diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index f3c781b2b4..03897cc5f7 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:54f89c33-a2a1-4926-b839-2599401ff6fe",
+ "serialNumber": "urn:uuid:f0863954-72a3-495f-a132-02cb8af709ed",
"version": 1,
"metadata": {
- "timestamp": "2024-09-02T00:35:34Z",
+ "timestamp": "2024-09-09T00:38:12Z",
"lifecycles": [
{
"phase": "build"
@@ -31,7 +31,7 @@
"type": "application",
"bom-ref": "1-cve-bin-tool",
"name": "cve-bin-tool",
- "version": "3.4rc1",
+ "version": "3.4",
"supplier": {
"name": "Terri Oda",
"contact": [
@@ -40,7 +40,7 @@
}
]
},
- "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*",
"description": "CVE Binary Checker Tool",
"licenses": [
{
@@ -53,12 +53,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cve-bin-tool/3.4rc1",
+ "url": "https://pypi.org/project/cve-bin-tool/3.4",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cve-bin-tool@3.4rc1",
+ "purl": "pkg:pypi/cve-bin-tool@3.4",
"properties": [
{
"name": "language",
@@ -362,7 +362,7 @@
"type": "library",
"bom-ref": "9-yarl",
"name": "yarl",
- "version": "1.9.7",
+ "version": "1.11.0",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -371,7 +371,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.7:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.11.0:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -384,12 +384,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/yarl/1.9.7",
+ "url": "https://pypi.org/project/yarl/1.11.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.9.7",
+ "purl": "pkg:pypi/yarl@1.11.0",
"properties": [
{
"name": "language",
@@ -522,7 +522,7 @@
"type": "library",
"bom-ref": "13-cvss",
"name": "cvss",
- "version": "3.1",
+ "version": "3.2",
"supplier": {
"name": "Stanislav Red Hat Product Security",
"contact": [
@@ -531,14 +531,8 @@
}
]
},
- "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475"
- }
- ],
"licenses": [
{
"license": {
@@ -550,12 +544,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cvss/3.1",
+ "url": "https://pypi.org/project/cvss/3.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cvss@3.1",
+ "purl": "pkg:pypi/cvss@3.2",
"properties": [
{
"name": "language",
@@ -1580,7 +1574,7 @@
"type": "library",
"bom-ref": "36-cryptography",
"name": "cryptography",
- "version": "43.0.0",
+ "version": "43.0.1",
"supplier": {
"name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -1589,7 +1583,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
@@ -1598,12 +1592,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cryptography/43.0.0",
+ "url": "https://pypi.org/project/cryptography/43.0.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@43.0.0",
+ "purl": "pkg:pypi/cryptography@43.0.1",
"properties": [
{
"name": "language",
@@ -1619,7 +1613,7 @@
"type": "library",
"bom-ref": "37-cffi",
"name": "cffi",
- "version": "1.17.0",
+ "version": "1.17.1",
"supplier": {
"name": "Armin Maciej Fijalkowski",
"contact": [
@@ -1628,7 +1622,7 @@
}
]
},
- "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
"description": "Foreign Function Interface for Python calling C code.",
"licenses": [
{
@@ -1641,12 +1635,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cffi/1.17.0",
+ "url": "https://pypi.org/project/cffi/1.17.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cffi@1.17.0",
+ "purl": "pkg:pypi/cffi@1.17.1",
"properties": [
{
"name": "language",
@@ -2920,7 +2914,7 @@
"type": "library",
"bom-ref": "67-setuptools",
"name": "setuptools",
- "version": "74.0.0",
+ "version": "74.1.2",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -2929,16 +2923,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:74.0.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:74.1.2:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/74.0.0",
+ "url": "https://pypi.org/project/setuptools/74.1.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@74.0.0",
+ "purl": "pkg:pypi/setuptools@74.1.2",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index a7547c119c..39bac0cdc7 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,26 +2,26 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a62995ad-3aeb-4e13-9e6a-812e4226470c
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-90208a36-79fa-4a19-993d-5c3096d4d517
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.1
-Created: 2024-09-02T00:34:20Z
+Created: 2024-09-09T00:36:57Z
CreatorComment: This document has been automatically generated.
#####
PackageName: cve-bin-tool
SPDXID: SPDXRef-Package-1-cve-bin-tool
-PackageVersion: 3.4rc1
+PackageVersion: 3.4
PrimaryPackagePurpose: APPLICATION
PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
-PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4rc1
+PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4
FilesAnalyzed: false
PackageLicenseDeclared: GPL-3.0-or-later
PackageLicenseConcluded: GPL-3.0-or-later
PackageCopyrightText: NOASSERTION
PackageSummary: CVE Binary Checker Tool
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4rc1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*
#####
PackageName: aiohttp
@@ -136,17 +136,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:*
PackageName: yarl
SPDXID: SPDXRef-Package-9-yarl
-PackageVersion: 1.9.7
+PackageVersion: 1.11.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.9.7
+PackageDownloadLocation: https://pypi.org/project/yarl/1.11.0
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.9.7
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.7:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.11.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.11.0:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -198,19 +198,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
PackageName: cvss
SPDXID: SPDXRef-Package-13-cvss
-PackageVersion: 3.1
+PackageVersion: 3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
-PackageDownloadLocation: https://pypi.org/project/cvss/3.1
+PackageDownloadLocation: https://pypi.org/project/cvss/3.2
FilesAnalyzed: false
-PackageChecksum: SHA1: e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*
#####
PackageName: defusedxml
@@ -570,32 +569,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.
PackageName: cryptography
SPDXID: SPDXRef-Package-36-cryptography
-PackageVersion: 43.0.0
+PackageVersion: 43.0.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.0
+PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.1
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*
#####
PackageName: cffi
SPDXID: SPDXRef-Package-37-cffi
-PackageVersion: 1.17.0
+PackageVersion: 1.17.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com)
-PackageDownloadLocation: https://pypi.org/project/cffi/1.17.0
+PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Foreign Function Interface for Python calling C code.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*
#####
PackageName: pycparser
@@ -1056,17 +1055,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-Package-67-setuptools
-PackageVersion: 74.0.0
+PackageVersion: 74.1.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/74.0.0
+PackageDownloadLocation: https://pypi.org/project/setuptools/74.1.2
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@74.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:74.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@74.1.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:74.1.2:*:*:*:*:*:*:*
#####
PackageName: toml