From 300880026e95c5e9d2114eb06f78ca2c34f2b661 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 3 Sep 2024 10:44:02 -0700
Subject: [PATCH] chore: update SBOM for Python 3.12 (#4407)

Co-authored-by: GitHub <noreply@github.com>
---
 sbom/cve-bin-tool-py3.12.json | 100 +++++++++++++++++-----------------
 sbom/cve-bin-tool-py3.12.spdx |  80 +++++++++++++--------------
 2 files changed, 90 insertions(+), 90 deletions(-)

diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
index b1f4601f31..b56f1af913 100644
--- a/sbom/cve-bin-tool-py3.12.json
+++ b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:1a468904-d4b4-4448-9ff4-2a4c6cda96ce",
+  "serialNumber": "urn:uuid:b1f117ed-2d0e-4be8-99ca-e91c6c6428cc",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-08-26T00:35:14Z",
+    "timestamp": "2024-09-02T00:35:23Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -31,7 +31,7 @@
       "type": "application",
       "bom-ref": "1-cve-bin-tool",
       "name": "cve-bin-tool",
-      "version": "3.4rc0",
+      "version": "3.4rc1",
       "supplier": {
         "name": "Terri Oda",
         "contact": [
@@ -40,7 +40,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc1:*:*:*:*:*:*:*",
       "description": "CVE Binary Checker Tool",
       "licenses": [
         {
@@ -53,12 +53,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cve-bin-tool/3.4rc0",
+          "url": "https://pypi.org/project/cve-bin-tool/3.4rc1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cve-bin-tool@3.4rc0",
+      "purl": "pkg:pypi/cve-bin-tool@3.4rc1",
       "properties": [
         {
           "name": "language",
@@ -119,6 +119,12 @@
       },
       "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.0:*:*:*:*:*:*:*",
       "description": "Happy Eyeballs for asyncio",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "c31b127a69bdcd7895d1a521985d918061955348"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -307,7 +313,7 @@
       "type": "library",
       "bom-ref": "8-yarl",
       "name": "yarl",
-      "version": "1.9.4",
+      "version": "1.9.7",
       "supplier": {
         "name": "Andrew Svetlov",
         "contact": [
@@ -316,14 +322,8 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.7:*:*:*:*:*:*:*",
       "description": "Yet another URL library",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "6362ff155ba02964a5e773927412f7cf4ca23cd1"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -335,12 +335,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/yarl/1.9.4",
+          "url": "https://pypi.org/project/yarl/1.9.7",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/yarl@1.9.4",
+      "purl": "pkg:pypi/yarl@1.9.7",
       "properties": [
         {
           "name": "language",
@@ -367,6 +367,12 @@
       },
       "cpe": "cpe:2.3:a:kim_davies:idna:3.8:*:*:*:*:*:*:*",
       "description": "Internationalized Domain Names in Applications (IDNA)",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "784c6f45c162db9709588124f2f1def5b70615ff"
+        }
+      ],
       "externalReferences": [
         {
           "url": "https://pypi.org/project/idna/3.8",
@@ -2023,7 +2029,7 @@
       "type": "library",
       "bom-ref": "47-lib4sbom",
       "name": "lib4sbom",
-      "version": "0.7.3",
+      "version": "0.7.4",
       "supplier": {
         "name": "Anthony Harrison",
         "contact": [
@@ -2032,7 +2038,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.3:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.4:*:*:*:*:*:*:*",
       "description": "Software Bill of Material (SBOM) generator and consumer library",
       "licenses": [
         {
@@ -2045,12 +2051,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/lib4sbom/0.7.3",
+          "url": "https://pypi.org/project/lib4sbom/0.7.4",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/lib4sbom@0.7.3",
+      "purl": "pkg:pypi/lib4sbom@0.7.4",
       "properties": [
         {
           "name": "language",
@@ -2158,7 +2164,7 @@
       "type": "library",
       "bom-ref": "50-lib4vex",
       "name": "lib4vex",
-      "version": "0.1.0",
+      "version": "0.2.0",
       "supplier": {
         "name": "Anthony Harrison",
         "contact": [
@@ -2167,14 +2173,8 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:anthony_harrison:lib4vex:0.1.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*",
       "description": "VEX generator and consumer library",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "84229c7770dd95cf887d6874e0203da4c8aa809b"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -2186,12 +2186,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/lib4vex/0.1.0",
+          "url": "https://pypi.org/project/lib4vex/0.2.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/lib4vex@0.1.0",
+      "purl": "pkg:pypi/lib4vex@0.2.0",
       "properties": [
         {
           "name": "language",
@@ -2300,7 +2300,7 @@
       "type": "library",
       "bom-ref": "53-rich",
       "name": "rich",
-      "version": "13.7.1",
+      "version": "13.8.0",
       "supplier": {
         "name": "Will McGugan",
         "contact": [
@@ -2309,7 +2309,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.8.0:*:*:*:*:*:*:*",
       "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
       "licenses": [
         {
@@ -2322,12 +2322,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/rich/13.7.1",
+          "url": "https://pypi.org/project/rich/13.8.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rich@13.7.1",
+      "purl": "pkg:pypi/rich@13.8.0",
       "properties": [
         {
           "name": "language",
@@ -2506,7 +2506,7 @@
       "type": "library",
       "bom-ref": "58-plotly",
       "name": "plotly",
-      "version": "5.23.0",
+      "version": "5.24.0",
       "supplier": {
         "name": "Chris P",
         "contact": [
@@ -2515,7 +2515,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:chris_p:plotly:5.23.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:chris_p:plotly:5.24.0:*:*:*:*:*:*:*",
       "description": "An open-source, interactive data visualization library for Python",
       "licenses": [
         {
@@ -2528,12 +2528,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/plotly/5.23.0",
+          "url": "https://pypi.org/project/plotly/5.24.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/plotly@5.23.0",
+      "purl": "pkg:pypi/plotly@5.24.0",
       "properties": [
         {
           "name": "language",
@@ -2696,7 +2696,7 @@
       "type": "library",
       "bom-ref": "62-certifi",
       "name": "certifi",
-      "version": "2024.7.4",
+      "version": "2024.8.30",
       "supplier": {
         "name": "Kenneth Reitz",
         "contact": [
@@ -2705,7 +2705,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.7.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*",
       "description": "Python package for providing Mozilla's CA Bundle.",
       "licenses": [
         {
@@ -2718,12 +2718,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/certifi/2024.7.4",
+          "url": "https://pypi.org/project/certifi/2024.8.30",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/certifi@2024.7.4",
+      "purl": "pkg:pypi/certifi@2024.8.30",
       "properties": [
         {
           "name": "language",
@@ -2871,7 +2871,7 @@
       "type": "library",
       "bom-ref": "66-setuptools",
       "name": "setuptools",
-      "version": "73.0.1",
+      "version": "74.0.0",
       "supplier": {
         "name": "Python Packaging Authority",
         "contact": [
@@ -2880,16 +2880,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:73.0.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:74.0.0:*:*:*:*:*:*:*",
       "description": "Easily download, build, install, upgrade, and uninstall Python packages",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/setuptools/73.0.1",
+          "url": "https://pypi.org/project/setuptools/74.0.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/setuptools@73.0.1",
+      "purl": "pkg:pypi/setuptools@74.0.0",
       "properties": [
         {
           "name": "language",
@@ -3003,7 +3003,7 @@
       "type": "library",
       "bom-ref": "69-zipp",
       "name": "zipp",
-      "version": "3.20.0",
+      "version": "3.20.1",
       "supplier": {
         "name": "Jason R .",
         "contact": [
@@ -3012,16 +3012,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.1:*:*:*:*:*:*:*",
       "description": "Backport of pathlib-compatible object wrapper for zip files",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/zipp/3.20.0",
+          "url": "https://pypi.org/project/zipp/3.20.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/zipp@3.20.0",
+      "purl": "pkg:pypi/zipp@3.20.1",
       "properties": [
         {
           "name": "language",
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
index 1bc12152d3..961f9fa3a9 100644
--- a/sbom/cve-bin-tool-py3.12.spdx
+++ b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,26 +2,26 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9d2818ca-979d-421e-8731-e16027125f26
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-ef020a48-2e0c-4106-8ee5-6ade813bf11c
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.11.1
-Created: 2024-08-26T00:33:49Z
+Created: 2024-09-02T00:34:08Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
 PackageName: cve-bin-tool
 SPDXID: SPDXRef-Package-1-cve-bin-tool
-PackageVersion: 3.4rc0
+PackageVersion: 3.4rc1
 PrimaryPackagePurpose: APPLICATION
 PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
-PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4rc0
+PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4rc1
 FilesAnalyzed: false
 PackageLicenseDeclared: GPL-3.0-or-later
 PackageLicenseConcluded: GPL-3.0-or-later
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>CVE Binary Checker Tool</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4rc0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4rc1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: aiohttp
@@ -46,6 +46,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
 PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.0
 FilesAnalyzed: false
+PackageChecksum: SHA1: c31b127a69bdcd7895d1a521985d918061955348
 PackageLicenseDeclared: Python-2.0.1
 PackageLicenseConcluded: Python-2.0.1
 PackageCopyrightText: NOASSERTION
@@ -118,18 +119,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:*
 
 PackageName: yarl
 SPDXID: SPDXRef-Package-8-yarl
-PackageVersion: 1.9.4
+PackageVersion: 1.9.7
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.9.4
+PackageDownloadLocation: https://pypi.org/project/yarl/1.9.7
 FilesAnalyzed: false
-PackageChecksum: SHA1: 6362ff155ba02964a5e773927412f7cf4ca23cd1
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Yet another URL library</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.9.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.9.7
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.7:*:*:*:*:*:*:*
 ##### 
 
 PackageName: idna
@@ -139,6 +139,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
 PackageDownloadLocation: https://pypi.org/project/idna/3.8
 FilesAnalyzed: false
+PackageChecksum: SHA1: 784c6f45c162db9709588124f2f1def5b70615ff
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
@@ -739,17 +740,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*
 
 PackageName: lib4sbom
 SPDXID: SPDXRef-Package-47-lib4sbom
-PackageVersion: 0.7.3
+PackageVersion: 0.7.4
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.3
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.4
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Software Bill of Material (SBOM) generator and consumer library</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.4:*:*:*:*:*:*:*
 ##### 
 
 PackageName: pyyaml
@@ -786,18 +787,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.
 
 PackageName: lib4vex
 SPDXID: SPDXRef-Package-50-lib4vex
-PackageVersion: 0.1.0
+PackageVersion: 0.2.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4vex/0.1.0
+PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0
 FilesAnalyzed: false
-PackageChecksum: SHA1: 84229c7770dd95cf887d6874e0203da4c8aa809b
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>VEX generator and consumer library</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: csaf-tool
@@ -834,17 +834,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1
 
 PackageName: rich
 SPDXID: SPDXRef-Package-53-rich
-PackageVersion: 13.7.1
+PackageVersion: 13.8.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.7.1
+PackageDownloadLocation: https://pypi.org/project/rich/13.8.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.7.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.8.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.8.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: markdown-it-py
@@ -912,17 +912,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*
 
 PackageName: plotly
 SPDXID: SPDXRef-Package-58-plotly
-PackageVersion: 5.23.0
+PackageVersion: 5.24.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/5.23.0
+PackageDownloadLocation: https://pypi.org/project/plotly/5.24.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An open-source, interactive data visualization library for Python</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.23.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.23.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: tenacity
@@ -977,17 +977,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:
 
 PackageName: certifi
 SPDXID: SPDXRef-Package-62-certifi
-PackageVersion: 2024.7.4
+PackageVersion: 2024.8.30
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2024.7.4
+PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30
 FilesAnalyzed: false
 PackageLicenseDeclared: MPL-2.0
 PackageLicenseConcluded: MPL-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python package for providing Mozilla's CA Bundle.</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.7.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.7.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.8.30
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*
 ##### 
 
 PackageName: charset-normalizer
@@ -1039,17 +1039,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
 
 PackageName: setuptools
 SPDXID: SPDXRef-Package-66-setuptools
-PackageVersion: 73.0.1
+PackageVersion: 74.0.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/73.0.1
+PackageDownloadLocation: https://pypi.org/project/setuptools/74.0.0
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Easily download, build, install, upgrade, and uninstall Python packages</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@73.0.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:73.0.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@74.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:74.0.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: xmlschema
@@ -1086,17 +1086,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*
 
 PackageName: zipp
 SPDXID: SPDXRef-Package-69-zipp
-PackageVersion: 3.20.0
+PackageVersion: 3.20.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.20.0
+PackageDownloadLocation: https://pypi.org/project/zipp/3.20.1
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Backport of pathlib-compatible object wrapper for zip files</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: zstandard