diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
index 2f29c75498..f2c987cdcd 100644
--- a/sbom/cve-bin-tool-py3.12.json
+++ b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:7341a88b-bd6d-4b6a-95d6-726ec9647057",
+ "serialNumber": "urn:uuid:bf21fb68-2cf7-4f4a-a994-4d233e8c5369",
"version": 1,
"metadata": {
- "timestamp": "2024-09-23T00:38:22Z",
+ "timestamp": "2024-09-30T00:38:54Z",
"lifecycles": [
{
"phase": "build"
@@ -79,7 +79,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.10.5",
+ "version": "3.10.8",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
@@ -97,12 +97,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.10.5/#files",
+ "url": "https://pypi.org/project/aiohttp/3.10.8/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohttp@3.10.5",
+ "purl": "pkg:pypi/aiohttp@3.10.8",
"properties": [
{
"name": "language",
@@ -118,7 +118,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
- "version": "2.4.0",
+ "version": "2.4.2",
"supplier": {
"name": "J. Nick Koston",
"contact": [
@@ -127,14 +127,8 @@
}
]
},
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.2:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "c31b127a69bdcd7895d1a521985d918061955348"
- }
- ],
"licenses": [
{
"license": {
@@ -151,12 +145,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohappyeyeballs/2.4.0/#files",
+ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohappyeyeballs@2.4.0",
+ "purl": "pkg:pypi/aiohappyeyeballs@2.4.2",
"properties": [
{
"name": "language",
@@ -346,7 +340,7 @@
"type": "library",
"bom-ref": "8-yarl",
"name": "yarl",
- "version": "1.11.1",
+ "version": "1.13.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -355,7 +349,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.11.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.13.1:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -373,12 +367,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.11.1/#files",
+ "url": "https://pypi.org/project/yarl/1.13.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.11.1",
+ "purl": "pkg:pypi/yarl@1.13.1",
"properties": [
{
"name": "language",
@@ -2256,6 +2250,12 @@
},
"cpe": "cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1863d4a5c18af1edd0f3b49caeb9fedfdaff9845"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/python-jsonschema/referencing",
@@ -2299,6 +2299,12 @@
},
"cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2501,6 +2507,12 @@
},
"cpe": "cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*",
"description": "VEX generator and consumer library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b7815c41b68867451b849d4d8e239cb79cc0acf2"
+ }
+ ],
"licenses": [
{
"license": {
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
index a6a9cab25b..005ec0697e 100644
--- a/sbom/cve-bin-tool-py3.12.spdx
+++ b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-02dfa50f-78d8-4a23-b9da-744009ca1068
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-2a2565ca-f58a-4d49-8bcf-904e21e8d2f1
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.2
-Created: 2024-09-23T00:37:04Z
+Created: 2024-09-30T00:37:42Z
CreatorComment: This document has been automatically generated.
#####
@@ -27,10 +27,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.10.5
+PackageVersion: 3.10.8
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.5/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.8/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
PackageLicenseDeclared: NOASSERTION
@@ -38,24 +38,23 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.5
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.8
#####
PackageName: aiohappyeyeballs
SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.0
+PackageVersion: 2.4.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.0/#files
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageChecksum: SHA1: c31b127a69bdcd7895d1a521985d918061955348
PackageLicenseDeclared: Python-2.0.1
PackageLicenseConcluded: Python-2.0.1
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.2:*:*:*:*:*:*:*
#####
PackageName: aiosignal
@@ -125,18 +124,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*
PackageName: yarl
SPDXID: SPDXRef-8-yarl
-PackageVersion: 1.11.1
+PackageVersion: 1.13.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.11.1/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.13.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.11.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.11.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.13.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.13.1:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -756,6 +755,7 @@ PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/referencing
+PackageChecksum: SHA1: 1863d4a5c18af1edd0f3b49caeb9fedfdaff9845
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -772,6 +772,7 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
+PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
@@ -838,6 +839,7 @@ PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4vex
+PackageChecksum: SHA1: b7815c41b68867451b849d4d8e239cb79cc0acf2
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION