + "url": "http://ftp.debian.org/debian/pool/main/s/sylpheed/", "package_name": "sylpheed_3.5.1-2+b1_arm64.deb", "product": "sylpheed", "version": "3.5.1", diff --git a/test/test_data/sysstat.py b/test/test_data/sysstat.py index a97cdbc03f..5f148832a2 100644 --- a/test/test_data/sysstat.py +++ b/test/test_data/sysstat.py @@ -21,7 +21,7 @@ "version": "12.7.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/sysstat/", + "url": "http://ftp.debian.org/debian/pool/main/s/sysstat/", "package_name": "sysstat_11.0.1-1_amd64.deb", "product": "sysstat", "version": "11.0.1", diff --git a/test/test_data/tar.py b/test/test_data/tar.py index 61b71f3b2d..2015f2a17b 100644 --- a/test/test_data/tar.py +++ b/test/test_data/tar.py @@ -13,7 +13,7 @@ "version": "1.35", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tar/", + "url": "http://ftp.debian.org/debian/pool/main/t/tar/", "package_name": "tar_1.30+dfsg-6_amd64.deb", "product": "tar", "version": "1.30", diff --git a/test/test_data/tcpdump.py b/test/test_data/tcpdump.py index 4a213248ae..2b7318d035 100644 --- a/test/test_data/tcpdump.py +++ b/test/test_data/tcpdump.py @@ -38,19 +38,19 @@ "version": "4.9.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tcpdump/", + "url": "http://ftp.debian.org/debian/pool/main/t/tcpdump/", "package_name": "tcpdump_4.9.2-1~deb8u1_amd64.deb", "product": "tcpdump", "version": "4.9.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tcpdump/", + "url": "http://ftp.debian.org/debian/pool/main/t/tcpdump/", "package_name": "tcpdump_4.9.3-1~deb10u2_arm64.deb", "product": "tcpdump", "version": "4.9.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tcpdump/", + "url": "http://ftp.debian.org/debian/pool/main/t/tcpdump/", "package_name": "tcpdump_4.99.4-3_mips64el.deb", "product": "tcpdump", "version": "4.99.4", diff --git a/test/test_data/tcpreplay.py b/test/test_data/tcpreplay.py index ead9e619a3..feee66c34f 100644 --- a/test/test_data/tcpreplay.py +++ b/test/test_data/tcpreplay.py @@ -16,7 +16,7 @@ "version": "4.4.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tcpreplay/", + "url": "http://ftp.debian.org/debian/pool/main/t/tcpreplay/", "package_name": "tcpreplay_3.4.4-3_amd64.deb", "product": "tcpreplay", "version": "3.4.4", diff --git a/test/test_data/terminology.py b/test/test_data/terminology.py index aba5e7b5d1..fcb92fa918 100644 --- a/test/test_data/terminology.py +++ b/test/test_data/terminology.py @@ -21,7 +21,7 @@ "version": "1.13.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/terminology/", + "url": "http://ftp.debian.org/debian/pool/main/t/terminology/", "package_name": "terminology_1.3.2-1_amd64.deb", "product": "terminology", "version": "1.3.2", diff --git a/test/test_data/tesseract.py b/test/test_data/tesseract.py index b64597ab4b..997efaca38 100644 --- a/test/test_data/tesseract.py +++ b/test/test_data/tesseract.py @@ -12,7 +12,7 @@ "version": "5.3.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tesseract/", + "url": "http://ftp.debian.org/debian/pool/main/t/tesseract/", "package_name": "libtesseract4_4.0.0-2_amd64.deb", "product": "tesseract", "version": "4.0.0", diff --git a/test/test_data/thrift.py b/test/test_data/thrift.py index 69d72f83a6..4ee9be3ec4 100644 --- a/test/test_data/thrift.py +++ b/test/test_data/thrift.py @@ -24,13 +24,13 @@ "version": "0.16.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/thrift/", + "url": "http://ftp.debian.org/debian/pool/main/t/thrift/", "package_name": "libthrift-0.11.0_0.11.0-4_amd64.deb", "product": "thrift", "version": "0.11.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/thrift/", + "url": "http://ftp.debian.org/debian/pool/main/t/thrift/", "package_name": "libthrift-0.11.0_0.11.0-4_arm64.deb", "product": "thrift", "version": "0.11.0", diff --git a/test/test_data/thunderbird.py b/test/test_data/thunderbird.py index f0cc69d89d..77abbd34cf 100644 --- a/test/test_data/thunderbird.py +++ b/test/test_data/thunderbird.py @@ -24,7 +24,7 @@ ], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/thunderbird/", + "url": "http://ftp.debian.org/debian/pool/main/t/thunderbird/", "package_name": "thunderbird_52.8.0-1~deb8u1_amd64.deb", "product": "thunderbird", "version": "52.8.0", diff --git a/test/test_data/tinyproxy.py b/test/test_data/tinyproxy.py index 59e8b40a59..bf59b2d907 100644 --- a/test/test_data/tinyproxy.py +++ b/test/test_data/tinyproxy.py @@ -22,13 +22,13 @@ "version": "1.11.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tinyproxy/", + "url": "http://ftp.debian.org/debian/pool/main/t/tinyproxy/", "package_name": "tinyproxy-bin_1.10.0-2+deb10u1_amd64.deb", "product": "tinyproxy", "version": "1.10.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tinyproxy/", + "url": "http://ftp.debian.org/debian/pool/main/t/tinyproxy/", "package_name": "tinyproxy-bin_1.10.0-2+deb10u1_arm64.deb", "product": "tinyproxy", "version": "1.10.0", diff --git a/test/test_data/tor.py b/test/test_data/tor.py index 237853f468..d79e2075f2 100644 --- a/test/test_data/tor.py +++ b/test/test_data/tor.py @@ -18,7 +18,7 @@ "version": "0.4.7.10", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tor/", + "url": "http://ftp.debian.org/debian/pool/main/t/tor/", "package_name": "tor_0.2.9.16-1_arm64.deb", "product": "tor", "version": "0.2.9.16", diff --git a/test/test_data/tpm2_tss.py b/test/test_data/tpm2_tss.py index 5ab40e66c8..f4014fd018 100644 --- a/test/test_data/tpm2_tss.py +++ b/test/test_data/tpm2_tss.py @@ -22,7 +22,7 @@ "version": "3.2.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tpm2-tss/", + "url": "http://ftp.debian.org/debian/pool/main/t/tpm2-tss/", "package_name": "libtss2-fapi1_3.0.3-2_amd64.deb", "product": "tpm2_software_stack", "version": "3.0.3", diff --git a/test/test_data/traceroute.py b/test/test_data/traceroute.py index f3b2a9c4c6..bbe9cebb92 100644 --- a/test/test_data/traceroute.py +++ b/test/test_data/traceroute.py @@ -16,7 +16,7 @@ "version": "2.1.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/traceroute/", + "url": "http://ftp.debian.org/debian/pool/main/t/traceroute/", "package_name": "traceroute_2.1.0-2_amd64.deb", "product": "traceroute", "version": "2.1.0", diff --git a/test/test_data/transmission.py b/test/test_data/transmission.py index 2c06a88c33..38b59a9a2e 100644 --- a/test/test_data/transmission.py +++ b/test/test_data/transmission.py @@ -16,13 +16,13 @@ "version": "3.00", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/transmission/", + "url": "http://ftp.debian.org/debian/pool/main/t/transmission/", "package_name": "transmission-cli_2.84-0.2+deb8u1_amd64.deb", "product": "transmission", "version": "2.84", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/transmission/", + "url": "http://ftp.debian.org/debian/pool/main/t/transmission/", "package_name": "transmission-cli_2.84-0.2+deb8u1_armel.deb", "product": "transmission", "version": "2.84", diff --git a/test/test_data/ttyd.py b/test/test_data/ttyd.py index 1cfc02e4f9..b95241b4c3 100644 --- a/test/test_data/ttyd.py +++ b/test/test_data/ttyd.py @@ -12,7 +12,7 @@ "version": "1.7.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/ttyd/", + "url": "http://ftp.debian.org/debian/pool/main/t/ttyd/", "package_name": "ttyd_1.6.3-3~bpo11+1_amd64.deb", "product": "ttyd", "version": "1.6.3", diff --git a/test/test_data/u_boot.py b/test/test_data/u_boot.py index 3eb064aacd..952a41e203 100644 --- a/test/test_data/u_boot.py +++ b/test/test_data/u_boot.py @@ -7,14 +7,14 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/u/u-boot/", + "url": "http://ftp.debian.org/debian/pool/main/u/u-boot/", "package_name": "u-boot-rpi_2016.11+dfsg1-4_arm64.deb", "product": "u-boot", "version": "2016.11", "other_products": ["binutils"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/u/u-boot/", + "url": "http://ftp.debian.org/debian/pool/main/u/u-boot/", "package_name": "u-boot-tegra_2023.04~rc2+dfsg-1_arm64.deb", "product": "u-boot", "version": "2023.04", diff --git a/test/test_data/udisks.py b/test/test_data/udisks.py index a74c90a8bf..1d23c30f60 100644 --- a/test/test_data/udisks.py +++ b/test/test_data/udisks.py @@ -12,7 +12,7 @@ "version": "2.9.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/u/udisks2/", + "url": "http://ftp.debian.org/debian/pool/main/u/udisks2/", "package_name": "udisks2_2.8.1-4_amd64.deb", "product": "udisks", "version": "2.8.1", diff --git a/test/test_data/unbound.py b/test/test_data/unbound.py index 02f6c602cf..df04ab288b 100644 --- a/test/test_data/unbound.py +++ b/test/test_data/unbound.py @@ -18,7 +18,7 @@ "version": "1.16.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/u/unbound/", + "url": "http://ftp.debian.org/debian/pool/main/u/unbound/", "package_name": "unbound_1.6.0-3+deb9u2_arm64.deb", "product": "unbound", "version": "1.6.0", diff --git a/test/test_data/unixodbc.py b/test/test_data/unixodbc.py index 75922560af..d93739b4be 100644 --- a/test/test_data/unixodbc.py +++ b/test/test_data/unixodbc.py @@ -18,7 +18,7 @@ "version": "2.3.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/u/unixodbc/", + "url": "http://ftp.debian.org/debian/pool/main/u/unixodbc/", "package_name": "unixodbc_2.3.4-1_arm64.deb", "product": "unixodbc", "version": "2.3.4", diff --git a/test/test_data/upx.py b/test/test_data/upx.py index 69cfe2f75d..109bc77424 100644 --- a/test/test_data/upx.py +++ b/test/test_data/upx.py @@ -18,7 +18,7 @@ "version": "3.96", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/u/upx-ucl/", + "url": "http://ftp.debian.org/debian/pool/main/u/upx-ucl/", "package_name": "upx-ucl_3.91-4_arm64.deb", "product": "upx", "version": "3.91", diff --git a/test/test_data/util_linux.py b/test/test_data/util_linux.py index bca8603da3..f3306bb8d0 100644 --- a/test/test_data/util_linux.py +++ b/test/test_data/util_linux.py @@ -27,13 +27,13 @@ "version": "2.38.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/u/util-linux/", + "url": "http://ftp.debian.org/debian/pool/main/u/util-linux/", "package_name": "util-linux-extra_2.38.1-1.1+b1_amd64.deb", "product": "util-linux", "version": "2.38.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/u/util-linux/", + "url": "http://ftp.debian.org/debian/pool/main/u/util-linux/", "package_name": "util-linux-extra_2.38.1-1.1+b1_arm64.deb", "product": "util-linux", "version": "2.38.1", diff --git a/test/test_data/vlc.py b/test/test_data/vlc.py index 16e453ed0f..bf6355a693 100644 --- a/test/test_data/vlc.py +++ b/test/test_data/vlc.py @@ -6,7 +6,7 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/v/vlc/", + "url": "http://ftp.debian.org/debian/pool/main/v/vlc/", "package_name": "vlc-bin_3.0.17.4-0+deb10u1_amd64.deb", "product": "vlc", "version": "3.0.17.4", diff --git a/test/test_data/vorbis_tools.py b/test/test_data/vorbis_tools.py index 32632a248a..8f796c8e91 100644 --- a/test/test_data/vorbis_tools.py +++ b/test/test_data/vorbis_tools.py @@ -16,7 +16,7 @@ "version": "1.4.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/v/vorbis-tools/", + "url": "http://ftp.debian.org/debian/pool/main/v/vorbis-tools/", "package_name": "vorbis-tools_1.4.0-10+b1_amd64.deb", "product": "vorbis-tools", "version": "1.4.0", diff --git a/test/test_data/vsftpd.py b/test/test_data/vsftpd.py index 5e28caba8d..e53112fce3 100644 --- a/test/test_data/vsftpd.py +++ b/test/test_data/vsftpd.py @@ -18,13 +18,13 @@ "version": "3.0.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/v/vsftpd/", + "url": "http://ftp.debian.org/debian/pool/main/v/vsftpd/", "package_name": "vsftpd_3.0.2-17+deb8u1_amd64.deb", "product": "vsftpd", "version": "3.0.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/v/vsftpd/", + "url": "http://ftp.debian.org/debian/pool/main/v/vsftpd/", "package_name": "vsftpd_3.0.2-17+deb8u1_armel.deb", "product": "vsftpd", "version": "3.0.2", diff --git a/test/test_data/wireshark.py b/test/test_data/wireshark.py index f1820584e7..ccc8d30f2e 100644 --- a/test/test_data/wireshark.py +++ b/test/test_data/wireshark.py @@ -36,7 +36,7 @@ "version": "2.6.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/w/wireshark/", + "url": "http://ftp.debian.org/debian/pool/main/w/wireshark/", "package_name": "libwireshark16_4.0.3-1_amd64.deb", "product": "wireshark", "version": "4.0.3", diff --git a/test/test_data/wolfssl.py b/test/test_data/wolfssl.py index f8910a9c82..1f9a280552 100644 --- a/test/test_data/wolfssl.py +++ b/test/test_data/wolfssl.py @@ -6,13 +6,13 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/w/wolfssl/", + "url": "http://ftp.debian.org/debian/pool/main/w/wolfssl/", "package_name": "libwolfssl24_4.6.0+p1-0+deb11u1_amd64.deb", "product": "wolfssl", "version": "4.6.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/w/wolfssl/", + "url": "http://ftp.debian.org/debian/pool/main/w/wolfssl/", "package_name": "libwolfssl24_4.6.0+p1-0+deb11u1_arm64.deb", "product": "wolfssl", "version": "4.6.0", diff --git a/test/test_data/xscreensaver.py b/test/test_data/xscreensaver.py index ec7ea00470..33d4bc8971 100644 --- a/test/test_data/xscreensaver.py +++ b/test/test_data/xscreensaver.py @@ -27,7 +27,7 @@ "version": "6.05", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/x/xscreensaver/", + "url": "http://ftp.debian.org/debian/pool/main/x/xscreensaver/", "package_name": "xscreensaver_5.36-1_arm64.deb", "product": "xscreensaver", "version": "5.36", diff --git a/test/test_data/xwayland.py b/test/test_data/xwayland.py index c60ec9fdb7..f8e8a54eec 100644 --- a/test/test_data/xwayland.py +++ b/test/test_data/xwayland.py @@ -16,7 +16,7 @@ "version": "23.2.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/x/xwayland/", + "url": "http://ftp.debian.org/debian/pool/main/x/xwayland/", "package_name": "xwayland_22.1.9-1_amd64.deb", "product": "xwayland", "version": "22.1.9", diff --git a/test/test_data/yasm.py b/test/test_data/yasm.py index 2566080788..256843f6bb 100644 --- a/test/test_data/yasm.py +++ b/test/test_data/yasm.py @@ -12,7 +12,7 @@ "version": "1.3.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/y/yasm/", + "url": "http://ftp.debian.org/debian/pool/main/y/yasm/", "package_name": "yasm_1.2.0-2_amd64.deb", "product": "yasm", "version": "1.2.0", diff --git a/test/test_data/zabbix.py b/test/test_data/zabbix.py index 65783c3226..530023a524 100644 --- a/test/test_data/zabbix.py +++ b/test/test_data/zabbix.py @@ -13,7 +13,7 @@ "version": "6.0.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/z/zabbix/", + "url": "http://ftp.debian.org/debian/pool/main/z/zabbix/", "package_name": "zabbix-server-mysql_4.0.4+dfsg-1_amd64.deb", "product": "zabbix", "version": "4.0.4", diff --git a/test/test_data/zchunk.py b/test/test_data/zchunk.py index 428bdfd4cb..45ac4043df 100644 --- a/test/test_data/zchunk.py +++ b/test/test_data/zchunk.py @@ -12,7 +12,7 @@ "version": "1.3.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/z/zchunk/", + "url": "http://ftp.debian.org/debian/pool/main/z/zchunk/", "package_name": "zchunk_1.1.9+ds1-1_amd64.deb", "product": "zchunk", "version": "1.1.9", diff --git a/test/test_data/zeek.py b/test/test_data/zeek.py index 819f23ad31..b0e19fc33f 100644 --- a/test/test_data/zeek.py +++ b/test/test_data/zeek.py @@ -13,7 +13,7 @@ "other_products": ["sqlite"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/z/zeek/", + "url": "http://ftp.debian.org/debian/pool/main/z/zeek/", "package_name": "zeek_3.2.3+ds2-2+b2_amd64.deb", "product": "zeek", "version": "3.2.3", diff --git a/test/test_data/znc.py b/test/test_data/znc.py index 16dd573938..b2deb231d2 100644 --- a/test/test_data/znc.py +++ b/test/test_data/znc.py @@ -22,7 +22,7 @@ "version": "1.8.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/z/znc/", + "url": "http://ftp.debian.org/debian/pool/main/z/znc/", "package_name": "znc_1.7.2-3_amd64.deb", "product": "znc", "version": "1.7.2", diff --git a/test/test_data/zstandard.py b/test/test_data/zstandard.py index 8e72e42570..44abc2d76f 100644 --- a/test/test_data/zstandard.py +++ b/test/test_data/zstandard.py @@ -16,7 +16,7 @@ "version": "1.5.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libz/libzstd/", + "url": "http://ftp.debian.org/debian/pool/main/libz/libzstd/", "package_name": "libzstd1_1.3.8+dfsg-3+deb10u2_amd64.deb", "product": "zstandard", "version": "1.3.8",