diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
index 3250ac9e94..97b807a501 100644
--- a/sbom/cve-bin-tool-py3.11.json
+++ b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:14e467ca-a313-4558-bdb0-c00a572295aa",
+ "serialNumber": "urn:uuid:0756c440-35f1-4087-a1d1-b2150d425fe2",
"version": 1,
"metadata": {
- "timestamp": "2024-08-12T00:35:13Z",
+ "timestamp": "2024-08-19T00:34:30Z",
"lifecycles": [
{
"phase": "build"
@@ -74,7 +74,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.10.3",
+ "version": "3.10.4",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
@@ -87,12 +87,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/aiohttp/3.10.3",
+ "url": "https://pypi.org/project/aiohttp/3.10.4",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohttp@3.10.3",
+ "purl": "pkg:pypi/aiohttp@3.10.4",
"properties": [
{
"name": "language",
@@ -108,7 +108,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
- "version": "2.3.5",
+ "version": "2.3.7",
"supplier": {
"name": "J. Nick Koston",
"contact": [
@@ -117,31 +117,25 @@
}
]
},
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.7:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "01595bbda3380154cc4e72702a1f82502a15940a"
- }
- ],
"licenses": [
{
"license": {
- "id": "Python-2.0",
- "url": "https://opensource.org/licenses/Python-2.0",
+ "id": "Python-2.0.1",
+ "url": "https://www.python.org/download/releases/2.0.1/license/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/aiohappyeyeballs/2.3.5",
+ "url": "https://pypi.org/project/aiohappyeyeballs/2.3.7",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohappyeyeballs@2.3.5",
+ "purl": "pkg:pypi/aiohappyeyeballs@2.3.7",
"properties": [
{
"name": "language",
@@ -445,7 +439,7 @@
"type": "library",
"bom-ref": "11-soupsieve",
"name": "soupsieve",
- "version": "2.5",
+ "version": "2.6",
"supplier": {
"name": "Isaac Muse",
"contact": [
@@ -454,22 +448,16 @@
}
]
},
- "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "51ec317ada7e34f70fad6bfddaef8a2cfac1aebd"
- }
- ],
"externalReferences": [
{
- "url": "https://pypi.org/project/soupsieve/2.5",
+ "url": "https://pypi.org/project/soupsieve/2.6",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/soupsieve@2.5",
+ "purl": "pkg:pypi/soupsieve@2.6",
"properties": [
{
"name": "language",
@@ -989,7 +977,7 @@
"type": "library",
"bom-ref": "23-cachetools",
"name": "cachetools",
- "version": "5.4.0",
+ "version": "5.5.0",
"supplier": {
"name": "Thomas Kemmer",
"contact": [
@@ -998,7 +986,7 @@
}
]
},
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.4.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
"description": "Extensible memoizing collections and decorators",
"licenses": [
{
@@ -1011,12 +999,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cachetools/5.4.0",
+ "url": "https://pypi.org/project/cachetools/5.5.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cachetools@5.4.0",
+ "purl": "pkg:pypi/cachetools@5.5.0",
"properties": [
{
"name": "language",
@@ -2035,7 +2023,7 @@
"type": "library",
"bom-ref": "47-lib4sbom",
"name": "lib4sbom",
- "version": "0.7.2",
+ "version": "0.7.3",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -2044,7 +2032,7 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.3:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"licenses": [
{
@@ -2057,12 +2045,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/lib4sbom/0.7.2",
+ "url": "https://pypi.org/project/lib4sbom/0.7.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.7.2",
+ "purl": "pkg:pypi/lib4sbom@0.7.3",
"properties": [
{
"name": "language",
@@ -2274,6 +2262,12 @@
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "14a11b50ab723796888133d3722b5b3e2845b084"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2871,7 +2865,7 @@
"type": "library",
"bom-ref": "66-setuptools",
"name": "setuptools",
- "version": "72.1.0",
+ "version": "72.2.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -2880,16 +2874,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:72.2.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/72.1.0",
+ "url": "https://pypi.org/project/setuptools/72.2.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@72.1.0",
+ "purl": "pkg:pypi/setuptools@72.2.0",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
index 4bde1bb730..6c4ccdce0d 100644
--- a/sbom/cve-bin-tool-py3.11.spdx
+++ b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-351dc84d-37d7-42cd-a685-641ac1848762
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-471104ff-c261-42ef-b302-6f8b05985844
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.1
-Created: 2024-08-12T00:34:00Z
+Created: 2024-08-19T00:33:22Z
CreatorComment: This document has been automatically generated.
#####
@@ -26,33 +26,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:
PackageName: aiohttp
SPDXID: SPDXRef-Package-2-aiohttp
-PackageVersion: 3.10.3
+PackageVersion: 3.10.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.3
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.4
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.4
#####
PackageName: aiohappyeyeballs
SPDXID: SPDXRef-Package-3-aiohappyeyeballs
-PackageVersion: 2.3.5
+PackageVersion: 2.3.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.3.5
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.3.7
FilesAnalyzed: false
-PackageChecksum: SHA1: 01595bbda3380154cc4e72702a1f82502a15940a
-PackageLicenseDeclared: Python-2.0
-PackageLicenseConcluded: Python-2.0
+PackageLicenseDeclared: Python-2.0.1
+PackageLicenseConcluded: Python-2.0.1
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.3.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.3.7
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.7:*:*:*:*:*:*:*
#####
PackageName: aiosignal
@@ -167,18 +166,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12
PackageName: soupsieve
SPDXID: SPDXRef-Package-11-soupsieve
-PackageVersion: 2.5
+PackageVersion: 2.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Isaac Muse (use@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/soupsieve/2.5
+PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6
FilesAnalyzed: false
-PackageChecksum: SHA1: 51ec317ada7e34f70fad6bfddaef8a2cfac1aebd
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A modern CSS selector implementation for Beautiful Soup.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
#####
PackageName: cvss
@@ -361,17 +359,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17
PackageName: cachetools
SPDXID: SPDXRef-Package-23-cachetools
-PackageVersion: 5.4.0
+PackageVersion: 5.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.4.0
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Extensible memoizing collections and decorators
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.4.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
#####
PackageName: pyasn1-modules
@@ -741,17 +739,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*
PackageName: lib4sbom
SPDXID: SPDXRef-Package-47-lib4sbom
-PackageVersion: 0.7.2
+PackageVersion: 0.7.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.2
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.3
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.3:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -825,6 +823,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6
FilesAnalyzed: false
+PackageChecksum: SHA1: 14a11b50ab723796888133d3722b5b3e2845b084
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
@@ -1039,17 +1038,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-Package-66-setuptools
-PackageVersion: 72.1.0
+PackageVersion: 72.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/72.1.0
+PackageDownloadLocation: https://pypi.org/project/setuptools/72.2.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@72.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@72.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:72.2.0:*:*:*:*:*:*:*
#####
PackageName: xmlschema