diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index ec19f351c6..c295bc881e 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:87b9b11e-38e1-4e9a-8f7a-3548bf602f43",
+ "serialNumber": "urn:uuid:a7c4e360-1ac7-4f5a-b5f9-e86512a3016c",
"version": 1,
"metadata": {
- "timestamp": "2024-08-12T00:35:43Z",
+ "timestamp": "2024-08-19T00:37:24Z",
"lifecycles": [
{
"phase": "build"
@@ -74,7 +74,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.10.3",
+ "version": "3.10.4",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
@@ -87,12 +87,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/aiohttp/3.10.3",
+ "url": "https://pypi.org/project/aiohttp/3.10.4",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohttp@3.10.3",
+ "purl": "pkg:pypi/aiohttp@3.10.4",
"properties": [
{
"name": "language",
@@ -108,7 +108,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
- "version": "2.3.5",
+ "version": "2.3.7",
"supplier": {
"name": "J. Nick Koston",
"contact": [
@@ -117,31 +117,25 @@
}
]
},
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.7:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "01595bbda3380154cc4e72702a1f82502a15940a"
- }
- ],
"licenses": [
{
"license": {
- "id": "Python-2.0",
- "url": "https://opensource.org/licenses/Python-2.0",
+ "id": "Python-2.0.1",
+ "url": "https://www.python.org/download/releases/2.0.1/license/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/aiohappyeyeballs/2.3.5",
+ "url": "https://pypi.org/project/aiohappyeyeballs/2.3.7",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohappyeyeballs@2.3.5",
+ "purl": "pkg:pypi/aiohappyeyeballs@2.3.7",
"properties": [
{
"name": "language",
@@ -494,7 +488,7 @@
"type": "library",
"bom-ref": "12-soupsieve",
"name": "soupsieve",
- "version": "2.5",
+ "version": "2.6",
"supplier": {
"name": "Isaac Muse",
"contact": [
@@ -503,22 +497,16 @@
}
]
},
- "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "51ec317ada7e34f70fad6bfddaef8a2cfac1aebd"
- }
- ],
"externalReferences": [
{
- "url": "https://pypi.org/project/soupsieve/2.5",
+ "url": "https://pypi.org/project/soupsieve/2.6",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/soupsieve@2.5",
+ "purl": "pkg:pypi/soupsieve@2.6",
"properties": [
{
"name": "language",
@@ -1038,7 +1026,7 @@
"type": "library",
"bom-ref": "24-cachetools",
"name": "cachetools",
- "version": "5.4.0",
+ "version": "5.5.0",
"supplier": {
"name": "Thomas Kemmer",
"contact": [
@@ -1047,7 +1035,7 @@
}
]
},
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.4.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
"description": "Extensible memoizing collections and decorators",
"licenses": [
{
@@ -1060,12 +1048,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cachetools/5.4.0",
+ "url": "https://pypi.org/project/cachetools/5.5.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cachetools@5.4.0",
+ "purl": "pkg:pypi/cachetools@5.5.0",
"properties": [
{
"name": "language",
@@ -2152,7 +2140,7 @@
"type": "library",
"bom-ref": "50-lib4sbom",
"name": "lib4sbom",
- "version": "0.7.2",
+ "version": "0.7.3",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -2161,7 +2149,7 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.3:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"licenses": [
{
@@ -2174,12 +2162,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/lib4sbom/0.7.2",
+ "url": "https://pypi.org/project/lib4sbom/0.7.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.7.2",
+ "purl": "pkg:pypi/lib4sbom@0.7.3",
"properties": [
{
"name": "language",
@@ -2391,6 +2379,12 @@
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "14a11b50ab723796888133d3722b5b3e2845b084"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2988,7 +2982,7 @@
"type": "library",
"bom-ref": "69-setuptools",
"name": "setuptools",
- "version": "72.1.0",
+ "version": "72.2.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -2997,16 +2991,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:72.2.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/72.1.0",
+ "url": "https://pypi.org/project/setuptools/72.2.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@72.1.0",
+ "purl": "pkg:pypi/setuptools@72.2.0",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index cb22b85be5..5239300fcf 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c56f8b9e-ce44-4bbc-a7ef-768580484fd7
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-b287583b-90ca-4401-89f8-84dbcce81a07
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.1
-Created: 2024-08-12T00:34:16Z
+Created: 2024-08-19T00:36:00Z
CreatorComment: This document has been automatically generated.
#####
@@ -26,33 +26,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:
PackageName: aiohttp
SPDXID: SPDXRef-Package-2-aiohttp
-PackageVersion: 3.10.3
+PackageVersion: 3.10.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.3
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.4
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.4
#####
PackageName: aiohappyeyeballs
SPDXID: SPDXRef-Package-3-aiohappyeyeballs
-PackageVersion: 2.3.5
+PackageVersion: 2.3.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.3.5
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.3.7
FilesAnalyzed: false
-PackageChecksum: SHA1: 01595bbda3380154cc4e72702a1f82502a15940a
-PackageLicenseDeclared: Python-2.0
-PackageLicenseConcluded: Python-2.0
+PackageLicenseDeclared: Python-2.0.1
+PackageLicenseConcluded: Python-2.0.1
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.3.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.3.7
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.7:*:*:*:*:*:*:*
#####
PackageName: aiosignal
@@ -184,18 +183,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12
PackageName: soupsieve
SPDXID: SPDXRef-Package-12-soupsieve
-PackageVersion: 2.5
+PackageVersion: 2.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Isaac Muse (use@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/soupsieve/2.5
+PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6
FilesAnalyzed: false
-PackageChecksum: SHA1: 51ec317ada7e34f70fad6bfddaef8a2cfac1aebd
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A modern CSS selector implementation for Beautiful Soup.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
#####
PackageName: cvss
@@ -378,17 +376,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17
PackageName: cachetools
SPDXID: SPDXRef-Package-24-cachetools
-PackageVersion: 5.4.0
+PackageVersion: 5.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.4.0
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Extensible memoizing collections and decorators
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.4.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
#####
PackageName: pyasn1-modules
@@ -788,17 +786,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*
PackageName: lib4sbom
SPDXID: SPDXRef-Package-50-lib4sbom
-PackageVersion: 0.7.2
+PackageVersion: 0.7.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.2
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.3
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.3:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -872,6 +870,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6
FilesAnalyzed: false
+PackageChecksum: SHA1: 14a11b50ab723796888133d3722b5b3e2845b084
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
@@ -1086,17 +1085,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-Package-69-setuptools
-PackageVersion: 72.1.0
+PackageVersion: 72.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/72.1.0
+PackageDownloadLocation: https://pypi.org/project/setuptools/72.2.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@72.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@72.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:72.2.0:*:*:*:*:*:*:*
#####
PackageName: toml