diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
index c6be19c717..6de1a1f1e6 100644
--- a/sbom/cve-bin-tool-py3.11.json
+++ b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
- "serialNumber": "urn:uuid:f52f3eb5-4356-44f4-92dc-93f835a5b30f",
+ "serialNumber": "urn:uuid:fa92daaf-b6b6-4b4d-8d0a-02f5be3d2743",
"version": 1,
"metadata": {
- "timestamp": "2024-04-08T00:27:13Z",
+ "timestamp": "2024-04-15T02:43:05Z",
"tools": {
"components": [
{
@@ -26,7 +26,7 @@
"type": "application",
"bom-ref": "1-cve-bin-tool",
"name": "cve-bin-tool",
- "version": "3.3rc2",
+ "version": "3.3",
"supplier": {
"name": "Terri Oda",
"contact": [
@@ -35,12 +35,12 @@
}
]
},
- "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3:*:*:*:*:*:*:*",
"description": "CVE Binary Checker Tool",
"hashes": [
{
"alg": "SHA-1",
- "content": "c491590aeea36235930d1c6b8480d2489a470ece"
+ "content": "83e30ee0f640bce7a20d4346c85873d359c05d1f"
}
],
"licenses": [
@@ -53,12 +53,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cve-bin-tool/3.3rc2",
+ "url": "https://pypi.org/project/cve-bin-tool/3.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cve-bin-tool@3.3rc2",
+ "purl": "pkg:pypi/cve-bin-tool@3.3",
"properties": [
{
"name": "language",
@@ -66,7 +66,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -74,7 +74,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.9.3",
+ "version": "3.9.4",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
@@ -86,12 +86,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/aiohttp/3.9.3",
+ "url": "https://pypi.org/project/aiohttp/3.9.4",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohttp@3.9.3",
+ "purl": "pkg:pypi/aiohttp@3.9.4",
"properties": [
{
"name": "language",
@@ -99,7 +99,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -137,7 +137,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -170,7 +170,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -204,7 +204,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -252,7 +252,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -300,7 +300,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -308,7 +308,7 @@
"type": "library",
"bom-ref": "8-idna",
"name": "idna",
- "version": "3.6",
+ "version": "3.7",
"supplier": {
"name": "Kim Davies",
"contact": [
@@ -317,16 +317,16 @@
}
]
},
- "cpe": "cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:*",
"description": "Internationalized Domain Names in Applications (IDNA)",
"externalReferences": [
{
- "url": "https://pypi.org/project/idna/3.6",
+ "url": "https://pypi.org/project/idna/3.7",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/idna@3.6",
+ "purl": "pkg:pypi/idna@3.7",
"properties": [
{
"name": "language",
@@ -334,7 +334,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -376,7 +376,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -416,7 +416,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -424,7 +424,7 @@
"type": "library",
"bom-ref": "11-cvss",
"name": "cvss",
- "version": "3.0",
+ "version": "3.1",
"supplier": {
"name": "Stanislav Red Hat Product Security",
"contact": [
@@ -433,14 +433,8 @@
}
]
},
- "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "c637e63a16b7411c6135b5ae8bb5408d06d89b41"
- }
- ],
"licenses": [
{
"license": {
@@ -451,12 +445,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cvss/3.0",
+ "url": "https://pypi.org/project/cvss/3.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cvss@3.0",
+ "purl": "pkg:pypi/cvss@3.1",
"properties": [
{
"name": "language",
@@ -464,7 +458,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -512,7 +506,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -554,7 +548,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -602,7 +596,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -644,7 +638,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -652,7 +646,7 @@
"type": "library",
"bom-ref": "16-argcomplete",
"name": "argcomplete",
- "version": "3.2.3",
+ "version": "3.3.0",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
@@ -661,7 +655,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
"licenses": [
{
@@ -673,12 +667,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/argcomplete/3.2.3",
+ "url": "https://pypi.org/project/argcomplete/3.3.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/argcomplete@3.2.3",
+ "purl": "pkg:pypi/argcomplete@3.3.0",
"properties": [
{
"name": "language",
@@ -686,7 +680,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -728,7 +722,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -771,7 +765,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -813,7 +807,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -861,7 +855,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -909,7 +903,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -957,7 +951,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1005,7 +999,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1053,7 +1047,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1093,7 +1087,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1141,7 +1135,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1183,7 +1177,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1225,7 +1219,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1273,7 +1267,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1321,7 +1315,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1360,7 +1354,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1408,7 +1402,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1450,7 +1444,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1498,7 +1492,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1546,7 +1540,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1588,7 +1582,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1630,7 +1624,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1678,7 +1672,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1717,7 +1711,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1756,7 +1750,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1793,7 +1787,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1836,7 +1830,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1865,7 +1859,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1902,7 +1896,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1944,7 +1938,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -1992,7 +1986,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2040,7 +2034,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2083,7 +2077,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2117,7 +2111,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2165,7 +2159,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2213,7 +2207,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2261,7 +2255,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2309,7 +2303,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2351,7 +2345,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2399,7 +2393,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2433,7 +2427,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2475,7 +2469,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2515,7 +2509,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2555,7 +2549,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2603,7 +2597,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2645,7 +2639,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2687,7 +2681,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2729,7 +2723,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
},
@@ -2777,7 +2771,7 @@
},
{
"name": "python_version",
- "value": "3.11.8"
+ "value": "3.11.9"
}
]
}
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
index 6201d6caa4..d5a0a1eeaf 100644
--- a/sbom/cve-bin-tool-py3.11.spdx
+++ b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,42 +2,42 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c8a466e0-680c-4304-bf01-8356b7d2d654
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-2bb412b6-9cd4-4fea-848c-dea1256fc8ee
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.10.4
-Created: 2024-04-08T00:26:04Z
+Created: 2024-04-15T02:41:53Z
CreatorComment: This document has been automatically generated.
#####
PackageName: cve-bin-tool
SPDXID: SPDXRef-Package-1-cve-bin-tool
-PackageVersion: 3.3rc2
+PackageVersion: 3.3
PrimaryPackagePurpose: APPLICATION
PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
-PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3rc2
+PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3
FilesAnalyzed: false
-PackageChecksum: SHA1: c491590aeea36235930d1c6b8480d2489a470ece
+PackageChecksum: SHA1: 83e30ee0f640bce7a20d4346c85873d359c05d1f
PackageLicenseDeclared: GPL-3.0-or-later
PackageLicenseConcluded: GPL-3.0-or-later
PackageCopyrightText: NOASSERTION
PackageSummary: CVE Binary Checker Tool
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.3rc2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3rc2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3:*:*:*:*:*:*:*
#####
PackageName: aiohttp
SPDXID: SPDXRef-Package-2-aiohttp
-PackageVersion: 3.9.3
+PackageVersion: 3.9.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.3
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.4
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.4
#####
PackageName: aiosignal
@@ -120,17 +120,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:
PackageName: idna
SPDXID: SPDXRef-Package-8-idna
-PackageVersion: 3.6
+PackageVersion: 3.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
-PackageDownloadLocation: https://pypi.org/project/idna/3.6
+PackageDownloadLocation: https://pypi.org/project/idna/3.7
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Internationalized Domain Names in Applications (IDNA)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.7
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:*
#####
PackageName: beautifulsoup4
@@ -167,19 +167,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*
PackageName: cvss
SPDXID: SPDXRef-Package-11-cvss
-PackageVersion: 3.0
+PackageVersion: 3.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
-PackageDownloadLocation: https://pypi.org/project/cvss/3.0
+PackageDownloadLocation: https://pypi.org/project/cvss/3.1
FilesAnalyzed: false
-PackageChecksum: SHA1: c637e63a16b7411c6135b5ae8bb5408d06d89b41
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:*
#####
PackageName: defusedxml
@@ -249,18 +248,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*
PackageName: argcomplete
SPDXID: SPDXRef-Package-16-argcomplete
-PackageVersion: 3.2.3
+PackageVersion: 3.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.2.3
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.3.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.2.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:*
#####
PackageName: crcmod