diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index f17802d83c..182436530c 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:df593032-720d-4cac-a94a-2e4c84d8254f",
+  "serialNumber": "urn:uuid:b01bf299-408a-4e43-a959-44c49efa21f8",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-09-23T00:36:53Z",
+    "timestamp": "2024-09-30T00:40:37Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -79,7 +79,7 @@
       "type": "library",
       "bom-ref": "2-aiohttp",
       "name": "aiohttp",
-      "version": "3.10.5",
+      "version": "3.10.8",
       "description": "Async http client/server framework (asyncio)",
       "licenses": [
         {
@@ -97,12 +97,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/aiohttp/3.10.5/#files",
+          "url": "https://pypi.org/project/aiohttp/3.10.8/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/aiohttp@3.10.5",
+      "purl": "pkg:pypi/aiohttp@3.10.8",
       "properties": [
         {
           "name": "language",
@@ -118,7 +118,7 @@
       "type": "library",
       "bom-ref": "3-aiohappyeyeballs",
       "name": "aiohappyeyeballs",
-      "version": "2.4.0",
+      "version": "2.4.2",
       "supplier": {
         "name": "J. Nick Koston",
         "contact": [
@@ -127,14 +127,8 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.2:*:*:*:*:*:*:*",
       "description": "Happy Eyeballs for asyncio",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "c31b127a69bdcd7895d1a521985d918061955348"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -151,12 +145,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/aiohappyeyeballs/2.4.0/#files",
+          "url": "https://pypi.org/project/aiohappyeyeballs/2.4.2/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/aiohappyeyeballs@2.4.0",
+      "purl": "pkg:pypi/aiohappyeyeballs@2.4.2",
       "properties": [
         {
           "name": "language",
@@ -438,7 +432,7 @@
       "type": "library",
       "bom-ref": "10-yarl",
       "name": "yarl",
-      "version": "1.11.1",
+      "version": "1.13.1",
       "supplier": {
         "name": "Andrew Svetlov",
         "contact": [
@@ -447,7 +441,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.11.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.13.1:*:*:*:*:*:*:*",
       "description": "Yet another URL library",
       "licenses": [
         {
@@ -465,12 +459,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/yarl/1.11.1/#files",
+          "url": "https://pypi.org/project/yarl/1.13.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/yarl@1.11.1",
+      "purl": "pkg:pypi/yarl@1.13.1",
       "properties": [
         {
           "name": "language",
@@ -2416,6 +2410,12 @@
       },
       "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*",
       "description": "JSON Referencing + Python",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "1863d4a5c18af1edd0f3b49caeb9fedfdaff9845"
+        }
+      ],
       "externalReferences": [
         {
           "url": "https://github.com/python-jsonschema/referencing",
@@ -2459,6 +2459,12 @@
       },
       "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
       "description": "Python bindings to Rust's persistent data structures (rpds)",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -2661,6 +2667,12 @@
       },
       "cpe": "cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*",
       "description": "VEX generator and consumer library",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "b7815c41b68867451b849d4d8e239cb79cc0acf2"
+        }
+      ],
       "licenses": [
         {
           "license": {
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index 5c7247ccf6..9dce6225a3 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-020d5fea-e58f-4c27-bc90-5b5b857cbf3e
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-cd098b6e-d3fd-4cd2-bae8-9649c9842de8
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.11.2
-Created: 2024-09-23T00:35:40Z
+Created: 2024-09-30T00:39:14Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -27,10 +27,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*
 
 PackageName: aiohttp
 SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.10.5
+PackageVersion: 3.10.8
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.5/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.8/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/aiohttp
 PackageLicenseDeclared: NOASSERTION
@@ -38,24 +38,23 @@ PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Async http client/server framework (asyncio)</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.5
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.8
 ##### 
 
 PackageName: aiohappyeyeballs
 SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.0
+PackageVersion: 2.4.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.0/#files
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.2/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageChecksum: SHA1: c31b127a69bdcd7895d1a521985d918061955348
 PackageLicenseDeclared: Python-2.0.1
 PackageLicenseConcluded: Python-2.0.1
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Happy Eyeballs for asyncio</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: aiosignal
@@ -158,18 +157,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
 
 PackageName: yarl
 SPDXID: SPDXRef-10-yarl
-PackageVersion: 1.11.1
+PackageVersion: 1.13.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.11.1/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.13.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/yarl
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Yet another URL library</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.11.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.11.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.13.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.13.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: idna
@@ -819,6 +818,7 @@ PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com)
 PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/python-jsonschema/referencing
+PackageChecksum: SHA1: 1863d4a5c18af1edd0f3b49caeb9fedfdaff9845
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
@@ -835,6 +835,7 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
 PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/crate-py/rpds
+PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
@@ -901,6 +902,7 @@ PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
 PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/anthonyharrison/lib4vex
+PackageChecksum: SHA1: b7815c41b68867451b849d4d8e239cb79cc0acf2
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION