diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index 8cf8aa5cc7..0eef678b0b 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:d8aac678-af82-4834-9824-7ea0ca1c5aad", + "serialNumber": "urn:uuid:0f75c410-49c3-4b71-9350-9079ef768e63", "version": 1, "metadata": { - "timestamp": "2024-10-14T00:37:36Z", + "timestamp": "2024-10-21T00:38:03Z", "lifecycles": [ { "phase": "build" @@ -340,7 +340,7 @@ "type": "library", "bom-ref": "8-yarl", "name": "yarl", - "version": "1.15.2", + "version": "1.15.5", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -349,7 +349,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -367,12 +367,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.15.2/#files", + "url": "https://pypi.org/project/yarl/1.15.5/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.15.2", + "purl": "pkg:pypi/yarl@1.15.5", "properties": [ { "name": "language", @@ -1773,7 +1773,7 @@ "type": "library", "bom-ref": "36-cryptography", "name": "cryptography", - "version": "43.0.1", + "version": "43.0.3", "supplier": { "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1782,7 +1782,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1796,12 +1796,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/43.0.1/#files", + "url": "https://pypi.org/project/cryptography/43.0.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@43.0.1", + "purl": "pkg:pypi/cryptography@43.0.3", "properties": [ { "name": "language", @@ -2132,16 +2132,16 @@ "type": "library", "bom-ref": "43-markupsafe", "name": "markupsafe", - "version": "3.0.1", + "version": "3.0.2", "description": "Safely add untrusted strings to HTML/XML markup.", "externalReferences": [ { - "url": "https://pypi.org/project/markupsafe/3.0.1/#files", + "url": "https://pypi.org/project/markupsafe/3.0.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/markupsafe@3.0.1", + "purl": "pkg:pypi/markupsafe@3.0.2", "properties": [ { "name": "language", @@ -3290,7 +3290,7 @@ "type": "library", "bom-ref": "67-setuptools", "name": "setuptools", - "version": "75.1.0", + "version": "75.2.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3299,16 +3299,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.1.0/#files", + "url": "https://pypi.org/project/setuptools/75.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.1.0", + "purl": "pkg:pypi/setuptools@75.2.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index 7b00545fc2..ae93fe6415 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-5d63da73-221d-4efd-a80c-366b2d0c9435 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-b2973599-018f-42ec-9c3a-664a3e5f75a2 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-14T00:36:36Z +Created: 2024-10-21T00:37:15Z CreatorComment: This document has been automatically generated. ##### @@ -124,18 +124,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:* PackageName: yarl SPDXID: SPDXRef-8-yarl -PackageVersion: 1.15.2 +PackageVersion: 1.15.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:* ##### PackageName: idna @@ -599,18 +599,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. PackageName: cryptography SPDXID: SPDXRef-36-cryptography -PackageVersion: 43.0.1 +PackageVersion: 43.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.1/#files +PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* ##### PackageName: cffi @@ -716,17 +716,17 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 PackageName: markupsafe SPDXID: SPDXRef-43-markupsafe -PackageVersion: 3.0.1 +PackageVersion: 3.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.1/#files +PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Safely add untrusted strings to HTML/XML markup. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.1 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.2 ##### PackageName: jsonschema @@ -1113,17 +1113,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-67-setuptools -PackageVersion: 75.1.0 +PackageVersion: 75.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.1.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:* ##### PackageName: xmlschema