diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index 2f29c75498..f2c987cdcd 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:7341a88b-bd6d-4b6a-95d6-726ec9647057", + "serialNumber": "urn:uuid:bf21fb68-2cf7-4f4a-a994-4d233e8c5369", "version": 1, "metadata": { - "timestamp": "2024-09-23T00:38:22Z", + "timestamp": "2024-09-30T00:38:54Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.10.5", + "version": "3.10.8", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.10.5/#files", + "url": "https://pypi.org/project/aiohttp/3.10.8/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.10.5", + "purl": "pkg:pypi/aiohttp@3.10.8", "properties": [ { "name": "language", @@ -118,7 +118,7 @@ "type": "library", "bom-ref": "3-aiohappyeyeballs", "name": "aiohappyeyeballs", - "version": "2.4.0", + "version": "2.4.2", "supplier": { "name": "J. Nick Koston", "contact": [ @@ -127,14 +127,8 @@ } ] }, - "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.2:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", - "hashes": [ - { - "alg": "SHA-1", - "content": "c31b127a69bdcd7895d1a521985d918061955348" - } - ], "licenses": [ { "license": { @@ -151,12 +145,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohappyeyeballs/2.4.0/#files", + "url": "https://pypi.org/project/aiohappyeyeballs/2.4.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohappyeyeballs@2.4.0", + "purl": "pkg:pypi/aiohappyeyeballs@2.4.2", "properties": [ { "name": "language", @@ -346,7 +340,7 @@ "type": "library", "bom-ref": "8-yarl", "name": "yarl", - "version": "1.11.1", + "version": "1.13.1", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -355,7 +349,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.11.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.13.1:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -373,12 +367,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.11.1/#files", + "url": "https://pypi.org/project/yarl/1.13.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.11.1", + "purl": "pkg:pypi/yarl@1.13.1", "properties": [ { "name": "language", @@ -2256,6 +2250,12 @@ }, "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*", "description": "JSON Referencing + Python", + "hashes": [ + { + "alg": "SHA-1", + "content": "1863d4a5c18af1edd0f3b49caeb9fedfdaff9845" + } + ], "externalReferences": [ { "url": "https://github.com/python-jsonschema/referencing", @@ -2299,6 +2299,12 @@ }, "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", + "hashes": [ + { + "alg": "SHA-1", + "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d" + } + ], "licenses": [ { "license": { @@ -2501,6 +2507,12 @@ }, "cpe": "cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*", "description": "VEX generator and consumer library", + "hashes": [ + { + "alg": "SHA-1", + "content": "b7815c41b68867451b849d4d8e239cb79cc0acf2" + } + ], "licenses": [ { "license": { diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index a6a9cab25b..005ec0697e 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-02dfa50f-78d8-4a23-b9da-744009ca1068 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-2a2565ca-f58a-4d49-8bcf-904e21e8d2f1 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.2 -Created: 2024-09-23T00:37:04Z +Created: 2024-09-30T00:37:42Z CreatorComment: This document has been automatically generated. ##### @@ -27,10 +27,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.10.5 +PackageVersion: 3.10.8 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.5/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.8/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: NOASSERTION @@ -38,24 +38,23 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.5 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.8 ##### PackageName: aiohappyeyeballs SPDXID: SPDXRef-3-aiohappyeyeballs -PackageVersion: 2.4.0 +PackageVersion: 2.4.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: J. Nick Koston (nick@koston.org) -PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.0/#files +PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs -PackageChecksum: SHA1: c31b127a69bdcd7895d1a521985d918061955348 PackageLicenseDeclared: Python-2.0.1 PackageLicenseConcluded: Python-2.0.1 PackageCopyrightText: NOASSERTION PackageSummary: Happy Eyeballs for asyncio -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.2:*:*:*:*:*:*:* ##### PackageName: aiosignal @@ -125,18 +124,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:* PackageName: yarl SPDXID: SPDXRef-8-yarl -PackageVersion: 1.11.1 +PackageVersion: 1.13.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.11.1/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.13.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.11.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.11.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.13.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.13.1:*:*:*:*:*:*:* ##### PackageName: idna @@ -756,6 +755,7 @@ PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/referencing +PackageChecksum: SHA1: 1863d4a5c18af1edd0f3b49caeb9fedfdaff9845 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -772,6 +772,7 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds +PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -838,6 +839,7 @@ PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/lib4vex +PackageChecksum: SHA1: b7815c41b68867451b849d4d8e239cb79cc0acf2 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION