diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index c5be4b3ca1..c01318d5e9 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
- "serialNumber": "urn:uuid73b51cbf-2d71-4b00-aca6-b31391cbe10d",
+ "serialNumber": "urn:uuide3e05b88-20fe-4fb4-a70a-7a988a30a646",
"version": 1,
"metadata": {
- "timestamp": "2023-07-31T00:28:17Z",
+ "timestamp": "2023-08-07T01:14:28Z",
"tools": {
"components": [
{
@@ -1053,7 +1053,7 @@
"type": "library",
"bom-ref": "32-cryptography",
"name": "cryptography",
- "version": "41.0.2",
+ "version": "41.0.3",
"supplier": {
"name": "The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -1062,7 +1062,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
@@ -1073,12 +1073,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cryptography/41.0.2",
+ "url": "https://pypi.org/project/cryptography/41.0.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@41.0.2"
+ "purl": "pkg:pypi/cryptography@41.0.3"
},
{
"type": "library",
@@ -1419,11 +1419,11 @@
"type": "library",
"bom-ref": "43-jsonschema",
"name": "jsonschema",
- "version": "4.18.4",
+ "version": "4.18.6",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.4:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:*",
"description": "An implementation of JSON Schema validation for Python",
"licenses": [
{
@@ -1435,12 +1435,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/jsonschema/4.18.4",
+ "url": "https://pypi.org/project/jsonschema/4.18.6",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/jsonschema@4.18.4"
+ "purl": "pkg:pypi/jsonschema@4.18.6"
},
{
"type": "library",
@@ -1473,11 +1473,11 @@
"type": "library",
"bom-ref": "45-referencing",
"name": "referencing",
- "version": "0.30.0",
+ "version": "0.30.2",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:referencing:0.30.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
"licenses": [
{
@@ -1489,12 +1489,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/referencing/0.30.0",
+ "url": "https://pypi.org/project/referencing/0.30.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/referencing@0.30.0"
+ "purl": "pkg:pypi/referencing@0.30.2"
},
{
"type": "library",
@@ -1527,7 +1527,7 @@
"type": "library",
"bom-ref": "47-lib4sbom",
"name": "lib4sbom",
- "version": "0.4.0",
+ "version": "0.4.1",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -1536,7 +1536,7 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"licenses": [
{
@@ -1548,12 +1548,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/lib4sbom/0.4.0",
+ "url": "https://pypi.org/project/lib4sbom/0.4.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.4.0"
+ "purl": "pkg:pypi/lib4sbom@0.4.1"
},
{
"type": "library",
@@ -1844,7 +1844,7 @@
"type": "library",
"bom-ref": "56-rich",
"name": "rich",
- "version": "13.5.0",
+ "version": "13.5.2",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -1853,7 +1853,7 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"licenses": [
{
@@ -1865,12 +1865,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/rich/13.5.0",
+ "url": "https://pypi.org/project/rich/13.5.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.5.0"
+ "purl": "pkg:pypi/rich@13.5.2"
},
{
"type": "library",
@@ -1924,7 +1924,7 @@
"type": "library",
"bom-ref": "59-pygments",
"name": "pygments",
- "version": "2.15.1",
+ "version": "2.16.1",
"supplier": {
"name": "Georg Brandl",
"contact": [
@@ -1933,7 +1933,7 @@
}
]
},
- "cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:*",
"description": "Pygments is a syntax highlighting package written in Python.",
"licenses": [
{
@@ -1945,12 +1945,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/Pygments/2.15.1",
+ "url": "https://pypi.org/project/Pygments/2.16.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pygments@2.15.1"
+ "purl": "pkg:pypi/pygments@2.16.1"
},
{
"type": "library",
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index bc8078b12f..c5385189c3 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-01fca005-4c52-48a2-88cc-157ddb47cb6d
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-d5127a7d-b857-4821-a5d3-57951445c898
LicenseListVersion: 3.21
Creator: Tool: sbom4python-0.10.0
-Created: 2023-07-31T00:27:01Z
+Created: 2023-08-07T01:12:54Z
CreatorComment: This document has been automatically generated.
#####
@@ -490,17 +490,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.
PackageName: cryptography
SPDXID: SPDXRef-Package-32-cryptography
-PackageVersion: 41.0.2
+PackageVersion: 41.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.2
+PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.3
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:*
#####
PackageName: cffi
@@ -658,17 +658,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3
PackageName: jsonschema
SPDXID: SPDXRef-Package-43-jsonschema
-PackageVersion: 4.18.4
+PackageVersion: 4.18.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.4
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.6
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:*
#####
PackageName: jsonschema-specifications
@@ -688,17 +688,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
PackageName: referencing
SPDXID: SPDXRef-Package-45-referencing
-PackageVersion: 0.30.0
+PackageVersion: 0.30.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.30.0
+PackageDownloadLocation: https://pypi.org/project/referencing/0.30.2
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.30.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.30.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:*
#####
PackageName: rpds-py
@@ -718,17 +718,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.9.2:*:*:*:*:*:
PackageName: lib4sbom
SPDXID: SPDXRef-Package-47-lib4sbom
-PackageVersion: 0.4.0
+PackageVersion: 0.4.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.0
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.1
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -858,17 +858,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*:
PackageName: rich
SPDXID: SPDXRef-Package-56-rich
-PackageVersion: 13.5.0
+PackageVersion: 13.5.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.5.0
+PackageDownloadLocation: https://pypi.org/project/rich/13.5.2
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.5.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -903,17 +903,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:
PackageName: pygments
SPDXID: SPDXRef-Package-59-pygments
-PackageVersion: 2.15.1
+PackageVersion: 2.16.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
-PackageDownloadLocation: https://pypi.org/project/Pygments/2.15.1
+PackageDownloadLocation: https://pypi.org/project/Pygments/2.16.1
FilesAnalyzed: false
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.15.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.16.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:*
#####
PackageName: rpmfile