diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index b3bd6dc437..d9f6feaf78 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:fad70535-a2c6-4cf6-84b8-75bf196560b4",
+ "serialNumber": "urn:uuid:cf0e1889-1a11-4eb0-90b5-58e1bd7cf8fb",
"version": 1,
"metadata": {
- "timestamp": "2024-10-28T00:40:22Z",
+ "timestamp": "2024-11-04T00:39:04Z",
"lifecycles": [
{
"phase": "build"
@@ -329,6 +329,12 @@
},
"cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/attrs/24.2.0/#files",
@@ -434,7 +440,7 @@
"type": "library",
"bom-ref": "10-yarl",
"name": "yarl",
- "version": "1.16.0",
+ "version": "1.17.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -443,7 +449,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -461,12 +467,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.16.0/#files",
+ "url": "https://pypi.org/project/yarl/1.17.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.16.0",
+ "purl": "pkg:pypi/yarl@1.17.1",
"properties": [
{
"name": "language",
@@ -655,7 +661,7 @@
"type": "library",
"bom-ref": "15-cvss",
"name": "cvss",
- "version": "3.2",
+ "version": "3.3",
"supplier": {
"name": "Stanislav Red Hat Product Security",
"contact": [
@@ -664,7 +670,7 @@
}
]
},
- "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
"licenses": [
{
@@ -682,12 +688,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cvss/3.2/#files",
+ "url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cvss@3.2",
+ "purl": "pkg:pypi/cvss@3.3",
"properties": [
{
"name": "language",
@@ -2202,6 +2208,12 @@
},
"cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*",
"description": "Read metadata from Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b34810b1e0665580a91ea19b6317a1890ecd42c1"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/importlib-metadata/8.5.0/#files",
@@ -2461,7 +2473,7 @@
"type": "library",
"bom-ref": "51-rpds-py",
"name": "rpds-py",
- "version": "0.20.0",
+ "version": "0.20.1",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -2470,14 +2482,8 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d"
- }
- ],
"licenses": [
{
"license": {
@@ -2494,12 +2500,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.20.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.20.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.20.0",
+ "purl": "pkg:pypi/rpds-py@0.20.1",
"properties": [
{
"name": "language",
@@ -2820,7 +2826,7 @@
"type": "library",
"bom-ref": "58-rich",
"name": "rich",
- "version": "13.9.3",
+ "version": "13.9.4",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -2829,7 +2835,7 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"licenses": [
{
@@ -2847,12 +2853,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rich/13.9.3/#files",
+ "url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.9.3",
+ "purl": "pkg:pypi/rich@13.9.4",
"properties": [
{
"name": "language",
@@ -3035,6 +3041,12 @@
},
"cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/packaging/24.1/#files",
@@ -3446,7 +3458,7 @@
"type": "library",
"bom-ref": "71-setuptools",
"name": "setuptools",
- "version": "75.2.0",
+ "version": "75.3.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3455,16 +3467,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.2.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@75.2.0",
+ "purl": "pkg:pypi/setuptools@75.3.0",
"properties": [
{
"name": "language",
@@ -3538,7 +3550,7 @@
"type": "library",
"bom-ref": "73-xmlschema",
"name": "xmlschema",
- "version": "3.4.2",
+ "version": "3.4.3",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3547,7 +3559,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -3565,12 +3577,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/xmlschema/3.4.2/#files",
+ "url": "https://pypi.org/project/xmlschema/3.4.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@3.4.2",
+ "purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index b948398790..f90e2a7e85 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-eb859755-2df3-4cff-8f13-6688d449550c
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9f3d8833-874a-4b8d-97a0-34ac23a6561e
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-10-28T00:39:33Z
+Created: 2024-11-04T00:38:06Z
CreatorComment: This document has been automatically generated.
#####
@@ -116,6 +116,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -158,18 +159,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
PackageName: yarl
SPDXID: SPDXRef-10-yarl
-PackageVersion: 1.16.0
+PackageVersion: 1.17.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.16.0/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.16.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -238,10 +239,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
PackageName: cvss
SPDXID: SPDXRef-15-cvss
-PackageVersion: 3.2
+PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
-PackageDownloadLocation: https://pypi.org/project/cvss/3.2/#files
+PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
PackageLicenseDeclared: NOASSERTION
@@ -249,8 +250,8 @@ PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
@@ -740,6 +741,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: b34810b1e0665580a91ea19b6317a1890ecd42c1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -845,19 +847,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-51-rpds-py
-PackageVersion: 0.20.0
+PackageVersion: 0.20.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
@@ -962,18 +963,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1
PackageName: rich
SPDXID: SPDXRef-58-rich
-PackageVersion: 13.9.3
+PackageVersion: 13.9.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files
+PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -1034,6 +1035,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -1176,17 +1178,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-71-setuptools
-PackageVersion: 75.2.0
+PackageVersion: 75.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
#####
PackageName: toml
@@ -1208,18 +1210,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
PackageName: xmlschema
SPDXID: SPDXRef-73-xmlschema
-PackageVersion: 3.4.2
+PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.2/#files
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath