diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
index 7bc8f425b6..5085398b8f 100644
--- a/sbom/cve-bin-tool-py3.8.json
+++ b/sbom/cve-bin-tool-py3.8.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
- "serialNumber": "urn:uuidb0b9a9ed-5af2-4fc7-b352-6af31df7b6ae",
+ "serialNumber": "urn:uuidd6f17b21-d3b2-4528-bee5-76e137998772",
"version": 1,
"metadata": {
- "timestamp": "2023-07-31T00:30:17Z",
+ "timestamp": "2023-08-07T01:01:03Z",
"tools": {
"components": [
{
@@ -1053,7 +1053,7 @@
"type": "library",
"bom-ref": "32-cryptography",
"name": "cryptography",
- "version": "41.0.2",
+ "version": "41.0.3",
"supplier": {
"name": "The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -1062,7 +1062,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
@@ -1073,12 +1073,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cryptography/41.0.2",
+ "url": "https://pypi.org/project/cryptography/41.0.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@41.0.2"
+ "purl": "pkg:pypi/cryptography@41.0.3"
},
{
"type": "library",
@@ -1491,11 +1491,11 @@
"type": "library",
"bom-ref": "46-jsonschema",
"name": "jsonschema",
- "version": "4.18.4",
+ "version": "4.18.6",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.4:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:*",
"description": "An implementation of JSON Schema validation for Python",
"licenses": [
{
@@ -1507,12 +1507,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/jsonschema/4.18.4",
+ "url": "https://pypi.org/project/jsonschema/4.18.6",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/jsonschema@4.18.4"
+ "purl": "pkg:pypi/jsonschema@4.18.6"
},
{
"type": "library",
@@ -1545,11 +1545,11 @@
"type": "library",
"bom-ref": "48-referencing",
"name": "referencing",
- "version": "0.30.0",
+ "version": "0.30.2",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:referencing:0.30.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
"licenses": [
{
@@ -1561,12 +1561,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/referencing/0.30.0",
+ "url": "https://pypi.org/project/referencing/0.30.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/referencing@0.30.0"
+ "purl": "pkg:pypi/referencing@0.30.2"
},
{
"type": "library",
@@ -1623,7 +1623,7 @@
"type": "library",
"bom-ref": "51-lib4sbom",
"name": "lib4sbom",
- "version": "0.4.0",
+ "version": "0.4.1",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -1632,7 +1632,7 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"licenses": [
{
@@ -1644,12 +1644,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/lib4sbom/0.4.0",
+ "url": "https://pypi.org/project/lib4sbom/0.4.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.4.0"
+ "purl": "pkg:pypi/lib4sbom@0.4.1"
},
{
"type": "library",
@@ -1940,7 +1940,7 @@
"type": "library",
"bom-ref": "60-rich",
"name": "rich",
- "version": "13.5.0",
+ "version": "13.5.2",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -1949,7 +1949,7 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"licenses": [
{
@@ -1961,12 +1961,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/rich/13.5.0",
+ "url": "https://pypi.org/project/rich/13.5.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.5.0"
+ "purl": "pkg:pypi/rich@13.5.2"
},
{
"type": "library",
@@ -2020,7 +2020,7 @@
"type": "library",
"bom-ref": "63-pygments",
"name": "pygments",
- "version": "2.15.1",
+ "version": "2.16.1",
"supplier": {
"name": "Georg Brandl",
"contact": [
@@ -2029,7 +2029,7 @@
}
]
},
- "cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:*",
"description": "Pygments is a syntax highlighting package written in Python.",
"licenses": [
{
@@ -2041,12 +2041,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/Pygments/2.15.1",
+ "url": "https://pypi.org/project/Pygments/2.16.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pygments@2.15.1"
+ "purl": "pkg:pypi/pygments@2.16.1"
},
{
"type": "library",
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
index 1b34939698..fcf4e43cdb 100644
--- a/sbom/cve-bin-tool-py3.8.spdx
+++ b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-936fd797-5b9a-4dc0-aa03-d245a01f264a
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4ebe989f-e3b4-43e2-996a-aee6d2303adf
LicenseListVersion: 3.21
Creator: Tool: sbom4python-0.10.0
-Created: 2023-07-31T00:28:01Z
+Created: 2023-08-07T00:59:13Z
CreatorComment: This document has been automatically generated.
#####
@@ -490,17 +490,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.
PackageName: cryptography
SPDXID: SPDXRef-Package-32-cryptography
-PackageVersion: 41.0.2
+PackageVersion: 41.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.2
+PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.3
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:*
#####
PackageName: cffi
@@ -703,17 +703,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3
PackageName: jsonschema
SPDXID: SPDXRef-Package-46-jsonschema
-PackageVersion: 4.18.4
+PackageVersion: 4.18.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.4
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.6
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:*
#####
PackageName: jsonschema-specifications
@@ -733,17 +733,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
PackageName: referencing
SPDXID: SPDXRef-Package-48-referencing
-PackageVersion: 0.30.0
+PackageVersion: 0.30.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.30.0
+PackageDownloadLocation: https://pypi.org/project/referencing/0.30.2
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.30.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.30.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:*
#####
PackageName: rpds-py
@@ -778,17 +778,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.1
PackageName: lib4sbom
SPDXID: SPDXRef-Package-51-lib4sbom
-PackageVersion: 0.4.0
+PackageVersion: 0.4.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.0
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.1
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -918,17 +918,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*:
PackageName: rich
SPDXID: SPDXRef-Package-60-rich
-PackageVersion: 13.5.0
+PackageVersion: 13.5.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.5.0
+PackageDownloadLocation: https://pypi.org/project/rich/13.5.2
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.5.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -963,17 +963,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:
PackageName: pygments
SPDXID: SPDXRef-Package-63-pygments
-PackageVersion: 2.15.1
+PackageVersion: 2.16.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
-PackageDownloadLocation: https://pypi.org/project/Pygments/2.15.1
+PackageDownloadLocation: https://pypi.org/project/Pygments/2.16.1
FilesAnalyzed: false
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.15.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.16.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:*
#####
PackageName: typing-extensions