diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 233a874c1..5328f3c30 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -32,7 +32,7 @@ concurrency:
env:
REPORTS_DIR: CI_reports
- PYTHON_VERSION: "3.12"
+ PYTHON_VERSION: "3.14"
POETRY_VERSION: "1.8.1"
permissions: {}
diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml
index 30afdb360..3c068169e 100644
--- a/.github/workflows/python.yml
+++ b/.github/workflows/python.yml
@@ -36,7 +36,7 @@ concurrency:
cancel-in-progress: true
env:
- PYTHON_VERSION_DEFAULT: "3.12"
+ PYTHON_VERSION_DEFAULT: "3.14"
POETRY_VERSION: "1.8.1"
REPORTS_DIR: CI_reports
TESTS_REPORTS_ARTIFACT: tests-reports
@@ -122,7 +122,7 @@ jobs:
fail-fast: false
matrix:
include:
- - python-version: '3.13' # latest
+ - python-version: '3.14' # latest
os: ubuntu-latest
toxenv-factors: '-current'
- python-version: '3.9' # lowest
@@ -210,7 +210,8 @@ jobs:
- macos-latest
- windows-latest
python-version:
- - "3.13" # highest supported
+ - "3.14" # highest supported
+ - "3.13"
- "3.12"
- "3.11"
- "3.10"
diff --git a/pyproject.toml b/pyproject.toml
index a08655105..334020531 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -57,6 +57,7 @@ classifiers = [
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
"Programming Language :: Python :: 3.13",
+ "Programming Language :: Python :: 3.14",
"Typing :: Typed"
]
[tool.poetry.urls]
diff --git a/tests/_data/infiles/environment/with-extras/init.py b/tests/_data/infiles/environment/with-extras/init.py
index e11828149..a50cc6662 100644
--- a/tests/_data/infiles/environment/with-extras/init.py
+++ b/tests/_data/infiles/environment/with-extras/init.py
@@ -20,9 +20,9 @@
"""
from os import name as os_name
-from os.path import dirname, join
+from os.path import dirname, isdir, join
from subprocess import PIPE, CompletedProcess, run # nosec:B404
-from sys import argv, executable
+from sys import argv, executable, version_info
from typing import Any
from venv import EnvBuilder
@@ -44,14 +44,18 @@ def pip_run(*args: str, **kwargs: Any) -> CompletedProcess:
res = run(call, **kwargs, cwd=this_dir, shell=False) # nosec:B603
if res.returncode != 0:
raise RuntimeError('process failed')
+
return res
-def pip_install(*args: str) -> None:
+def pip_install(*args: str, site_packages_dir: str) -> None:
pip_run(
'install', '--require-virtualenv', '--no-input', '--progress-bar=off', '--no-color',
+ '--python-version=3.14', # needed for compatibility/reproducibility
+ '--only-binary=:all:',
+ '--target', site_packages_dir,
'-c', constraint_file, # needed for reproducibility
- *args
+ *args,
)
@@ -62,13 +66,23 @@ def main() -> None:
with_pip=False,
).create(env_dir)
+ try:
+ spd = next(filter(isdir, (
+ join(env_dir, 'lib', f'python{version_info[0]}.{version_info[1]}', 'site-packages'),
+ join(env_dir, 'Lib', 'site-packages') # windows ?
+ )))
+ except StopIteration:
+ raise RuntimeError('site-packages not found')
+
pip_install(
- 'cyclonedx-python-lib[xml-validation,json-validation]',
+ 'cyclonedx-python-lib[xml-validation,json-validation]==11.2',
# additionals for reproducibility foo
'importlib-resources>=1.4.0',
'pkgutil-resolve-name>=1.3.10',
'zipp>=3.1.0',
- 'jsonschema-specifications==2023.03.6',
+ 'jsonschema-specifications>=2023.03.6',
+ 'typing_extensions>=4',
+ site_packages_dir=spd
)
diff --git a/tests/_data/infiles/environment/with-extras/pinning.txt b/tests/_data/infiles/environment/with-extras/pinning.txt
index a62106ae4..f8b08424b 100644
--- a/tests/_data/infiles/environment/with-extras/pinning.txt
+++ b/tests/_data/infiles/environment/with-extras/pinning.txt
@@ -1,28 +1,31 @@
arrow==1.3.0
-attrs==24.2.0
-boolean.py==4.0
-cyclonedx-python-lib==8.2.0
+attrs==25.4.0
+boolean.py==5.0
+cyclonedx-python-lib==11.2.0
defusedxml==0.7.1
fqdn==1.5.1
-idna==3.10
+idna==3.11
importlib_resources==6.4.5
isoduration==20.11.0
jsonpointer==3.0.0
-jsonschema==4.23.0
+jsonschema==4.25.1
jsonschema-specifications==2023.3.6
-license-expression==30.3.1
-lxml==5.3.0
-packageurl-python==0.16.0
+lark==1.3.0
+license-expression==30.4.4
+lxml==6.0.2
+packageurl-python==0.17.5
pkgutil_resolve_name==1.3.10
-py-serializable==1.1.2
+py-serializable==2.1.0
python-dateutil==2.9.0.post0
-referencing==0.35.1
+referencing==0.37.0
rfc3339-validator==0.1.4
-rfc3987==1.3.8
-rpds-py==0.20.0
-six==1.16.0
+rfc3986-validator==0.1.1
+rfc3987-syntax==1.1.0
+rpds-py==0.27.1
+six==1.17.0
sortedcontainers==2.4.0
-types-python-dateutil==2.9.0.20241003
+types-python-dateutil==2.9.0.20251008
+typing_extensions==4.15.0
uri-template==1.3.0
-webcolors==24.8.0
+webcolors==24.11.1
zipp==3.20.2
diff --git a/tests/_data/infiles/environment/with-license-pep639/init.py b/tests/_data/infiles/environment/with-license-pep639/init.py
index 21d9bb7c5..13ae93493 100644
--- a/tests/_data/infiles/environment/with-license-pep639/init.py
+++ b/tests/_data/infiles/environment/with-license-pep639/init.py
@@ -65,12 +65,11 @@ def main() -> None:
pip_install(
'--no-dependencies',
# with License-Expression
- 'attrs',
+ 'attrs==23.2.0',
# with License-File
- 'boolean.py',
- 'jsonpointer',
- 'license_expression',
- 'lxml',
+ 'boolean.py==4.0',
+ 'jsonpointer==2.4',
+ 'license_expression==30.3.0',
'chardet==5.2.0', # https://github.com/CycloneDX/cyclonedx-python/issues/931
# with expression-like License AND License-File
'cryptography==43.0.1', # https://github.com/CycloneDX/cyclonedx-python/issues/826
diff --git a/tests/_data/infiles/environment/with-license-pep639/pinning.txt b/tests/_data/infiles/environment/with-license-pep639/pinning.txt
index 3f1bc7c74..d5080bb5f 100644
--- a/tests/_data/infiles/environment/with-license-pep639/pinning.txt
+++ b/tests/_data/infiles/environment/with-license-pep639/pinning.txt
@@ -4,4 +4,3 @@ chardet==5.2.0
cryptography==43.0.1
jsonpointer==2.4
license-expression==30.3.0
-lxml==5.3.0
diff --git a/tests/_data/snapshots/environment/plain_with-extras_1.0.xml.bin b/tests/_data/snapshots/environment/plain_with-extras_1.0.xml.bin
index 5da4c1672..479ed4aa7 100644
--- a/tests/_data/snapshots/environment/plain_with-extras_1.0.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-extras_1.0.xml.bin
@@ -10,23 +10,23 @@
attrs
- 24.2.0
+ 25.4.0
Classes Without Boilerplate
- pkg:pypi/attrs@24.2.0
+ pkg:pypi/attrs@25.4.0
false
boolean.py
- 4.0
+ 5.0
Define boolean algebras, create and parse boolean expressions and create custom boolean DSL.
- pkg:pypi/boolean.py@4.0
+ pkg:pypi/boolean.py@5.0
false
cyclonedx-python-lib
- 8.2.0
+ 11.2.0
Python library for CycloneDX
- pkg:pypi/cyclonedx-python-lib@8.2.0
+ pkg:pypi/cyclonedx-python-lib@11.2.0
false
@@ -45,9 +45,9 @@
idna
- 3.10
+ 3.11
Internationalized Domain Names in Applications (IDNA)
- pkg:pypi/idna@3.10
+ pkg:pypi/idna@3.11
false
@@ -73,9 +73,9 @@
jsonschema
- 4.23.0
+ 4.25.1
An implementation of JSON Schema validation for Python
- pkg:pypi/jsonschema@4.23.0
+ pkg:pypi/jsonschema@4.25.1
false
@@ -85,25 +85,32 @@
pkg:pypi/jsonschema-specifications@2023.3.6
false
+
+ lark
+ 1.3.0
+ a modern parsing library
+ pkg:pypi/lark@1.3.0
+ false
+
license-expression
- 30.3.1
+ 30.4.4
license-expression is a comprehensive utility library to parse, compare, simplify and normalize license expressions (such as SPDX license expressions) using boolean logic.
- pkg:pypi/license-expression@30.3.1
+ pkg:pypi/license-expression@30.4.4
false
lxml
- 5.3.0
+ 6.0.2
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
- pkg:pypi/lxml@5.3.0
+ pkg:pypi/lxml@6.0.2
false
packageurl-python
- 0.16.0
+ 0.17.5
A purl aka. Package URL parser and builder
- pkg:pypi/packageurl-python@0.16.0
+ pkg:pypi/packageurl-python@0.17.5
false
@@ -115,9 +122,9 @@
py-serializable
- 1.1.2
+ 2.1.0
Library for serializing and deserializing Python Objects to and from JSON and XML.
- pkg:pypi/py-serializable@1.1.2
+ pkg:pypi/py-serializable@2.1.0
false
@@ -129,9 +136,9 @@
referencing
- 0.35.1
+ 0.37.0
JSON Referencing + Python
- pkg:pypi/referencing@0.35.1
+ pkg:pypi/referencing@0.37.0
false
@@ -142,24 +149,31 @@
false
- rfc3987
- 1.3.8
- Parsing and validation of URIs (RFC 3986) and IRIs (RFC 3987)
- pkg:pypi/rfc3987@1.3.8
+ rfc3986-validator
+ 0.1.1
+ Pure python rfc3986 validator
+ pkg:pypi/rfc3986-validator@0.1.1
+ false
+
+
+ rfc3987-syntax
+ 1.1.0
+ Helper functions to syntactically validate strings according to RFC 3987.
+ pkg:pypi/rfc3987-syntax@1.1.0
false
rpds-py
- 0.20.0
+ 0.27.1
Python bindings to Rust's persistent data structures (rpds)
- pkg:pypi/rpds-py@0.20.0
+ pkg:pypi/rpds-py@0.27.1
false
six
- 1.16.0
+ 1.17.0
Python 2 and 3 compatibility utilities
- pkg:pypi/six@1.16.0
+ pkg:pypi/six@1.17.0
false
@@ -171,9 +185,16 @@
types-python-dateutil
- 2.9.0.20241003
+ 2.9.0.20251008
Typing stubs for python-dateutil
- pkg:pypi/types-python-dateutil@2.9.0.20241003
+ pkg:pypi/types-python-dateutil@2.9.0.20251008
+ false
+
+
+ typing_extensions
+ 4.15.0
+ Backported and Experimental Type Hints for Python 3.9+
+ pkg:pypi/typing-extensions@4.15.0
false
@@ -185,9 +206,9 @@
webcolors
- 24.8.0
+ 24.11.1
A library for working with the color formats defined by HTML and CSS.
- pkg:pypi/webcolors@24.8.0
+ pkg:pypi/webcolors@24.11.1
false
diff --git a/tests/_data/snapshots/environment/plain_with-extras_1.1.xml.bin b/tests/_data/snapshots/environment/plain_with-extras_1.1.xml.bin
index d8c26272c..8beeef0dd 100644
--- a/tests/_data/snapshots/environment/plain_with-extras_1.1.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-extras_1.1.xml.bin
@@ -26,16 +26,16 @@
-
+
attrs
- 24.2.0
+ 25.4.0
Classes Without Boilerplate
MIT
- pkg:pypi/attrs@24.2.0
+ pkg:pypi/attrs@25.4.0
https://www.attrs.org/
@@ -59,16 +59,16 @@
-
+
boolean.py
- 4.0
+ 5.0
Define boolean algebras, create and parse boolean expressions and create custom boolean DSL.
BSD-2-Clause
- pkg:pypi/boolean.py@4.0
+ pkg:pypi/boolean.py@5.0
https://github.com/bastikr/boolean.py
@@ -76,9 +76,9 @@
-
+
cyclonedx-python-lib
- 8.2.0
+ 11.2.0
Python library for CycloneDX
@@ -88,7 +88,7 @@
License :: OSI Approved :: Apache Software License
- pkg:pypi/cyclonedx-python-lib@8.2.0
+ pkg:pypi/cyclonedx-python-lib@11.2.0
https://cyclonedx-python-library.readthedocs.io/
@@ -102,13 +102,17 @@
https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX
from packaging metadata Project-URL: Funding
+
+ https://github.com/CycloneDX/cyclonedx-python-lib/releases
+ from packaging metadata Project-URL: Changelog
+
https://github.com/CycloneDX/cyclonedx-python-lib
from packaging metadata Project-URL: Repository
https://github.com/CycloneDX/cyclonedx-python-lib/#readme
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
@@ -150,16 +154,16 @@
-
+
idna
- 3.10
+ 3.11
Internationalized Domain Names in Applications (IDNA)
- License :: OSI Approved :: BSD License
+ BSD-3-Clause
- pkg:pypi/idna@3.10
+ pkg:pypi/idna@3.11
https://github.com/kjd/idna/issues
@@ -238,16 +242,16 @@
-
+
jsonschema
- 4.23.0
+ 4.25.1
An implementation of JSON Schema validation for Python
MIT
- pkg:pypi/jsonschema@4.23.0
+ pkg:pypi/jsonschema@4.25.1
https://python-jsonschema.readthedocs.io/
@@ -312,16 +316,37 @@
-
+
+ lark
+ 1.3.0
+ a modern parsing library
+
+
+ MIT
+
+
+ pkg:pypi/lark@1.3.0
+
+
+ https://github.com/lark-parser/lark/tarball/master
+ from packaging metadata Project-URL: Download
+
+
+ https://github.com/lark-parser/lark
+ from packaging metadata Project-URL: Homepage
+
+
+
+
license-expression
- 30.3.1
+ 30.4.4
license-expression is a comprehensive utility library to parse, compare, simplify and normalize license expressions (such as SPDX license expressions) using boolean logic.
Apache-2.0
- pkg:pypi/license-expression@30.3.1
+ pkg:pypi/license-expression@30.4.4
https://github.com/aboutcode-org/license-expression
@@ -329,20 +354,21 @@
-
+
lxml
- 5.3.0
+ 6.0.2
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
BSD-3-Clause
-
- License :: OSI Approved :: BSD License
-
- pkg:pypi/lxml@5.3.0
+ pkg:pypi/lxml@6.0.2
+
+ https://bugs.launchpad.net/lxml
+ from packaging metadata Project-URL: Bug Tracker
+
https://github.com/lxml/lxml
from packaging metadata Project-URL: Source
@@ -353,16 +379,16 @@
-
+
packageurl-python
- 0.16.0
+ 0.17.5
A purl aka. Package URL parser and builder
MIT
- pkg:pypi/packageurl-python@0.16.0
+ pkg:pypi/packageurl-python@0.17.5
https://github.com/package-url/packageurl-python
@@ -387,9 +413,9 @@
-
+
py-serializable
- 1.1.2
+ 2.1.0
Library for serializing and deserializing Python Objects to and from JSON and XML.
@@ -399,7 +425,7 @@
License :: OSI Approved :: Apache Software License
- pkg:pypi/py-serializable@1.1.2
+ pkg:pypi/py-serializable@2.1.0
https://py-serializable.readthedocs.io/
@@ -415,7 +441,7 @@
https://github.com/madpah/serializable#readme
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
@@ -447,16 +473,16 @@
-
+
referencing
- 0.35.1
+ 0.37.0
JSON Referencing + Python
MIT
- pkg:pypi/referencing@0.35.1
+ pkg:pypi/referencing@0.37.0
https://referencing.readthedocs.io/
@@ -505,37 +531,62 @@
-
- rfc3987
- 1.3.8
- Parsing and validation of URIs (RFC 3986) and IRIs (RFC 3987)
+
+ rfc3986-validator
+ 0.1.1
+ Pure python rfc3986 validator
- GPL-3.0-or-later
+ MIT
- pkg:pypi/rfc3987@1.3.8
+ pkg:pypi/rfc3986-validator@0.1.1
-
- https://github.com/dgerber/rfc3987
- from packaging metadata: Download-URL
-
- http://pypi.python.org/pypi/rfc3987
+ https://github.com/naimetti/rfc3986-validator
from packaging metadata: Home-page
-
+
+ rfc3987-syntax
+ 1.1.0
+ Helper functions to syntactically validate strings according to RFC 3987.
+
+
+ MIT
+
+
+ pkg:pypi/rfc3987-syntax@1.1.0
+
+
+ https://github.com/willynilly/rfc3987-syntax#readme
+ from packaging metadata Project-URL: Documentation
+
+
+ https://github.com/willynilly/rfc3987-syntax/issues
+ from packaging metadata Project-URL: Issues
+
+
+ https://github.com/willynilly/rfc3987-syntax
+ from packaging metadata Project-URL: Source
+
+
+ https://github.com/willynilly/rfc3987-syntax
+ from packaging metadata Project-URL: Homepage
+
+
+
+
rpds-py
- 0.20.0
+ 0.27.1
Python bindings to Rust's persistent data structures (rpds)
MIT
- pkg:pypi/rpds-py@0.20.0
+ pkg:pypi/rpds-py@0.27.1
https://rpds.readthedocs.io/
@@ -549,6 +600,10 @@
https://github.com/crate-py/rpds
from packaging metadata Project-URL: Source
+
+ https://github.com/orium/rpds
+ from packaging metadata Project-URL: Upstream
+
https://github.com/sponsors/Julian
from packaging metadata Project-URL: Funding
@@ -563,16 +618,16 @@
-
+
six
- 1.16.0
+ 1.17.0
Python 2 and 3 compatibility utilities
MIT
- pkg:pypi/six@1.16.0
+ pkg:pypi/six@1.17.0
https://github.com/benjaminp/six
@@ -597,19 +652,16 @@
-
+
types-python-dateutil
- 2.9.0.20241003
+ 2.9.0.20251008
Typing stubs for python-dateutil
Apache-2.0
-
- License :: OSI Approved :: Apache Software License
-
- pkg:pypi/types-python-dateutil@2.9.0.20241003
+ pkg:pypi/types-python-dateutil@2.9.0.20251008
https://gitter.im/python/typing
@@ -629,7 +681,44 @@
https://github.com/python/typeshed
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
+
+
+
+
+ typing_extensions
+ 4.15.0
+ Backported and Experimental Type Hints for Python 3.9+
+
+
+ PSF-2.0
+
+
+ pkg:pypi/typing-extensions@4.15.0
+
+
+ https://typing-extensions.readthedocs.io/
+ from packaging metadata Project-URL: Documentation
+
+
+ https://github.com/python/typing_extensions/issues
+ from packaging metadata Project-URL: Bug Tracker
+
+
+ https://github.com/python/typing/discussions
+ from packaging metadata Project-URL: Q & A
+
+
+ https://github.com/python/typing_extensions/blob/main/CHANGELOG.md
+ from packaging metadata Project-URL: Changes
+
+
+ https://github.com/python/typing_extensions
+ from packaging metadata Project-URL: Repository
+
+
+ https://github.com/python/typing_extensions
+ from packaging metadata Project-URL: Home
@@ -650,9 +739,9 @@
-
+
webcolors
- 24.8.0
+ 24.11.1
A library for working with the color formats defined by HTML and CSS.
@@ -662,15 +751,15 @@
License :: OSI Approved :: BSD License
- pkg:pypi/webcolors@24.8.0
+ pkg:pypi/webcolors@24.11.1
https://webcolors.readthedocs.io
- from packaging metadata Project-URL: documentation
+ from packaging metadata Project-URL: Documentation
-
+
https://github.com/ubernostrum/webcolors
- from packaging metadata Project-URL: homepage
+ from packaging metadata Project-URL: Source Code
diff --git a/tests/_data/snapshots/environment/plain_with-extras_1.2.json.bin b/tests/_data/snapshots/environment/plain_with-extras_1.2.json.bin
index dae67ce2e..c7a3a8e64 100644
--- a/tests/_data/snapshots/environment/plain_with-extras_1.2.json.bin
+++ b/tests/_data/snapshots/environment/plain_with-extras_1.2.json.bin
@@ -33,7 +33,7 @@
"version": "1.3.0"
},
{
- "bom-ref": "attrs==24.2.0",
+ "bom-ref": "attrs==25.4.0",
"description": "Classes Without Boilerplate",
"externalReferences": [
{
@@ -70,12 +70,12 @@
}
],
"name": "attrs",
- "purl": "pkg:pypi/attrs@24.2.0",
+ "purl": "pkg:pypi/attrs@25.4.0",
"type": "library",
- "version": "24.2.0"
+ "version": "25.4.0"
},
{
- "bom-ref": "boolean.py==4.0",
+ "bom-ref": "boolean.py==5.0",
"description": "Define boolean algebras, create and parse boolean expressions and create custom boolean DSL.",
"externalReferences": [
{
@@ -92,12 +92,12 @@
}
],
"name": "boolean.py",
- "purl": "pkg:pypi/boolean.py@4.0",
+ "purl": "pkg:pypi/boolean.py@5.0",
"type": "library",
- "version": "4.0"
+ "version": "5.0"
},
{
- "bom-ref": "cyclonedx-python-lib==8.2.0",
+ "bom-ref": "cyclonedx-python-lib==11.2.0",
"description": "Python library for CycloneDX",
"externalReferences": [
{
@@ -115,13 +115,18 @@
"type": "other",
"url": "https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX"
},
+ {
+ "comment": "from packaging metadata Project-URL: Changelog",
+ "type": "other",
+ "url": "https://github.com/CycloneDX/cyclonedx-python-lib/releases"
+ },
{
"comment": "from packaging metadata Project-URL: Repository",
"type": "vcs",
"url": "https://github.com/CycloneDX/cyclonedx-python-lib"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
"url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme"
}
@@ -139,9 +144,9 @@
}
],
"name": "cyclonedx-python-lib",
- "purl": "pkg:pypi/cyclonedx-python-lib@8.2.0",
+ "purl": "pkg:pypi/cyclonedx-python-lib@11.2.0",
"type": "library",
- "version": "8.2.0"
+ "version": "11.2.0"
},
{
"bom-ref": "defusedxml==0.7.1",
@@ -193,7 +198,7 @@
"version": "1.5.1"
},
{
- "bom-ref": "idna==3.10",
+ "bom-ref": "idna==3.11",
"description": "Internationalized Domain Names in Applications (IDNA)",
"externalReferences": [
{
@@ -215,14 +220,14 @@
"licenses": [
{
"license": {
- "name": "License :: OSI Approved :: BSD License"
+ "id": "BSD-3-Clause"
}
}
],
"name": "idna",
- "purl": "pkg:pypi/idna@3.10",
+ "purl": "pkg:pypi/idna@3.11",
"type": "library",
- "version": "3.10"
+ "version": "3.11"
},
{
"bom-ref": "importlib_resources==6.4.5",
@@ -306,7 +311,7 @@
"version": "3.0.0"
},
{
- "bom-ref": "jsonschema==4.23.0",
+ "bom-ref": "jsonschema==4.25.1",
"description": "An implementation of JSON Schema validation for Python",
"externalReferences": [
{
@@ -353,9 +358,9 @@
}
],
"name": "jsonschema",
- "purl": "pkg:pypi/jsonschema@4.23.0",
+ "purl": "pkg:pypi/jsonschema@4.25.1",
"type": "library",
- "version": "4.23.0"
+ "version": "4.25.1"
},
{
"bom-ref": "jsonschema-specifications==2023.3.6",
@@ -400,7 +405,34 @@
"version": "2023.3.6"
},
{
- "bom-ref": "license-expression==30.3.1",
+ "bom-ref": "lark==1.3.0",
+ "description": "a modern parsing library",
+ "externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Download",
+ "type": "distribution",
+ "url": "https://github.com/lark-parser/lark/tarball/master"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Homepage",
+ "type": "website",
+ "url": "https://github.com/lark-parser/lark"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "name": "lark",
+ "purl": "pkg:pypi/lark@1.3.0",
+ "type": "library",
+ "version": "1.3.0"
+ },
+ {
+ "bom-ref": "license-expression==30.4.4",
"description": "license-expression is a comprehensive utility library to parse, compare, simplify and normalize license expressions (such as SPDX license expressions) using boolean logic.",
"externalReferences": [
{
@@ -417,14 +449,19 @@
}
],
"name": "license-expression",
- "purl": "pkg:pypi/license-expression@30.3.1",
+ "purl": "pkg:pypi/license-expression@30.4.4",
"type": "library",
- "version": "30.3.1"
+ "version": "30.4.4"
},
{
- "bom-ref": "lxml==5.3.0",
+ "bom-ref": "lxml==6.0.2",
"description": "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.",
"externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Bug Tracker",
+ "type": "issue-tracker",
+ "url": "https://bugs.launchpad.net/lxml"
+ },
{
"comment": "from packaging metadata Project-URL: Source",
"type": "other",
@@ -441,20 +478,15 @@
"license": {
"id": "BSD-3-Clause"
}
- },
- {
- "license": {
- "name": "License :: OSI Approved :: BSD License"
- }
}
],
"name": "lxml",
- "purl": "pkg:pypi/lxml@5.3.0",
+ "purl": "pkg:pypi/lxml@6.0.2",
"type": "library",
- "version": "5.3.0"
+ "version": "6.0.2"
},
{
- "bom-ref": "packageurl-python==0.16.0",
+ "bom-ref": "packageurl-python==0.17.5",
"description": "A purl aka. Package URL parser and builder",
"externalReferences": [
{
@@ -471,9 +503,9 @@
}
],
"name": "packageurl-python",
- "purl": "pkg:pypi/packageurl-python@0.16.0",
+ "purl": "pkg:pypi/packageurl-python@0.17.5",
"type": "library",
- "version": "0.16.0"
+ "version": "0.17.5"
},
{
"bom-ref": "pkgutil_resolve_name==1.3.10",
@@ -498,7 +530,7 @@
"version": "1.3.10"
},
{
- "bom-ref": "py-serializable==1.1.2",
+ "bom-ref": "py-serializable==2.1.0",
"description": "Library for serializing and deserializing Python Objects to and from JSON and XML.",
"externalReferences": [
{
@@ -517,7 +549,7 @@
"url": "https://github.com/madpah/serializable"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
"url": "https://github.com/madpah/serializable#readme"
}
@@ -535,9 +567,9 @@
}
],
"name": "py-serializable",
- "purl": "pkg:pypi/py-serializable@1.1.2",
+ "purl": "pkg:pypi/py-serializable@2.1.0",
"type": "library",
- "version": "1.1.2"
+ "version": "2.1.0"
},
{
"bom-ref": "python-dateutil==2.9.0.post0",
@@ -577,7 +609,7 @@
"version": "2.9.0.post0"
},
{
- "bom-ref": "referencing==0.35.1",
+ "bom-ref": "referencing==0.37.0",
"description": "JSON Referencing + Python",
"externalReferences": [
{
@@ -624,9 +656,9 @@
}
],
"name": "referencing",
- "purl": "pkg:pypi/referencing@0.35.1",
+ "purl": "pkg:pypi/referencing@0.37.0",
"type": "library",
- "version": "0.35.1"
+ "version": "0.37.0"
},
{
"bom-ref": "rfc3339-validator==0.1.4",
@@ -651,34 +683,66 @@
"version": "0.1.4"
},
{
- "bom-ref": "rfc3987==1.3.8",
- "description": "Parsing and validation of URIs (RFC 3986) and IRIs (RFC 3987)",
+ "bom-ref": "rfc3986-validator==0.1.1",
+ "description": "Pure python rfc3986 validator",
"externalReferences": [
{
- "comment": "from packaging metadata: Download-URL",
- "type": "distribution",
- "url": "https://github.com/dgerber/rfc3987"
+ "comment": "from packaging metadata: Home-page",
+ "type": "website",
+ "url": "https://github.com/naimetti/rfc3986-validator"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "name": "rfc3986-validator",
+ "purl": "pkg:pypi/rfc3986-validator@0.1.1",
+ "type": "library",
+ "version": "0.1.1"
+ },
+ {
+ "bom-ref": "rfc3987-syntax==1.1.0",
+ "description": "Helper functions to syntactically validate strings according to RFC 3987.",
+ "externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Documentation",
+ "type": "documentation",
+ "url": "https://github.com/willynilly/rfc3987-syntax#readme"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Issues",
+ "type": "issue-tracker",
+ "url": "https://github.com/willynilly/rfc3987-syntax/issues"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Source",
+ "type": "other",
+ "url": "https://github.com/willynilly/rfc3987-syntax"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
- "url": "http://pypi.python.org/pypi/rfc3987"
+ "url": "https://github.com/willynilly/rfc3987-syntax"
}
],
"licenses": [
{
"license": {
- "id": "GPL-3.0-or-later"
+ "id": "MIT"
}
}
],
- "name": "rfc3987",
- "purl": "pkg:pypi/rfc3987@1.3.8",
+ "name": "rfc3987-syntax",
+ "purl": "pkg:pypi/rfc3987-syntax@1.1.0",
"type": "library",
- "version": "1.3.8"
+ "version": "1.1.0"
},
{
- "bom-ref": "rpds-py==0.20.0",
+ "bom-ref": "rpds-py==0.27.1",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"externalReferences": [
{
@@ -696,6 +760,11 @@
"type": "other",
"url": "https://github.com/crate-py/rpds"
},
+ {
+ "comment": "from packaging metadata Project-URL: Upstream",
+ "type": "other",
+ "url": "https://github.com/orium/rpds"
+ },
{
"comment": "from packaging metadata Project-URL: Funding",
"type": "other",
@@ -720,12 +789,12 @@
}
],
"name": "rpds-py",
- "purl": "pkg:pypi/rpds-py@0.20.0",
+ "purl": "pkg:pypi/rpds-py@0.27.1",
"type": "library",
- "version": "0.20.0"
+ "version": "0.27.1"
},
{
- "bom-ref": "six==1.16.0",
+ "bom-ref": "six==1.17.0",
"description": "Python 2 and 3 compatibility utilities",
"externalReferences": [
{
@@ -742,9 +811,9 @@
}
],
"name": "six",
- "purl": "pkg:pypi/six@1.16.0",
+ "purl": "pkg:pypi/six@1.17.0",
"type": "library",
- "version": "1.16.0"
+ "version": "1.17.0"
},
{
"bom-ref": "sortedcontainers==2.4.0",
@@ -769,7 +838,7 @@
"version": "2.4.0"
},
{
- "bom-ref": "types-python-dateutil==2.9.0.20241003",
+ "bom-ref": "types-python-dateutil==2.9.0.20251008",
"description": "Typing stubs for python-dateutil",
"externalReferences": [
{
@@ -793,7 +862,7 @@
"url": "https://github.com/python/typeshed"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
"url": "https://github.com/python/typeshed"
}
@@ -803,17 +872,59 @@
"license": {
"id": "Apache-2.0"
}
+ }
+ ],
+ "name": "types-python-dateutil",
+ "purl": "pkg:pypi/types-python-dateutil@2.9.0.20251008",
+ "type": "library",
+ "version": "2.9.0.20251008"
+ },
+ {
+ "bom-ref": "typing_extensions==4.15.0",
+ "description": "Backported and Experimental Type Hints for Python 3.9+",
+ "externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Documentation",
+ "type": "documentation",
+ "url": "https://typing-extensions.readthedocs.io/"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Bug Tracker",
+ "type": "issue-tracker",
+ "url": "https://github.com/python/typing_extensions/issues"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Q & A",
+ "type": "other",
+ "url": "https://github.com/python/typing/discussions"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Changes",
+ "type": "other",
+ "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md"
},
+ {
+ "comment": "from packaging metadata Project-URL: Repository",
+ "type": "vcs",
+ "url": "https://github.com/python/typing_extensions"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Home",
+ "type": "website",
+ "url": "https://github.com/python/typing_extensions"
+ }
+ ],
+ "licenses": [
{
"license": {
- "name": "License :: OSI Approved :: Apache Software License"
+ "id": "PSF-2.0"
}
}
],
- "name": "types-python-dateutil",
- "purl": "pkg:pypi/types-python-dateutil@2.9.0.20241003",
+ "name": "typing_extensions",
+ "purl": "pkg:pypi/typing-extensions@4.15.0",
"type": "library",
- "version": "2.9.0.20241003"
+ "version": "4.15.0"
},
{
"bom-ref": "uri-template==1.3.0",
@@ -838,17 +949,17 @@
"version": "1.3.0"
},
{
- "bom-ref": "webcolors==24.8.0",
+ "bom-ref": "webcolors==24.11.1",
"description": "A library for working with the color formats defined by HTML and CSS.",
"externalReferences": [
{
- "comment": "from packaging metadata Project-URL: documentation",
+ "comment": "from packaging metadata Project-URL: Documentation",
"type": "documentation",
"url": "https://webcolors.readthedocs.io"
},
{
- "comment": "from packaging metadata Project-URL: homepage",
- "type": "website",
+ "comment": "from packaging metadata Project-URL: Source Code",
+ "type": "other",
"url": "https://github.com/ubernostrum/webcolors"
}
],
@@ -865,9 +976,9 @@
}
],
"name": "webcolors",
- "purl": "pkg:pypi/webcolors@24.8.0",
+ "purl": "pkg:pypi/webcolors@24.11.1",
"type": "library",
- "version": "24.8.0"
+ "version": "24.11.1"
},
{
"bom-ref": "zipp==3.20.2",
@@ -896,26 +1007,28 @@
{
"dependsOn": [
"python-dateutil==2.9.0.post0",
- "types-python-dateutil==2.9.0.20241003"
+ "types-python-dateutil==2.9.0.20251008"
],
"ref": "arrow==1.3.0"
},
{
- "ref": "attrs==24.2.0"
+ "ref": "attrs==25.4.0"
},
{
- "ref": "boolean.py==4.0"
+ "ref": "boolean.py==5.0"
},
{
"dependsOn": [
- "jsonschema==4.23.0",
- "license-expression==30.3.1",
- "lxml==5.3.0",
- "packageurl-python==0.16.0",
- "py-serializable==1.1.2",
- "sortedcontainers==2.4.0"
- ],
- "ref": "cyclonedx-python-lib==8.2.0"
+ "jsonschema==4.25.1",
+ "license-expression==30.4.4",
+ "lxml==6.0.2",
+ "packageurl-python==0.17.5",
+ "py-serializable==2.1.0",
+ "referencing==0.37.0",
+ "sortedcontainers==2.4.0",
+ "typing_extensions==4.15.0"
+ ],
+ "ref": "cyclonedx-python-lib==11.2.0"
},
{
"ref": "defusedxml==0.7.1"
@@ -924,7 +1037,7 @@
"ref": "fqdn==1.5.1"
},
{
- "ref": "idna==3.10"
+ "ref": "idna==3.11"
},
{
"dependsOn": [
@@ -944,40 +1057,42 @@
{
"dependsOn": [
"importlib_resources==6.4.5",
- "referencing==0.35.1"
+ "referencing==0.37.0"
],
"ref": "jsonschema-specifications==2023.3.6"
},
{
"dependsOn": [
- "attrs==24.2.0",
+ "attrs==25.4.0",
"fqdn==1.5.1",
- "idna==3.10",
- "importlib_resources==6.4.5",
+ "idna==3.11",
"isoduration==20.11.0",
"jsonpointer==3.0.0",
"jsonschema-specifications==2023.3.6",
- "pkgutil_resolve_name==1.3.10",
- "referencing==0.35.1",
+ "referencing==0.37.0",
"rfc3339-validator==0.1.4",
- "rfc3987==1.3.8",
- "rpds-py==0.20.0",
+ "rfc3986-validator==0.1.1",
+ "rfc3987-syntax==1.1.0",
+ "rpds-py==0.27.1",
"uri-template==1.3.0",
- "webcolors==24.8.0"
+ "webcolors==24.11.1"
],
- "ref": "jsonschema==4.23.0"
+ "ref": "jsonschema==4.25.1"
+ },
+ {
+ "ref": "lark==1.3.0"
},
{
"dependsOn": [
- "boolean.py==4.0"
+ "boolean.py==5.0"
],
- "ref": "license-expression==30.3.1"
+ "ref": "license-expression==30.4.4"
},
{
- "ref": "lxml==5.3.0"
+ "ref": "lxml==6.0.2"
},
{
- "ref": "packageurl-python==0.16.0"
+ "ref": "packageurl-python==0.17.5"
},
{
"ref": "pkgutil_resolve_name==1.3.10"
@@ -986,53 +1101,63 @@
"dependsOn": [
"defusedxml==0.7.1"
],
- "ref": "py-serializable==1.1.2"
+ "ref": "py-serializable==2.1.0"
},
{
"dependsOn": [
- "six==1.16.0"
+ "six==1.17.0"
],
"ref": "python-dateutil==2.9.0.post0"
},
{
"dependsOn": [
- "attrs==24.2.0",
- "rpds-py==0.20.0"
+ "attrs==25.4.0",
+ "rpds-py==0.27.1",
+ "typing_extensions==4.15.0"
],
- "ref": "referencing==0.35.1"
+ "ref": "referencing==0.37.0"
},
{
"dependsOn": [
- "six==1.16.0"
+ "six==1.17.0"
],
"ref": "rfc3339-validator==0.1.4"
},
{
- "ref": "rfc3987==1.3.8"
+ "ref": "rfc3986-validator==0.1.1"
},
{
"dependsOn": [
- "cyclonedx-python-lib==8.2.0"
+ "lark==1.3.0"
+ ],
+ "ref": "rfc3987-syntax==1.1.0"
+ },
+ {
+ "dependsOn": [
+ "cyclonedx-python-lib==11.2.0"
],
"ref": "root-component"
},
{
- "ref": "rpds-py==0.20.0"
+ "ref": "rpds-py==0.27.1"
},
{
- "ref": "six==1.16.0"
+ "ref": "six==1.17.0"
},
{
"ref": "sortedcontainers==2.4.0"
},
{
- "ref": "types-python-dateutil==2.9.0.20241003"
+ "ref": "types-python-dateutil==2.9.0.20251008"
+ },
+ {
+ "ref": "typing_extensions==4.15.0"
},
{
"ref": "uri-template==1.3.0"
},
{
- "ref": "webcolors==24.8.0"
+ "ref": "webcolors==24.11.1"
},
{
"dependsOn": [
diff --git a/tests/_data/snapshots/environment/plain_with-extras_1.2.xml.bin b/tests/_data/snapshots/environment/plain_with-extras_1.2.xml.bin
index 848bffce3..72fff1d23 100644
--- a/tests/_data/snapshots/environment/plain_with-extras_1.2.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-extras_1.2.xml.bin
@@ -45,16 +45,16 @@
-
+
attrs
- 24.2.0
+ 25.4.0
Classes Without Boilerplate
MIT
- pkg:pypi/attrs@24.2.0
+ pkg:pypi/attrs@25.4.0
https://www.attrs.org/
@@ -78,16 +78,16 @@
-
+
boolean.py
- 4.0
+ 5.0
Define boolean algebras, create and parse boolean expressions and create custom boolean DSL.
BSD-2-Clause
- pkg:pypi/boolean.py@4.0
+ pkg:pypi/boolean.py@5.0
https://github.com/bastikr/boolean.py
@@ -95,9 +95,9 @@
-
+
cyclonedx-python-lib
- 8.2.0
+ 11.2.0
Python library for CycloneDX
@@ -107,7 +107,7 @@
License :: OSI Approved :: Apache Software License
- pkg:pypi/cyclonedx-python-lib@8.2.0
+ pkg:pypi/cyclonedx-python-lib@11.2.0
https://cyclonedx-python-library.readthedocs.io/
@@ -121,13 +121,17 @@
https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX
from packaging metadata Project-URL: Funding
+
+ https://github.com/CycloneDX/cyclonedx-python-lib/releases
+ from packaging metadata Project-URL: Changelog
+
https://github.com/CycloneDX/cyclonedx-python-lib
from packaging metadata Project-URL: Repository
https://github.com/CycloneDX/cyclonedx-python-lib/#readme
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
@@ -169,16 +173,16 @@
-
+
idna
- 3.10
+ 3.11
Internationalized Domain Names in Applications (IDNA)
- License :: OSI Approved :: BSD License
+ BSD-3-Clause
- pkg:pypi/idna@3.10
+ pkg:pypi/idna@3.11
https://github.com/kjd/idna/issues
@@ -257,16 +261,16 @@
-
+
jsonschema
- 4.23.0
+ 4.25.1
An implementation of JSON Schema validation for Python
MIT
- pkg:pypi/jsonschema@4.23.0
+ pkg:pypi/jsonschema@4.25.1
https://python-jsonschema.readthedocs.io/
@@ -331,16 +335,37 @@
-
+
+ lark
+ 1.3.0
+ a modern parsing library
+
+
+ MIT
+
+
+ pkg:pypi/lark@1.3.0
+
+
+ https://github.com/lark-parser/lark/tarball/master
+ from packaging metadata Project-URL: Download
+
+
+ https://github.com/lark-parser/lark
+ from packaging metadata Project-URL: Homepage
+
+
+
+
license-expression
- 30.3.1
+ 30.4.4
license-expression is a comprehensive utility library to parse, compare, simplify and normalize license expressions (such as SPDX license expressions) using boolean logic.
Apache-2.0
- pkg:pypi/license-expression@30.3.1
+ pkg:pypi/license-expression@30.4.4
https://github.com/aboutcode-org/license-expression
@@ -348,20 +373,21 @@
-
+
lxml
- 5.3.0
+ 6.0.2
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
BSD-3-Clause
-
- License :: OSI Approved :: BSD License
-
- pkg:pypi/lxml@5.3.0
+ pkg:pypi/lxml@6.0.2
+
+ https://bugs.launchpad.net/lxml
+ from packaging metadata Project-URL: Bug Tracker
+
https://github.com/lxml/lxml
from packaging metadata Project-URL: Source
@@ -372,16 +398,16 @@
-
+
packageurl-python
- 0.16.0
+ 0.17.5
A purl aka. Package URL parser and builder
MIT
- pkg:pypi/packageurl-python@0.16.0
+ pkg:pypi/packageurl-python@0.17.5
https://github.com/package-url/packageurl-python
@@ -406,9 +432,9 @@
-
+
py-serializable
- 1.1.2
+ 2.1.0
Library for serializing and deserializing Python Objects to and from JSON and XML.
@@ -418,7 +444,7 @@
License :: OSI Approved :: Apache Software License
- pkg:pypi/py-serializable@1.1.2
+ pkg:pypi/py-serializable@2.1.0
https://py-serializable.readthedocs.io/
@@ -434,7 +460,7 @@
https://github.com/madpah/serializable#readme
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
@@ -466,16 +492,16 @@
-
+
referencing
- 0.35.1
+ 0.37.0
JSON Referencing + Python
MIT
- pkg:pypi/referencing@0.35.1
+ pkg:pypi/referencing@0.37.0
https://referencing.readthedocs.io/
@@ -524,37 +550,62 @@
-
- rfc3987
- 1.3.8
- Parsing and validation of URIs (RFC 3986) and IRIs (RFC 3987)
+
+ rfc3986-validator
+ 0.1.1
+ Pure python rfc3986 validator
- GPL-3.0-or-later
+ MIT
- pkg:pypi/rfc3987@1.3.8
+ pkg:pypi/rfc3986-validator@0.1.1
-
- https://github.com/dgerber/rfc3987
- from packaging metadata: Download-URL
-
- http://pypi.python.org/pypi/rfc3987
+ https://github.com/naimetti/rfc3986-validator
from packaging metadata: Home-page
-
+
+ rfc3987-syntax
+ 1.1.0
+ Helper functions to syntactically validate strings according to RFC 3987.
+
+
+ MIT
+
+
+ pkg:pypi/rfc3987-syntax@1.1.0
+
+
+ https://github.com/willynilly/rfc3987-syntax#readme
+ from packaging metadata Project-URL: Documentation
+
+
+ https://github.com/willynilly/rfc3987-syntax/issues
+ from packaging metadata Project-URL: Issues
+
+
+ https://github.com/willynilly/rfc3987-syntax
+ from packaging metadata Project-URL: Source
+
+
+ https://github.com/willynilly/rfc3987-syntax
+ from packaging metadata Project-URL: Homepage
+
+
+
+
rpds-py
- 0.20.0
+ 0.27.1
Python bindings to Rust's persistent data structures (rpds)
MIT
- pkg:pypi/rpds-py@0.20.0
+ pkg:pypi/rpds-py@0.27.1
https://rpds.readthedocs.io/
@@ -568,6 +619,10 @@
https://github.com/crate-py/rpds
from packaging metadata Project-URL: Source
+
+ https://github.com/orium/rpds
+ from packaging metadata Project-URL: Upstream
+
https://github.com/sponsors/Julian
from packaging metadata Project-URL: Funding
@@ -582,16 +637,16 @@
-
+
six
- 1.16.0
+ 1.17.0
Python 2 and 3 compatibility utilities
MIT
- pkg:pypi/six@1.16.0
+ pkg:pypi/six@1.17.0
https://github.com/benjaminp/six
@@ -616,19 +671,16 @@
-
+
types-python-dateutil
- 2.9.0.20241003
+ 2.9.0.20251008
Typing stubs for python-dateutil
Apache-2.0
-
- License :: OSI Approved :: Apache Software License
-
- pkg:pypi/types-python-dateutil@2.9.0.20241003
+ pkg:pypi/types-python-dateutil@2.9.0.20251008
https://gitter.im/python/typing
@@ -648,7 +700,44 @@
https://github.com/python/typeshed
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
+
+
+
+
+ typing_extensions
+ 4.15.0
+ Backported and Experimental Type Hints for Python 3.9+
+
+
+ PSF-2.0
+
+
+ pkg:pypi/typing-extensions@4.15.0
+
+
+ https://typing-extensions.readthedocs.io/
+ from packaging metadata Project-URL: Documentation
+
+
+ https://github.com/python/typing_extensions/issues
+ from packaging metadata Project-URL: Bug Tracker
+
+
+ https://github.com/python/typing/discussions
+ from packaging metadata Project-URL: Q & A
+
+
+ https://github.com/python/typing_extensions/blob/main/CHANGELOG.md
+ from packaging metadata Project-URL: Changes
+
+
+ https://github.com/python/typing_extensions
+ from packaging metadata Project-URL: Repository
+
+
+ https://github.com/python/typing_extensions
+ from packaging metadata Project-URL: Home
@@ -669,9 +758,9 @@
-
+
webcolors
- 24.8.0
+ 24.11.1
A library for working with the color formats defined by HTML and CSS.
@@ -681,15 +770,15 @@
License :: OSI Approved :: BSD License
- pkg:pypi/webcolors@24.8.0
+ pkg:pypi/webcolors@24.11.1
https://webcolors.readthedocs.io
- from packaging metadata Project-URL: documentation
+ from packaging metadata Project-URL: Documentation
-
+
https://github.com/ubernostrum/webcolors
- from packaging metadata Project-URL: homepage
+ from packaging metadata Project-URL: Source Code
@@ -714,21 +803,23 @@
-
+
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
-
+
@@ -738,53 +829,58 @@
-
+
-
-
+
+
-
-
+
-
-
+
-
-
+
+
+
-
+
-
-
+
+
+
-
-
+
+
-
+
-
+
-
-
-
+
+
+
+
-
+
+
+
+
+
-
-
+
-
-
+
+
-
+
+
-
+
diff --git a/tests/_data/snapshots/environment/plain_with-extras_1.3.json.bin b/tests/_data/snapshots/environment/plain_with-extras_1.3.json.bin
index 58dd4b900..97f77ceaa 100644
--- a/tests/_data/snapshots/environment/plain_with-extras_1.3.json.bin
+++ b/tests/_data/snapshots/environment/plain_with-extras_1.3.json.bin
@@ -33,7 +33,7 @@
"version": "1.3.0"
},
{
- "bom-ref": "attrs==24.2.0",
+ "bom-ref": "attrs==25.4.0",
"description": "Classes Without Boilerplate",
"externalReferences": [
{
@@ -70,12 +70,12 @@
}
],
"name": "attrs",
- "purl": "pkg:pypi/attrs@24.2.0",
+ "purl": "pkg:pypi/attrs@25.4.0",
"type": "library",
- "version": "24.2.0"
+ "version": "25.4.0"
},
{
- "bom-ref": "boolean.py==4.0",
+ "bom-ref": "boolean.py==5.0",
"description": "Define boolean algebras, create and parse boolean expressions and create custom boolean DSL.",
"externalReferences": [
{
@@ -92,12 +92,12 @@
}
],
"name": "boolean.py",
- "purl": "pkg:pypi/boolean.py@4.0",
+ "purl": "pkg:pypi/boolean.py@5.0",
"type": "library",
- "version": "4.0"
+ "version": "5.0"
},
{
- "bom-ref": "cyclonedx-python-lib==8.2.0",
+ "bom-ref": "cyclonedx-python-lib==11.2.0",
"description": "Python library for CycloneDX",
"externalReferences": [
{
@@ -115,13 +115,18 @@
"type": "other",
"url": "https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX"
},
+ {
+ "comment": "from packaging metadata Project-URL: Changelog",
+ "type": "other",
+ "url": "https://github.com/CycloneDX/cyclonedx-python-lib/releases"
+ },
{
"comment": "from packaging metadata Project-URL: Repository",
"type": "vcs",
"url": "https://github.com/CycloneDX/cyclonedx-python-lib"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
"url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme"
}
@@ -145,9 +150,9 @@
"value": "xml-validation"
}
],
- "purl": "pkg:pypi/cyclonedx-python-lib@8.2.0",
+ "purl": "pkg:pypi/cyclonedx-python-lib@11.2.0",
"type": "library",
- "version": "8.2.0"
+ "version": "11.2.0"
},
{
"bom-ref": "defusedxml==0.7.1",
@@ -199,7 +204,7 @@
"version": "1.5.1"
},
{
- "bom-ref": "idna==3.10",
+ "bom-ref": "idna==3.11",
"description": "Internationalized Domain Names in Applications (IDNA)",
"externalReferences": [
{
@@ -221,14 +226,14 @@
"licenses": [
{
"license": {
- "name": "License :: OSI Approved :: BSD License"
+ "id": "BSD-3-Clause"
}
}
],
"name": "idna",
- "purl": "pkg:pypi/idna@3.10",
+ "purl": "pkg:pypi/idna@3.11",
"type": "library",
- "version": "3.10"
+ "version": "3.11"
},
{
"bom-ref": "importlib_resources==6.4.5",
@@ -312,7 +317,7 @@
"version": "3.0.0"
},
{
- "bom-ref": "jsonschema==4.23.0",
+ "bom-ref": "jsonschema==4.25.1",
"description": "An implementation of JSON Schema validation for Python",
"externalReferences": [
{
@@ -362,12 +367,12 @@
"properties": [
{
"name": "cdx:python:package:required-extra",
- "value": "format"
+ "value": "format-nongpl"
}
],
- "purl": "pkg:pypi/jsonschema@4.23.0",
+ "purl": "pkg:pypi/jsonschema@4.25.1",
"type": "library",
- "version": "4.23.0"
+ "version": "4.25.1"
},
{
"bom-ref": "jsonschema-specifications==2023.3.6",
@@ -412,7 +417,34 @@
"version": "2023.3.6"
},
{
- "bom-ref": "license-expression==30.3.1",
+ "bom-ref": "lark==1.3.0",
+ "description": "a modern parsing library",
+ "externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Download",
+ "type": "distribution",
+ "url": "https://github.com/lark-parser/lark/tarball/master"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Homepage",
+ "type": "website",
+ "url": "https://github.com/lark-parser/lark"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "name": "lark",
+ "purl": "pkg:pypi/lark@1.3.0",
+ "type": "library",
+ "version": "1.3.0"
+ },
+ {
+ "bom-ref": "license-expression==30.4.4",
"description": "license-expression is a comprehensive utility library to parse, compare, simplify and normalize license expressions (such as SPDX license expressions) using boolean logic.",
"externalReferences": [
{
@@ -429,14 +461,19 @@
}
],
"name": "license-expression",
- "purl": "pkg:pypi/license-expression@30.3.1",
+ "purl": "pkg:pypi/license-expression@30.4.4",
"type": "library",
- "version": "30.3.1"
+ "version": "30.4.4"
},
{
- "bom-ref": "lxml==5.3.0",
+ "bom-ref": "lxml==6.0.2",
"description": "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.",
"externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Bug Tracker",
+ "type": "issue-tracker",
+ "url": "https://bugs.launchpad.net/lxml"
+ },
{
"comment": "from packaging metadata Project-URL: Source",
"type": "other",
@@ -453,20 +490,15 @@
"license": {
"id": "BSD-3-Clause"
}
- },
- {
- "license": {
- "name": "License :: OSI Approved :: BSD License"
- }
}
],
"name": "lxml",
- "purl": "pkg:pypi/lxml@5.3.0",
+ "purl": "pkg:pypi/lxml@6.0.2",
"type": "library",
- "version": "5.3.0"
+ "version": "6.0.2"
},
{
- "bom-ref": "packageurl-python==0.16.0",
+ "bom-ref": "packageurl-python==0.17.5",
"description": "A purl aka. Package URL parser and builder",
"externalReferences": [
{
@@ -483,9 +515,9 @@
}
],
"name": "packageurl-python",
- "purl": "pkg:pypi/packageurl-python@0.16.0",
+ "purl": "pkg:pypi/packageurl-python@0.17.5",
"type": "library",
- "version": "0.16.0"
+ "version": "0.17.5"
},
{
"bom-ref": "pkgutil_resolve_name==1.3.10",
@@ -510,7 +542,7 @@
"version": "1.3.10"
},
{
- "bom-ref": "py-serializable==1.1.2",
+ "bom-ref": "py-serializable==2.1.0",
"description": "Library for serializing and deserializing Python Objects to and from JSON and XML.",
"externalReferences": [
{
@@ -529,7 +561,7 @@
"url": "https://github.com/madpah/serializable"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
"url": "https://github.com/madpah/serializable#readme"
}
@@ -547,9 +579,9 @@
}
],
"name": "py-serializable",
- "purl": "pkg:pypi/py-serializable@1.1.2",
+ "purl": "pkg:pypi/py-serializable@2.1.0",
"type": "library",
- "version": "1.1.2"
+ "version": "2.1.0"
},
{
"bom-ref": "python-dateutil==2.9.0.post0",
@@ -589,7 +621,7 @@
"version": "2.9.0.post0"
},
{
- "bom-ref": "referencing==0.35.1",
+ "bom-ref": "referencing==0.37.0",
"description": "JSON Referencing + Python",
"externalReferences": [
{
@@ -636,9 +668,9 @@
}
],
"name": "referencing",
- "purl": "pkg:pypi/referencing@0.35.1",
+ "purl": "pkg:pypi/referencing@0.37.0",
"type": "library",
- "version": "0.35.1"
+ "version": "0.37.0"
},
{
"bom-ref": "rfc3339-validator==0.1.4",
@@ -663,34 +695,66 @@
"version": "0.1.4"
},
{
- "bom-ref": "rfc3987==1.3.8",
- "description": "Parsing and validation of URIs (RFC 3986) and IRIs (RFC 3987)",
+ "bom-ref": "rfc3986-validator==0.1.1",
+ "description": "Pure python rfc3986 validator",
"externalReferences": [
{
- "comment": "from packaging metadata: Download-URL",
- "type": "distribution",
- "url": "https://github.com/dgerber/rfc3987"
+ "comment": "from packaging metadata: Home-page",
+ "type": "website",
+ "url": "https://github.com/naimetti/rfc3986-validator"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "name": "rfc3986-validator",
+ "purl": "pkg:pypi/rfc3986-validator@0.1.1",
+ "type": "library",
+ "version": "0.1.1"
+ },
+ {
+ "bom-ref": "rfc3987-syntax==1.1.0",
+ "description": "Helper functions to syntactically validate strings according to RFC 3987.",
+ "externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Documentation",
+ "type": "documentation",
+ "url": "https://github.com/willynilly/rfc3987-syntax#readme"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Issues",
+ "type": "issue-tracker",
+ "url": "https://github.com/willynilly/rfc3987-syntax/issues"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Source",
+ "type": "other",
+ "url": "https://github.com/willynilly/rfc3987-syntax"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
- "url": "http://pypi.python.org/pypi/rfc3987"
+ "url": "https://github.com/willynilly/rfc3987-syntax"
}
],
"licenses": [
{
"license": {
- "id": "GPL-3.0-or-later"
+ "id": "MIT"
}
}
],
- "name": "rfc3987",
- "purl": "pkg:pypi/rfc3987@1.3.8",
+ "name": "rfc3987-syntax",
+ "purl": "pkg:pypi/rfc3987-syntax@1.1.0",
"type": "library",
- "version": "1.3.8"
+ "version": "1.1.0"
},
{
- "bom-ref": "rpds-py==0.20.0",
+ "bom-ref": "rpds-py==0.27.1",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"externalReferences": [
{
@@ -708,6 +772,11 @@
"type": "other",
"url": "https://github.com/crate-py/rpds"
},
+ {
+ "comment": "from packaging metadata Project-URL: Upstream",
+ "type": "other",
+ "url": "https://github.com/orium/rpds"
+ },
{
"comment": "from packaging metadata Project-URL: Funding",
"type": "other",
@@ -732,12 +801,12 @@
}
],
"name": "rpds-py",
- "purl": "pkg:pypi/rpds-py@0.20.0",
+ "purl": "pkg:pypi/rpds-py@0.27.1",
"type": "library",
- "version": "0.20.0"
+ "version": "0.27.1"
},
{
- "bom-ref": "six==1.16.0",
+ "bom-ref": "six==1.17.0",
"description": "Python 2 and 3 compatibility utilities",
"externalReferences": [
{
@@ -754,9 +823,9 @@
}
],
"name": "six",
- "purl": "pkg:pypi/six@1.16.0",
+ "purl": "pkg:pypi/six@1.17.0",
"type": "library",
- "version": "1.16.0"
+ "version": "1.17.0"
},
{
"bom-ref": "sortedcontainers==2.4.0",
@@ -781,7 +850,7 @@
"version": "2.4.0"
},
{
- "bom-ref": "types-python-dateutil==2.9.0.20241003",
+ "bom-ref": "types-python-dateutil==2.9.0.20251008",
"description": "Typing stubs for python-dateutil",
"externalReferences": [
{
@@ -805,7 +874,7 @@
"url": "https://github.com/python/typeshed"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
"url": "https://github.com/python/typeshed"
}
@@ -815,17 +884,59 @@
"license": {
"id": "Apache-2.0"
}
+ }
+ ],
+ "name": "types-python-dateutil",
+ "purl": "pkg:pypi/types-python-dateutil@2.9.0.20251008",
+ "type": "library",
+ "version": "2.9.0.20251008"
+ },
+ {
+ "bom-ref": "typing_extensions==4.15.0",
+ "description": "Backported and Experimental Type Hints for Python 3.9+",
+ "externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Documentation",
+ "type": "documentation",
+ "url": "https://typing-extensions.readthedocs.io/"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Bug Tracker",
+ "type": "issue-tracker",
+ "url": "https://github.com/python/typing_extensions/issues"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Q & A",
+ "type": "other",
+ "url": "https://github.com/python/typing/discussions"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Changes",
+ "type": "other",
+ "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md"
},
+ {
+ "comment": "from packaging metadata Project-URL: Repository",
+ "type": "vcs",
+ "url": "https://github.com/python/typing_extensions"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Home",
+ "type": "website",
+ "url": "https://github.com/python/typing_extensions"
+ }
+ ],
+ "licenses": [
{
"license": {
- "name": "License :: OSI Approved :: Apache Software License"
+ "id": "PSF-2.0"
}
}
],
- "name": "types-python-dateutil",
- "purl": "pkg:pypi/types-python-dateutil@2.9.0.20241003",
+ "name": "typing_extensions",
+ "purl": "pkg:pypi/typing-extensions@4.15.0",
"type": "library",
- "version": "2.9.0.20241003"
+ "version": "4.15.0"
},
{
"bom-ref": "uri-template==1.3.0",
@@ -850,17 +961,17 @@
"version": "1.3.0"
},
{
- "bom-ref": "webcolors==24.8.0",
+ "bom-ref": "webcolors==24.11.1",
"description": "A library for working with the color formats defined by HTML and CSS.",
"externalReferences": [
{
- "comment": "from packaging metadata Project-URL: documentation",
+ "comment": "from packaging metadata Project-URL: Documentation",
"type": "documentation",
"url": "https://webcolors.readthedocs.io"
},
{
- "comment": "from packaging metadata Project-URL: homepage",
- "type": "website",
+ "comment": "from packaging metadata Project-URL: Source Code",
+ "type": "other",
"url": "https://github.com/ubernostrum/webcolors"
}
],
@@ -877,9 +988,9 @@
}
],
"name": "webcolors",
- "purl": "pkg:pypi/webcolors@24.8.0",
+ "purl": "pkg:pypi/webcolors@24.11.1",
"type": "library",
- "version": "24.8.0"
+ "version": "24.11.1"
},
{
"bom-ref": "zipp==3.20.2",
@@ -908,26 +1019,28 @@
{
"dependsOn": [
"python-dateutil==2.9.0.post0",
- "types-python-dateutil==2.9.0.20241003"
+ "types-python-dateutil==2.9.0.20251008"
],
"ref": "arrow==1.3.0"
},
{
- "ref": "attrs==24.2.0"
+ "ref": "attrs==25.4.0"
},
{
- "ref": "boolean.py==4.0"
+ "ref": "boolean.py==5.0"
},
{
"dependsOn": [
- "jsonschema==4.23.0",
- "license-expression==30.3.1",
- "lxml==5.3.0",
- "packageurl-python==0.16.0",
- "py-serializable==1.1.2",
- "sortedcontainers==2.4.0"
- ],
- "ref": "cyclonedx-python-lib==8.2.0"
+ "jsonschema==4.25.1",
+ "license-expression==30.4.4",
+ "lxml==6.0.2",
+ "packageurl-python==0.17.5",
+ "py-serializable==2.1.0",
+ "referencing==0.37.0",
+ "sortedcontainers==2.4.0",
+ "typing_extensions==4.15.0"
+ ],
+ "ref": "cyclonedx-python-lib==11.2.0"
},
{
"ref": "defusedxml==0.7.1"
@@ -936,7 +1049,7 @@
"ref": "fqdn==1.5.1"
},
{
- "ref": "idna==3.10"
+ "ref": "idna==3.11"
},
{
"dependsOn": [
@@ -956,40 +1069,42 @@
{
"dependsOn": [
"importlib_resources==6.4.5",
- "referencing==0.35.1"
+ "referencing==0.37.0"
],
"ref": "jsonschema-specifications==2023.3.6"
},
{
"dependsOn": [
- "attrs==24.2.0",
+ "attrs==25.4.0",
"fqdn==1.5.1",
- "idna==3.10",
- "importlib_resources==6.4.5",
+ "idna==3.11",
"isoduration==20.11.0",
"jsonpointer==3.0.0",
"jsonschema-specifications==2023.3.6",
- "pkgutil_resolve_name==1.3.10",
- "referencing==0.35.1",
+ "referencing==0.37.0",
"rfc3339-validator==0.1.4",
- "rfc3987==1.3.8",
- "rpds-py==0.20.0",
+ "rfc3986-validator==0.1.1",
+ "rfc3987-syntax==1.1.0",
+ "rpds-py==0.27.1",
"uri-template==1.3.0",
- "webcolors==24.8.0"
+ "webcolors==24.11.1"
],
- "ref": "jsonschema==4.23.0"
+ "ref": "jsonschema==4.25.1"
+ },
+ {
+ "ref": "lark==1.3.0"
},
{
"dependsOn": [
- "boolean.py==4.0"
+ "boolean.py==5.0"
],
- "ref": "license-expression==30.3.1"
+ "ref": "license-expression==30.4.4"
},
{
- "ref": "lxml==5.3.0"
+ "ref": "lxml==6.0.2"
},
{
- "ref": "packageurl-python==0.16.0"
+ "ref": "packageurl-python==0.17.5"
},
{
"ref": "pkgutil_resolve_name==1.3.10"
@@ -998,53 +1113,63 @@
"dependsOn": [
"defusedxml==0.7.1"
],
- "ref": "py-serializable==1.1.2"
+ "ref": "py-serializable==2.1.0"
},
{
"dependsOn": [
- "six==1.16.0"
+ "six==1.17.0"
],
"ref": "python-dateutil==2.9.0.post0"
},
{
"dependsOn": [
- "attrs==24.2.0",
- "rpds-py==0.20.0"
+ "attrs==25.4.0",
+ "rpds-py==0.27.1",
+ "typing_extensions==4.15.0"
],
- "ref": "referencing==0.35.1"
+ "ref": "referencing==0.37.0"
},
{
"dependsOn": [
- "six==1.16.0"
+ "six==1.17.0"
],
"ref": "rfc3339-validator==0.1.4"
},
{
- "ref": "rfc3987==1.3.8"
+ "ref": "rfc3986-validator==0.1.1"
},
{
"dependsOn": [
- "cyclonedx-python-lib==8.2.0"
+ "lark==1.3.0"
+ ],
+ "ref": "rfc3987-syntax==1.1.0"
+ },
+ {
+ "dependsOn": [
+ "cyclonedx-python-lib==11.2.0"
],
"ref": "root-component"
},
{
- "ref": "rpds-py==0.20.0"
+ "ref": "rpds-py==0.27.1"
},
{
- "ref": "six==1.16.0"
+ "ref": "six==1.17.0"
},
{
"ref": "sortedcontainers==2.4.0"
},
{
- "ref": "types-python-dateutil==2.9.0.20241003"
+ "ref": "types-python-dateutil==2.9.0.20251008"
+ },
+ {
+ "ref": "typing_extensions==4.15.0"
},
{
"ref": "uri-template==1.3.0"
},
{
- "ref": "webcolors==24.8.0"
+ "ref": "webcolors==24.11.1"
},
{
"dependsOn": [
diff --git a/tests/_data/snapshots/environment/plain_with-extras_1.3.xml.bin b/tests/_data/snapshots/environment/plain_with-extras_1.3.xml.bin
index 4f7eb1af8..a8680af56 100644
--- a/tests/_data/snapshots/environment/plain_with-extras_1.3.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-extras_1.3.xml.bin
@@ -48,16 +48,16 @@
-
+
attrs
- 24.2.0
+ 25.4.0
Classes Without Boilerplate
MIT
- pkg:pypi/attrs@24.2.0
+ pkg:pypi/attrs@25.4.0
https://www.attrs.org/
@@ -81,16 +81,16 @@
-
+
boolean.py
- 4.0
+ 5.0
Define boolean algebras, create and parse boolean expressions and create custom boolean DSL.
BSD-2-Clause
- pkg:pypi/boolean.py@4.0
+ pkg:pypi/boolean.py@5.0
https://github.com/bastikr/boolean.py
@@ -98,9 +98,9 @@
-
+
cyclonedx-python-lib
- 8.2.0
+ 11.2.0
Python library for CycloneDX
@@ -110,7 +110,7 @@
License :: OSI Approved :: Apache Software License
- pkg:pypi/cyclonedx-python-lib@8.2.0
+ pkg:pypi/cyclonedx-python-lib@11.2.0
https://cyclonedx-python-library.readthedocs.io/
@@ -124,13 +124,17 @@
https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX
from packaging metadata Project-URL: Funding
+
+ https://github.com/CycloneDX/cyclonedx-python-lib/releases
+ from packaging metadata Project-URL: Changelog
+
https://github.com/CycloneDX/cyclonedx-python-lib
from packaging metadata Project-URL: Repository
https://github.com/CycloneDX/cyclonedx-python-lib/#readme
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
@@ -175,16 +179,16 @@
-
+
idna
- 3.10
+ 3.11
Internationalized Domain Names in Applications (IDNA)
- License :: OSI Approved :: BSD License
+ BSD-3-Clause
- pkg:pypi/idna@3.10
+ pkg:pypi/idna@3.11
https://github.com/kjd/idna/issues
@@ -263,16 +267,16 @@
-
+
jsonschema
- 4.23.0
+ 4.25.1
An implementation of JSON Schema validation for Python
MIT
- pkg:pypi/jsonschema@4.23.0
+ pkg:pypi/jsonschema@4.25.1
https://python-jsonschema.readthedocs.io/
@@ -304,7 +308,7 @@
- format
+ format-nongpl
@@ -340,16 +344,37 @@
-
+
+ lark
+ 1.3.0
+ a modern parsing library
+
+
+ MIT
+
+
+ pkg:pypi/lark@1.3.0
+
+
+ https://github.com/lark-parser/lark/tarball/master
+ from packaging metadata Project-URL: Download
+
+
+ https://github.com/lark-parser/lark
+ from packaging metadata Project-URL: Homepage
+
+
+
+
license-expression
- 30.3.1
+ 30.4.4
license-expression is a comprehensive utility library to parse, compare, simplify and normalize license expressions (such as SPDX license expressions) using boolean logic.
Apache-2.0
- pkg:pypi/license-expression@30.3.1
+ pkg:pypi/license-expression@30.4.4
https://github.com/aboutcode-org/license-expression
@@ -357,20 +382,21 @@
-
+
lxml
- 5.3.0
+ 6.0.2
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
BSD-3-Clause
-
- License :: OSI Approved :: BSD License
-
- pkg:pypi/lxml@5.3.0
+ pkg:pypi/lxml@6.0.2
+
+ https://bugs.launchpad.net/lxml
+ from packaging metadata Project-URL: Bug Tracker
+
https://github.com/lxml/lxml
from packaging metadata Project-URL: Source
@@ -381,16 +407,16 @@
-
+
packageurl-python
- 0.16.0
+ 0.17.5
A purl aka. Package URL parser and builder
MIT
- pkg:pypi/packageurl-python@0.16.0
+ pkg:pypi/packageurl-python@0.17.5
https://github.com/package-url/packageurl-python
@@ -415,9 +441,9 @@
-
+
py-serializable
- 1.1.2
+ 2.1.0
Library for serializing and deserializing Python Objects to and from JSON and XML.
@@ -427,7 +453,7 @@
License :: OSI Approved :: Apache Software License
- pkg:pypi/py-serializable@1.1.2
+ pkg:pypi/py-serializable@2.1.0
https://py-serializable.readthedocs.io/
@@ -443,7 +469,7 @@
https://github.com/madpah/serializable#readme
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
@@ -475,16 +501,16 @@
-
+
referencing
- 0.35.1
+ 0.37.0
JSON Referencing + Python
MIT
- pkg:pypi/referencing@0.35.1
+ pkg:pypi/referencing@0.37.0
https://referencing.readthedocs.io/
@@ -533,37 +559,62 @@
-
- rfc3987
- 1.3.8
- Parsing and validation of URIs (RFC 3986) and IRIs (RFC 3987)
+
+ rfc3986-validator
+ 0.1.1
+ Pure python rfc3986 validator
- GPL-3.0-or-later
+ MIT
- pkg:pypi/rfc3987@1.3.8
+ pkg:pypi/rfc3986-validator@0.1.1
-
- https://github.com/dgerber/rfc3987
- from packaging metadata: Download-URL
-
- http://pypi.python.org/pypi/rfc3987
+ https://github.com/naimetti/rfc3986-validator
from packaging metadata: Home-page
-
+
+ rfc3987-syntax
+ 1.1.0
+ Helper functions to syntactically validate strings according to RFC 3987.
+
+
+ MIT
+
+
+ pkg:pypi/rfc3987-syntax@1.1.0
+
+
+ https://github.com/willynilly/rfc3987-syntax#readme
+ from packaging metadata Project-URL: Documentation
+
+
+ https://github.com/willynilly/rfc3987-syntax/issues
+ from packaging metadata Project-URL: Issues
+
+
+ https://github.com/willynilly/rfc3987-syntax
+ from packaging metadata Project-URL: Source
+
+
+ https://github.com/willynilly/rfc3987-syntax
+ from packaging metadata Project-URL: Homepage
+
+
+
+
rpds-py
- 0.20.0
+ 0.27.1
Python bindings to Rust's persistent data structures (rpds)
MIT
- pkg:pypi/rpds-py@0.20.0
+ pkg:pypi/rpds-py@0.27.1
https://rpds.readthedocs.io/
@@ -577,6 +628,10 @@
https://github.com/crate-py/rpds
from packaging metadata Project-URL: Source
+
+ https://github.com/orium/rpds
+ from packaging metadata Project-URL: Upstream
+
https://github.com/sponsors/Julian
from packaging metadata Project-URL: Funding
@@ -591,16 +646,16 @@
-
+
six
- 1.16.0
+ 1.17.0
Python 2 and 3 compatibility utilities
MIT
- pkg:pypi/six@1.16.0
+ pkg:pypi/six@1.17.0
https://github.com/benjaminp/six
@@ -625,19 +680,16 @@
-
+
types-python-dateutil
- 2.9.0.20241003
+ 2.9.0.20251008
Typing stubs for python-dateutil
Apache-2.0
-
- License :: OSI Approved :: Apache Software License
-
- pkg:pypi/types-python-dateutil@2.9.0.20241003
+ pkg:pypi/types-python-dateutil@2.9.0.20251008
https://gitter.im/python/typing
@@ -657,7 +709,44 @@
https://github.com/python/typeshed
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
+
+
+
+
+ typing_extensions
+ 4.15.0
+ Backported and Experimental Type Hints for Python 3.9+
+
+
+ PSF-2.0
+
+
+ pkg:pypi/typing-extensions@4.15.0
+
+
+ https://typing-extensions.readthedocs.io/
+ from packaging metadata Project-URL: Documentation
+
+
+ https://github.com/python/typing_extensions/issues
+ from packaging metadata Project-URL: Bug Tracker
+
+
+ https://github.com/python/typing/discussions
+ from packaging metadata Project-URL: Q & A
+
+
+ https://github.com/python/typing_extensions/blob/main/CHANGELOG.md
+ from packaging metadata Project-URL: Changes
+
+
+ https://github.com/python/typing_extensions
+ from packaging metadata Project-URL: Repository
+
+
+ https://github.com/python/typing_extensions
+ from packaging metadata Project-URL: Home
@@ -678,9 +767,9 @@
-
+
webcolors
- 24.8.0
+ 24.11.1
A library for working with the color formats defined by HTML and CSS.
@@ -690,15 +779,15 @@
License :: OSI Approved :: BSD License
- pkg:pypi/webcolors@24.8.0
+ pkg:pypi/webcolors@24.11.1
https://webcolors.readthedocs.io
- from packaging metadata Project-URL: documentation
+ from packaging metadata Project-URL: Documentation
-
+
https://github.com/ubernostrum/webcolors
- from packaging metadata Project-URL: homepage
+ from packaging metadata Project-URL: Source Code
@@ -723,21 +812,23 @@
-
+
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
-
+
@@ -747,53 +838,58 @@
-
+
-
-
+
+
-
-
+
-
-
+
-
-
+
+
+
-
+
-
-
+
+
+
-
-
+
+
-
+
-
+
-
-
-
+
+
+
+
-
+
+
+
+
+
-
-
+
-
-
+
+
-
+
+
-
+
diff --git a/tests/_data/snapshots/environment/plain_with-extras_1.4.json.bin b/tests/_data/snapshots/environment/plain_with-extras_1.4.json.bin
index e01cccf45..0cb489bc8 100644
--- a/tests/_data/snapshots/environment/plain_with-extras_1.4.json.bin
+++ b/tests/_data/snapshots/environment/plain_with-extras_1.4.json.bin
@@ -33,7 +33,7 @@
"version": "1.3.0"
},
{
- "bom-ref": "attrs==24.2.0",
+ "bom-ref": "attrs==25.4.0",
"description": "Classes Without Boilerplate",
"externalReferences": [
{
@@ -70,12 +70,12 @@
}
],
"name": "attrs",
- "purl": "pkg:pypi/attrs@24.2.0",
+ "purl": "pkg:pypi/attrs@25.4.0",
"type": "library",
- "version": "24.2.0"
+ "version": "25.4.0"
},
{
- "bom-ref": "boolean.py==4.0",
+ "bom-ref": "boolean.py==5.0",
"description": "Define boolean algebras, create and parse boolean expressions and create custom boolean DSL.",
"externalReferences": [
{
@@ -92,12 +92,12 @@
}
],
"name": "boolean.py",
- "purl": "pkg:pypi/boolean.py@4.0",
+ "purl": "pkg:pypi/boolean.py@5.0",
"type": "library",
- "version": "4.0"
+ "version": "5.0"
},
{
- "bom-ref": "cyclonedx-python-lib==8.2.0",
+ "bom-ref": "cyclonedx-python-lib==11.2.0",
"description": "Python library for CycloneDX",
"externalReferences": [
{
@@ -115,13 +115,18 @@
"type": "other",
"url": "https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX"
},
+ {
+ "comment": "from packaging metadata Project-URL: Changelog",
+ "type": "release-notes",
+ "url": "https://github.com/CycloneDX/cyclonedx-python-lib/releases"
+ },
{
"comment": "from packaging metadata Project-URL: Repository",
"type": "vcs",
"url": "https://github.com/CycloneDX/cyclonedx-python-lib"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
"url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme"
}
@@ -145,9 +150,9 @@
"value": "xml-validation"
}
],
- "purl": "pkg:pypi/cyclonedx-python-lib@8.2.0",
+ "purl": "pkg:pypi/cyclonedx-python-lib@11.2.0",
"type": "library",
- "version": "8.2.0"
+ "version": "11.2.0"
},
{
"bom-ref": "defusedxml==0.7.1",
@@ -199,7 +204,7 @@
"version": "1.5.1"
},
{
- "bom-ref": "idna==3.10",
+ "bom-ref": "idna==3.11",
"description": "Internationalized Domain Names in Applications (IDNA)",
"externalReferences": [
{
@@ -221,14 +226,14 @@
"licenses": [
{
"license": {
- "name": "License :: OSI Approved :: BSD License"
+ "id": "BSD-3-Clause"
}
}
],
"name": "idna",
- "purl": "pkg:pypi/idna@3.10",
+ "purl": "pkg:pypi/idna@3.11",
"type": "library",
- "version": "3.10"
+ "version": "3.11"
},
{
"bom-ref": "importlib_resources==6.4.5",
@@ -312,7 +317,7 @@
"version": "3.0.0"
},
{
- "bom-ref": "jsonschema==4.23.0",
+ "bom-ref": "jsonschema==4.25.1",
"description": "An implementation of JSON Schema validation for Python",
"externalReferences": [
{
@@ -362,12 +367,12 @@
"properties": [
{
"name": "cdx:python:package:required-extra",
- "value": "format"
+ "value": "format-nongpl"
}
],
- "purl": "pkg:pypi/jsonschema@4.23.0",
+ "purl": "pkg:pypi/jsonschema@4.25.1",
"type": "library",
- "version": "4.23.0"
+ "version": "4.25.1"
},
{
"bom-ref": "jsonschema-specifications==2023.3.6",
@@ -412,7 +417,34 @@
"version": "2023.3.6"
},
{
- "bom-ref": "license-expression==30.3.1",
+ "bom-ref": "lark==1.3.0",
+ "description": "a modern parsing library",
+ "externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Download",
+ "type": "distribution",
+ "url": "https://github.com/lark-parser/lark/tarball/master"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Homepage",
+ "type": "website",
+ "url": "https://github.com/lark-parser/lark"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "name": "lark",
+ "purl": "pkg:pypi/lark@1.3.0",
+ "type": "library",
+ "version": "1.3.0"
+ },
+ {
+ "bom-ref": "license-expression==30.4.4",
"description": "license-expression is a comprehensive utility library to parse, compare, simplify and normalize license expressions (such as SPDX license expressions) using boolean logic.",
"externalReferences": [
{
@@ -429,14 +461,19 @@
}
],
"name": "license-expression",
- "purl": "pkg:pypi/license-expression@30.3.1",
+ "purl": "pkg:pypi/license-expression@30.4.4",
"type": "library",
- "version": "30.3.1"
+ "version": "30.4.4"
},
{
- "bom-ref": "lxml==5.3.0",
+ "bom-ref": "lxml==6.0.2",
"description": "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.",
"externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Bug Tracker",
+ "type": "issue-tracker",
+ "url": "https://bugs.launchpad.net/lxml"
+ },
{
"comment": "from packaging metadata Project-URL: Source",
"type": "other",
@@ -453,20 +490,15 @@
"license": {
"id": "BSD-3-Clause"
}
- },
- {
- "license": {
- "name": "License :: OSI Approved :: BSD License"
- }
}
],
"name": "lxml",
- "purl": "pkg:pypi/lxml@5.3.0",
+ "purl": "pkg:pypi/lxml@6.0.2",
"type": "library",
- "version": "5.3.0"
+ "version": "6.0.2"
},
{
- "bom-ref": "packageurl-python==0.16.0",
+ "bom-ref": "packageurl-python==0.17.5",
"description": "A purl aka. Package URL parser and builder",
"externalReferences": [
{
@@ -483,9 +515,9 @@
}
],
"name": "packageurl-python",
- "purl": "pkg:pypi/packageurl-python@0.16.0",
+ "purl": "pkg:pypi/packageurl-python@0.17.5",
"type": "library",
- "version": "0.16.0"
+ "version": "0.17.5"
},
{
"bom-ref": "pkgutil_resolve_name==1.3.10",
@@ -510,7 +542,7 @@
"version": "1.3.10"
},
{
- "bom-ref": "py-serializable==1.1.2",
+ "bom-ref": "py-serializable==2.1.0",
"description": "Library for serializing and deserializing Python Objects to and from JSON and XML.",
"externalReferences": [
{
@@ -529,7 +561,7 @@
"url": "https://github.com/madpah/serializable"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
"url": "https://github.com/madpah/serializable#readme"
}
@@ -547,9 +579,9 @@
}
],
"name": "py-serializable",
- "purl": "pkg:pypi/py-serializable@1.1.2",
+ "purl": "pkg:pypi/py-serializable@2.1.0",
"type": "library",
- "version": "1.1.2"
+ "version": "2.1.0"
},
{
"bom-ref": "python-dateutil==2.9.0.post0",
@@ -589,7 +621,7 @@
"version": "2.9.0.post0"
},
{
- "bom-ref": "referencing==0.35.1",
+ "bom-ref": "referencing==0.37.0",
"description": "JSON Referencing + Python",
"externalReferences": [
{
@@ -636,9 +668,9 @@
}
],
"name": "referencing",
- "purl": "pkg:pypi/referencing@0.35.1",
+ "purl": "pkg:pypi/referencing@0.37.0",
"type": "library",
- "version": "0.35.1"
+ "version": "0.37.0"
},
{
"bom-ref": "rfc3339-validator==0.1.4",
@@ -663,34 +695,66 @@
"version": "0.1.4"
},
{
- "bom-ref": "rfc3987==1.3.8",
- "description": "Parsing and validation of URIs (RFC 3986) and IRIs (RFC 3987)",
+ "bom-ref": "rfc3986-validator==0.1.1",
+ "description": "Pure python rfc3986 validator",
"externalReferences": [
{
- "comment": "from packaging metadata: Download-URL",
- "type": "distribution",
- "url": "https://github.com/dgerber/rfc3987"
+ "comment": "from packaging metadata: Home-page",
+ "type": "website",
+ "url": "https://github.com/naimetti/rfc3986-validator"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "name": "rfc3986-validator",
+ "purl": "pkg:pypi/rfc3986-validator@0.1.1",
+ "type": "library",
+ "version": "0.1.1"
+ },
+ {
+ "bom-ref": "rfc3987-syntax==1.1.0",
+ "description": "Helper functions to syntactically validate strings according to RFC 3987.",
+ "externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Documentation",
+ "type": "documentation",
+ "url": "https://github.com/willynilly/rfc3987-syntax#readme"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Issues",
+ "type": "issue-tracker",
+ "url": "https://github.com/willynilly/rfc3987-syntax/issues"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Source",
+ "type": "other",
+ "url": "https://github.com/willynilly/rfc3987-syntax"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
- "url": "http://pypi.python.org/pypi/rfc3987"
+ "url": "https://github.com/willynilly/rfc3987-syntax"
}
],
"licenses": [
{
"license": {
- "id": "GPL-3.0-or-later"
+ "id": "MIT"
}
}
],
- "name": "rfc3987",
- "purl": "pkg:pypi/rfc3987@1.3.8",
+ "name": "rfc3987-syntax",
+ "purl": "pkg:pypi/rfc3987-syntax@1.1.0",
"type": "library",
- "version": "1.3.8"
+ "version": "1.1.0"
},
{
- "bom-ref": "rpds-py==0.20.0",
+ "bom-ref": "rpds-py==0.27.1",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"externalReferences": [
{
@@ -708,6 +772,11 @@
"type": "other",
"url": "https://github.com/crate-py/rpds"
},
+ {
+ "comment": "from packaging metadata Project-URL: Upstream",
+ "type": "other",
+ "url": "https://github.com/orium/rpds"
+ },
{
"comment": "from packaging metadata Project-URL: Funding",
"type": "other",
@@ -732,12 +801,12 @@
}
],
"name": "rpds-py",
- "purl": "pkg:pypi/rpds-py@0.20.0",
+ "purl": "pkg:pypi/rpds-py@0.27.1",
"type": "library",
- "version": "0.20.0"
+ "version": "0.27.1"
},
{
- "bom-ref": "six==1.16.0",
+ "bom-ref": "six==1.17.0",
"description": "Python 2 and 3 compatibility utilities",
"externalReferences": [
{
@@ -754,9 +823,9 @@
}
],
"name": "six",
- "purl": "pkg:pypi/six@1.16.0",
+ "purl": "pkg:pypi/six@1.17.0",
"type": "library",
- "version": "1.16.0"
+ "version": "1.17.0"
},
{
"bom-ref": "sortedcontainers==2.4.0",
@@ -781,7 +850,7 @@
"version": "2.4.0"
},
{
- "bom-ref": "types-python-dateutil==2.9.0.20241003",
+ "bom-ref": "types-python-dateutil==2.9.0.20251008",
"description": "Typing stubs for python-dateutil",
"externalReferences": [
{
@@ -805,7 +874,7 @@
"url": "https://github.com/python/typeshed"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
"url": "https://github.com/python/typeshed"
}
@@ -815,17 +884,59 @@
"license": {
"id": "Apache-2.0"
}
+ }
+ ],
+ "name": "types-python-dateutil",
+ "purl": "pkg:pypi/types-python-dateutil@2.9.0.20251008",
+ "type": "library",
+ "version": "2.9.0.20251008"
+ },
+ {
+ "bom-ref": "typing_extensions==4.15.0",
+ "description": "Backported and Experimental Type Hints for Python 3.9+",
+ "externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Documentation",
+ "type": "documentation",
+ "url": "https://typing-extensions.readthedocs.io/"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Bug Tracker",
+ "type": "issue-tracker",
+ "url": "https://github.com/python/typing_extensions/issues"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Q & A",
+ "type": "other",
+ "url": "https://github.com/python/typing/discussions"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Changes",
+ "type": "release-notes",
+ "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md"
},
+ {
+ "comment": "from packaging metadata Project-URL: Repository",
+ "type": "vcs",
+ "url": "https://github.com/python/typing_extensions"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Home",
+ "type": "website",
+ "url": "https://github.com/python/typing_extensions"
+ }
+ ],
+ "licenses": [
{
"license": {
- "name": "License :: OSI Approved :: Apache Software License"
+ "id": "PSF-2.0"
}
}
],
- "name": "types-python-dateutil",
- "purl": "pkg:pypi/types-python-dateutil@2.9.0.20241003",
+ "name": "typing_extensions",
+ "purl": "pkg:pypi/typing-extensions@4.15.0",
"type": "library",
- "version": "2.9.0.20241003"
+ "version": "4.15.0"
},
{
"bom-ref": "uri-template==1.3.0",
@@ -850,17 +961,17 @@
"version": "1.3.0"
},
{
- "bom-ref": "webcolors==24.8.0",
+ "bom-ref": "webcolors==24.11.1",
"description": "A library for working with the color formats defined by HTML and CSS.",
"externalReferences": [
{
- "comment": "from packaging metadata Project-URL: documentation",
+ "comment": "from packaging metadata Project-URL: Documentation",
"type": "documentation",
"url": "https://webcolors.readthedocs.io"
},
{
- "comment": "from packaging metadata Project-URL: homepage",
- "type": "website",
+ "comment": "from packaging metadata Project-URL: Source Code",
+ "type": "other",
"url": "https://github.com/ubernostrum/webcolors"
}
],
@@ -877,9 +988,9 @@
}
],
"name": "webcolors",
- "purl": "pkg:pypi/webcolors@24.8.0",
+ "purl": "pkg:pypi/webcolors@24.11.1",
"type": "library",
- "version": "24.8.0"
+ "version": "24.11.1"
},
{
"bom-ref": "zipp==3.20.2",
@@ -908,26 +1019,28 @@
{
"dependsOn": [
"python-dateutil==2.9.0.post0",
- "types-python-dateutil==2.9.0.20241003"
+ "types-python-dateutil==2.9.0.20251008"
],
"ref": "arrow==1.3.0"
},
{
- "ref": "attrs==24.2.0"
+ "ref": "attrs==25.4.0"
},
{
- "ref": "boolean.py==4.0"
+ "ref": "boolean.py==5.0"
},
{
"dependsOn": [
- "jsonschema==4.23.0",
- "license-expression==30.3.1",
- "lxml==5.3.0",
- "packageurl-python==0.16.0",
- "py-serializable==1.1.2",
- "sortedcontainers==2.4.0"
- ],
- "ref": "cyclonedx-python-lib==8.2.0"
+ "jsonschema==4.25.1",
+ "license-expression==30.4.4",
+ "lxml==6.0.2",
+ "packageurl-python==0.17.5",
+ "py-serializable==2.1.0",
+ "referencing==0.37.0",
+ "sortedcontainers==2.4.0",
+ "typing_extensions==4.15.0"
+ ],
+ "ref": "cyclonedx-python-lib==11.2.0"
},
{
"ref": "defusedxml==0.7.1"
@@ -936,7 +1049,7 @@
"ref": "fqdn==1.5.1"
},
{
- "ref": "idna==3.10"
+ "ref": "idna==3.11"
},
{
"dependsOn": [
@@ -956,40 +1069,42 @@
{
"dependsOn": [
"importlib_resources==6.4.5",
- "referencing==0.35.1"
+ "referencing==0.37.0"
],
"ref": "jsonschema-specifications==2023.3.6"
},
{
"dependsOn": [
- "attrs==24.2.0",
+ "attrs==25.4.0",
"fqdn==1.5.1",
- "idna==3.10",
- "importlib_resources==6.4.5",
+ "idna==3.11",
"isoduration==20.11.0",
"jsonpointer==3.0.0",
"jsonschema-specifications==2023.3.6",
- "pkgutil_resolve_name==1.3.10",
- "referencing==0.35.1",
+ "referencing==0.37.0",
"rfc3339-validator==0.1.4",
- "rfc3987==1.3.8",
- "rpds-py==0.20.0",
+ "rfc3986-validator==0.1.1",
+ "rfc3987-syntax==1.1.0",
+ "rpds-py==0.27.1",
"uri-template==1.3.0",
- "webcolors==24.8.0"
+ "webcolors==24.11.1"
],
- "ref": "jsonschema==4.23.0"
+ "ref": "jsonschema==4.25.1"
+ },
+ {
+ "ref": "lark==1.3.0"
},
{
"dependsOn": [
- "boolean.py==4.0"
+ "boolean.py==5.0"
],
- "ref": "license-expression==30.3.1"
+ "ref": "license-expression==30.4.4"
},
{
- "ref": "lxml==5.3.0"
+ "ref": "lxml==6.0.2"
},
{
- "ref": "packageurl-python==0.16.0"
+ "ref": "packageurl-python==0.17.5"
},
{
"ref": "pkgutil_resolve_name==1.3.10"
@@ -998,53 +1113,63 @@
"dependsOn": [
"defusedxml==0.7.1"
],
- "ref": "py-serializable==1.1.2"
+ "ref": "py-serializable==2.1.0"
},
{
"dependsOn": [
- "six==1.16.0"
+ "six==1.17.0"
],
"ref": "python-dateutil==2.9.0.post0"
},
{
"dependsOn": [
- "attrs==24.2.0",
- "rpds-py==0.20.0"
+ "attrs==25.4.0",
+ "rpds-py==0.27.1",
+ "typing_extensions==4.15.0"
],
- "ref": "referencing==0.35.1"
+ "ref": "referencing==0.37.0"
},
{
"dependsOn": [
- "six==1.16.0"
+ "six==1.17.0"
],
"ref": "rfc3339-validator==0.1.4"
},
{
- "ref": "rfc3987==1.3.8"
+ "ref": "rfc3986-validator==0.1.1"
},
{
"dependsOn": [
- "cyclonedx-python-lib==8.2.0"
+ "lark==1.3.0"
+ ],
+ "ref": "rfc3987-syntax==1.1.0"
+ },
+ {
+ "dependsOn": [
+ "cyclonedx-python-lib==11.2.0"
],
"ref": "root-component"
},
{
- "ref": "rpds-py==0.20.0"
+ "ref": "rpds-py==0.27.1"
},
{
- "ref": "six==1.16.0"
+ "ref": "six==1.17.0"
},
{
"ref": "sortedcontainers==2.4.0"
},
{
- "ref": "types-python-dateutil==2.9.0.20241003"
+ "ref": "types-python-dateutil==2.9.0.20251008"
+ },
+ {
+ "ref": "typing_extensions==4.15.0"
},
{
"ref": "uri-template==1.3.0"
},
{
- "ref": "webcolors==24.8.0"
+ "ref": "webcolors==24.11.1"
},
{
"dependsOn": [
diff --git a/tests/_data/snapshots/environment/plain_with-extras_1.4.xml.bin b/tests/_data/snapshots/environment/plain_with-extras_1.4.xml.bin
index d6f2a8ec3..ecb4633aa 100644
--- a/tests/_data/snapshots/environment/plain_with-extras_1.4.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-extras_1.4.xml.bin
@@ -75,16 +75,16 @@
-
+
attrs
- 24.2.0
+ 25.4.0
Classes Without Boilerplate
MIT
- pkg:pypi/attrs@24.2.0
+ pkg:pypi/attrs@25.4.0
https://www.attrs.org/
@@ -108,16 +108,16 @@
-
+
boolean.py
- 4.0
+ 5.0
Define boolean algebras, create and parse boolean expressions and create custom boolean DSL.
BSD-2-Clause
- pkg:pypi/boolean.py@4.0
+ pkg:pypi/boolean.py@5.0
https://github.com/bastikr/boolean.py
@@ -125,9 +125,9 @@
-
+
cyclonedx-python-lib
- 8.2.0
+ 11.2.0
Python library for CycloneDX
@@ -137,7 +137,7 @@
License :: OSI Approved :: Apache Software License
- pkg:pypi/cyclonedx-python-lib@8.2.0
+ pkg:pypi/cyclonedx-python-lib@11.2.0
https://cyclonedx-python-library.readthedocs.io/
@@ -151,13 +151,17 @@
https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX
from packaging metadata Project-URL: Funding
+
+ https://github.com/CycloneDX/cyclonedx-python-lib/releases
+ from packaging metadata Project-URL: Changelog
+
https://github.com/CycloneDX/cyclonedx-python-lib
from packaging metadata Project-URL: Repository
https://github.com/CycloneDX/cyclonedx-python-lib/#readme
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
@@ -202,16 +206,16 @@
-
+
idna
- 3.10
+ 3.11
Internationalized Domain Names in Applications (IDNA)
- License :: OSI Approved :: BSD License
+ BSD-3-Clause
- pkg:pypi/idna@3.10
+ pkg:pypi/idna@3.11
https://github.com/kjd/idna/issues
@@ -290,16 +294,16 @@
-
+
jsonschema
- 4.23.0
+ 4.25.1
An implementation of JSON Schema validation for Python
MIT
- pkg:pypi/jsonschema@4.23.0
+ pkg:pypi/jsonschema@4.25.1
https://python-jsonschema.readthedocs.io/
@@ -331,7 +335,7 @@
- format
+ format-nongpl
@@ -367,16 +371,37 @@
-
+
+ lark
+ 1.3.0
+ a modern parsing library
+
+
+ MIT
+
+
+ pkg:pypi/lark@1.3.0
+
+
+ https://github.com/lark-parser/lark/tarball/master
+ from packaging metadata Project-URL: Download
+
+
+ https://github.com/lark-parser/lark
+ from packaging metadata Project-URL: Homepage
+
+
+
+
license-expression
- 30.3.1
+ 30.4.4
license-expression is a comprehensive utility library to parse, compare, simplify and normalize license expressions (such as SPDX license expressions) using boolean logic.
Apache-2.0
- pkg:pypi/license-expression@30.3.1
+ pkg:pypi/license-expression@30.4.4
https://github.com/aboutcode-org/license-expression
@@ -384,20 +409,21 @@
-
+
lxml
- 5.3.0
+ 6.0.2
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
BSD-3-Clause
-
- License :: OSI Approved :: BSD License
-
- pkg:pypi/lxml@5.3.0
+ pkg:pypi/lxml@6.0.2
+
+ https://bugs.launchpad.net/lxml
+ from packaging metadata Project-URL: Bug Tracker
+
https://github.com/lxml/lxml
from packaging metadata Project-URL: Source
@@ -408,16 +434,16 @@
-
+
packageurl-python
- 0.16.0
+ 0.17.5
A purl aka. Package URL parser and builder
MIT
- pkg:pypi/packageurl-python@0.16.0
+ pkg:pypi/packageurl-python@0.17.5
https://github.com/package-url/packageurl-python
@@ -442,9 +468,9 @@
-
+
py-serializable
- 1.1.2
+ 2.1.0
Library for serializing and deserializing Python Objects to and from JSON and XML.
@@ -454,7 +480,7 @@
License :: OSI Approved :: Apache Software License
- pkg:pypi/py-serializable@1.1.2
+ pkg:pypi/py-serializable@2.1.0
https://py-serializable.readthedocs.io/
@@ -470,7 +496,7 @@
https://github.com/madpah/serializable#readme
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
@@ -502,16 +528,16 @@
-
+
referencing
- 0.35.1
+ 0.37.0
JSON Referencing + Python
MIT
- pkg:pypi/referencing@0.35.1
+ pkg:pypi/referencing@0.37.0
https://referencing.readthedocs.io/
@@ -560,37 +586,62 @@
-
- rfc3987
- 1.3.8
- Parsing and validation of URIs (RFC 3986) and IRIs (RFC 3987)
+
+ rfc3986-validator
+ 0.1.1
+ Pure python rfc3986 validator
- GPL-3.0-or-later
+ MIT
- pkg:pypi/rfc3987@1.3.8
+ pkg:pypi/rfc3986-validator@0.1.1
-
- https://github.com/dgerber/rfc3987
- from packaging metadata: Download-URL
-
- http://pypi.python.org/pypi/rfc3987
+ https://github.com/naimetti/rfc3986-validator
from packaging metadata: Home-page
-
+
+ rfc3987-syntax
+ 1.1.0
+ Helper functions to syntactically validate strings according to RFC 3987.
+
+
+ MIT
+
+
+ pkg:pypi/rfc3987-syntax@1.1.0
+
+
+ https://github.com/willynilly/rfc3987-syntax#readme
+ from packaging metadata Project-URL: Documentation
+
+
+ https://github.com/willynilly/rfc3987-syntax/issues
+ from packaging metadata Project-URL: Issues
+
+
+ https://github.com/willynilly/rfc3987-syntax
+ from packaging metadata Project-URL: Source
+
+
+ https://github.com/willynilly/rfc3987-syntax
+ from packaging metadata Project-URL: Homepage
+
+
+
+
rpds-py
- 0.20.0
+ 0.27.1
Python bindings to Rust's persistent data structures (rpds)
MIT
- pkg:pypi/rpds-py@0.20.0
+ pkg:pypi/rpds-py@0.27.1
https://rpds.readthedocs.io/
@@ -604,6 +655,10 @@
https://github.com/crate-py/rpds
from packaging metadata Project-URL: Source
+
+ https://github.com/orium/rpds
+ from packaging metadata Project-URL: Upstream
+
https://github.com/sponsors/Julian
from packaging metadata Project-URL: Funding
@@ -618,16 +673,16 @@
-
+
six
- 1.16.0
+ 1.17.0
Python 2 and 3 compatibility utilities
MIT
- pkg:pypi/six@1.16.0
+ pkg:pypi/six@1.17.0
https://github.com/benjaminp/six
@@ -652,19 +707,16 @@
-
+
types-python-dateutil
- 2.9.0.20241003
+ 2.9.0.20251008
Typing stubs for python-dateutil
Apache-2.0
-
- License :: OSI Approved :: Apache Software License
-
- pkg:pypi/types-python-dateutil@2.9.0.20241003
+ pkg:pypi/types-python-dateutil@2.9.0.20251008
https://gitter.im/python/typing
@@ -684,7 +736,44 @@
https://github.com/python/typeshed
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
+
+
+
+
+ typing_extensions
+ 4.15.0
+ Backported and Experimental Type Hints for Python 3.9+
+
+
+ PSF-2.0
+
+
+ pkg:pypi/typing-extensions@4.15.0
+
+
+ https://typing-extensions.readthedocs.io/
+ from packaging metadata Project-URL: Documentation
+
+
+ https://github.com/python/typing_extensions/issues
+ from packaging metadata Project-URL: Bug Tracker
+
+
+ https://github.com/python/typing/discussions
+ from packaging metadata Project-URL: Q & A
+
+
+ https://github.com/python/typing_extensions/blob/main/CHANGELOG.md
+ from packaging metadata Project-URL: Changes
+
+
+ https://github.com/python/typing_extensions
+ from packaging metadata Project-URL: Repository
+
+
+ https://github.com/python/typing_extensions
+ from packaging metadata Project-URL: Home
@@ -705,9 +794,9 @@
-
+
webcolors
- 24.8.0
+ 24.11.1
A library for working with the color formats defined by HTML and CSS.
@@ -717,15 +806,15 @@
License :: OSI Approved :: BSD License
- pkg:pypi/webcolors@24.8.0
+ pkg:pypi/webcolors@24.11.1
https://webcolors.readthedocs.io
- from packaging metadata Project-URL: documentation
+ from packaging metadata Project-URL: Documentation
-
+
https://github.com/ubernostrum/webcolors
- from packaging metadata Project-URL: homepage
+ from packaging metadata Project-URL: Source Code
@@ -750,21 +839,23 @@
-
+
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
-
+
@@ -774,53 +865,58 @@
-
+
-
-
+
+
-
-
+
-
-
+
-
-
+
+
+
-
+
-
-
+
+
+
-
-
+
+
-
+
-
+
-
-
-
+
+
+
+
-
+
+
+
+
+
-
-
+
-
-
+
+
-
+
+
-
+
diff --git a/tests/_data/snapshots/environment/plain_with-extras_1.5.json.bin b/tests/_data/snapshots/environment/plain_with-extras_1.5.json.bin
index 333b25a36..0b9dc09df 100644
--- a/tests/_data/snapshots/environment/plain_with-extras_1.5.json.bin
+++ b/tests/_data/snapshots/environment/plain_with-extras_1.5.json.bin
@@ -33,7 +33,7 @@
"version": "1.3.0"
},
{
- "bom-ref": "attrs==24.2.0",
+ "bom-ref": "attrs==25.4.0",
"description": "Classes Without Boilerplate",
"externalReferences": [
{
@@ -70,12 +70,12 @@
}
],
"name": "attrs",
- "purl": "pkg:pypi/attrs@24.2.0",
+ "purl": "pkg:pypi/attrs@25.4.0",
"type": "library",
- "version": "24.2.0"
+ "version": "25.4.0"
},
{
- "bom-ref": "boolean.py==4.0",
+ "bom-ref": "boolean.py==5.0",
"description": "Define boolean algebras, create and parse boolean expressions and create custom boolean DSL.",
"externalReferences": [
{
@@ -92,12 +92,12 @@
}
],
"name": "boolean.py",
- "purl": "pkg:pypi/boolean.py@4.0",
+ "purl": "pkg:pypi/boolean.py@5.0",
"type": "library",
- "version": "4.0"
+ "version": "5.0"
},
{
- "bom-ref": "cyclonedx-python-lib==8.2.0",
+ "bom-ref": "cyclonedx-python-lib==11.2.0",
"description": "Python library for CycloneDX",
"externalReferences": [
{
@@ -115,13 +115,18 @@
"type": "other",
"url": "https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX"
},
+ {
+ "comment": "from packaging metadata Project-URL: Changelog",
+ "type": "release-notes",
+ "url": "https://github.com/CycloneDX/cyclonedx-python-lib/releases"
+ },
{
"comment": "from packaging metadata Project-URL: Repository",
"type": "vcs",
"url": "https://github.com/CycloneDX/cyclonedx-python-lib"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
"url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme"
}
@@ -145,9 +150,9 @@
"value": "xml-validation"
}
],
- "purl": "pkg:pypi/cyclonedx-python-lib@8.2.0",
+ "purl": "pkg:pypi/cyclonedx-python-lib@11.2.0",
"type": "library",
- "version": "8.2.0"
+ "version": "11.2.0"
},
{
"bom-ref": "defusedxml==0.7.1",
@@ -199,7 +204,7 @@
"version": "1.5.1"
},
{
- "bom-ref": "idna==3.10",
+ "bom-ref": "idna==3.11",
"description": "Internationalized Domain Names in Applications (IDNA)",
"externalReferences": [
{
@@ -221,14 +226,14 @@
"licenses": [
{
"license": {
- "name": "License :: OSI Approved :: BSD License"
+ "id": "BSD-3-Clause"
}
}
],
"name": "idna",
- "purl": "pkg:pypi/idna@3.10",
+ "purl": "pkg:pypi/idna@3.11",
"type": "library",
- "version": "3.10"
+ "version": "3.11"
},
{
"bom-ref": "importlib_resources==6.4.5",
@@ -312,7 +317,7 @@
"version": "3.0.0"
},
{
- "bom-ref": "jsonschema==4.23.0",
+ "bom-ref": "jsonschema==4.25.1",
"description": "An implementation of JSON Schema validation for Python",
"externalReferences": [
{
@@ -362,12 +367,12 @@
"properties": [
{
"name": "cdx:python:package:required-extra",
- "value": "format"
+ "value": "format-nongpl"
}
],
- "purl": "pkg:pypi/jsonschema@4.23.0",
+ "purl": "pkg:pypi/jsonschema@4.25.1",
"type": "library",
- "version": "4.23.0"
+ "version": "4.25.1"
},
{
"bom-ref": "jsonschema-specifications==2023.3.6",
@@ -412,7 +417,34 @@
"version": "2023.3.6"
},
{
- "bom-ref": "license-expression==30.3.1",
+ "bom-ref": "lark==1.3.0",
+ "description": "a modern parsing library",
+ "externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Download",
+ "type": "distribution",
+ "url": "https://github.com/lark-parser/lark/tarball/master"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Homepage",
+ "type": "website",
+ "url": "https://github.com/lark-parser/lark"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "name": "lark",
+ "purl": "pkg:pypi/lark@1.3.0",
+ "type": "library",
+ "version": "1.3.0"
+ },
+ {
+ "bom-ref": "license-expression==30.4.4",
"description": "license-expression is a comprehensive utility library to parse, compare, simplify and normalize license expressions (such as SPDX license expressions) using boolean logic.",
"externalReferences": [
{
@@ -429,14 +461,19 @@
}
],
"name": "license-expression",
- "purl": "pkg:pypi/license-expression@30.3.1",
+ "purl": "pkg:pypi/license-expression@30.4.4",
"type": "library",
- "version": "30.3.1"
+ "version": "30.4.4"
},
{
- "bom-ref": "lxml==5.3.0",
+ "bom-ref": "lxml==6.0.2",
"description": "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.",
"externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Bug Tracker",
+ "type": "issue-tracker",
+ "url": "https://bugs.launchpad.net/lxml"
+ },
{
"comment": "from packaging metadata Project-URL: Source",
"type": "other",
@@ -453,20 +490,15 @@
"license": {
"id": "BSD-3-Clause"
}
- },
- {
- "license": {
- "name": "License :: OSI Approved :: BSD License"
- }
}
],
"name": "lxml",
- "purl": "pkg:pypi/lxml@5.3.0",
+ "purl": "pkg:pypi/lxml@6.0.2",
"type": "library",
- "version": "5.3.0"
+ "version": "6.0.2"
},
{
- "bom-ref": "packageurl-python==0.16.0",
+ "bom-ref": "packageurl-python==0.17.5",
"description": "A purl aka. Package URL parser and builder",
"externalReferences": [
{
@@ -483,9 +515,9 @@
}
],
"name": "packageurl-python",
- "purl": "pkg:pypi/packageurl-python@0.16.0",
+ "purl": "pkg:pypi/packageurl-python@0.17.5",
"type": "library",
- "version": "0.16.0"
+ "version": "0.17.5"
},
{
"bom-ref": "pkgutil_resolve_name==1.3.10",
@@ -510,7 +542,7 @@
"version": "1.3.10"
},
{
- "bom-ref": "py-serializable==1.1.2",
+ "bom-ref": "py-serializable==2.1.0",
"description": "Library for serializing and deserializing Python Objects to and from JSON and XML.",
"externalReferences": [
{
@@ -529,7 +561,7 @@
"url": "https://github.com/madpah/serializable"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
"url": "https://github.com/madpah/serializable#readme"
}
@@ -547,9 +579,9 @@
}
],
"name": "py-serializable",
- "purl": "pkg:pypi/py-serializable@1.1.2",
+ "purl": "pkg:pypi/py-serializable@2.1.0",
"type": "library",
- "version": "1.1.2"
+ "version": "2.1.0"
},
{
"bom-ref": "python-dateutil==2.9.0.post0",
@@ -589,7 +621,7 @@
"version": "2.9.0.post0"
},
{
- "bom-ref": "referencing==0.35.1",
+ "bom-ref": "referencing==0.37.0",
"description": "JSON Referencing + Python",
"externalReferences": [
{
@@ -636,9 +668,9 @@
}
],
"name": "referencing",
- "purl": "pkg:pypi/referencing@0.35.1",
+ "purl": "pkg:pypi/referencing@0.37.0",
"type": "library",
- "version": "0.35.1"
+ "version": "0.37.0"
},
{
"bom-ref": "rfc3339-validator==0.1.4",
@@ -663,34 +695,66 @@
"version": "0.1.4"
},
{
- "bom-ref": "rfc3987==1.3.8",
- "description": "Parsing and validation of URIs (RFC 3986) and IRIs (RFC 3987)",
+ "bom-ref": "rfc3986-validator==0.1.1",
+ "description": "Pure python rfc3986 validator",
"externalReferences": [
{
- "comment": "from packaging metadata: Download-URL",
- "type": "distribution",
- "url": "https://github.com/dgerber/rfc3987"
+ "comment": "from packaging metadata: Home-page",
+ "type": "website",
+ "url": "https://github.com/naimetti/rfc3986-validator"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "name": "rfc3986-validator",
+ "purl": "pkg:pypi/rfc3986-validator@0.1.1",
+ "type": "library",
+ "version": "0.1.1"
+ },
+ {
+ "bom-ref": "rfc3987-syntax==1.1.0",
+ "description": "Helper functions to syntactically validate strings according to RFC 3987.",
+ "externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Documentation",
+ "type": "documentation",
+ "url": "https://github.com/willynilly/rfc3987-syntax#readme"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Issues",
+ "type": "issue-tracker",
+ "url": "https://github.com/willynilly/rfc3987-syntax/issues"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Source",
+ "type": "other",
+ "url": "https://github.com/willynilly/rfc3987-syntax"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
- "url": "http://pypi.python.org/pypi/rfc3987"
+ "url": "https://github.com/willynilly/rfc3987-syntax"
}
],
"licenses": [
{
"license": {
- "id": "GPL-3.0-or-later"
+ "id": "MIT"
}
}
],
- "name": "rfc3987",
- "purl": "pkg:pypi/rfc3987@1.3.8",
+ "name": "rfc3987-syntax",
+ "purl": "pkg:pypi/rfc3987-syntax@1.1.0",
"type": "library",
- "version": "1.3.8"
+ "version": "1.1.0"
},
{
- "bom-ref": "rpds-py==0.20.0",
+ "bom-ref": "rpds-py==0.27.1",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"externalReferences": [
{
@@ -708,6 +772,11 @@
"type": "other",
"url": "https://github.com/crate-py/rpds"
},
+ {
+ "comment": "from packaging metadata Project-URL: Upstream",
+ "type": "other",
+ "url": "https://github.com/orium/rpds"
+ },
{
"comment": "from packaging metadata Project-URL: Funding",
"type": "other",
@@ -732,12 +801,12 @@
}
],
"name": "rpds-py",
- "purl": "pkg:pypi/rpds-py@0.20.0",
+ "purl": "pkg:pypi/rpds-py@0.27.1",
"type": "library",
- "version": "0.20.0"
+ "version": "0.27.1"
},
{
- "bom-ref": "six==1.16.0",
+ "bom-ref": "six==1.17.0",
"description": "Python 2 and 3 compatibility utilities",
"externalReferences": [
{
@@ -754,9 +823,9 @@
}
],
"name": "six",
- "purl": "pkg:pypi/six@1.16.0",
+ "purl": "pkg:pypi/six@1.17.0",
"type": "library",
- "version": "1.16.0"
+ "version": "1.17.0"
},
{
"bom-ref": "sortedcontainers==2.4.0",
@@ -781,7 +850,7 @@
"version": "2.4.0"
},
{
- "bom-ref": "types-python-dateutil==2.9.0.20241003",
+ "bom-ref": "types-python-dateutil==2.9.0.20251008",
"description": "Typing stubs for python-dateutil",
"externalReferences": [
{
@@ -805,7 +874,7 @@
"url": "https://github.com/python/typeshed"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
"url": "https://github.com/python/typeshed"
}
@@ -815,17 +884,59 @@
"license": {
"id": "Apache-2.0"
}
+ }
+ ],
+ "name": "types-python-dateutil",
+ "purl": "pkg:pypi/types-python-dateutil@2.9.0.20251008",
+ "type": "library",
+ "version": "2.9.0.20251008"
+ },
+ {
+ "bom-ref": "typing_extensions==4.15.0",
+ "description": "Backported and Experimental Type Hints for Python 3.9+",
+ "externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Documentation",
+ "type": "documentation",
+ "url": "https://typing-extensions.readthedocs.io/"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Bug Tracker",
+ "type": "issue-tracker",
+ "url": "https://github.com/python/typing_extensions/issues"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Q & A",
+ "type": "other",
+ "url": "https://github.com/python/typing/discussions"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Changes",
+ "type": "release-notes",
+ "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md"
},
+ {
+ "comment": "from packaging metadata Project-URL: Repository",
+ "type": "vcs",
+ "url": "https://github.com/python/typing_extensions"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Home",
+ "type": "website",
+ "url": "https://github.com/python/typing_extensions"
+ }
+ ],
+ "licenses": [
{
"license": {
- "name": "License :: OSI Approved :: Apache Software License"
+ "id": "PSF-2.0"
}
}
],
- "name": "types-python-dateutil",
- "purl": "pkg:pypi/types-python-dateutil@2.9.0.20241003",
+ "name": "typing_extensions",
+ "purl": "pkg:pypi/typing-extensions@4.15.0",
"type": "library",
- "version": "2.9.0.20241003"
+ "version": "4.15.0"
},
{
"bom-ref": "uri-template==1.3.0",
@@ -850,17 +961,17 @@
"version": "1.3.0"
},
{
- "bom-ref": "webcolors==24.8.0",
+ "bom-ref": "webcolors==24.11.1",
"description": "A library for working with the color formats defined by HTML and CSS.",
"externalReferences": [
{
- "comment": "from packaging metadata Project-URL: documentation",
+ "comment": "from packaging metadata Project-URL: Documentation",
"type": "documentation",
"url": "https://webcolors.readthedocs.io"
},
{
- "comment": "from packaging metadata Project-URL: homepage",
- "type": "website",
+ "comment": "from packaging metadata Project-URL: Source Code",
+ "type": "other",
"url": "https://github.com/ubernostrum/webcolors"
}
],
@@ -877,9 +988,9 @@
}
],
"name": "webcolors",
- "purl": "pkg:pypi/webcolors@24.8.0",
+ "purl": "pkg:pypi/webcolors@24.11.1",
"type": "library",
- "version": "24.8.0"
+ "version": "24.11.1"
},
{
"bom-ref": "zipp==3.20.2",
@@ -908,26 +1019,28 @@
{
"dependsOn": [
"python-dateutil==2.9.0.post0",
- "types-python-dateutil==2.9.0.20241003"
+ "types-python-dateutil==2.9.0.20251008"
],
"ref": "arrow==1.3.0"
},
{
- "ref": "attrs==24.2.0"
+ "ref": "attrs==25.4.0"
},
{
- "ref": "boolean.py==4.0"
+ "ref": "boolean.py==5.0"
},
{
"dependsOn": [
- "jsonschema==4.23.0",
- "license-expression==30.3.1",
- "lxml==5.3.0",
- "packageurl-python==0.16.0",
- "py-serializable==1.1.2",
- "sortedcontainers==2.4.0"
- ],
- "ref": "cyclonedx-python-lib==8.2.0"
+ "jsonschema==4.25.1",
+ "license-expression==30.4.4",
+ "lxml==6.0.2",
+ "packageurl-python==0.17.5",
+ "py-serializable==2.1.0",
+ "referencing==0.37.0",
+ "sortedcontainers==2.4.0",
+ "typing_extensions==4.15.0"
+ ],
+ "ref": "cyclonedx-python-lib==11.2.0"
},
{
"ref": "defusedxml==0.7.1"
@@ -936,7 +1049,7 @@
"ref": "fqdn==1.5.1"
},
{
- "ref": "idna==3.10"
+ "ref": "idna==3.11"
},
{
"dependsOn": [
@@ -956,40 +1069,42 @@
{
"dependsOn": [
"importlib_resources==6.4.5",
- "referencing==0.35.1"
+ "referencing==0.37.0"
],
"ref": "jsonschema-specifications==2023.3.6"
},
{
"dependsOn": [
- "attrs==24.2.0",
+ "attrs==25.4.0",
"fqdn==1.5.1",
- "idna==3.10",
- "importlib_resources==6.4.5",
+ "idna==3.11",
"isoduration==20.11.0",
"jsonpointer==3.0.0",
"jsonschema-specifications==2023.3.6",
- "pkgutil_resolve_name==1.3.10",
- "referencing==0.35.1",
+ "referencing==0.37.0",
"rfc3339-validator==0.1.4",
- "rfc3987==1.3.8",
- "rpds-py==0.20.0",
+ "rfc3986-validator==0.1.1",
+ "rfc3987-syntax==1.1.0",
+ "rpds-py==0.27.1",
"uri-template==1.3.0",
- "webcolors==24.8.0"
+ "webcolors==24.11.1"
],
- "ref": "jsonschema==4.23.0"
+ "ref": "jsonschema==4.25.1"
+ },
+ {
+ "ref": "lark==1.3.0"
},
{
"dependsOn": [
- "boolean.py==4.0"
+ "boolean.py==5.0"
],
- "ref": "license-expression==30.3.1"
+ "ref": "license-expression==30.4.4"
},
{
- "ref": "lxml==5.3.0"
+ "ref": "lxml==6.0.2"
},
{
- "ref": "packageurl-python==0.16.0"
+ "ref": "packageurl-python==0.17.5"
},
{
"ref": "pkgutil_resolve_name==1.3.10"
@@ -998,53 +1113,63 @@
"dependsOn": [
"defusedxml==0.7.1"
],
- "ref": "py-serializable==1.1.2"
+ "ref": "py-serializable==2.1.0"
},
{
"dependsOn": [
- "six==1.16.0"
+ "six==1.17.0"
],
"ref": "python-dateutil==2.9.0.post0"
},
{
"dependsOn": [
- "attrs==24.2.0",
- "rpds-py==0.20.0"
+ "attrs==25.4.0",
+ "rpds-py==0.27.1",
+ "typing_extensions==4.15.0"
],
- "ref": "referencing==0.35.1"
+ "ref": "referencing==0.37.0"
},
{
"dependsOn": [
- "six==1.16.0"
+ "six==1.17.0"
],
"ref": "rfc3339-validator==0.1.4"
},
{
- "ref": "rfc3987==1.3.8"
+ "ref": "rfc3986-validator==0.1.1"
},
{
"dependsOn": [
- "cyclonedx-python-lib==8.2.0"
+ "lark==1.3.0"
+ ],
+ "ref": "rfc3987-syntax==1.1.0"
+ },
+ {
+ "dependsOn": [
+ "cyclonedx-python-lib==11.2.0"
],
"ref": "root-component"
},
{
- "ref": "rpds-py==0.20.0"
+ "ref": "rpds-py==0.27.1"
},
{
- "ref": "six==1.16.0"
+ "ref": "six==1.17.0"
},
{
"ref": "sortedcontainers==2.4.0"
},
{
- "ref": "types-python-dateutil==2.9.0.20241003"
+ "ref": "types-python-dateutil==2.9.0.20251008"
+ },
+ {
+ "ref": "typing_extensions==4.15.0"
},
{
"ref": "uri-template==1.3.0"
},
{
- "ref": "webcolors==24.8.0"
+ "ref": "webcolors==24.11.1"
},
{
"dependsOn": [
diff --git a/tests/_data/snapshots/environment/plain_with-extras_1.5.xml.bin b/tests/_data/snapshots/environment/plain_with-extras_1.5.xml.bin
index fcde2541a..74a817f62 100644
--- a/tests/_data/snapshots/environment/plain_with-extras_1.5.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-extras_1.5.xml.bin
@@ -85,16 +85,16 @@
-
+
attrs
- 24.2.0
+ 25.4.0
Classes Without Boilerplate
MIT
- pkg:pypi/attrs@24.2.0
+ pkg:pypi/attrs@25.4.0
https://www.attrs.org/
@@ -118,16 +118,16 @@
-
+
boolean.py
- 4.0
+ 5.0
Define boolean algebras, create and parse boolean expressions and create custom boolean DSL.
BSD-2-Clause
- pkg:pypi/boolean.py@4.0
+ pkg:pypi/boolean.py@5.0
https://github.com/bastikr/boolean.py
@@ -135,9 +135,9 @@
-
+
cyclonedx-python-lib
- 8.2.0
+ 11.2.0
Python library for CycloneDX
@@ -147,7 +147,7 @@
License :: OSI Approved :: Apache Software License
- pkg:pypi/cyclonedx-python-lib@8.2.0
+ pkg:pypi/cyclonedx-python-lib@11.2.0
https://cyclonedx-python-library.readthedocs.io/
@@ -161,13 +161,17 @@
https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX
from packaging metadata Project-URL: Funding
+
+ https://github.com/CycloneDX/cyclonedx-python-lib/releases
+ from packaging metadata Project-URL: Changelog
+
https://github.com/CycloneDX/cyclonedx-python-lib
from packaging metadata Project-URL: Repository
https://github.com/CycloneDX/cyclonedx-python-lib/#readme
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
@@ -212,16 +216,16 @@
-
+
idna
- 3.10
+ 3.11
Internationalized Domain Names in Applications (IDNA)
- License :: OSI Approved :: BSD License
+ BSD-3-Clause
- pkg:pypi/idna@3.10
+ pkg:pypi/idna@3.11
https://github.com/kjd/idna/issues
@@ -300,16 +304,16 @@
-
+
jsonschema
- 4.23.0
+ 4.25.1
An implementation of JSON Schema validation for Python
MIT
- pkg:pypi/jsonschema@4.23.0
+ pkg:pypi/jsonschema@4.25.1
https://python-jsonschema.readthedocs.io/
@@ -341,7 +345,7 @@
- format
+ format-nongpl
@@ -377,16 +381,37 @@
-
+
+ lark
+ 1.3.0
+ a modern parsing library
+
+
+ MIT
+
+
+ pkg:pypi/lark@1.3.0
+
+
+ https://github.com/lark-parser/lark/tarball/master
+ from packaging metadata Project-URL: Download
+
+
+ https://github.com/lark-parser/lark
+ from packaging metadata Project-URL: Homepage
+
+
+
+
license-expression
- 30.3.1
+ 30.4.4
license-expression is a comprehensive utility library to parse, compare, simplify and normalize license expressions (such as SPDX license expressions) using boolean logic.
Apache-2.0
- pkg:pypi/license-expression@30.3.1
+ pkg:pypi/license-expression@30.4.4
https://github.com/aboutcode-org/license-expression
@@ -394,20 +419,21 @@
-
+
lxml
- 5.3.0
+ 6.0.2
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
BSD-3-Clause
-
- License :: OSI Approved :: BSD License
-
- pkg:pypi/lxml@5.3.0
+ pkg:pypi/lxml@6.0.2
+
+ https://bugs.launchpad.net/lxml
+ from packaging metadata Project-URL: Bug Tracker
+
https://github.com/lxml/lxml
from packaging metadata Project-URL: Source
@@ -418,16 +444,16 @@
-
+
packageurl-python
- 0.16.0
+ 0.17.5
A purl aka. Package URL parser and builder
MIT
- pkg:pypi/packageurl-python@0.16.0
+ pkg:pypi/packageurl-python@0.17.5
https://github.com/package-url/packageurl-python
@@ -452,9 +478,9 @@
-
+
py-serializable
- 1.1.2
+ 2.1.0
Library for serializing and deserializing Python Objects to and from JSON and XML.
@@ -464,7 +490,7 @@
License :: OSI Approved :: Apache Software License
- pkg:pypi/py-serializable@1.1.2
+ pkg:pypi/py-serializable@2.1.0
https://py-serializable.readthedocs.io/
@@ -480,7 +506,7 @@
https://github.com/madpah/serializable#readme
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
@@ -512,16 +538,16 @@
-
+
referencing
- 0.35.1
+ 0.37.0
JSON Referencing + Python
MIT
- pkg:pypi/referencing@0.35.1
+ pkg:pypi/referencing@0.37.0
https://referencing.readthedocs.io/
@@ -570,37 +596,62 @@
-
- rfc3987
- 1.3.8
- Parsing and validation of URIs (RFC 3986) and IRIs (RFC 3987)
+
+ rfc3986-validator
+ 0.1.1
+ Pure python rfc3986 validator
- GPL-3.0-or-later
+ MIT
- pkg:pypi/rfc3987@1.3.8
+ pkg:pypi/rfc3986-validator@0.1.1
-
- https://github.com/dgerber/rfc3987
- from packaging metadata: Download-URL
-
- http://pypi.python.org/pypi/rfc3987
+ https://github.com/naimetti/rfc3986-validator
from packaging metadata: Home-page
-
+
+ rfc3987-syntax
+ 1.1.0
+ Helper functions to syntactically validate strings according to RFC 3987.
+
+
+ MIT
+
+
+ pkg:pypi/rfc3987-syntax@1.1.0
+
+
+ https://github.com/willynilly/rfc3987-syntax#readme
+ from packaging metadata Project-URL: Documentation
+
+
+ https://github.com/willynilly/rfc3987-syntax/issues
+ from packaging metadata Project-URL: Issues
+
+
+ https://github.com/willynilly/rfc3987-syntax
+ from packaging metadata Project-URL: Source
+
+
+ https://github.com/willynilly/rfc3987-syntax
+ from packaging metadata Project-URL: Homepage
+
+
+
+
rpds-py
- 0.20.0
+ 0.27.1
Python bindings to Rust's persistent data structures (rpds)
MIT
- pkg:pypi/rpds-py@0.20.0
+ pkg:pypi/rpds-py@0.27.1
https://rpds.readthedocs.io/
@@ -614,6 +665,10 @@
https://github.com/crate-py/rpds
from packaging metadata Project-URL: Source
+
+ https://github.com/orium/rpds
+ from packaging metadata Project-URL: Upstream
+
https://github.com/sponsors/Julian
from packaging metadata Project-URL: Funding
@@ -628,16 +683,16 @@
-
+
six
- 1.16.0
+ 1.17.0
Python 2 and 3 compatibility utilities
MIT
- pkg:pypi/six@1.16.0
+ pkg:pypi/six@1.17.0
https://github.com/benjaminp/six
@@ -662,19 +717,16 @@
-
+
types-python-dateutil
- 2.9.0.20241003
+ 2.9.0.20251008
Typing stubs for python-dateutil
Apache-2.0
-
- License :: OSI Approved :: Apache Software License
-
- pkg:pypi/types-python-dateutil@2.9.0.20241003
+ pkg:pypi/types-python-dateutil@2.9.0.20251008
https://gitter.im/python/typing
@@ -694,7 +746,44 @@
https://github.com/python/typeshed
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
+
+
+
+
+ typing_extensions
+ 4.15.0
+ Backported and Experimental Type Hints for Python 3.9+
+
+
+ PSF-2.0
+
+
+ pkg:pypi/typing-extensions@4.15.0
+
+
+ https://typing-extensions.readthedocs.io/
+ from packaging metadata Project-URL: Documentation
+
+
+ https://github.com/python/typing_extensions/issues
+ from packaging metadata Project-URL: Bug Tracker
+
+
+ https://github.com/python/typing/discussions
+ from packaging metadata Project-URL: Q & A
+
+
+ https://github.com/python/typing_extensions/blob/main/CHANGELOG.md
+ from packaging metadata Project-URL: Changes
+
+
+ https://github.com/python/typing_extensions
+ from packaging metadata Project-URL: Repository
+
+
+ https://github.com/python/typing_extensions
+ from packaging metadata Project-URL: Home
@@ -715,9 +804,9 @@
-
+
webcolors
- 24.8.0
+ 24.11.1
A library for working with the color formats defined by HTML and CSS.
@@ -727,15 +816,15 @@
License :: OSI Approved :: BSD License
- pkg:pypi/webcolors@24.8.0
+ pkg:pypi/webcolors@24.11.1
https://webcolors.readthedocs.io
- from packaging metadata Project-URL: documentation
+ from packaging metadata Project-URL: Documentation
-
+
https://github.com/ubernostrum/webcolors
- from packaging metadata Project-URL: homepage
+ from packaging metadata Project-URL: Source Code
@@ -760,21 +849,23 @@
-
+
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
-
+
@@ -784,53 +875,58 @@
-
+
-
-
+
+
-
-
+
-
-
+
-
-
+
+
+
-
+
-
-
+
+
+
-
-
+
+
-
+
-
+
-
-
-
+
+
+
+
-
+
+
+
+
+
-
-
+
-
-
+
+
-
+
+
-
+
diff --git a/tests/_data/snapshots/environment/plain_with-extras_1.6.json.bin b/tests/_data/snapshots/environment/plain_with-extras_1.6.json.bin
index e1b260f23..f3a37ac6e 100644
--- a/tests/_data/snapshots/environment/plain_with-extras_1.6.json.bin
+++ b/tests/_data/snapshots/environment/plain_with-extras_1.6.json.bin
@@ -34,7 +34,7 @@
"version": "1.3.0"
},
{
- "bom-ref": "attrs==24.2.0",
+ "bom-ref": "attrs==25.4.0",
"description": "Classes Without Boilerplate",
"externalReferences": [
{
@@ -72,12 +72,12 @@
}
],
"name": "attrs",
- "purl": "pkg:pypi/attrs@24.2.0",
+ "purl": "pkg:pypi/attrs@25.4.0",
"type": "library",
- "version": "24.2.0"
+ "version": "25.4.0"
},
{
- "bom-ref": "boolean.py==4.0",
+ "bom-ref": "boolean.py==5.0",
"description": "Define boolean algebras, create and parse boolean expressions and create custom boolean DSL.",
"externalReferences": [
{
@@ -95,12 +95,12 @@
}
],
"name": "boolean.py",
- "purl": "pkg:pypi/boolean.py@4.0",
+ "purl": "pkg:pypi/boolean.py@5.0",
"type": "library",
- "version": "4.0"
+ "version": "5.0"
},
{
- "bom-ref": "cyclonedx-python-lib==8.2.0",
+ "bom-ref": "cyclonedx-python-lib==11.2.0",
"description": "Python library for CycloneDX",
"externalReferences": [
{
@@ -118,13 +118,18 @@
"type": "other",
"url": "https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX"
},
+ {
+ "comment": "from packaging metadata Project-URL: Changelog",
+ "type": "release-notes",
+ "url": "https://github.com/CycloneDX/cyclonedx-python-lib/releases"
+ },
{
"comment": "from packaging metadata Project-URL: Repository",
"type": "vcs",
"url": "https://github.com/CycloneDX/cyclonedx-python-lib"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
"url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme"
}
@@ -150,9 +155,9 @@
"value": "xml-validation"
}
],
- "purl": "pkg:pypi/cyclonedx-python-lib@8.2.0",
+ "purl": "pkg:pypi/cyclonedx-python-lib@11.2.0",
"type": "library",
- "version": "8.2.0"
+ "version": "11.2.0"
},
{
"bom-ref": "defusedxml==0.7.1",
@@ -206,7 +211,7 @@
"version": "1.5.1"
},
{
- "bom-ref": "idna==3.10",
+ "bom-ref": "idna==3.11",
"description": "Internationalized Domain Names in Applications (IDNA)",
"externalReferences": [
{
@@ -229,14 +234,14 @@
{
"license": {
"acknowledgement": "declared",
- "name": "License :: OSI Approved :: BSD License"
+ "id": "BSD-3-Clause"
}
}
],
"name": "idna",
- "purl": "pkg:pypi/idna@3.10",
+ "purl": "pkg:pypi/idna@3.11",
"type": "library",
- "version": "3.10"
+ "version": "3.11"
},
{
"bom-ref": "importlib_resources==6.4.5",
@@ -323,7 +328,7 @@
"version": "3.0.0"
},
{
- "bom-ref": "jsonschema==4.23.0",
+ "bom-ref": "jsonschema==4.25.1",
"description": "An implementation of JSON Schema validation for Python",
"externalReferences": [
{
@@ -374,12 +379,12 @@
"properties": [
{
"name": "cdx:python:package:required-extra",
- "value": "format"
+ "value": "format-nongpl"
}
],
- "purl": "pkg:pypi/jsonschema@4.23.0",
+ "purl": "pkg:pypi/jsonschema@4.25.1",
"type": "library",
- "version": "4.23.0"
+ "version": "4.25.1"
},
{
"bom-ref": "jsonschema-specifications==2023.3.6",
@@ -425,7 +430,35 @@
"version": "2023.3.6"
},
{
- "bom-ref": "license-expression==30.3.1",
+ "bom-ref": "lark==1.3.0",
+ "description": "a modern parsing library",
+ "externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Download",
+ "type": "distribution",
+ "url": "https://github.com/lark-parser/lark/tarball/master"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Homepage",
+ "type": "website",
+ "url": "https://github.com/lark-parser/lark"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "acknowledgement": "declared",
+ "id": "MIT"
+ }
+ }
+ ],
+ "name": "lark",
+ "purl": "pkg:pypi/lark@1.3.0",
+ "type": "library",
+ "version": "1.3.0"
+ },
+ {
+ "bom-ref": "license-expression==30.4.4",
"description": "license-expression is a comprehensive utility library to parse, compare, simplify and normalize license expressions (such as SPDX license expressions) using boolean logic.",
"externalReferences": [
{
@@ -443,14 +476,19 @@
}
],
"name": "license-expression",
- "purl": "pkg:pypi/license-expression@30.3.1",
+ "purl": "pkg:pypi/license-expression@30.4.4",
"type": "library",
- "version": "30.3.1"
+ "version": "30.4.4"
},
{
- "bom-ref": "lxml==5.3.0",
+ "bom-ref": "lxml==6.0.2",
"description": "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.",
"externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Bug Tracker",
+ "type": "issue-tracker",
+ "url": "https://bugs.launchpad.net/lxml"
+ },
{
"comment": "from packaging metadata Project-URL: Source",
"type": "other",
@@ -468,21 +506,15 @@
"acknowledgement": "declared",
"id": "BSD-3-Clause"
}
- },
- {
- "license": {
- "acknowledgement": "declared",
- "name": "License :: OSI Approved :: BSD License"
- }
}
],
"name": "lxml",
- "purl": "pkg:pypi/lxml@5.3.0",
+ "purl": "pkg:pypi/lxml@6.0.2",
"type": "library",
- "version": "5.3.0"
+ "version": "6.0.2"
},
{
- "bom-ref": "packageurl-python==0.16.0",
+ "bom-ref": "packageurl-python==0.17.5",
"description": "A purl aka. Package URL parser and builder",
"externalReferences": [
{
@@ -500,9 +532,9 @@
}
],
"name": "packageurl-python",
- "purl": "pkg:pypi/packageurl-python@0.16.0",
+ "purl": "pkg:pypi/packageurl-python@0.17.5",
"type": "library",
- "version": "0.16.0"
+ "version": "0.17.5"
},
{
"bom-ref": "pkgutil_resolve_name==1.3.10",
@@ -528,7 +560,7 @@
"version": "1.3.10"
},
{
- "bom-ref": "py-serializable==1.1.2",
+ "bom-ref": "py-serializable==2.1.0",
"description": "Library for serializing and deserializing Python Objects to and from JSON and XML.",
"externalReferences": [
{
@@ -547,7 +579,7 @@
"url": "https://github.com/madpah/serializable"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
"url": "https://github.com/madpah/serializable#readme"
}
@@ -567,9 +599,9 @@
}
],
"name": "py-serializable",
- "purl": "pkg:pypi/py-serializable@1.1.2",
+ "purl": "pkg:pypi/py-serializable@2.1.0",
"type": "library",
- "version": "1.1.2"
+ "version": "2.1.0"
},
{
"bom-ref": "python-dateutil==2.9.0.post0",
@@ -611,7 +643,7 @@
"version": "2.9.0.post0"
},
{
- "bom-ref": "referencing==0.35.1",
+ "bom-ref": "referencing==0.37.0",
"description": "JSON Referencing + Python",
"externalReferences": [
{
@@ -659,9 +691,9 @@
}
],
"name": "referencing",
- "purl": "pkg:pypi/referencing@0.35.1",
+ "purl": "pkg:pypi/referencing@0.37.0",
"type": "library",
- "version": "0.35.1"
+ "version": "0.37.0"
},
{
"bom-ref": "rfc3339-validator==0.1.4",
@@ -687,35 +719,68 @@
"version": "0.1.4"
},
{
- "bom-ref": "rfc3987==1.3.8",
- "description": "Parsing and validation of URIs (RFC 3986) and IRIs (RFC 3987)",
+ "bom-ref": "rfc3986-validator==0.1.1",
+ "description": "Pure python rfc3986 validator",
"externalReferences": [
{
- "comment": "from packaging metadata: Download-URL",
- "type": "distribution",
- "url": "https://github.com/dgerber/rfc3987"
+ "comment": "from packaging metadata: Home-page",
+ "type": "website",
+ "url": "https://github.com/naimetti/rfc3986-validator"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "acknowledgement": "declared",
+ "id": "MIT"
+ }
+ }
+ ],
+ "name": "rfc3986-validator",
+ "purl": "pkg:pypi/rfc3986-validator@0.1.1",
+ "type": "library",
+ "version": "0.1.1"
+ },
+ {
+ "bom-ref": "rfc3987-syntax==1.1.0",
+ "description": "Helper functions to syntactically validate strings according to RFC 3987.",
+ "externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Documentation",
+ "type": "documentation",
+ "url": "https://github.com/willynilly/rfc3987-syntax#readme"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Issues",
+ "type": "issue-tracker",
+ "url": "https://github.com/willynilly/rfc3987-syntax/issues"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Source",
+ "type": "other",
+ "url": "https://github.com/willynilly/rfc3987-syntax"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
- "url": "http://pypi.python.org/pypi/rfc3987"
+ "url": "https://github.com/willynilly/rfc3987-syntax"
}
],
"licenses": [
{
"license": {
"acknowledgement": "declared",
- "id": "GPL-3.0-or-later"
+ "id": "MIT"
}
}
],
- "name": "rfc3987",
- "purl": "pkg:pypi/rfc3987@1.3.8",
+ "name": "rfc3987-syntax",
+ "purl": "pkg:pypi/rfc3987-syntax@1.1.0",
"type": "library",
- "version": "1.3.8"
+ "version": "1.1.0"
},
{
- "bom-ref": "rpds-py==0.20.0",
+ "bom-ref": "rpds-py==0.27.1",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"externalReferences": [
{
@@ -733,6 +798,11 @@
"type": "other",
"url": "https://github.com/crate-py/rpds"
},
+ {
+ "comment": "from packaging metadata Project-URL: Upstream",
+ "type": "other",
+ "url": "https://github.com/orium/rpds"
+ },
{
"comment": "from packaging metadata Project-URL: Funding",
"type": "other",
@@ -758,12 +828,12 @@
}
],
"name": "rpds-py",
- "purl": "pkg:pypi/rpds-py@0.20.0",
+ "purl": "pkg:pypi/rpds-py@0.27.1",
"type": "library",
- "version": "0.20.0"
+ "version": "0.27.1"
},
{
- "bom-ref": "six==1.16.0",
+ "bom-ref": "six==1.17.0",
"description": "Python 2 and 3 compatibility utilities",
"externalReferences": [
{
@@ -781,9 +851,9 @@
}
],
"name": "six",
- "purl": "pkg:pypi/six@1.16.0",
+ "purl": "pkg:pypi/six@1.17.0",
"type": "library",
- "version": "1.16.0"
+ "version": "1.17.0"
},
{
"bom-ref": "sortedcontainers==2.4.0",
@@ -809,7 +879,7 @@
"version": "2.4.0"
},
{
- "bom-ref": "types-python-dateutil==2.9.0.20241003",
+ "bom-ref": "types-python-dateutil==2.9.0.20251008",
"description": "Typing stubs for python-dateutil",
"externalReferences": [
{
@@ -833,7 +903,7 @@
"url": "https://github.com/python/typeshed"
},
{
- "comment": "from packaging metadata: Home-page",
+ "comment": "from packaging metadata Project-URL: Homepage",
"type": "website",
"url": "https://github.com/python/typeshed"
}
@@ -844,18 +914,60 @@
"acknowledgement": "declared",
"id": "Apache-2.0"
}
+ }
+ ],
+ "name": "types-python-dateutil",
+ "purl": "pkg:pypi/types-python-dateutil@2.9.0.20251008",
+ "type": "library",
+ "version": "2.9.0.20251008"
+ },
+ {
+ "bom-ref": "typing_extensions==4.15.0",
+ "description": "Backported and Experimental Type Hints for Python 3.9+",
+ "externalReferences": [
+ {
+ "comment": "from packaging metadata Project-URL: Documentation",
+ "type": "documentation",
+ "url": "https://typing-extensions.readthedocs.io/"
},
+ {
+ "comment": "from packaging metadata Project-URL: Bug Tracker",
+ "type": "issue-tracker",
+ "url": "https://github.com/python/typing_extensions/issues"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Q & A",
+ "type": "other",
+ "url": "https://github.com/python/typing/discussions"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Changes",
+ "type": "release-notes",
+ "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Repository",
+ "type": "vcs",
+ "url": "https://github.com/python/typing_extensions"
+ },
+ {
+ "comment": "from packaging metadata Project-URL: Home",
+ "type": "website",
+ "url": "https://github.com/python/typing_extensions"
+ }
+ ],
+ "licenses": [
{
"license": {
"acknowledgement": "declared",
- "name": "License :: OSI Approved :: Apache Software License"
+ "id": "PSF-2.0"
}
}
],
- "name": "types-python-dateutil",
- "purl": "pkg:pypi/types-python-dateutil@2.9.0.20241003",
+ "name": "typing_extensions",
+ "purl": "pkg:pypi/typing-extensions@4.15.0",
"type": "library",
- "version": "2.9.0.20241003"
+ "version": "4.15.0"
},
{
"bom-ref": "uri-template==1.3.0",
@@ -881,17 +993,17 @@
"version": "1.3.0"
},
{
- "bom-ref": "webcolors==24.8.0",
+ "bom-ref": "webcolors==24.11.1",
"description": "A library for working with the color formats defined by HTML and CSS.",
"externalReferences": [
{
- "comment": "from packaging metadata Project-URL: documentation",
+ "comment": "from packaging metadata Project-URL: Documentation",
"type": "documentation",
"url": "https://webcolors.readthedocs.io"
},
{
- "comment": "from packaging metadata Project-URL: homepage",
- "type": "website",
+ "comment": "from packaging metadata Project-URL: Source Code",
+ "type": "other",
"url": "https://github.com/ubernostrum/webcolors"
}
],
@@ -910,9 +1022,9 @@
}
],
"name": "webcolors",
- "purl": "pkg:pypi/webcolors@24.8.0",
+ "purl": "pkg:pypi/webcolors@24.11.1",
"type": "library",
- "version": "24.8.0"
+ "version": "24.11.1"
},
{
"bom-ref": "zipp==3.20.2",
@@ -942,26 +1054,28 @@
{
"dependsOn": [
"python-dateutil==2.9.0.post0",
- "types-python-dateutil==2.9.0.20241003"
+ "types-python-dateutil==2.9.0.20251008"
],
"ref": "arrow==1.3.0"
},
{
- "ref": "attrs==24.2.0"
+ "ref": "attrs==25.4.0"
},
{
- "ref": "boolean.py==4.0"
+ "ref": "boolean.py==5.0"
},
{
"dependsOn": [
- "jsonschema==4.23.0",
- "license-expression==30.3.1",
- "lxml==5.3.0",
- "packageurl-python==0.16.0",
- "py-serializable==1.1.2",
- "sortedcontainers==2.4.0"
- ],
- "ref": "cyclonedx-python-lib==8.2.0"
+ "jsonschema==4.25.1",
+ "license-expression==30.4.4",
+ "lxml==6.0.2",
+ "packageurl-python==0.17.5",
+ "py-serializable==2.1.0",
+ "referencing==0.37.0",
+ "sortedcontainers==2.4.0",
+ "typing_extensions==4.15.0"
+ ],
+ "ref": "cyclonedx-python-lib==11.2.0"
},
{
"ref": "defusedxml==0.7.1"
@@ -970,7 +1084,7 @@
"ref": "fqdn==1.5.1"
},
{
- "ref": "idna==3.10"
+ "ref": "idna==3.11"
},
{
"dependsOn": [
@@ -990,40 +1104,42 @@
{
"dependsOn": [
"importlib_resources==6.4.5",
- "referencing==0.35.1"
+ "referencing==0.37.0"
],
"ref": "jsonschema-specifications==2023.3.6"
},
{
"dependsOn": [
- "attrs==24.2.0",
+ "attrs==25.4.0",
"fqdn==1.5.1",
- "idna==3.10",
- "importlib_resources==6.4.5",
+ "idna==3.11",
"isoduration==20.11.0",
"jsonpointer==3.0.0",
"jsonschema-specifications==2023.3.6",
- "pkgutil_resolve_name==1.3.10",
- "referencing==0.35.1",
+ "referencing==0.37.0",
"rfc3339-validator==0.1.4",
- "rfc3987==1.3.8",
- "rpds-py==0.20.0",
+ "rfc3986-validator==0.1.1",
+ "rfc3987-syntax==1.1.0",
+ "rpds-py==0.27.1",
"uri-template==1.3.0",
- "webcolors==24.8.0"
+ "webcolors==24.11.1"
],
- "ref": "jsonschema==4.23.0"
+ "ref": "jsonschema==4.25.1"
+ },
+ {
+ "ref": "lark==1.3.0"
},
{
"dependsOn": [
- "boolean.py==4.0"
+ "boolean.py==5.0"
],
- "ref": "license-expression==30.3.1"
+ "ref": "license-expression==30.4.4"
},
{
- "ref": "lxml==5.3.0"
+ "ref": "lxml==6.0.2"
},
{
- "ref": "packageurl-python==0.16.0"
+ "ref": "packageurl-python==0.17.5"
},
{
"ref": "pkgutil_resolve_name==1.3.10"
@@ -1032,53 +1148,63 @@
"dependsOn": [
"defusedxml==0.7.1"
],
- "ref": "py-serializable==1.1.2"
+ "ref": "py-serializable==2.1.0"
},
{
"dependsOn": [
- "six==1.16.0"
+ "six==1.17.0"
],
"ref": "python-dateutil==2.9.0.post0"
},
{
"dependsOn": [
- "attrs==24.2.0",
- "rpds-py==0.20.0"
+ "attrs==25.4.0",
+ "rpds-py==0.27.1",
+ "typing_extensions==4.15.0"
],
- "ref": "referencing==0.35.1"
+ "ref": "referencing==0.37.0"
},
{
"dependsOn": [
- "six==1.16.0"
+ "six==1.17.0"
],
"ref": "rfc3339-validator==0.1.4"
},
{
- "ref": "rfc3987==1.3.8"
+ "ref": "rfc3986-validator==0.1.1"
},
{
"dependsOn": [
- "cyclonedx-python-lib==8.2.0"
+ "lark==1.3.0"
+ ],
+ "ref": "rfc3987-syntax==1.1.0"
+ },
+ {
+ "dependsOn": [
+ "cyclonedx-python-lib==11.2.0"
],
"ref": "root-component"
},
{
- "ref": "rpds-py==0.20.0"
+ "ref": "rpds-py==0.27.1"
},
{
- "ref": "six==1.16.0"
+ "ref": "six==1.17.0"
},
{
"ref": "sortedcontainers==2.4.0"
},
{
- "ref": "types-python-dateutil==2.9.0.20241003"
+ "ref": "types-python-dateutil==2.9.0.20251008"
+ },
+ {
+ "ref": "typing_extensions==4.15.0"
},
{
"ref": "uri-template==1.3.0"
},
{
- "ref": "webcolors==24.8.0"
+ "ref": "webcolors==24.11.1"
},
{
"dependsOn": [
diff --git a/tests/_data/snapshots/environment/plain_with-extras_1.6.xml.bin b/tests/_data/snapshots/environment/plain_with-extras_1.6.xml.bin
index 6de3ed477..a3e7a3459 100644
--- a/tests/_data/snapshots/environment/plain_with-extras_1.6.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-extras_1.6.xml.bin
@@ -85,16 +85,16 @@
-
+
attrs
- 24.2.0
+ 25.4.0
Classes Without Boilerplate
MIT
- pkg:pypi/attrs@24.2.0
+ pkg:pypi/attrs@25.4.0
https://www.attrs.org/
@@ -118,16 +118,16 @@
-
+
boolean.py
- 4.0
+ 5.0
Define boolean algebras, create and parse boolean expressions and create custom boolean DSL.
BSD-2-Clause
- pkg:pypi/boolean.py@4.0
+ pkg:pypi/boolean.py@5.0
https://github.com/bastikr/boolean.py
@@ -135,9 +135,9 @@
-
+
cyclonedx-python-lib
- 8.2.0
+ 11.2.0
Python library for CycloneDX
@@ -147,7 +147,7 @@
License :: OSI Approved :: Apache Software License
- pkg:pypi/cyclonedx-python-lib@8.2.0
+ pkg:pypi/cyclonedx-python-lib@11.2.0
https://cyclonedx-python-library.readthedocs.io/
@@ -161,13 +161,17 @@
https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX
from packaging metadata Project-URL: Funding
+
+ https://github.com/CycloneDX/cyclonedx-python-lib/releases
+ from packaging metadata Project-URL: Changelog
+
https://github.com/CycloneDX/cyclonedx-python-lib
from packaging metadata Project-URL: Repository
https://github.com/CycloneDX/cyclonedx-python-lib/#readme
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
@@ -212,16 +216,16 @@
-
+
idna
- 3.10
+ 3.11
Internationalized Domain Names in Applications (IDNA)
- License :: OSI Approved :: BSD License
+ BSD-3-Clause
- pkg:pypi/idna@3.10
+ pkg:pypi/idna@3.11
https://github.com/kjd/idna/issues
@@ -300,16 +304,16 @@
-
+
jsonschema
- 4.23.0
+ 4.25.1
An implementation of JSON Schema validation for Python
MIT
- pkg:pypi/jsonschema@4.23.0
+ pkg:pypi/jsonschema@4.25.1
https://python-jsonschema.readthedocs.io/
@@ -341,7 +345,7 @@
- format
+ format-nongpl
@@ -377,16 +381,37 @@
-
+
+ lark
+ 1.3.0
+ a modern parsing library
+
+
+ MIT
+
+
+ pkg:pypi/lark@1.3.0
+
+
+ https://github.com/lark-parser/lark/tarball/master
+ from packaging metadata Project-URL: Download
+
+
+ https://github.com/lark-parser/lark
+ from packaging metadata Project-URL: Homepage
+
+
+
+
license-expression
- 30.3.1
+ 30.4.4
license-expression is a comprehensive utility library to parse, compare, simplify and normalize license expressions (such as SPDX license expressions) using boolean logic.
Apache-2.0
- pkg:pypi/license-expression@30.3.1
+ pkg:pypi/license-expression@30.4.4
https://github.com/aboutcode-org/license-expression
@@ -394,20 +419,21 @@
-
+
lxml
- 5.3.0
+ 6.0.2
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
BSD-3-Clause
-
- License :: OSI Approved :: BSD License
-
- pkg:pypi/lxml@5.3.0
+ pkg:pypi/lxml@6.0.2
+
+ https://bugs.launchpad.net/lxml
+ from packaging metadata Project-URL: Bug Tracker
+
https://github.com/lxml/lxml
from packaging metadata Project-URL: Source
@@ -418,16 +444,16 @@
-
+
packageurl-python
- 0.16.0
+ 0.17.5
A purl aka. Package URL parser and builder
MIT
- pkg:pypi/packageurl-python@0.16.0
+ pkg:pypi/packageurl-python@0.17.5
https://github.com/package-url/packageurl-python
@@ -452,9 +478,9 @@
-
+
py-serializable
- 1.1.2
+ 2.1.0
Library for serializing and deserializing Python Objects to and from JSON and XML.
@@ -464,7 +490,7 @@
License :: OSI Approved :: Apache Software License
- pkg:pypi/py-serializable@1.1.2
+ pkg:pypi/py-serializable@2.1.0
https://py-serializable.readthedocs.io/
@@ -480,7 +506,7 @@
https://github.com/madpah/serializable#readme
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
@@ -512,16 +538,16 @@
-
+
referencing
- 0.35.1
+ 0.37.0
JSON Referencing + Python
MIT
- pkg:pypi/referencing@0.35.1
+ pkg:pypi/referencing@0.37.0
https://referencing.readthedocs.io/
@@ -570,37 +596,62 @@
-
- rfc3987
- 1.3.8
- Parsing and validation of URIs (RFC 3986) and IRIs (RFC 3987)
+
+ rfc3986-validator
+ 0.1.1
+ Pure python rfc3986 validator
- GPL-3.0-or-later
+ MIT
- pkg:pypi/rfc3987@1.3.8
+ pkg:pypi/rfc3986-validator@0.1.1
-
- https://github.com/dgerber/rfc3987
- from packaging metadata: Download-URL
-
- http://pypi.python.org/pypi/rfc3987
+ https://github.com/naimetti/rfc3986-validator
from packaging metadata: Home-page
-
+
+ rfc3987-syntax
+ 1.1.0
+ Helper functions to syntactically validate strings according to RFC 3987.
+
+
+ MIT
+
+
+ pkg:pypi/rfc3987-syntax@1.1.0
+
+
+ https://github.com/willynilly/rfc3987-syntax#readme
+ from packaging metadata Project-URL: Documentation
+
+
+ https://github.com/willynilly/rfc3987-syntax/issues
+ from packaging metadata Project-URL: Issues
+
+
+ https://github.com/willynilly/rfc3987-syntax
+ from packaging metadata Project-URL: Source
+
+
+ https://github.com/willynilly/rfc3987-syntax
+ from packaging metadata Project-URL: Homepage
+
+
+
+
rpds-py
- 0.20.0
+ 0.27.1
Python bindings to Rust's persistent data structures (rpds)
MIT
- pkg:pypi/rpds-py@0.20.0
+ pkg:pypi/rpds-py@0.27.1
https://rpds.readthedocs.io/
@@ -614,6 +665,10 @@
https://github.com/crate-py/rpds
from packaging metadata Project-URL: Source
+
+ https://github.com/orium/rpds
+ from packaging metadata Project-URL: Upstream
+
https://github.com/sponsors/Julian
from packaging metadata Project-URL: Funding
@@ -628,16 +683,16 @@
-
+
six
- 1.16.0
+ 1.17.0
Python 2 and 3 compatibility utilities
MIT
- pkg:pypi/six@1.16.0
+ pkg:pypi/six@1.17.0
https://github.com/benjaminp/six
@@ -662,19 +717,16 @@
-
+
types-python-dateutil
- 2.9.0.20241003
+ 2.9.0.20251008
Typing stubs for python-dateutil
Apache-2.0
-
- License :: OSI Approved :: Apache Software License
-
- pkg:pypi/types-python-dateutil@2.9.0.20241003
+ pkg:pypi/types-python-dateutil@2.9.0.20251008
https://gitter.im/python/typing
@@ -694,7 +746,44 @@
https://github.com/python/typeshed
- from packaging metadata: Home-page
+ from packaging metadata Project-URL: Homepage
+
+
+
+
+ typing_extensions
+ 4.15.0
+ Backported and Experimental Type Hints for Python 3.9+
+
+
+ PSF-2.0
+
+
+ pkg:pypi/typing-extensions@4.15.0
+
+
+ https://typing-extensions.readthedocs.io/
+ from packaging metadata Project-URL: Documentation
+
+
+ https://github.com/python/typing_extensions/issues
+ from packaging metadata Project-URL: Bug Tracker
+
+
+ https://github.com/python/typing/discussions
+ from packaging metadata Project-URL: Q & A
+
+
+ https://github.com/python/typing_extensions/blob/main/CHANGELOG.md
+ from packaging metadata Project-URL: Changes
+
+
+ https://github.com/python/typing_extensions
+ from packaging metadata Project-URL: Repository
+
+
+ https://github.com/python/typing_extensions
+ from packaging metadata Project-URL: Home
@@ -715,9 +804,9 @@
-
+
webcolors
- 24.8.0
+ 24.11.1
A library for working with the color formats defined by HTML and CSS.
@@ -727,15 +816,15 @@
License :: OSI Approved :: BSD License
- pkg:pypi/webcolors@24.8.0
+ pkg:pypi/webcolors@24.11.1
https://webcolors.readthedocs.io
- from packaging metadata Project-URL: documentation
+ from packaging metadata Project-URL: Documentation
-
+
https://github.com/ubernostrum/webcolors
- from packaging metadata Project-URL: homepage
+ from packaging metadata Project-URL: Source Code
@@ -760,21 +849,23 @@
-
+
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
-
+
@@ -784,53 +875,58 @@
-
+
-
-
+
+
-
-
+
-
-
+
-
-
+
+
+
-
+
-
-
+
+
+
-
-
+
+
-
+
-
+
-
-
-
+
+
+
+
-
+
+
+
+
+
-
-
+
-
-
+
+
-
+
+
-
+
diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.0.xml.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.0.xml.bin
index b48275799..a37fe35a1 100644
--- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.0.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.0.xml.bin
@@ -43,13 +43,6 @@
pkg:pypi/license-expression@30.3.0
false
-
- lxml
- 5.3.0
- Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
- pkg:pypi/lxml@5.3.0
- false
-
regression-issue868
0.1
diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.1.xml.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.1.xml.bin
index 4aed6cd2f..82ee698f9 100644
--- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.1.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.1.xml.bin
@@ -145,30 +145,6 @@
-
- lxml
- 5.3.0
- Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
-
-
- BSD-3-Clause
-
-
- License :: OSI Approved :: BSD License
-
-
- pkg:pypi/lxml@5.3.0
-
-
- https://github.com/lxml/lxml
- from packaging metadata Project-URL: Source
-
-
- https://lxml.de/
- from packaging metadata: Home-page
-
-
-
regression-issue868
0.1
diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.2.json.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.2.json.bin
index 8016f9a15..ea1303bd9 100644
--- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.2.json.bin
+++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.2.json.bin
@@ -185,38 +185,6 @@
"type": "library",
"version": "30.3.0"
},
- {
- "bom-ref": "lxml==5.3.0",
- "description": "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.",
- "externalReferences": [
- {
- "comment": "from packaging metadata Project-URL: Source",
- "type": "other",
- "url": "https://github.com/lxml/lxml"
- },
- {
- "comment": "from packaging metadata: Home-page",
- "type": "website",
- "url": "https://lxml.de/"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause"
- }
- },
- {
- "license": {
- "name": "License :: OSI Approved :: BSD License"
- }
- }
- ],
- "name": "lxml",
- "purl": "pkg:pypi/lxml@5.3.0",
- "type": "library",
- "version": "5.3.0"
- },
{
"bom-ref": "regression-issue868==0.1",
"externalReferences": [
@@ -253,9 +221,6 @@
],
"ref": "license-expression==30.3.0"
},
- {
- "ref": "lxml==5.3.0"
- },
{
"ref": "regression-issue868==0.1"
},
@@ -266,7 +231,6 @@
"cryptography==43.0.1",
"jsonpointer==2.4",
"license-expression==30.3.0",
- "lxml==5.3.0",
"regression-issue868==0.1"
],
"ref": "root-component"
diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.2.xml.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.2.xml.bin
index 669c6b16c..28399ce44 100644
--- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.2.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.2.xml.bin
@@ -167,30 +167,6 @@
-
- lxml
- 5.3.0
- Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
-
-
- BSD-3-Clause
-
-
- License :: OSI Approved :: BSD License
-
-
- pkg:pypi/lxml@5.3.0
-
-
- https://github.com/lxml/lxml
- from packaging metadata Project-URL: Source
-
-
- https://lxml.de/
- from packaging metadata: Home-page
-
-
-
regression-issue868
0.1
@@ -211,7 +187,6 @@
-
@@ -219,7 +194,6 @@
-
diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.3.json.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.3.json.bin
index 23f749f39..4b39b11c2 100644
--- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.3.json.bin
+++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.3.json.bin
@@ -199,38 +199,6 @@
"type": "library",
"version": "30.3.0"
},
- {
- "bom-ref": "lxml==5.3.0",
- "description": "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.",
- "externalReferences": [
- {
- "comment": "from packaging metadata Project-URL: Source",
- "type": "other",
- "url": "https://github.com/lxml/lxml"
- },
- {
- "comment": "from packaging metadata: Home-page",
- "type": "website",
- "url": "https://lxml.de/"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause"
- }
- },
- {
- "license": {
- "name": "License :: OSI Approved :: BSD License"
- }
- }
- ],
- "name": "lxml",
- "purl": "pkg:pypi/lxml@5.3.0",
- "type": "library",
- "version": "5.3.0"
- },
{
"bom-ref": "regression-issue868==0.1",
"externalReferences": [
@@ -267,9 +235,6 @@
],
"ref": "license-expression==30.3.0"
},
- {
- "ref": "lxml==5.3.0"
- },
{
"ref": "regression-issue868==0.1"
},
@@ -280,7 +245,6 @@
"cryptography==43.0.1",
"jsonpointer==2.4",
"license-expression==30.3.0",
- "lxml==5.3.0",
"regression-issue868==0.1"
],
"ref": "root-component"
diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.3.xml.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.3.xml.bin
index 926df2fd2..898285c3f 100644
--- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.3.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.3.xml.bin
@@ -180,30 +180,6 @@
-
- lxml
- 5.3.0
- Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
-
-
- BSD-3-Clause
-
-
- License :: OSI Approved :: BSD License
-
-
- pkg:pypi/lxml@5.3.0
-
-
- https://github.com/lxml/lxml
- from packaging metadata Project-URL: Source
-
-
- https://lxml.de/
- from packaging metadata: Home-page
-
-
-
regression-issue868
0.1
@@ -224,7 +200,6 @@
-
@@ -232,7 +207,6 @@
-
diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.4.json.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.4.json.bin
index 9c8b753d7..2b2b6099c 100644
--- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.4.json.bin
+++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.4.json.bin
@@ -199,38 +199,6 @@
"type": "library",
"version": "30.3.0"
},
- {
- "bom-ref": "lxml==5.3.0",
- "description": "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.",
- "externalReferences": [
- {
- "comment": "from packaging metadata Project-URL: Source",
- "type": "other",
- "url": "https://github.com/lxml/lxml"
- },
- {
- "comment": "from packaging metadata: Home-page",
- "type": "website",
- "url": "https://lxml.de/"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause"
- }
- },
- {
- "license": {
- "name": "License :: OSI Approved :: BSD License"
- }
- }
- ],
- "name": "lxml",
- "purl": "pkg:pypi/lxml@5.3.0",
- "type": "library",
- "version": "5.3.0"
- },
{
"bom-ref": "regression-issue868==0.1",
"externalReferences": [
@@ -267,9 +235,6 @@
],
"ref": "license-expression==30.3.0"
},
- {
- "ref": "lxml==5.3.0"
- },
{
"ref": "regression-issue868==0.1"
},
@@ -280,7 +245,6 @@
"cryptography==43.0.1",
"jsonpointer==2.4",
"license-expression==30.3.0",
- "lxml==5.3.0",
"regression-issue868==0.1"
],
"ref": "root-component"
diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.4.xml.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.4.xml.bin
index 827c66a37..e4228a9c2 100644
--- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.4.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.4.xml.bin
@@ -207,30 +207,6 @@
-
- lxml
- 5.3.0
- Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
-
-
- BSD-3-Clause
-
-
- License :: OSI Approved :: BSD License
-
-
- pkg:pypi/lxml@5.3.0
-
-
- https://github.com/lxml/lxml
- from packaging metadata Project-URL: Source
-
-
- https://lxml.de/
- from packaging metadata: Home-page
-
-
-
regression-issue868
0.1
@@ -251,7 +227,6 @@
-
@@ -259,7 +234,6 @@
-
diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.5.json.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.5.json.bin
index 883505454..69bce2997 100644
--- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.5.json.bin
+++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.5.json.bin
@@ -199,38 +199,6 @@
"type": "library",
"version": "30.3.0"
},
- {
- "bom-ref": "lxml==5.3.0",
- "description": "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.",
- "externalReferences": [
- {
- "comment": "from packaging metadata Project-URL: Source",
- "type": "other",
- "url": "https://github.com/lxml/lxml"
- },
- {
- "comment": "from packaging metadata: Home-page",
- "type": "website",
- "url": "https://lxml.de/"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause"
- }
- },
- {
- "license": {
- "name": "License :: OSI Approved :: BSD License"
- }
- }
- ],
- "name": "lxml",
- "purl": "pkg:pypi/lxml@5.3.0",
- "type": "library",
- "version": "5.3.0"
- },
{
"bom-ref": "regression-issue868==0.1",
"externalReferences": [
@@ -267,9 +235,6 @@
],
"ref": "license-expression==30.3.0"
},
- {
- "ref": "lxml==5.3.0"
- },
{
"ref": "regression-issue868==0.1"
},
@@ -280,7 +245,6 @@
"cryptography==43.0.1",
"jsonpointer==2.4",
"license-expression==30.3.0",
- "lxml==5.3.0",
"regression-issue868==0.1"
],
"ref": "root-component"
diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.5.xml.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.5.xml.bin
index af611cc33..f12e3caa0 100644
--- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.5.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.5.xml.bin
@@ -217,30 +217,6 @@
-
- lxml
- 5.3.0
- Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
-
-
- BSD-3-Clause
-
-
- License :: OSI Approved :: BSD License
-
-
- pkg:pypi/lxml@5.3.0
-
-
- https://github.com/lxml/lxml
- from packaging metadata Project-URL: Source
-
-
- https://lxml.de/
- from packaging metadata: Home-page
-
-
-
regression-issue868
0.1
@@ -261,7 +237,6 @@
-
@@ -269,7 +244,6 @@
-
diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.6.json.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.6.json.bin
index 5915e5281..f14f142c3 100644
--- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.6.json.bin
+++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.6.json.bin
@@ -207,40 +207,6 @@
"type": "library",
"version": "30.3.0"
},
- {
- "bom-ref": "lxml==5.3.0",
- "description": "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.",
- "externalReferences": [
- {
- "comment": "from packaging metadata Project-URL: Source",
- "type": "other",
- "url": "https://github.com/lxml/lxml"
- },
- {
- "comment": "from packaging metadata: Home-page",
- "type": "website",
- "url": "https://lxml.de/"
- }
- ],
- "licenses": [
- {
- "license": {
- "acknowledgement": "declared",
- "id": "BSD-3-Clause"
- }
- },
- {
- "license": {
- "acknowledgement": "declared",
- "name": "License :: OSI Approved :: BSD License"
- }
- }
- ],
- "name": "lxml",
- "purl": "pkg:pypi/lxml@5.3.0",
- "type": "library",
- "version": "5.3.0"
- },
{
"bom-ref": "regression-issue868==0.1",
"externalReferences": [
@@ -277,9 +243,6 @@
],
"ref": "license-expression==30.3.0"
},
- {
- "ref": "lxml==5.3.0"
- },
{
"ref": "regression-issue868==0.1"
},
@@ -290,7 +253,6 @@
"cryptography==43.0.1",
"jsonpointer==2.4",
"license-expression==30.3.0",
- "lxml==5.3.0",
"regression-issue868==0.1"
],
"ref": "root-component"
diff --git a/tests/_data/snapshots/environment/plain_with-license-pep639_1.6.xml.bin b/tests/_data/snapshots/environment/plain_with-license-pep639_1.6.xml.bin
index e226c35a9..845951d08 100644
--- a/tests/_data/snapshots/environment/plain_with-license-pep639_1.6.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-license-pep639_1.6.xml.bin
@@ -217,30 +217,6 @@
-
- lxml
- 5.3.0
- Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
-
-
- BSD-3-Clause
-
-
- License :: OSI Approved :: BSD License
-
-
- pkg:pypi/lxml@5.3.0
-
-
- https://github.com/lxml/lxml
- from packaging metadata Project-URL: Source
-
-
- https://lxml.de/
- from packaging metadata: Home-page
-
-
-
regression-issue868
0.1
@@ -261,7 +237,6 @@
-
@@ -269,7 +244,6 @@
-
diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.0.xml.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.0.xml.bin
index b48275799..a37fe35a1 100644
--- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.0.xml.bin
+++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.0.xml.bin
@@ -43,13 +43,6 @@
pkg:pypi/license-expression@30.3.0
false
-
- lxml
- 5.3.0
- Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
- pkg:pypi/lxml@5.3.0
- false
-
regression-issue868
0.1
diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.1.xml.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.1.xml.bin
index f03e0ae2d..ec7ba2dd9 100644
--- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.1.xml.bin
+++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.1.xml.bin
@@ -197,38 +197,6 @@
-
- lxml
- 5.3.0
- Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
-
-
- BSD-3-Clause
-
-
- License :: OSI Approved :: BSD License
-
-
- declared license file: LICENSE.txt
- Q29weXJpZ2h0IChjKSAyMDA0IEluZnJhZS4gQWxsIHJpZ2h0cyByZXNlcnZlZC4KClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dAptb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlCm1ldDoKCiAgMS4gUmVkaXN0cmlidXRpb25zIG9mIHNvdXJjZSBjb2RlIG11c3QgcmV0YWluIHRoZSBhYm92ZSBjb3B5cmlnaHQKICAgICBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuCiAgIAogIDIuIFJlZGlzdHJpYnV0aW9ucyBpbiBiaW5hcnkgZm9ybSBtdXN0IHJlcHJvZHVjZSB0aGUgYWJvdmUgY29weXJpZ2h0CiAgICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluCiAgICAgdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZQogICAgIGRpc3RyaWJ1dGlvbi4KCiAgMy4gTmVpdGhlciB0aGUgbmFtZSBvZiBJbmZyYWUgbm9yIHRoZSBuYW1lcyBvZiBpdHMgY29udHJpYnV0b3JzIG1heQogICAgIGJlIHVzZWQgdG8gZW5kb3JzZSBvciBwcm9tb3RlIHByb2R1Y3RzIGRlcml2ZWQgZnJvbSB0aGlzIHNvZnR3YXJlCiAgICAgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCgpUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBDT1BZUklHSFQgSE9MREVSUyBBTkQgQ09OVFJJQlVUT1JTCiJBUyBJUyIgQU5EIEFOWSBFWFBSRVNTIE9SIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UCkxJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMgT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUgpBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4gSU4gTk8gRVZFTlQgU0hBTEwgSU5GUkFFIE9SCkNPTlRSSUJVVE9SUyBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULCBJTkNJREVOVEFMLCBTUEVDSUFMLApFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sClBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLCBEQVRBLCBPUgpQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkgVEhFT1JZIE9GCkxJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVCAoSU5DTFVESU5HCk5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YgVEhJUwpTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4K
-
-
- declared license file: LICENSES.txt
- bHhtbCBpcyBjb3B5cmlnaHQgSW5mcmFlIGFuZCBkaXN0cmlidXRlZCB1bmRlciB0aGUgQlNEIGxpY2Vuc2UgKHNlZQpkb2MvbGljZW5zZXMvQlNELnR4dCksIHdpdGggdGhlIGZvbGxvd2luZyBleGNlcHRpb25zOgoKU29tZSBjb2RlLCBzdWNoIGEgc2VsZnRlc3QucHksIHNlbGZ0ZXN0Mi5weSBhbmQKc3JjL2x4bWwvX2VsZW1lbnRwYXRoLnB5IGFyZSBkZXJpdmVkIGZyb20gRWxlbWVudFRyZWUgYW5kCmNFbGVtZW50VHJlZS4gU2VlIGRvYy9saWNlbnNlcy9lbGVtZW50dHJlZS50eHQgZm9yIHRoZSBsaWNlbnNlIHRleHQuCgpseG1sLmNzc3NlbGVjdCBhbmQgbHhtbC5odG1sIGFyZSBjb3B5cmlnaHQgSWFuIEJpY2tpbmcgYW5kIGRpc3RyaWJ1dGVkCnVuZGVyIHRoZSBCU0QgbGljZW5zZSAoc2VlIGRvYy9saWNlbnNlcy9CU0QudHh0KS4KCnRlc3QucHksIHRoZSB0ZXN0LXJ1bm5lciBzY3JpcHQsIGlzIEdQTCBhbmQgY29weXJpZ2h0IFNodXR0bGV3b3J0aApGb3VuZGF0aW9uLiBTZWUgZG9jL2xpY2Vuc2VzL0dQTC50eHQuIEl0IGlzIGJlbGlldmVkIHRoZSB1bmNoYW5nZWQKaW5jbHVzaW9uIG9mIHRlc3QucHkgdG8gcnVuIHRoZSB1bml0IHRlc3Qgc3VpdGUgZmFsbHMgdW5kZXIgdGhlCiJhZ2dyZWdhdGlvbiIgY2xhdXNlIG9mIHRoZSBHUEwgYW5kIHRodXMgZG9lcyBub3QgYWZmZWN0IHRoZSBsaWNlbnNlCm9mIHRoZSByZXN0IG9mIHRoZSBwYWNrYWdlLgoKVGhlIGlzb3NjaGVtYXRyb24gaW1wbGVtZW50YXRpb24gdXNlcyBzZXZlcmFsIFhTTCBhbmQgUmVsYXhORyByZXNvdXJjZXM6CiAqIFRoZSAoWE1MIHN5bnRheCkgUmVsYXhORyBzY2hlbWEgZm9yIHNjaGVtYXRyb24sIGNvcHlyaWdodCBJbnRlcm5hdGlvbmFsCiAgIE9yZ2FuaXphdGlvbiBmb3IgU3RhbmRhcmRpemF0aW9uIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3JuZy9pc28tc2NoZW1hdHJvbi5ybmcgZm9yIHRoZSBsaWNlbnNlCiAgIHRleHQpCiAqIFRoZSBza2VsZXRvbiBpc28tc2NoZW1hdHJvbi14bHQxIHB1cmUteHNsdCBzY2hlbWF0cm9uIGltcGxlbWVudGF0aW9uCiAgIHhzbCBzdHlsZXNoZWV0cywgY29weXJpZ2h0IFJpY2sgSmVsbGlmZmUgYW5kIEFjYWRlbWlhIFNpbmljYSBDb21wdXRpbmcKICAgQ2VudGVyLCBUYWl3YW4gKHNlZSB0aGUgeHNsIGZpbGVzIGhlcmUgZm9yIHRoZSBsaWNlbnNlIHRleHQ6IAogICBzcmMvbHhtbC9pc29zY2hlbWF0cm9uL3Jlc291cmNlcy94c2wvaXNvLXNjaGVtYXRyb24teHNsdDEvKQogKiBUaGUgeHNkL3JuZyBzY2hlbWEgc2NoZW1hdHJvbiBleHRyYWN0aW9uIHhzbCB0cmFuc2Zvcm1hdGlvbnMgYXJlIHVubGljZW5zZWQKICAgYW5kIGNvcHlyaWdodCB0aGUgcmVzcGVjdGl2ZSBhdXRob3JzIGFzIG5vdGVkIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3hzbC9STkcyU2NodHJuLnhzbCBhbmQKICAgc3JjL2x4bWwvaXNvc2NoZW1hdHJvbi9yZXNvdXJjZXMveHNsL1hTRDJTY2h0cm4ueHNsKQo=
-
-
- pkg:pypi/lxml@5.3.0
-
-
- https://github.com/lxml/lxml
- from packaging metadata Project-URL: Source
-
-
- https://lxml.de/
- from packaging metadata: Home-page
-
-
-
regression-issue868
0.1
diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.2.json.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.2.json.bin
index 8d15fdfbe..f7ef3be36 100644
--- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.2.json.bin
+++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.2.json.bin
@@ -313,58 +313,6 @@
"type": "library",
"version": "30.3.0"
},
- {
- "bom-ref": "lxml==5.3.0",
- "description": "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.",
- "externalReferences": [
- {
- "comment": "from packaging metadata Project-URL: Source",
- "type": "other",
- "url": "https://github.com/lxml/lxml"
- },
- {
- "comment": "from packaging metadata: Home-page",
- "type": "website",
- "url": "https://lxml.de/"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause"
- }
- },
- {
- "license": {
- "name": "License :: OSI Approved :: BSD License"
- }
- },
- {
- "license": {
- "name": "declared license file: LICENSE.txt",
- "text": {
- "content": "Q29weXJpZ2h0IChjKSAyMDA0IEluZnJhZS4gQWxsIHJpZ2h0cyByZXNlcnZlZC4KClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dAptb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlCm1ldDoKCiAgMS4gUmVkaXN0cmlidXRpb25zIG9mIHNvdXJjZSBjb2RlIG11c3QgcmV0YWluIHRoZSBhYm92ZSBjb3B5cmlnaHQKICAgICBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuCiAgIAogIDIuIFJlZGlzdHJpYnV0aW9ucyBpbiBiaW5hcnkgZm9ybSBtdXN0IHJlcHJvZHVjZSB0aGUgYWJvdmUgY29weXJpZ2h0CiAgICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluCiAgICAgdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZQogICAgIGRpc3RyaWJ1dGlvbi4KCiAgMy4gTmVpdGhlciB0aGUgbmFtZSBvZiBJbmZyYWUgbm9yIHRoZSBuYW1lcyBvZiBpdHMgY29udHJpYnV0b3JzIG1heQogICAgIGJlIHVzZWQgdG8gZW5kb3JzZSBvciBwcm9tb3RlIHByb2R1Y3RzIGRlcml2ZWQgZnJvbSB0aGlzIHNvZnR3YXJlCiAgICAgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCgpUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBDT1BZUklHSFQgSE9MREVSUyBBTkQgQ09OVFJJQlVUT1JTCiJBUyBJUyIgQU5EIEFOWSBFWFBSRVNTIE9SIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UCkxJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMgT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUgpBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4gSU4gTk8gRVZFTlQgU0hBTEwgSU5GUkFFIE9SCkNPTlRSSUJVVE9SUyBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULCBJTkNJREVOVEFMLCBTUEVDSUFMLApFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sClBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLCBEQVRBLCBPUgpQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkgVEhFT1JZIE9GCkxJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVCAoSU5DTFVESU5HCk5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YgVEhJUwpTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4K",
- "contentType": "text/plain",
- "encoding": "base64"
- }
- }
- },
- {
- "license": {
- "name": "declared license file: LICENSES.txt",
- "text": {
- "content": "bHhtbCBpcyBjb3B5cmlnaHQgSW5mcmFlIGFuZCBkaXN0cmlidXRlZCB1bmRlciB0aGUgQlNEIGxpY2Vuc2UgKHNlZQpkb2MvbGljZW5zZXMvQlNELnR4dCksIHdpdGggdGhlIGZvbGxvd2luZyBleGNlcHRpb25zOgoKU29tZSBjb2RlLCBzdWNoIGEgc2VsZnRlc3QucHksIHNlbGZ0ZXN0Mi5weSBhbmQKc3JjL2x4bWwvX2VsZW1lbnRwYXRoLnB5IGFyZSBkZXJpdmVkIGZyb20gRWxlbWVudFRyZWUgYW5kCmNFbGVtZW50VHJlZS4gU2VlIGRvYy9saWNlbnNlcy9lbGVtZW50dHJlZS50eHQgZm9yIHRoZSBsaWNlbnNlIHRleHQuCgpseG1sLmNzc3NlbGVjdCBhbmQgbHhtbC5odG1sIGFyZSBjb3B5cmlnaHQgSWFuIEJpY2tpbmcgYW5kIGRpc3RyaWJ1dGVkCnVuZGVyIHRoZSBCU0QgbGljZW5zZSAoc2VlIGRvYy9saWNlbnNlcy9CU0QudHh0KS4KCnRlc3QucHksIHRoZSB0ZXN0LXJ1bm5lciBzY3JpcHQsIGlzIEdQTCBhbmQgY29weXJpZ2h0IFNodXR0bGV3b3J0aApGb3VuZGF0aW9uLiBTZWUgZG9jL2xpY2Vuc2VzL0dQTC50eHQuIEl0IGlzIGJlbGlldmVkIHRoZSB1bmNoYW5nZWQKaW5jbHVzaW9uIG9mIHRlc3QucHkgdG8gcnVuIHRoZSB1bml0IHRlc3Qgc3VpdGUgZmFsbHMgdW5kZXIgdGhlCiJhZ2dyZWdhdGlvbiIgY2xhdXNlIG9mIHRoZSBHUEwgYW5kIHRodXMgZG9lcyBub3QgYWZmZWN0IHRoZSBsaWNlbnNlCm9mIHRoZSByZXN0IG9mIHRoZSBwYWNrYWdlLgoKVGhlIGlzb3NjaGVtYXRyb24gaW1wbGVtZW50YXRpb24gdXNlcyBzZXZlcmFsIFhTTCBhbmQgUmVsYXhORyByZXNvdXJjZXM6CiAqIFRoZSAoWE1MIHN5bnRheCkgUmVsYXhORyBzY2hlbWEgZm9yIHNjaGVtYXRyb24sIGNvcHlyaWdodCBJbnRlcm5hdGlvbmFsCiAgIE9yZ2FuaXphdGlvbiBmb3IgU3RhbmRhcmRpemF0aW9uIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3JuZy9pc28tc2NoZW1hdHJvbi5ybmcgZm9yIHRoZSBsaWNlbnNlCiAgIHRleHQpCiAqIFRoZSBza2VsZXRvbiBpc28tc2NoZW1hdHJvbi14bHQxIHB1cmUteHNsdCBzY2hlbWF0cm9uIGltcGxlbWVudGF0aW9uCiAgIHhzbCBzdHlsZXNoZWV0cywgY29weXJpZ2h0IFJpY2sgSmVsbGlmZmUgYW5kIEFjYWRlbWlhIFNpbmljYSBDb21wdXRpbmcKICAgQ2VudGVyLCBUYWl3YW4gKHNlZSB0aGUgeHNsIGZpbGVzIGhlcmUgZm9yIHRoZSBsaWNlbnNlIHRleHQ6IAogICBzcmMvbHhtbC9pc29zY2hlbWF0cm9uL3Jlc291cmNlcy94c2wvaXNvLXNjaGVtYXRyb24teHNsdDEvKQogKiBUaGUgeHNkL3JuZyBzY2hlbWEgc2NoZW1hdHJvbiBleHRyYWN0aW9uIHhzbCB0cmFuc2Zvcm1hdGlvbnMgYXJlIHVubGljZW5zZWQKICAgYW5kIGNvcHlyaWdodCB0aGUgcmVzcGVjdGl2ZSBhdXRob3JzIGFzIG5vdGVkIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3hzbC9STkcyU2NodHJuLnhzbCBhbmQKICAgc3JjL2x4bWwvaXNvc2NoZW1hdHJvbi9yZXNvdXJjZXMveHNsL1hTRDJTY2h0cm4ueHNsKQo=",
- "contentType": "text/plain",
- "encoding": "base64"
- }
- }
- }
- ],
- "name": "lxml",
- "purl": "pkg:pypi/lxml@5.3.0",
- "type": "library",
- "version": "5.3.0"
- },
{
"bom-ref": "regression-issue868==0.1",
"externalReferences": [
@@ -401,9 +349,6 @@
],
"ref": "license-expression==30.3.0"
},
- {
- "ref": "lxml==5.3.0"
- },
{
"ref": "regression-issue868==0.1"
},
@@ -414,7 +359,6 @@
"cryptography==43.0.1",
"jsonpointer==2.4",
"license-expression==30.3.0",
- "lxml==5.3.0",
"regression-issue868==0.1"
],
"ref": "root-component"
diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.2.xml.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.2.xml.bin
index 749b02e2d..092fcf475 100644
--- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.2.xml.bin
+++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.2.xml.bin
@@ -219,38 +219,6 @@
-
- lxml
- 5.3.0
- Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
-
-
- BSD-3-Clause
-
-
- License :: OSI Approved :: BSD License
-
-
- declared license file: LICENSE.txt
- Q29weXJpZ2h0IChjKSAyMDA0IEluZnJhZS4gQWxsIHJpZ2h0cyByZXNlcnZlZC4KClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dAptb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlCm1ldDoKCiAgMS4gUmVkaXN0cmlidXRpb25zIG9mIHNvdXJjZSBjb2RlIG11c3QgcmV0YWluIHRoZSBhYm92ZSBjb3B5cmlnaHQKICAgICBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuCiAgIAogIDIuIFJlZGlzdHJpYnV0aW9ucyBpbiBiaW5hcnkgZm9ybSBtdXN0IHJlcHJvZHVjZSB0aGUgYWJvdmUgY29weXJpZ2h0CiAgICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluCiAgICAgdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZQogICAgIGRpc3RyaWJ1dGlvbi4KCiAgMy4gTmVpdGhlciB0aGUgbmFtZSBvZiBJbmZyYWUgbm9yIHRoZSBuYW1lcyBvZiBpdHMgY29udHJpYnV0b3JzIG1heQogICAgIGJlIHVzZWQgdG8gZW5kb3JzZSBvciBwcm9tb3RlIHByb2R1Y3RzIGRlcml2ZWQgZnJvbSB0aGlzIHNvZnR3YXJlCiAgICAgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCgpUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBDT1BZUklHSFQgSE9MREVSUyBBTkQgQ09OVFJJQlVUT1JTCiJBUyBJUyIgQU5EIEFOWSBFWFBSRVNTIE9SIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UCkxJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMgT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUgpBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4gSU4gTk8gRVZFTlQgU0hBTEwgSU5GUkFFIE9SCkNPTlRSSUJVVE9SUyBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULCBJTkNJREVOVEFMLCBTUEVDSUFMLApFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sClBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLCBEQVRBLCBPUgpQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkgVEhFT1JZIE9GCkxJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVCAoSU5DTFVESU5HCk5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YgVEhJUwpTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4K
-
-
- declared license file: LICENSES.txt
- bHhtbCBpcyBjb3B5cmlnaHQgSW5mcmFlIGFuZCBkaXN0cmlidXRlZCB1bmRlciB0aGUgQlNEIGxpY2Vuc2UgKHNlZQpkb2MvbGljZW5zZXMvQlNELnR4dCksIHdpdGggdGhlIGZvbGxvd2luZyBleGNlcHRpb25zOgoKU29tZSBjb2RlLCBzdWNoIGEgc2VsZnRlc3QucHksIHNlbGZ0ZXN0Mi5weSBhbmQKc3JjL2x4bWwvX2VsZW1lbnRwYXRoLnB5IGFyZSBkZXJpdmVkIGZyb20gRWxlbWVudFRyZWUgYW5kCmNFbGVtZW50VHJlZS4gU2VlIGRvYy9saWNlbnNlcy9lbGVtZW50dHJlZS50eHQgZm9yIHRoZSBsaWNlbnNlIHRleHQuCgpseG1sLmNzc3NlbGVjdCBhbmQgbHhtbC5odG1sIGFyZSBjb3B5cmlnaHQgSWFuIEJpY2tpbmcgYW5kIGRpc3RyaWJ1dGVkCnVuZGVyIHRoZSBCU0QgbGljZW5zZSAoc2VlIGRvYy9saWNlbnNlcy9CU0QudHh0KS4KCnRlc3QucHksIHRoZSB0ZXN0LXJ1bm5lciBzY3JpcHQsIGlzIEdQTCBhbmQgY29weXJpZ2h0IFNodXR0bGV3b3J0aApGb3VuZGF0aW9uLiBTZWUgZG9jL2xpY2Vuc2VzL0dQTC50eHQuIEl0IGlzIGJlbGlldmVkIHRoZSB1bmNoYW5nZWQKaW5jbHVzaW9uIG9mIHRlc3QucHkgdG8gcnVuIHRoZSB1bml0IHRlc3Qgc3VpdGUgZmFsbHMgdW5kZXIgdGhlCiJhZ2dyZWdhdGlvbiIgY2xhdXNlIG9mIHRoZSBHUEwgYW5kIHRodXMgZG9lcyBub3QgYWZmZWN0IHRoZSBsaWNlbnNlCm9mIHRoZSByZXN0IG9mIHRoZSBwYWNrYWdlLgoKVGhlIGlzb3NjaGVtYXRyb24gaW1wbGVtZW50YXRpb24gdXNlcyBzZXZlcmFsIFhTTCBhbmQgUmVsYXhORyByZXNvdXJjZXM6CiAqIFRoZSAoWE1MIHN5bnRheCkgUmVsYXhORyBzY2hlbWEgZm9yIHNjaGVtYXRyb24sIGNvcHlyaWdodCBJbnRlcm5hdGlvbmFsCiAgIE9yZ2FuaXphdGlvbiBmb3IgU3RhbmRhcmRpemF0aW9uIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3JuZy9pc28tc2NoZW1hdHJvbi5ybmcgZm9yIHRoZSBsaWNlbnNlCiAgIHRleHQpCiAqIFRoZSBza2VsZXRvbiBpc28tc2NoZW1hdHJvbi14bHQxIHB1cmUteHNsdCBzY2hlbWF0cm9uIGltcGxlbWVudGF0aW9uCiAgIHhzbCBzdHlsZXNoZWV0cywgY29weXJpZ2h0IFJpY2sgSmVsbGlmZmUgYW5kIEFjYWRlbWlhIFNpbmljYSBDb21wdXRpbmcKICAgQ2VudGVyLCBUYWl3YW4gKHNlZSB0aGUgeHNsIGZpbGVzIGhlcmUgZm9yIHRoZSBsaWNlbnNlIHRleHQ6IAogICBzcmMvbHhtbC9pc29zY2hlbWF0cm9uL3Jlc291cmNlcy94c2wvaXNvLXNjaGVtYXRyb24teHNsdDEvKQogKiBUaGUgeHNkL3JuZyBzY2hlbWEgc2NoZW1hdHJvbiBleHRyYWN0aW9uIHhzbCB0cmFuc2Zvcm1hdGlvbnMgYXJlIHVubGljZW5zZWQKICAgYW5kIGNvcHlyaWdodCB0aGUgcmVzcGVjdGl2ZSBhdXRob3JzIGFzIG5vdGVkIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3hzbC9STkcyU2NodHJuLnhzbCBhbmQKICAgc3JjL2x4bWwvaXNvc2NoZW1hdHJvbi9yZXNvdXJjZXMveHNsL1hTRDJTY2h0cm4ueHNsKQo=
-
-
- pkg:pypi/lxml@5.3.0
-
-
- https://github.com/lxml/lxml
- from packaging metadata Project-URL: Source
-
-
- https://lxml.de/
- from packaging metadata: Home-page
-
-
-
regression-issue868
0.1
@@ -271,7 +239,6 @@
-
@@ -279,7 +246,6 @@
-
diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.3.json.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.3.json.bin
index 40d20b535..d8000a7c8 100644
--- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.3.json.bin
+++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.3.json.bin
@@ -327,58 +327,6 @@
"type": "library",
"version": "30.3.0"
},
- {
- "bom-ref": "lxml==5.3.0",
- "description": "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.",
- "externalReferences": [
- {
- "comment": "from packaging metadata Project-URL: Source",
- "type": "other",
- "url": "https://github.com/lxml/lxml"
- },
- {
- "comment": "from packaging metadata: Home-page",
- "type": "website",
- "url": "https://lxml.de/"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause"
- }
- },
- {
- "license": {
- "name": "License :: OSI Approved :: BSD License"
- }
- },
- {
- "license": {
- "name": "declared license file: LICENSE.txt",
- "text": {
- "content": "Q29weXJpZ2h0IChjKSAyMDA0IEluZnJhZS4gQWxsIHJpZ2h0cyByZXNlcnZlZC4KClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dAptb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlCm1ldDoKCiAgMS4gUmVkaXN0cmlidXRpb25zIG9mIHNvdXJjZSBjb2RlIG11c3QgcmV0YWluIHRoZSBhYm92ZSBjb3B5cmlnaHQKICAgICBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuCiAgIAogIDIuIFJlZGlzdHJpYnV0aW9ucyBpbiBiaW5hcnkgZm9ybSBtdXN0IHJlcHJvZHVjZSB0aGUgYWJvdmUgY29weXJpZ2h0CiAgICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluCiAgICAgdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZQogICAgIGRpc3RyaWJ1dGlvbi4KCiAgMy4gTmVpdGhlciB0aGUgbmFtZSBvZiBJbmZyYWUgbm9yIHRoZSBuYW1lcyBvZiBpdHMgY29udHJpYnV0b3JzIG1heQogICAgIGJlIHVzZWQgdG8gZW5kb3JzZSBvciBwcm9tb3RlIHByb2R1Y3RzIGRlcml2ZWQgZnJvbSB0aGlzIHNvZnR3YXJlCiAgICAgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCgpUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBDT1BZUklHSFQgSE9MREVSUyBBTkQgQ09OVFJJQlVUT1JTCiJBUyBJUyIgQU5EIEFOWSBFWFBSRVNTIE9SIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UCkxJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMgT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUgpBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4gSU4gTk8gRVZFTlQgU0hBTEwgSU5GUkFFIE9SCkNPTlRSSUJVVE9SUyBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULCBJTkNJREVOVEFMLCBTUEVDSUFMLApFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sClBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLCBEQVRBLCBPUgpQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkgVEhFT1JZIE9GCkxJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVCAoSU5DTFVESU5HCk5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YgVEhJUwpTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4K",
- "contentType": "text/plain",
- "encoding": "base64"
- }
- }
- },
- {
- "license": {
- "name": "declared license file: LICENSES.txt",
- "text": {
- "content": "bHhtbCBpcyBjb3B5cmlnaHQgSW5mcmFlIGFuZCBkaXN0cmlidXRlZCB1bmRlciB0aGUgQlNEIGxpY2Vuc2UgKHNlZQpkb2MvbGljZW5zZXMvQlNELnR4dCksIHdpdGggdGhlIGZvbGxvd2luZyBleGNlcHRpb25zOgoKU29tZSBjb2RlLCBzdWNoIGEgc2VsZnRlc3QucHksIHNlbGZ0ZXN0Mi5weSBhbmQKc3JjL2x4bWwvX2VsZW1lbnRwYXRoLnB5IGFyZSBkZXJpdmVkIGZyb20gRWxlbWVudFRyZWUgYW5kCmNFbGVtZW50VHJlZS4gU2VlIGRvYy9saWNlbnNlcy9lbGVtZW50dHJlZS50eHQgZm9yIHRoZSBsaWNlbnNlIHRleHQuCgpseG1sLmNzc3NlbGVjdCBhbmQgbHhtbC5odG1sIGFyZSBjb3B5cmlnaHQgSWFuIEJpY2tpbmcgYW5kIGRpc3RyaWJ1dGVkCnVuZGVyIHRoZSBCU0QgbGljZW5zZSAoc2VlIGRvYy9saWNlbnNlcy9CU0QudHh0KS4KCnRlc3QucHksIHRoZSB0ZXN0LXJ1bm5lciBzY3JpcHQsIGlzIEdQTCBhbmQgY29weXJpZ2h0IFNodXR0bGV3b3J0aApGb3VuZGF0aW9uLiBTZWUgZG9jL2xpY2Vuc2VzL0dQTC50eHQuIEl0IGlzIGJlbGlldmVkIHRoZSB1bmNoYW5nZWQKaW5jbHVzaW9uIG9mIHRlc3QucHkgdG8gcnVuIHRoZSB1bml0IHRlc3Qgc3VpdGUgZmFsbHMgdW5kZXIgdGhlCiJhZ2dyZWdhdGlvbiIgY2xhdXNlIG9mIHRoZSBHUEwgYW5kIHRodXMgZG9lcyBub3QgYWZmZWN0IHRoZSBsaWNlbnNlCm9mIHRoZSByZXN0IG9mIHRoZSBwYWNrYWdlLgoKVGhlIGlzb3NjaGVtYXRyb24gaW1wbGVtZW50YXRpb24gdXNlcyBzZXZlcmFsIFhTTCBhbmQgUmVsYXhORyByZXNvdXJjZXM6CiAqIFRoZSAoWE1MIHN5bnRheCkgUmVsYXhORyBzY2hlbWEgZm9yIHNjaGVtYXRyb24sIGNvcHlyaWdodCBJbnRlcm5hdGlvbmFsCiAgIE9yZ2FuaXphdGlvbiBmb3IgU3RhbmRhcmRpemF0aW9uIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3JuZy9pc28tc2NoZW1hdHJvbi5ybmcgZm9yIHRoZSBsaWNlbnNlCiAgIHRleHQpCiAqIFRoZSBza2VsZXRvbiBpc28tc2NoZW1hdHJvbi14bHQxIHB1cmUteHNsdCBzY2hlbWF0cm9uIGltcGxlbWVudGF0aW9uCiAgIHhzbCBzdHlsZXNoZWV0cywgY29weXJpZ2h0IFJpY2sgSmVsbGlmZmUgYW5kIEFjYWRlbWlhIFNpbmljYSBDb21wdXRpbmcKICAgQ2VudGVyLCBUYWl3YW4gKHNlZSB0aGUgeHNsIGZpbGVzIGhlcmUgZm9yIHRoZSBsaWNlbnNlIHRleHQ6IAogICBzcmMvbHhtbC9pc29zY2hlbWF0cm9uL3Jlc291cmNlcy94c2wvaXNvLXNjaGVtYXRyb24teHNsdDEvKQogKiBUaGUgeHNkL3JuZyBzY2hlbWEgc2NoZW1hdHJvbiBleHRyYWN0aW9uIHhzbCB0cmFuc2Zvcm1hdGlvbnMgYXJlIHVubGljZW5zZWQKICAgYW5kIGNvcHlyaWdodCB0aGUgcmVzcGVjdGl2ZSBhdXRob3JzIGFzIG5vdGVkIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3hzbC9STkcyU2NodHJuLnhzbCBhbmQKICAgc3JjL2x4bWwvaXNvc2NoZW1hdHJvbi9yZXNvdXJjZXMveHNsL1hTRDJTY2h0cm4ueHNsKQo=",
- "contentType": "text/plain",
- "encoding": "base64"
- }
- }
- }
- ],
- "name": "lxml",
- "purl": "pkg:pypi/lxml@5.3.0",
- "type": "library",
- "version": "5.3.0"
- },
{
"bom-ref": "regression-issue868==0.1",
"externalReferences": [
@@ -415,9 +363,6 @@
],
"ref": "license-expression==30.3.0"
},
- {
- "ref": "lxml==5.3.0"
- },
{
"ref": "regression-issue868==0.1"
},
@@ -428,7 +373,6 @@
"cryptography==43.0.1",
"jsonpointer==2.4",
"license-expression==30.3.0",
- "lxml==5.3.0",
"regression-issue868==0.1"
],
"ref": "root-component"
diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.3.xml.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.3.xml.bin
index 7d7d7d450..699460602 100644
--- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.3.xml.bin
+++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.3.xml.bin
@@ -268,38 +268,6 @@
-
- lxml
- 5.3.0
- Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
-
-
- BSD-3-Clause
-
-
- License :: OSI Approved :: BSD License
-
-
- declared license file: LICENSE.txt
- Q29weXJpZ2h0IChjKSAyMDA0IEluZnJhZS4gQWxsIHJpZ2h0cyByZXNlcnZlZC4KClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dAptb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlCm1ldDoKCiAgMS4gUmVkaXN0cmlidXRpb25zIG9mIHNvdXJjZSBjb2RlIG11c3QgcmV0YWluIHRoZSBhYm92ZSBjb3B5cmlnaHQKICAgICBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuCiAgIAogIDIuIFJlZGlzdHJpYnV0aW9ucyBpbiBiaW5hcnkgZm9ybSBtdXN0IHJlcHJvZHVjZSB0aGUgYWJvdmUgY29weXJpZ2h0CiAgICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluCiAgICAgdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZQogICAgIGRpc3RyaWJ1dGlvbi4KCiAgMy4gTmVpdGhlciB0aGUgbmFtZSBvZiBJbmZyYWUgbm9yIHRoZSBuYW1lcyBvZiBpdHMgY29udHJpYnV0b3JzIG1heQogICAgIGJlIHVzZWQgdG8gZW5kb3JzZSBvciBwcm9tb3RlIHByb2R1Y3RzIGRlcml2ZWQgZnJvbSB0aGlzIHNvZnR3YXJlCiAgICAgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCgpUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBDT1BZUklHSFQgSE9MREVSUyBBTkQgQ09OVFJJQlVUT1JTCiJBUyBJUyIgQU5EIEFOWSBFWFBSRVNTIE9SIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UCkxJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMgT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUgpBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4gSU4gTk8gRVZFTlQgU0hBTEwgSU5GUkFFIE9SCkNPTlRSSUJVVE9SUyBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULCBJTkNJREVOVEFMLCBTUEVDSUFMLApFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sClBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLCBEQVRBLCBPUgpQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkgVEhFT1JZIE9GCkxJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVCAoSU5DTFVESU5HCk5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YgVEhJUwpTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4K
-
-
- declared license file: LICENSES.txt
- bHhtbCBpcyBjb3B5cmlnaHQgSW5mcmFlIGFuZCBkaXN0cmlidXRlZCB1bmRlciB0aGUgQlNEIGxpY2Vuc2UgKHNlZQpkb2MvbGljZW5zZXMvQlNELnR4dCksIHdpdGggdGhlIGZvbGxvd2luZyBleGNlcHRpb25zOgoKU29tZSBjb2RlLCBzdWNoIGEgc2VsZnRlc3QucHksIHNlbGZ0ZXN0Mi5weSBhbmQKc3JjL2x4bWwvX2VsZW1lbnRwYXRoLnB5IGFyZSBkZXJpdmVkIGZyb20gRWxlbWVudFRyZWUgYW5kCmNFbGVtZW50VHJlZS4gU2VlIGRvYy9saWNlbnNlcy9lbGVtZW50dHJlZS50eHQgZm9yIHRoZSBsaWNlbnNlIHRleHQuCgpseG1sLmNzc3NlbGVjdCBhbmQgbHhtbC5odG1sIGFyZSBjb3B5cmlnaHQgSWFuIEJpY2tpbmcgYW5kIGRpc3RyaWJ1dGVkCnVuZGVyIHRoZSBCU0QgbGljZW5zZSAoc2VlIGRvYy9saWNlbnNlcy9CU0QudHh0KS4KCnRlc3QucHksIHRoZSB0ZXN0LXJ1bm5lciBzY3JpcHQsIGlzIEdQTCBhbmQgY29weXJpZ2h0IFNodXR0bGV3b3J0aApGb3VuZGF0aW9uLiBTZWUgZG9jL2xpY2Vuc2VzL0dQTC50eHQuIEl0IGlzIGJlbGlldmVkIHRoZSB1bmNoYW5nZWQKaW5jbHVzaW9uIG9mIHRlc3QucHkgdG8gcnVuIHRoZSB1bml0IHRlc3Qgc3VpdGUgZmFsbHMgdW5kZXIgdGhlCiJhZ2dyZWdhdGlvbiIgY2xhdXNlIG9mIHRoZSBHUEwgYW5kIHRodXMgZG9lcyBub3QgYWZmZWN0IHRoZSBsaWNlbnNlCm9mIHRoZSByZXN0IG9mIHRoZSBwYWNrYWdlLgoKVGhlIGlzb3NjaGVtYXRyb24gaW1wbGVtZW50YXRpb24gdXNlcyBzZXZlcmFsIFhTTCBhbmQgUmVsYXhORyByZXNvdXJjZXM6CiAqIFRoZSAoWE1MIHN5bnRheCkgUmVsYXhORyBzY2hlbWEgZm9yIHNjaGVtYXRyb24sIGNvcHlyaWdodCBJbnRlcm5hdGlvbmFsCiAgIE9yZ2FuaXphdGlvbiBmb3IgU3RhbmRhcmRpemF0aW9uIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3JuZy9pc28tc2NoZW1hdHJvbi5ybmcgZm9yIHRoZSBsaWNlbnNlCiAgIHRleHQpCiAqIFRoZSBza2VsZXRvbiBpc28tc2NoZW1hdHJvbi14bHQxIHB1cmUteHNsdCBzY2hlbWF0cm9uIGltcGxlbWVudGF0aW9uCiAgIHhzbCBzdHlsZXNoZWV0cywgY29weXJpZ2h0IFJpY2sgSmVsbGlmZmUgYW5kIEFjYWRlbWlhIFNpbmljYSBDb21wdXRpbmcKICAgQ2VudGVyLCBUYWl3YW4gKHNlZSB0aGUgeHNsIGZpbGVzIGhlcmUgZm9yIHRoZSBsaWNlbnNlIHRleHQ6IAogICBzcmMvbHhtbC9pc29zY2hlbWF0cm9uL3Jlc291cmNlcy94c2wvaXNvLXNjaGVtYXRyb24teHNsdDEvKQogKiBUaGUgeHNkL3JuZyBzY2hlbWEgc2NoZW1hdHJvbiBleHRyYWN0aW9uIHhzbCB0cmFuc2Zvcm1hdGlvbnMgYXJlIHVubGljZW5zZWQKICAgYW5kIGNvcHlyaWdodCB0aGUgcmVzcGVjdGl2ZSBhdXRob3JzIGFzIG5vdGVkIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3hzbC9STkcyU2NodHJuLnhzbCBhbmQKICAgc3JjL2x4bWwvaXNvc2NoZW1hdHJvbi9yZXNvdXJjZXMveHNsL1hTRDJTY2h0cm4ueHNsKQo=
-
-
- pkg:pypi/lxml@5.3.0
-
-
- https://github.com/lxml/lxml
- from packaging metadata Project-URL: Source
-
-
- https://lxml.de/
- from packaging metadata: Home-page
-
-
-
regression-issue868
0.1
@@ -320,7 +288,6 @@
-
@@ -328,7 +295,6 @@
-
diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.4.json.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.4.json.bin
index 160d0cff9..5a104541f 100644
--- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.4.json.bin
+++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.4.json.bin
@@ -327,58 +327,6 @@
"type": "library",
"version": "30.3.0"
},
- {
- "bom-ref": "lxml==5.3.0",
- "description": "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.",
- "externalReferences": [
- {
- "comment": "from packaging metadata Project-URL: Source",
- "type": "other",
- "url": "https://github.com/lxml/lxml"
- },
- {
- "comment": "from packaging metadata: Home-page",
- "type": "website",
- "url": "https://lxml.de/"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause"
- }
- },
- {
- "license": {
- "name": "License :: OSI Approved :: BSD License"
- }
- },
- {
- "license": {
- "name": "declared license file: LICENSE.txt",
- "text": {
- "content": "Q29weXJpZ2h0IChjKSAyMDA0IEluZnJhZS4gQWxsIHJpZ2h0cyByZXNlcnZlZC4KClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dAptb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlCm1ldDoKCiAgMS4gUmVkaXN0cmlidXRpb25zIG9mIHNvdXJjZSBjb2RlIG11c3QgcmV0YWluIHRoZSBhYm92ZSBjb3B5cmlnaHQKICAgICBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuCiAgIAogIDIuIFJlZGlzdHJpYnV0aW9ucyBpbiBiaW5hcnkgZm9ybSBtdXN0IHJlcHJvZHVjZSB0aGUgYWJvdmUgY29weXJpZ2h0CiAgICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluCiAgICAgdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZQogICAgIGRpc3RyaWJ1dGlvbi4KCiAgMy4gTmVpdGhlciB0aGUgbmFtZSBvZiBJbmZyYWUgbm9yIHRoZSBuYW1lcyBvZiBpdHMgY29udHJpYnV0b3JzIG1heQogICAgIGJlIHVzZWQgdG8gZW5kb3JzZSBvciBwcm9tb3RlIHByb2R1Y3RzIGRlcml2ZWQgZnJvbSB0aGlzIHNvZnR3YXJlCiAgICAgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCgpUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBDT1BZUklHSFQgSE9MREVSUyBBTkQgQ09OVFJJQlVUT1JTCiJBUyBJUyIgQU5EIEFOWSBFWFBSRVNTIE9SIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UCkxJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMgT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUgpBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4gSU4gTk8gRVZFTlQgU0hBTEwgSU5GUkFFIE9SCkNPTlRSSUJVVE9SUyBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULCBJTkNJREVOVEFMLCBTUEVDSUFMLApFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sClBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLCBEQVRBLCBPUgpQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkgVEhFT1JZIE9GCkxJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVCAoSU5DTFVESU5HCk5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YgVEhJUwpTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4K",
- "contentType": "text/plain",
- "encoding": "base64"
- }
- }
- },
- {
- "license": {
- "name": "declared license file: LICENSES.txt",
- "text": {
- "content": "bHhtbCBpcyBjb3B5cmlnaHQgSW5mcmFlIGFuZCBkaXN0cmlidXRlZCB1bmRlciB0aGUgQlNEIGxpY2Vuc2UgKHNlZQpkb2MvbGljZW5zZXMvQlNELnR4dCksIHdpdGggdGhlIGZvbGxvd2luZyBleGNlcHRpb25zOgoKU29tZSBjb2RlLCBzdWNoIGEgc2VsZnRlc3QucHksIHNlbGZ0ZXN0Mi5weSBhbmQKc3JjL2x4bWwvX2VsZW1lbnRwYXRoLnB5IGFyZSBkZXJpdmVkIGZyb20gRWxlbWVudFRyZWUgYW5kCmNFbGVtZW50VHJlZS4gU2VlIGRvYy9saWNlbnNlcy9lbGVtZW50dHJlZS50eHQgZm9yIHRoZSBsaWNlbnNlIHRleHQuCgpseG1sLmNzc3NlbGVjdCBhbmQgbHhtbC5odG1sIGFyZSBjb3B5cmlnaHQgSWFuIEJpY2tpbmcgYW5kIGRpc3RyaWJ1dGVkCnVuZGVyIHRoZSBCU0QgbGljZW5zZSAoc2VlIGRvYy9saWNlbnNlcy9CU0QudHh0KS4KCnRlc3QucHksIHRoZSB0ZXN0LXJ1bm5lciBzY3JpcHQsIGlzIEdQTCBhbmQgY29weXJpZ2h0IFNodXR0bGV3b3J0aApGb3VuZGF0aW9uLiBTZWUgZG9jL2xpY2Vuc2VzL0dQTC50eHQuIEl0IGlzIGJlbGlldmVkIHRoZSB1bmNoYW5nZWQKaW5jbHVzaW9uIG9mIHRlc3QucHkgdG8gcnVuIHRoZSB1bml0IHRlc3Qgc3VpdGUgZmFsbHMgdW5kZXIgdGhlCiJhZ2dyZWdhdGlvbiIgY2xhdXNlIG9mIHRoZSBHUEwgYW5kIHRodXMgZG9lcyBub3QgYWZmZWN0IHRoZSBsaWNlbnNlCm9mIHRoZSByZXN0IG9mIHRoZSBwYWNrYWdlLgoKVGhlIGlzb3NjaGVtYXRyb24gaW1wbGVtZW50YXRpb24gdXNlcyBzZXZlcmFsIFhTTCBhbmQgUmVsYXhORyByZXNvdXJjZXM6CiAqIFRoZSAoWE1MIHN5bnRheCkgUmVsYXhORyBzY2hlbWEgZm9yIHNjaGVtYXRyb24sIGNvcHlyaWdodCBJbnRlcm5hdGlvbmFsCiAgIE9yZ2FuaXphdGlvbiBmb3IgU3RhbmRhcmRpemF0aW9uIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3JuZy9pc28tc2NoZW1hdHJvbi5ybmcgZm9yIHRoZSBsaWNlbnNlCiAgIHRleHQpCiAqIFRoZSBza2VsZXRvbiBpc28tc2NoZW1hdHJvbi14bHQxIHB1cmUteHNsdCBzY2hlbWF0cm9uIGltcGxlbWVudGF0aW9uCiAgIHhzbCBzdHlsZXNoZWV0cywgY29weXJpZ2h0IFJpY2sgSmVsbGlmZmUgYW5kIEFjYWRlbWlhIFNpbmljYSBDb21wdXRpbmcKICAgQ2VudGVyLCBUYWl3YW4gKHNlZSB0aGUgeHNsIGZpbGVzIGhlcmUgZm9yIHRoZSBsaWNlbnNlIHRleHQ6IAogICBzcmMvbHhtbC9pc29zY2hlbWF0cm9uL3Jlc291cmNlcy94c2wvaXNvLXNjaGVtYXRyb24teHNsdDEvKQogKiBUaGUgeHNkL3JuZyBzY2hlbWEgc2NoZW1hdHJvbiBleHRyYWN0aW9uIHhzbCB0cmFuc2Zvcm1hdGlvbnMgYXJlIHVubGljZW5zZWQKICAgYW5kIGNvcHlyaWdodCB0aGUgcmVzcGVjdGl2ZSBhdXRob3JzIGFzIG5vdGVkIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3hzbC9STkcyU2NodHJuLnhzbCBhbmQKICAgc3JjL2x4bWwvaXNvc2NoZW1hdHJvbi9yZXNvdXJjZXMveHNsL1hTRDJTY2h0cm4ueHNsKQo=",
- "contentType": "text/plain",
- "encoding": "base64"
- }
- }
- }
- ],
- "name": "lxml",
- "purl": "pkg:pypi/lxml@5.3.0",
- "type": "library",
- "version": "5.3.0"
- },
{
"bom-ref": "regression-issue868==0.1",
"externalReferences": [
@@ -415,9 +363,6 @@
],
"ref": "license-expression==30.3.0"
},
- {
- "ref": "lxml==5.3.0"
- },
{
"ref": "regression-issue868==0.1"
},
@@ -428,7 +373,6 @@
"cryptography==43.0.1",
"jsonpointer==2.4",
"license-expression==30.3.0",
- "lxml==5.3.0",
"regression-issue868==0.1"
],
"ref": "root-component"
diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.4.xml.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.4.xml.bin
index 83297b43a..b8055cc1d 100644
--- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.4.xml.bin
+++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.4.xml.bin
@@ -295,38 +295,6 @@
-
- lxml
- 5.3.0
- Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
-
-
- BSD-3-Clause
-
-
- License :: OSI Approved :: BSD License
-
-
- declared license file: LICENSE.txt
- Q29weXJpZ2h0IChjKSAyMDA0IEluZnJhZS4gQWxsIHJpZ2h0cyByZXNlcnZlZC4KClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dAptb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlCm1ldDoKCiAgMS4gUmVkaXN0cmlidXRpb25zIG9mIHNvdXJjZSBjb2RlIG11c3QgcmV0YWluIHRoZSBhYm92ZSBjb3B5cmlnaHQKICAgICBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuCiAgIAogIDIuIFJlZGlzdHJpYnV0aW9ucyBpbiBiaW5hcnkgZm9ybSBtdXN0IHJlcHJvZHVjZSB0aGUgYWJvdmUgY29weXJpZ2h0CiAgICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluCiAgICAgdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZQogICAgIGRpc3RyaWJ1dGlvbi4KCiAgMy4gTmVpdGhlciB0aGUgbmFtZSBvZiBJbmZyYWUgbm9yIHRoZSBuYW1lcyBvZiBpdHMgY29udHJpYnV0b3JzIG1heQogICAgIGJlIHVzZWQgdG8gZW5kb3JzZSBvciBwcm9tb3RlIHByb2R1Y3RzIGRlcml2ZWQgZnJvbSB0aGlzIHNvZnR3YXJlCiAgICAgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCgpUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBDT1BZUklHSFQgSE9MREVSUyBBTkQgQ09OVFJJQlVUT1JTCiJBUyBJUyIgQU5EIEFOWSBFWFBSRVNTIE9SIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UCkxJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMgT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUgpBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4gSU4gTk8gRVZFTlQgU0hBTEwgSU5GUkFFIE9SCkNPTlRSSUJVVE9SUyBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULCBJTkNJREVOVEFMLCBTUEVDSUFMLApFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sClBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLCBEQVRBLCBPUgpQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkgVEhFT1JZIE9GCkxJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVCAoSU5DTFVESU5HCk5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YgVEhJUwpTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4K
-
-
- declared license file: LICENSES.txt
- bHhtbCBpcyBjb3B5cmlnaHQgSW5mcmFlIGFuZCBkaXN0cmlidXRlZCB1bmRlciB0aGUgQlNEIGxpY2Vuc2UgKHNlZQpkb2MvbGljZW5zZXMvQlNELnR4dCksIHdpdGggdGhlIGZvbGxvd2luZyBleGNlcHRpb25zOgoKU29tZSBjb2RlLCBzdWNoIGEgc2VsZnRlc3QucHksIHNlbGZ0ZXN0Mi5weSBhbmQKc3JjL2x4bWwvX2VsZW1lbnRwYXRoLnB5IGFyZSBkZXJpdmVkIGZyb20gRWxlbWVudFRyZWUgYW5kCmNFbGVtZW50VHJlZS4gU2VlIGRvYy9saWNlbnNlcy9lbGVtZW50dHJlZS50eHQgZm9yIHRoZSBsaWNlbnNlIHRleHQuCgpseG1sLmNzc3NlbGVjdCBhbmQgbHhtbC5odG1sIGFyZSBjb3B5cmlnaHQgSWFuIEJpY2tpbmcgYW5kIGRpc3RyaWJ1dGVkCnVuZGVyIHRoZSBCU0QgbGljZW5zZSAoc2VlIGRvYy9saWNlbnNlcy9CU0QudHh0KS4KCnRlc3QucHksIHRoZSB0ZXN0LXJ1bm5lciBzY3JpcHQsIGlzIEdQTCBhbmQgY29weXJpZ2h0IFNodXR0bGV3b3J0aApGb3VuZGF0aW9uLiBTZWUgZG9jL2xpY2Vuc2VzL0dQTC50eHQuIEl0IGlzIGJlbGlldmVkIHRoZSB1bmNoYW5nZWQKaW5jbHVzaW9uIG9mIHRlc3QucHkgdG8gcnVuIHRoZSB1bml0IHRlc3Qgc3VpdGUgZmFsbHMgdW5kZXIgdGhlCiJhZ2dyZWdhdGlvbiIgY2xhdXNlIG9mIHRoZSBHUEwgYW5kIHRodXMgZG9lcyBub3QgYWZmZWN0IHRoZSBsaWNlbnNlCm9mIHRoZSByZXN0IG9mIHRoZSBwYWNrYWdlLgoKVGhlIGlzb3NjaGVtYXRyb24gaW1wbGVtZW50YXRpb24gdXNlcyBzZXZlcmFsIFhTTCBhbmQgUmVsYXhORyByZXNvdXJjZXM6CiAqIFRoZSAoWE1MIHN5bnRheCkgUmVsYXhORyBzY2hlbWEgZm9yIHNjaGVtYXRyb24sIGNvcHlyaWdodCBJbnRlcm5hdGlvbmFsCiAgIE9yZ2FuaXphdGlvbiBmb3IgU3RhbmRhcmRpemF0aW9uIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3JuZy9pc28tc2NoZW1hdHJvbi5ybmcgZm9yIHRoZSBsaWNlbnNlCiAgIHRleHQpCiAqIFRoZSBza2VsZXRvbiBpc28tc2NoZW1hdHJvbi14bHQxIHB1cmUteHNsdCBzY2hlbWF0cm9uIGltcGxlbWVudGF0aW9uCiAgIHhzbCBzdHlsZXNoZWV0cywgY29weXJpZ2h0IFJpY2sgSmVsbGlmZmUgYW5kIEFjYWRlbWlhIFNpbmljYSBDb21wdXRpbmcKICAgQ2VudGVyLCBUYWl3YW4gKHNlZSB0aGUgeHNsIGZpbGVzIGhlcmUgZm9yIHRoZSBsaWNlbnNlIHRleHQ6IAogICBzcmMvbHhtbC9pc29zY2hlbWF0cm9uL3Jlc291cmNlcy94c2wvaXNvLXNjaGVtYXRyb24teHNsdDEvKQogKiBUaGUgeHNkL3JuZyBzY2hlbWEgc2NoZW1hdHJvbiBleHRyYWN0aW9uIHhzbCB0cmFuc2Zvcm1hdGlvbnMgYXJlIHVubGljZW5zZWQKICAgYW5kIGNvcHlyaWdodCB0aGUgcmVzcGVjdGl2ZSBhdXRob3JzIGFzIG5vdGVkIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3hzbC9STkcyU2NodHJuLnhzbCBhbmQKICAgc3JjL2x4bWwvaXNvc2NoZW1hdHJvbi9yZXNvdXJjZXMveHNsL1hTRDJTY2h0cm4ueHNsKQo=
-
-
- pkg:pypi/lxml@5.3.0
-
-
- https://github.com/lxml/lxml
- from packaging metadata Project-URL: Source
-
-
- https://lxml.de/
- from packaging metadata: Home-page
-
-
-
regression-issue868
0.1
@@ -347,7 +315,6 @@
-
@@ -355,7 +322,6 @@
-
diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.5.json.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.5.json.bin
index 7d1edfbe5..0cc5b2196 100644
--- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.5.json.bin
+++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.5.json.bin
@@ -327,58 +327,6 @@
"type": "library",
"version": "30.3.0"
},
- {
- "bom-ref": "lxml==5.3.0",
- "description": "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.",
- "externalReferences": [
- {
- "comment": "from packaging metadata Project-URL: Source",
- "type": "other",
- "url": "https://github.com/lxml/lxml"
- },
- {
- "comment": "from packaging metadata: Home-page",
- "type": "website",
- "url": "https://lxml.de/"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause"
- }
- },
- {
- "license": {
- "name": "License :: OSI Approved :: BSD License"
- }
- },
- {
- "license": {
- "name": "declared license file: LICENSE.txt",
- "text": {
- "content": "Q29weXJpZ2h0IChjKSAyMDA0IEluZnJhZS4gQWxsIHJpZ2h0cyByZXNlcnZlZC4KClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dAptb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlCm1ldDoKCiAgMS4gUmVkaXN0cmlidXRpb25zIG9mIHNvdXJjZSBjb2RlIG11c3QgcmV0YWluIHRoZSBhYm92ZSBjb3B5cmlnaHQKICAgICBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuCiAgIAogIDIuIFJlZGlzdHJpYnV0aW9ucyBpbiBiaW5hcnkgZm9ybSBtdXN0IHJlcHJvZHVjZSB0aGUgYWJvdmUgY29weXJpZ2h0CiAgICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluCiAgICAgdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZQogICAgIGRpc3RyaWJ1dGlvbi4KCiAgMy4gTmVpdGhlciB0aGUgbmFtZSBvZiBJbmZyYWUgbm9yIHRoZSBuYW1lcyBvZiBpdHMgY29udHJpYnV0b3JzIG1heQogICAgIGJlIHVzZWQgdG8gZW5kb3JzZSBvciBwcm9tb3RlIHByb2R1Y3RzIGRlcml2ZWQgZnJvbSB0aGlzIHNvZnR3YXJlCiAgICAgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCgpUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBDT1BZUklHSFQgSE9MREVSUyBBTkQgQ09OVFJJQlVUT1JTCiJBUyBJUyIgQU5EIEFOWSBFWFBSRVNTIE9SIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UCkxJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMgT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUgpBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4gSU4gTk8gRVZFTlQgU0hBTEwgSU5GUkFFIE9SCkNPTlRSSUJVVE9SUyBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULCBJTkNJREVOVEFMLCBTUEVDSUFMLApFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sClBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLCBEQVRBLCBPUgpQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkgVEhFT1JZIE9GCkxJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVCAoSU5DTFVESU5HCk5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YgVEhJUwpTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4K",
- "contentType": "text/plain",
- "encoding": "base64"
- }
- }
- },
- {
- "license": {
- "name": "declared license file: LICENSES.txt",
- "text": {
- "content": "bHhtbCBpcyBjb3B5cmlnaHQgSW5mcmFlIGFuZCBkaXN0cmlidXRlZCB1bmRlciB0aGUgQlNEIGxpY2Vuc2UgKHNlZQpkb2MvbGljZW5zZXMvQlNELnR4dCksIHdpdGggdGhlIGZvbGxvd2luZyBleGNlcHRpb25zOgoKU29tZSBjb2RlLCBzdWNoIGEgc2VsZnRlc3QucHksIHNlbGZ0ZXN0Mi5weSBhbmQKc3JjL2x4bWwvX2VsZW1lbnRwYXRoLnB5IGFyZSBkZXJpdmVkIGZyb20gRWxlbWVudFRyZWUgYW5kCmNFbGVtZW50VHJlZS4gU2VlIGRvYy9saWNlbnNlcy9lbGVtZW50dHJlZS50eHQgZm9yIHRoZSBsaWNlbnNlIHRleHQuCgpseG1sLmNzc3NlbGVjdCBhbmQgbHhtbC5odG1sIGFyZSBjb3B5cmlnaHQgSWFuIEJpY2tpbmcgYW5kIGRpc3RyaWJ1dGVkCnVuZGVyIHRoZSBCU0QgbGljZW5zZSAoc2VlIGRvYy9saWNlbnNlcy9CU0QudHh0KS4KCnRlc3QucHksIHRoZSB0ZXN0LXJ1bm5lciBzY3JpcHQsIGlzIEdQTCBhbmQgY29weXJpZ2h0IFNodXR0bGV3b3J0aApGb3VuZGF0aW9uLiBTZWUgZG9jL2xpY2Vuc2VzL0dQTC50eHQuIEl0IGlzIGJlbGlldmVkIHRoZSB1bmNoYW5nZWQKaW5jbHVzaW9uIG9mIHRlc3QucHkgdG8gcnVuIHRoZSB1bml0IHRlc3Qgc3VpdGUgZmFsbHMgdW5kZXIgdGhlCiJhZ2dyZWdhdGlvbiIgY2xhdXNlIG9mIHRoZSBHUEwgYW5kIHRodXMgZG9lcyBub3QgYWZmZWN0IHRoZSBsaWNlbnNlCm9mIHRoZSByZXN0IG9mIHRoZSBwYWNrYWdlLgoKVGhlIGlzb3NjaGVtYXRyb24gaW1wbGVtZW50YXRpb24gdXNlcyBzZXZlcmFsIFhTTCBhbmQgUmVsYXhORyByZXNvdXJjZXM6CiAqIFRoZSAoWE1MIHN5bnRheCkgUmVsYXhORyBzY2hlbWEgZm9yIHNjaGVtYXRyb24sIGNvcHlyaWdodCBJbnRlcm5hdGlvbmFsCiAgIE9yZ2FuaXphdGlvbiBmb3IgU3RhbmRhcmRpemF0aW9uIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3JuZy9pc28tc2NoZW1hdHJvbi5ybmcgZm9yIHRoZSBsaWNlbnNlCiAgIHRleHQpCiAqIFRoZSBza2VsZXRvbiBpc28tc2NoZW1hdHJvbi14bHQxIHB1cmUteHNsdCBzY2hlbWF0cm9uIGltcGxlbWVudGF0aW9uCiAgIHhzbCBzdHlsZXNoZWV0cywgY29weXJpZ2h0IFJpY2sgSmVsbGlmZmUgYW5kIEFjYWRlbWlhIFNpbmljYSBDb21wdXRpbmcKICAgQ2VudGVyLCBUYWl3YW4gKHNlZSB0aGUgeHNsIGZpbGVzIGhlcmUgZm9yIHRoZSBsaWNlbnNlIHRleHQ6IAogICBzcmMvbHhtbC9pc29zY2hlbWF0cm9uL3Jlc291cmNlcy94c2wvaXNvLXNjaGVtYXRyb24teHNsdDEvKQogKiBUaGUgeHNkL3JuZyBzY2hlbWEgc2NoZW1hdHJvbiBleHRyYWN0aW9uIHhzbCB0cmFuc2Zvcm1hdGlvbnMgYXJlIHVubGljZW5zZWQKICAgYW5kIGNvcHlyaWdodCB0aGUgcmVzcGVjdGl2ZSBhdXRob3JzIGFzIG5vdGVkIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3hzbC9STkcyU2NodHJuLnhzbCBhbmQKICAgc3JjL2x4bWwvaXNvc2NoZW1hdHJvbi9yZXNvdXJjZXMveHNsL1hTRDJTY2h0cm4ueHNsKQo=",
- "contentType": "text/plain",
- "encoding": "base64"
- }
- }
- }
- ],
- "name": "lxml",
- "purl": "pkg:pypi/lxml@5.3.0",
- "type": "library",
- "version": "5.3.0"
- },
{
"bom-ref": "regression-issue868==0.1",
"externalReferences": [
@@ -415,9 +363,6 @@
],
"ref": "license-expression==30.3.0"
},
- {
- "ref": "lxml==5.3.0"
- },
{
"ref": "regression-issue868==0.1"
},
@@ -428,7 +373,6 @@
"cryptography==43.0.1",
"jsonpointer==2.4",
"license-expression==30.3.0",
- "lxml==5.3.0",
"regression-issue868==0.1"
],
"ref": "root-component"
diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.5.xml.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.5.xml.bin
index ceb9e6c2c..11ad3ee65 100644
--- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.5.xml.bin
+++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.5.xml.bin
@@ -305,38 +305,6 @@
-
- lxml
- 5.3.0
- Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
-
-
- BSD-3-Clause
-
-
- License :: OSI Approved :: BSD License
-
-
- declared license file: LICENSE.txt
- Q29weXJpZ2h0IChjKSAyMDA0IEluZnJhZS4gQWxsIHJpZ2h0cyByZXNlcnZlZC4KClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dAptb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlCm1ldDoKCiAgMS4gUmVkaXN0cmlidXRpb25zIG9mIHNvdXJjZSBjb2RlIG11c3QgcmV0YWluIHRoZSBhYm92ZSBjb3B5cmlnaHQKICAgICBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuCiAgIAogIDIuIFJlZGlzdHJpYnV0aW9ucyBpbiBiaW5hcnkgZm9ybSBtdXN0IHJlcHJvZHVjZSB0aGUgYWJvdmUgY29weXJpZ2h0CiAgICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluCiAgICAgdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZQogICAgIGRpc3RyaWJ1dGlvbi4KCiAgMy4gTmVpdGhlciB0aGUgbmFtZSBvZiBJbmZyYWUgbm9yIHRoZSBuYW1lcyBvZiBpdHMgY29udHJpYnV0b3JzIG1heQogICAgIGJlIHVzZWQgdG8gZW5kb3JzZSBvciBwcm9tb3RlIHByb2R1Y3RzIGRlcml2ZWQgZnJvbSB0aGlzIHNvZnR3YXJlCiAgICAgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCgpUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBDT1BZUklHSFQgSE9MREVSUyBBTkQgQ09OVFJJQlVUT1JTCiJBUyBJUyIgQU5EIEFOWSBFWFBSRVNTIE9SIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UCkxJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMgT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUgpBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4gSU4gTk8gRVZFTlQgU0hBTEwgSU5GUkFFIE9SCkNPTlRSSUJVVE9SUyBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULCBJTkNJREVOVEFMLCBTUEVDSUFMLApFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sClBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLCBEQVRBLCBPUgpQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkgVEhFT1JZIE9GCkxJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVCAoSU5DTFVESU5HCk5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YgVEhJUwpTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4K
-
-
- declared license file: LICENSES.txt
- bHhtbCBpcyBjb3B5cmlnaHQgSW5mcmFlIGFuZCBkaXN0cmlidXRlZCB1bmRlciB0aGUgQlNEIGxpY2Vuc2UgKHNlZQpkb2MvbGljZW5zZXMvQlNELnR4dCksIHdpdGggdGhlIGZvbGxvd2luZyBleGNlcHRpb25zOgoKU29tZSBjb2RlLCBzdWNoIGEgc2VsZnRlc3QucHksIHNlbGZ0ZXN0Mi5weSBhbmQKc3JjL2x4bWwvX2VsZW1lbnRwYXRoLnB5IGFyZSBkZXJpdmVkIGZyb20gRWxlbWVudFRyZWUgYW5kCmNFbGVtZW50VHJlZS4gU2VlIGRvYy9saWNlbnNlcy9lbGVtZW50dHJlZS50eHQgZm9yIHRoZSBsaWNlbnNlIHRleHQuCgpseG1sLmNzc3NlbGVjdCBhbmQgbHhtbC5odG1sIGFyZSBjb3B5cmlnaHQgSWFuIEJpY2tpbmcgYW5kIGRpc3RyaWJ1dGVkCnVuZGVyIHRoZSBCU0QgbGljZW5zZSAoc2VlIGRvYy9saWNlbnNlcy9CU0QudHh0KS4KCnRlc3QucHksIHRoZSB0ZXN0LXJ1bm5lciBzY3JpcHQsIGlzIEdQTCBhbmQgY29weXJpZ2h0IFNodXR0bGV3b3J0aApGb3VuZGF0aW9uLiBTZWUgZG9jL2xpY2Vuc2VzL0dQTC50eHQuIEl0IGlzIGJlbGlldmVkIHRoZSB1bmNoYW5nZWQKaW5jbHVzaW9uIG9mIHRlc3QucHkgdG8gcnVuIHRoZSB1bml0IHRlc3Qgc3VpdGUgZmFsbHMgdW5kZXIgdGhlCiJhZ2dyZWdhdGlvbiIgY2xhdXNlIG9mIHRoZSBHUEwgYW5kIHRodXMgZG9lcyBub3QgYWZmZWN0IHRoZSBsaWNlbnNlCm9mIHRoZSByZXN0IG9mIHRoZSBwYWNrYWdlLgoKVGhlIGlzb3NjaGVtYXRyb24gaW1wbGVtZW50YXRpb24gdXNlcyBzZXZlcmFsIFhTTCBhbmQgUmVsYXhORyByZXNvdXJjZXM6CiAqIFRoZSAoWE1MIHN5bnRheCkgUmVsYXhORyBzY2hlbWEgZm9yIHNjaGVtYXRyb24sIGNvcHlyaWdodCBJbnRlcm5hdGlvbmFsCiAgIE9yZ2FuaXphdGlvbiBmb3IgU3RhbmRhcmRpemF0aW9uIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3JuZy9pc28tc2NoZW1hdHJvbi5ybmcgZm9yIHRoZSBsaWNlbnNlCiAgIHRleHQpCiAqIFRoZSBza2VsZXRvbiBpc28tc2NoZW1hdHJvbi14bHQxIHB1cmUteHNsdCBzY2hlbWF0cm9uIGltcGxlbWVudGF0aW9uCiAgIHhzbCBzdHlsZXNoZWV0cywgY29weXJpZ2h0IFJpY2sgSmVsbGlmZmUgYW5kIEFjYWRlbWlhIFNpbmljYSBDb21wdXRpbmcKICAgQ2VudGVyLCBUYWl3YW4gKHNlZSB0aGUgeHNsIGZpbGVzIGhlcmUgZm9yIHRoZSBsaWNlbnNlIHRleHQ6IAogICBzcmMvbHhtbC9pc29zY2hlbWF0cm9uL3Jlc291cmNlcy94c2wvaXNvLXNjaGVtYXRyb24teHNsdDEvKQogKiBUaGUgeHNkL3JuZyBzY2hlbWEgc2NoZW1hdHJvbiBleHRyYWN0aW9uIHhzbCB0cmFuc2Zvcm1hdGlvbnMgYXJlIHVubGljZW5zZWQKICAgYW5kIGNvcHlyaWdodCB0aGUgcmVzcGVjdGl2ZSBhdXRob3JzIGFzIG5vdGVkIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3hzbC9STkcyU2NodHJuLnhzbCBhbmQKICAgc3JjL2x4bWwvaXNvc2NoZW1hdHJvbi9yZXNvdXJjZXMveHNsL1hTRDJTY2h0cm4ueHNsKQo=
-
-
- pkg:pypi/lxml@5.3.0
-
-
- https://github.com/lxml/lxml
- from packaging metadata Project-URL: Source
-
-
- https://lxml.de/
- from packaging metadata: Home-page
-
-
-
regression-issue868
0.1
@@ -357,7 +325,6 @@
-
@@ -365,7 +332,6 @@
-
diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.6.json.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.6.json.bin
index 34bb4681f..08effcf42 100644
--- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.6.json.bin
+++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.6.json.bin
@@ -348,62 +348,6 @@
"type": "library",
"version": "30.3.0"
},
- {
- "bom-ref": "lxml==5.3.0",
- "description": "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.",
- "externalReferences": [
- {
- "comment": "from packaging metadata Project-URL: Source",
- "type": "other",
- "url": "https://github.com/lxml/lxml"
- },
- {
- "comment": "from packaging metadata: Home-page",
- "type": "website",
- "url": "https://lxml.de/"
- }
- ],
- "licenses": [
- {
- "license": {
- "acknowledgement": "declared",
- "id": "BSD-3-Clause"
- }
- },
- {
- "license": {
- "acknowledgement": "declared",
- "name": "License :: OSI Approved :: BSD License"
- }
- },
- {
- "license": {
- "acknowledgement": "declared",
- "name": "declared license file: LICENSE.txt",
- "text": {
- "content": "Q29weXJpZ2h0IChjKSAyMDA0IEluZnJhZS4gQWxsIHJpZ2h0cyByZXNlcnZlZC4KClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dAptb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlCm1ldDoKCiAgMS4gUmVkaXN0cmlidXRpb25zIG9mIHNvdXJjZSBjb2RlIG11c3QgcmV0YWluIHRoZSBhYm92ZSBjb3B5cmlnaHQKICAgICBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuCiAgIAogIDIuIFJlZGlzdHJpYnV0aW9ucyBpbiBiaW5hcnkgZm9ybSBtdXN0IHJlcHJvZHVjZSB0aGUgYWJvdmUgY29weXJpZ2h0CiAgICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluCiAgICAgdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZQogICAgIGRpc3RyaWJ1dGlvbi4KCiAgMy4gTmVpdGhlciB0aGUgbmFtZSBvZiBJbmZyYWUgbm9yIHRoZSBuYW1lcyBvZiBpdHMgY29udHJpYnV0b3JzIG1heQogICAgIGJlIHVzZWQgdG8gZW5kb3JzZSBvciBwcm9tb3RlIHByb2R1Y3RzIGRlcml2ZWQgZnJvbSB0aGlzIHNvZnR3YXJlCiAgICAgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCgpUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBDT1BZUklHSFQgSE9MREVSUyBBTkQgQ09OVFJJQlVUT1JTCiJBUyBJUyIgQU5EIEFOWSBFWFBSRVNTIE9SIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UCkxJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMgT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUgpBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4gSU4gTk8gRVZFTlQgU0hBTEwgSU5GUkFFIE9SCkNPTlRSSUJVVE9SUyBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULCBJTkNJREVOVEFMLCBTUEVDSUFMLApFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sClBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLCBEQVRBLCBPUgpQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkgVEhFT1JZIE9GCkxJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVCAoSU5DTFVESU5HCk5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YgVEhJUwpTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4K",
- "contentType": "text/plain",
- "encoding": "base64"
- }
- }
- },
- {
- "license": {
- "acknowledgement": "declared",
- "name": "declared license file: LICENSES.txt",
- "text": {
- "content": "bHhtbCBpcyBjb3B5cmlnaHQgSW5mcmFlIGFuZCBkaXN0cmlidXRlZCB1bmRlciB0aGUgQlNEIGxpY2Vuc2UgKHNlZQpkb2MvbGljZW5zZXMvQlNELnR4dCksIHdpdGggdGhlIGZvbGxvd2luZyBleGNlcHRpb25zOgoKU29tZSBjb2RlLCBzdWNoIGEgc2VsZnRlc3QucHksIHNlbGZ0ZXN0Mi5weSBhbmQKc3JjL2x4bWwvX2VsZW1lbnRwYXRoLnB5IGFyZSBkZXJpdmVkIGZyb20gRWxlbWVudFRyZWUgYW5kCmNFbGVtZW50VHJlZS4gU2VlIGRvYy9saWNlbnNlcy9lbGVtZW50dHJlZS50eHQgZm9yIHRoZSBsaWNlbnNlIHRleHQuCgpseG1sLmNzc3NlbGVjdCBhbmQgbHhtbC5odG1sIGFyZSBjb3B5cmlnaHQgSWFuIEJpY2tpbmcgYW5kIGRpc3RyaWJ1dGVkCnVuZGVyIHRoZSBCU0QgbGljZW5zZSAoc2VlIGRvYy9saWNlbnNlcy9CU0QudHh0KS4KCnRlc3QucHksIHRoZSB0ZXN0LXJ1bm5lciBzY3JpcHQsIGlzIEdQTCBhbmQgY29weXJpZ2h0IFNodXR0bGV3b3J0aApGb3VuZGF0aW9uLiBTZWUgZG9jL2xpY2Vuc2VzL0dQTC50eHQuIEl0IGlzIGJlbGlldmVkIHRoZSB1bmNoYW5nZWQKaW5jbHVzaW9uIG9mIHRlc3QucHkgdG8gcnVuIHRoZSB1bml0IHRlc3Qgc3VpdGUgZmFsbHMgdW5kZXIgdGhlCiJhZ2dyZWdhdGlvbiIgY2xhdXNlIG9mIHRoZSBHUEwgYW5kIHRodXMgZG9lcyBub3QgYWZmZWN0IHRoZSBsaWNlbnNlCm9mIHRoZSByZXN0IG9mIHRoZSBwYWNrYWdlLgoKVGhlIGlzb3NjaGVtYXRyb24gaW1wbGVtZW50YXRpb24gdXNlcyBzZXZlcmFsIFhTTCBhbmQgUmVsYXhORyByZXNvdXJjZXM6CiAqIFRoZSAoWE1MIHN5bnRheCkgUmVsYXhORyBzY2hlbWEgZm9yIHNjaGVtYXRyb24sIGNvcHlyaWdodCBJbnRlcm5hdGlvbmFsCiAgIE9yZ2FuaXphdGlvbiBmb3IgU3RhbmRhcmRpemF0aW9uIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3JuZy9pc28tc2NoZW1hdHJvbi5ybmcgZm9yIHRoZSBsaWNlbnNlCiAgIHRleHQpCiAqIFRoZSBza2VsZXRvbiBpc28tc2NoZW1hdHJvbi14bHQxIHB1cmUteHNsdCBzY2hlbWF0cm9uIGltcGxlbWVudGF0aW9uCiAgIHhzbCBzdHlsZXNoZWV0cywgY29weXJpZ2h0IFJpY2sgSmVsbGlmZmUgYW5kIEFjYWRlbWlhIFNpbmljYSBDb21wdXRpbmcKICAgQ2VudGVyLCBUYWl3YW4gKHNlZSB0aGUgeHNsIGZpbGVzIGhlcmUgZm9yIHRoZSBsaWNlbnNlIHRleHQ6IAogICBzcmMvbHhtbC9pc29zY2hlbWF0cm9uL3Jlc291cmNlcy94c2wvaXNvLXNjaGVtYXRyb24teHNsdDEvKQogKiBUaGUgeHNkL3JuZyBzY2hlbWEgc2NoZW1hdHJvbiBleHRyYWN0aW9uIHhzbCB0cmFuc2Zvcm1hdGlvbnMgYXJlIHVubGljZW5zZWQKICAgYW5kIGNvcHlyaWdodCB0aGUgcmVzcGVjdGl2ZSBhdXRob3JzIGFzIG5vdGVkIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3hzbC9STkcyU2NodHJuLnhzbCBhbmQKICAgc3JjL2x4bWwvaXNvc2NoZW1hdHJvbi9yZXNvdXJjZXMveHNsL1hTRDJTY2h0cm4ueHNsKQo=",
- "contentType": "text/plain",
- "encoding": "base64"
- }
- }
- }
- ],
- "name": "lxml",
- "purl": "pkg:pypi/lxml@5.3.0",
- "type": "library",
- "version": "5.3.0"
- },
{
"bom-ref": "regression-issue868==0.1",
"externalReferences": [
@@ -440,9 +384,6 @@
],
"ref": "license-expression==30.3.0"
},
- {
- "ref": "lxml==5.3.0"
- },
{
"ref": "regression-issue868==0.1"
},
@@ -453,7 +394,6 @@
"cryptography==43.0.1",
"jsonpointer==2.4",
"license-expression==30.3.0",
- "lxml==5.3.0",
"regression-issue868==0.1"
],
"ref": "root-component"
diff --git a/tests/_data/snapshots/environment/texts_with-license-pep639_1.6.xml.bin b/tests/_data/snapshots/environment/texts_with-license-pep639_1.6.xml.bin
index d35e70610..be5f0590b 100644
--- a/tests/_data/snapshots/environment/texts_with-license-pep639_1.6.xml.bin
+++ b/tests/_data/snapshots/environment/texts_with-license-pep639_1.6.xml.bin
@@ -305,38 +305,6 @@
-
- lxml
- 5.3.0
- Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
-
-
- BSD-3-Clause
-
-
- License :: OSI Approved :: BSD License
-
-
- declared license file: LICENSE.txt
- Q29weXJpZ2h0IChjKSAyMDA0IEluZnJhZS4gQWxsIHJpZ2h0cyByZXNlcnZlZC4KClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dAptb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlCm1ldDoKCiAgMS4gUmVkaXN0cmlidXRpb25zIG9mIHNvdXJjZSBjb2RlIG11c3QgcmV0YWluIHRoZSBhYm92ZSBjb3B5cmlnaHQKICAgICBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuCiAgIAogIDIuIFJlZGlzdHJpYnV0aW9ucyBpbiBiaW5hcnkgZm9ybSBtdXN0IHJlcHJvZHVjZSB0aGUgYWJvdmUgY29weXJpZ2h0CiAgICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluCiAgICAgdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZQogICAgIGRpc3RyaWJ1dGlvbi4KCiAgMy4gTmVpdGhlciB0aGUgbmFtZSBvZiBJbmZyYWUgbm9yIHRoZSBuYW1lcyBvZiBpdHMgY29udHJpYnV0b3JzIG1heQogICAgIGJlIHVzZWQgdG8gZW5kb3JzZSBvciBwcm9tb3RlIHByb2R1Y3RzIGRlcml2ZWQgZnJvbSB0aGlzIHNvZnR3YXJlCiAgICAgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCgpUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBDT1BZUklHSFQgSE9MREVSUyBBTkQgQ09OVFJJQlVUT1JTCiJBUyBJUyIgQU5EIEFOWSBFWFBSRVNTIE9SIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UCkxJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMgT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUgpBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4gSU4gTk8gRVZFTlQgU0hBTEwgSU5GUkFFIE9SCkNPTlRSSUJVVE9SUyBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULCBJTkNJREVOVEFMLCBTUEVDSUFMLApFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sClBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLCBEQVRBLCBPUgpQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkgVEhFT1JZIE9GCkxJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVCAoSU5DTFVESU5HCk5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YgVEhJUwpTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4K
-
-
- declared license file: LICENSES.txt
- bHhtbCBpcyBjb3B5cmlnaHQgSW5mcmFlIGFuZCBkaXN0cmlidXRlZCB1bmRlciB0aGUgQlNEIGxpY2Vuc2UgKHNlZQpkb2MvbGljZW5zZXMvQlNELnR4dCksIHdpdGggdGhlIGZvbGxvd2luZyBleGNlcHRpb25zOgoKU29tZSBjb2RlLCBzdWNoIGEgc2VsZnRlc3QucHksIHNlbGZ0ZXN0Mi5weSBhbmQKc3JjL2x4bWwvX2VsZW1lbnRwYXRoLnB5IGFyZSBkZXJpdmVkIGZyb20gRWxlbWVudFRyZWUgYW5kCmNFbGVtZW50VHJlZS4gU2VlIGRvYy9saWNlbnNlcy9lbGVtZW50dHJlZS50eHQgZm9yIHRoZSBsaWNlbnNlIHRleHQuCgpseG1sLmNzc3NlbGVjdCBhbmQgbHhtbC5odG1sIGFyZSBjb3B5cmlnaHQgSWFuIEJpY2tpbmcgYW5kIGRpc3RyaWJ1dGVkCnVuZGVyIHRoZSBCU0QgbGljZW5zZSAoc2VlIGRvYy9saWNlbnNlcy9CU0QudHh0KS4KCnRlc3QucHksIHRoZSB0ZXN0LXJ1bm5lciBzY3JpcHQsIGlzIEdQTCBhbmQgY29weXJpZ2h0IFNodXR0bGV3b3J0aApGb3VuZGF0aW9uLiBTZWUgZG9jL2xpY2Vuc2VzL0dQTC50eHQuIEl0IGlzIGJlbGlldmVkIHRoZSB1bmNoYW5nZWQKaW5jbHVzaW9uIG9mIHRlc3QucHkgdG8gcnVuIHRoZSB1bml0IHRlc3Qgc3VpdGUgZmFsbHMgdW5kZXIgdGhlCiJhZ2dyZWdhdGlvbiIgY2xhdXNlIG9mIHRoZSBHUEwgYW5kIHRodXMgZG9lcyBub3QgYWZmZWN0IHRoZSBsaWNlbnNlCm9mIHRoZSByZXN0IG9mIHRoZSBwYWNrYWdlLgoKVGhlIGlzb3NjaGVtYXRyb24gaW1wbGVtZW50YXRpb24gdXNlcyBzZXZlcmFsIFhTTCBhbmQgUmVsYXhORyByZXNvdXJjZXM6CiAqIFRoZSAoWE1MIHN5bnRheCkgUmVsYXhORyBzY2hlbWEgZm9yIHNjaGVtYXRyb24sIGNvcHlyaWdodCBJbnRlcm5hdGlvbmFsCiAgIE9yZ2FuaXphdGlvbiBmb3IgU3RhbmRhcmRpemF0aW9uIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3JuZy9pc28tc2NoZW1hdHJvbi5ybmcgZm9yIHRoZSBsaWNlbnNlCiAgIHRleHQpCiAqIFRoZSBza2VsZXRvbiBpc28tc2NoZW1hdHJvbi14bHQxIHB1cmUteHNsdCBzY2hlbWF0cm9uIGltcGxlbWVudGF0aW9uCiAgIHhzbCBzdHlsZXNoZWV0cywgY29weXJpZ2h0IFJpY2sgSmVsbGlmZmUgYW5kIEFjYWRlbWlhIFNpbmljYSBDb21wdXRpbmcKICAgQ2VudGVyLCBUYWl3YW4gKHNlZSB0aGUgeHNsIGZpbGVzIGhlcmUgZm9yIHRoZSBsaWNlbnNlIHRleHQ6IAogICBzcmMvbHhtbC9pc29zY2hlbWF0cm9uL3Jlc291cmNlcy94c2wvaXNvLXNjaGVtYXRyb24teHNsdDEvKQogKiBUaGUgeHNkL3JuZyBzY2hlbWEgc2NoZW1hdHJvbiBleHRyYWN0aW9uIHhzbCB0cmFuc2Zvcm1hdGlvbnMgYXJlIHVubGljZW5zZWQKICAgYW5kIGNvcHlyaWdodCB0aGUgcmVzcGVjdGl2ZSBhdXRob3JzIGFzIG5vdGVkIChzZWUgCiAgIHNyYy9seG1sL2lzb3NjaGVtYXRyb24vcmVzb3VyY2VzL3hzbC9STkcyU2NodHJuLnhzbCBhbmQKICAgc3JjL2x4bWwvaXNvc2NoZW1hdHJvbi9yZXNvdXJjZXMveHNsL1hTRDJTY2h0cm4ueHNsKQo=
-
-
- pkg:pypi/lxml@5.3.0
-
-
- https://github.com/lxml/lxml
- from packaging metadata Project-URL: Source
-
-
- https://lxml.de/
- from packaging metadata: Home-page
-
-
-
regression-issue868
0.1
@@ -357,7 +325,6 @@
-
@@ -365,7 +332,6 @@
-
diff --git a/tox.ini b/tox.ini
index 8aa57da72..fffcf0651 100644
--- a/tox.ini
+++ b/tox.ini
@@ -8,7 +8,7 @@ minversion = 4.0
envlist =
flake8
mypy-{current,lowest}
- py{313,312,311,310,39}
+ py{314,313,312,311,310,39}
bandit
deptry
skip_missing_interpreters = True