diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
index 97b807a501..e6eda83dbf 100644
--- a/sbom/cve-bin-tool-py3.11.json
+++ b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:0756c440-35f1-4087-a1d1-b2150d425fe2",
+ "serialNumber": "urn:uuid:9af242dd-4082-4aa8-816f-1bde08e5ec39",
"version": 1,
"metadata": {
- "timestamp": "2024-08-19T00:34:30Z",
+ "timestamp": "2024-08-26T00:33:39Z",
"lifecycles": [
{
"phase": "build"
@@ -31,7 +31,7 @@
"type": "application",
"bom-ref": "1-cve-bin-tool",
"name": "cve-bin-tool",
- "version": "3.3.1.dev0",
+ "version": "3.4rc0",
"supplier": {
"name": "Terri Oda",
"contact": [
@@ -40,7 +40,7 @@
}
]
},
- "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc0:*:*:*:*:*:*:*",
"description": "CVE Binary Checker Tool",
"licenses": [
{
@@ -53,12 +53,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cve-bin-tool/3.3.1.dev0",
+ "url": "https://pypi.org/project/cve-bin-tool/3.4rc0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cve-bin-tool@3.3.1.dev0",
+ "purl": "pkg:pypi/cve-bin-tool@3.4rc0",
"properties": [
{
"name": "language",
@@ -74,7 +74,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.10.4",
+ "version": "3.10.5",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
@@ -87,12 +87,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/aiohttp/3.10.4",
+ "url": "https://pypi.org/project/aiohttp/3.10.5",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohttp@3.10.4",
+ "purl": "pkg:pypi/aiohttp@3.10.5",
"properties": [
{
"name": "language",
@@ -108,7 +108,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
- "version": "2.3.7",
+ "version": "2.4.0",
"supplier": {
"name": "J. Nick Koston",
"contact": [
@@ -117,7 +117,7 @@
}
]
},
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.7:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.0:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
"licenses": [
{
@@ -130,12 +130,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/aiohappyeyeballs/2.3.7",
+ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohappyeyeballs@2.3.7",
+ "purl": "pkg:pypi/aiohappyeyeballs@2.4.0",
"properties": [
{
"name": "language",
@@ -356,7 +356,7 @@
"type": "library",
"bom-ref": "9-idna",
"name": "idna",
- "version": "3.7",
+ "version": "3.8",
"supplier": {
"name": "Kim Davies",
"contact": [
@@ -365,22 +365,16 @@
}
]
},
- "cpe": "cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kim_davies:idna:3.8:*:*:*:*:*:*:*",
"description": "Internationalized Domain Names in Applications (IDNA)",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"
- }
- ],
"externalReferences": [
{
- "url": "https://pypi.org/project/idna/3.7",
+ "url": "https://pypi.org/project/idna/3.8",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/idna@3.7",
+ "purl": "pkg:pypi/idna@3.8",
"properties": [
{
"name": "language",
@@ -847,6 +841,12 @@
},
"cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*",
"description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "7dfa0149811e5617fe1428f692a18ab8b8c31ddb"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1301,7 +1301,7 @@
"type": "library",
"bom-ref": "30-pyparsing",
"name": "pyparsing",
- "version": "3.1.2",
+ "version": "3.1.4",
"supplier": {
"name": "Paul McGuire",
"contact": [
@@ -1310,22 +1310,16 @@
}
]
},
- "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:*:*:*",
"description": "pyparsing module - Classes and methods to define and execute parsing grammars",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "7d4bda2743ebc04f68d2594bc4fffc70cd65848f"
- }
- ],
"externalReferences": [
{
- "url": "https://pypi.org/project/pyparsing/3.1.2",
+ "url": "https://pypi.org/project/pyparsing/3.1.4",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyparsing@3.1.2",
+ "purl": "pkg:pypi/pyparsing@3.1.4",
"properties": [
{
"name": "language",
@@ -1811,6 +1805,12 @@
"name": "jinja2",
"version": "3.1.4",
"description": "A very fast and expressive template engine.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "dd4a8b5466d8790540c181590b14db4d4d889d57"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/jinja2/3.1.4",
@@ -2560,6 +2560,12 @@
},
"cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*",
"description": "Retry code until it succeeds",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a662bbb487cd6d34541824589f8e8c7a1f7791bb"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2865,7 +2871,7 @@
"type": "library",
"bom-ref": "66-setuptools",
"name": "setuptools",
- "version": "72.2.0",
+ "version": "73.0.1",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -2874,16 +2880,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:72.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:73.0.1:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/72.2.0",
+ "url": "https://pypi.org/project/setuptools/73.0.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@72.2.0",
+ "purl": "pkg:pypi/setuptools@73.0.1",
"properties": [
{
"name": "language",
@@ -2910,6 +2916,12 @@
},
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.2:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "90a7233292cfe5d877110fe369869996a3a25928"
+ }
+ ],
"licenses": [
{
"license": {
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
index 6c4ccdce0d..b901630885 100644
--- a/sbom/cve-bin-tool-py3.11.spdx
+++ b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,56 +2,56 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-471104ff-c261-42ef-b302-6f8b05985844
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-983b9eae-107a-4ff7-8bc2-0c1e0f743a8f
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.1
-Created: 2024-08-19T00:33:22Z
+Created: 2024-08-26T00:32:36Z
CreatorComment: This document has been automatically generated.
#####
PackageName: cve-bin-tool
SPDXID: SPDXRef-Package-1-cve-bin-tool
-PackageVersion: 3.3.1.dev0
+PackageVersion: 3.4rc0
PrimaryPackagePurpose: APPLICATION
PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
-PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3.1.dev0
+PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4rc0
FilesAnalyzed: false
PackageLicenseDeclared: GPL-3.0-or-later
PackageLicenseConcluded: GPL-3.0-or-later
PackageCopyrightText: NOASSERTION
PackageSummary: CVE Binary Checker Tool
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.3.1.dev0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4rc0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc0:*:*:*:*:*:*:*
#####
PackageName: aiohttp
SPDXID: SPDXRef-Package-2-aiohttp
-PackageVersion: 3.10.4
+PackageVersion: 3.10.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.4
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.5
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.4
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.5
#####
PackageName: aiohappyeyeballs
SPDXID: SPDXRef-Package-3-aiohappyeyeballs
-PackageVersion: 2.3.7
+PackageVersion: 2.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.3.7
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.0
FilesAnalyzed: false
PackageLicenseDeclared: Python-2.0.1
PackageLicenseConcluded: Python-2.0.1
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.3.7
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.7:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.0:*:*:*:*:*:*:*
#####
PackageName: aiosignal
@@ -134,18 +134,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:
PackageName: idna
SPDXID: SPDXRef-Package-9-idna
-PackageVersion: 3.7
+PackageVersion: 3.8
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
-PackageDownloadLocation: https://pypi.org/project/idna/3.7
+PackageDownloadLocation: https://pypi.org/project/idna/3.8
FilesAnalyzed: false
-PackageChecksum: SHA1: 1d365e17e10d72d0b7876316fc7b9ca0eebdd38d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Internationalized Domain Names in Applications (IDNA)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.7
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.8
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.8:*:*:*:*:*:*:*
#####
PackageName: beautifulsoup4
@@ -315,6 +314,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (gs-team@google.com)
PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2
FilesAnalyzed: false
+PackageChecksum: SHA1: 7dfa0149811e5617fe1428f692a18ab8b8c31ddb
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
@@ -470,18 +470,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*
PackageName: pyparsing
SPDXID: SPDXRef-Package-30-pyparsing
-PackageVersion: 3.1.2
+PackageVersion: 3.1.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.2
+PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.4
FilesAnalyzed: false
-PackageChecksum: SHA1: 7d4bda2743ebc04f68d2594bc4fffc70cd65848f
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:*:*:*
#####
PackageName: google-reauth
@@ -654,6 +653,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4
FilesAnalyzed: false
+PackageChecksum: SHA1: dd4a8b5466d8790540c181590b14db4d4d889d57
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -932,6 +932,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0
FilesAnalyzed: false
+PackageChecksum: SHA1: a662bbb487cd6d34541824589f8e8c7a1f7791bb
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
@@ -1038,17 +1039,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-Package-66-setuptools
-PackageVersion: 72.2.0
+PackageVersion: 73.0.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/72.2.0
+PackageDownloadLocation: https://pypi.org/project/setuptools/73.0.1
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@72.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:72.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@73.0.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:73.0.1:*:*:*:*:*:*:*
#####
PackageName: xmlschema
@@ -1058,6 +1059,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.2
FilesAnalyzed: false
+PackageChecksum: SHA1: 90a7233292cfe5d877110fe369869996a3a25928
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION