diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index 3e7be240f6..ec19f351c6 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:485924ac-6344-4b78-b66d-e84d13270170",
+ "serialNumber": "urn:uuid:87b9b11e-38e1-4e9a-8f7a-3548bf602f43",
"version": 1,
"metadata": {
- "timestamp": "2024-08-05T00:37:48Z",
+ "timestamp": "2024-08-12T00:35:43Z",
"lifecycles": [
{
"phase": "build"
@@ -15,7 +15,7 @@
"components": [
{
"name": "sbom4python",
- "version": "0.11.0",
+ "version": "0.11.1",
"type": "application"
}
]
@@ -74,7 +74,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.10.1",
+ "version": "3.10.3",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
@@ -87,12 +87,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/aiohttp/3.10.1",
+ "url": "https://pypi.org/project/aiohttp/3.10.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohttp@3.10.1",
+ "purl": "pkg:pypi/aiohttp@3.10.3",
"properties": [
{
"name": "language",
@@ -108,7 +108,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
- "version": "2.3.4",
+ "version": "2.3.5",
"supplier": {
"name": "J. Nick Koston",
"contact": [
@@ -117,12 +117,18 @@
}
]
},
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.4:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.5:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "01595bbda3380154cc4e72702a1f82502a15940a"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "PSF-2.0",
+ "id": "Python-2.0",
"url": "https://opensource.org/licenses/Python-2.0",
"acknowledgement": "concluded"
}
@@ -130,12 +136,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/aiohappyeyeballs/2.3.4",
+ "url": "https://pypi.org/project/aiohappyeyeballs/2.3.5",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohappyeyeballs@2.3.4",
+ "purl": "pkg:pypi/aiohappyeyeballs@2.3.5",
"properties": [
{
"name": "language",
@@ -273,7 +279,7 @@
"type": "library",
"bom-ref": "7-attrs",
"name": "attrs",
- "version": "24.1.0",
+ "version": "24.2.0",
"supplier": {
"name": "Hynek Schlawack",
"contact": [
@@ -282,16 +288,16 @@
}
]
},
- "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.1.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
"externalReferences": [
{
- "url": "https://pypi.org/project/attrs/24.1.0",
+ "url": "https://pypi.org/project/attrs/24.2.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/attrs@24.1.0",
+ "purl": "pkg:pypi/attrs@24.2.0",
"properties": [
{
"name": "language",
@@ -761,7 +767,7 @@
"type": "library",
"bom-ref": "18-argcomplete",
"name": "argcomplete",
- "version": "3.4.0",
+ "version": "3.5.0",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
@@ -770,7 +776,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.4.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.0:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
"licenses": [
{
@@ -783,12 +789,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/argcomplete/3.4.0",
+ "url": "https://pypi.org/project/argcomplete/3.5.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/argcomplete@3.4.0",
+ "purl": "pkg:pypi/argcomplete@3.5.0",
"properties": [
{
"name": "language",
@@ -1625,7 +1631,7 @@
"type": "library",
"bom-ref": "37-cffi",
"name": "cffi",
- "version": "1.16.0",
+ "version": "1.17.0",
"supplier": {
"name": "Armin Maciej Fijalkowski",
"contact": [
@@ -1634,14 +1640,8 @@
}
]
},
- "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.0:*:*:*:*:*:*:*",
"description": "Foreign Function Interface for Python calling C code.",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "ba44abd69cf6f0f1cc90db34cd067275dc10fc71"
- }
- ],
"licenses": [
{
"license": {
@@ -1653,12 +1653,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cffi/1.16.0",
+ "url": "https://pypi.org/project/cffi/1.17.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cffi@1.16.0",
+ "purl": "pkg:pypi/cffi@1.17.0",
"properties": [
{
"name": "language",
@@ -1904,7 +1904,7 @@
"type": "library",
"bom-ref": "43-zipp",
"name": "zipp",
- "version": "3.19.2",
+ "version": "3.20.0",
"supplier": {
"name": "Jason R .",
"contact": [
@@ -1913,16 +1913,16 @@
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.19.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.0:*:*:*:*:*:*:*",
"description": "Backport of pathlib-compatible object wrapper for zip files",
"externalReferences": [
{
- "url": "https://pypi.org/project/zipp/3.19.2",
+ "url": "https://pypi.org/project/zipp/3.20.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zipp@3.19.2",
+ "purl": "pkg:pypi/zipp@3.20.0",
"properties": [
{
"name": "language",
@@ -2114,11 +2114,11 @@
"type": "library",
"bom-ref": "49-rpds-py",
"name": "rpds-py",
- "version": "0.19.1",
+ "version": "0.20.0",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.19.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"licenses": [
{
@@ -2131,12 +2131,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/rpds-py/0.19.1",
+ "url": "https://pypi.org/project/rpds-py/0.20.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.19.1",
+ "purl": "pkg:pypi/rpds-py@0.20.0",
"properties": [
{
"name": "language",
@@ -2195,7 +2195,7 @@
"type": "library",
"bom-ref": "51-pyyaml",
"name": "pyyaml",
- "version": "6.0.1",
+ "version": "6.0.2",
"supplier": {
"name": "Kirill Simonov",
"contact": [
@@ -2204,14 +2204,8 @@
}
]
},
- "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*",
"description": "YAML parser and emitter for Python",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "c42fa3bff1eabdb64763bb1526d9ea1ccb708479"
- }
- ],
"licenses": [
{
"license": {
@@ -2223,12 +2217,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/pyyaml/6.0.1",
+ "url": "https://pypi.org/project/pyyaml/6.0.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyyaml@6.0.1",
+ "purl": "pkg:pypi/pyyaml@6.0.2",
"properties": [
{
"name": "language",
@@ -3243,6 +3237,7 @@
"70-toml",
"67-urllib3",
"71-xmlschema",
+ "43-zipp",
"73-zstandard"
]
},
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index 8138cbeb24..cb22b85be5 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c409e3d9-98e9-45ef-999b-5e3bf95aa4fb
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c56f8b9e-ce44-4bbc-a7ef-768580484fd7
LicenseListVersion: 3.22
-Creator: Tool: sbom4python-0.11.0
-Created: 2024-08-05T00:36:32Z
+Creator: Tool: sbom4python-0.11.1
+Created: 2024-08-12T00:34:16Z
CreatorComment: This document has been automatically generated.
#####
@@ -26,32 +26,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:
PackageName: aiohttp
SPDXID: SPDXRef-Package-2-aiohttp
-PackageVersion: 3.10.1
+PackageVersion: 3.10.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.1
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.3
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.3
#####
PackageName: aiohappyeyeballs
SPDXID: SPDXRef-Package-3-aiohappyeyeballs
-PackageVersion: 2.3.4
+PackageVersion: 2.3.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.3.4
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.3.5
FilesAnalyzed: false
-PackageLicenseDeclared: PSF-2.0
-PackageLicenseConcluded: PSF-2.0
+PackageChecksum: SHA1: 01595bbda3380154cc4e72702a1f82502a15940a
+PackageLicenseDeclared: Python-2.0
+PackageLicenseConcluded: Python-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.3.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.3.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.5:*:*:*:*:*:*:*
#####
PackageName: aiosignal
@@ -103,17 +104,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*
PackageName: attrs
SPDXID: SPDXRef-Package-7-attrs
-PackageVersion: 24.1.0
+PackageVersion: 24.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
-PackageDownloadLocation: https://pypi.org/project/attrs/24.1.0
+PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Classes Without Boilerplate
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*
#####
PackageName: multidict
@@ -281,18 +282,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.30:*:*:*:*:*:*:*
PackageName: argcomplete
SPDXID: SPDXRef-Package-18-argcomplete
-PackageVersion: 3.4.0
+PackageVersion: 3.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.4.0
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.4.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.0:*:*:*:*:*:*:*
#####
PackageName: crcmod
@@ -586,18 +587,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python
PackageName: cffi
SPDXID: SPDXRef-Package-37-cffi
-PackageVersion: 1.16.0
+PackageVersion: 1.17.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com)
-PackageDownloadLocation: https://pypi.org/project/cffi/1.16.0
+PackageDownloadLocation: https://pypi.org/project/cffi/1.17.0
FilesAnalyzed: false
-PackageChecksum: SHA1: ba44abd69cf6f0f1cc90db34cd067275dc10fc71
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Foreign Function Interface for Python calling C code.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.16.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.0:*:*:*:*:*:*:*
#####
PackageName: pycparser
@@ -683,17 +683,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.2.0:*:*:
PackageName: zipp
SPDXID: SPDXRef-Package-43-zipp
-PackageVersion: 3.19.2
+PackageVersion: 3.20.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.19.2
+PackageDownloadLocation: https://pypi.org/project/zipp/3.20.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.19.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.19.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.0:*:*:*:*:*:*:*
#####
PackageName: jinja2
@@ -773,17 +773,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-Package-49-rpds-py
-PackageVersion: 0.19.1
+PackageVersion: 0.20.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.19.1
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.19.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.19.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
@@ -803,18 +803,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.2:*:*:*:
PackageName: pyyaml
SPDXID: SPDXRef-Package-51-pyyaml
-PackageVersion: 6.0.1
+PackageVersion: 6.0.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
-PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.1
+PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.2
FilesAnalyzed: false
-PackageChecksum: SHA1: c42fa3bff1eabdb64763bb1526d9ea1ccb708479
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: YAML parser and emitter for Python
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*
#####
PackageName: semantic-version
@@ -1172,6 +1171,7 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-filet
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-17-gsutil
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-importlib-metadata
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-zipp
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-jinja2
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-jsonschema
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-lib4sbom