diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
index 8cf8aa5cc7..0eef678b0b 100644
--- a/sbom/cve-bin-tool-py3.12.json
+++ b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:d8aac678-af82-4834-9824-7ea0ca1c5aad",
+ "serialNumber": "urn:uuid:0f75c410-49c3-4b71-9350-9079ef768e63",
"version": 1,
"metadata": {
- "timestamp": "2024-10-14T00:37:36Z",
+ "timestamp": "2024-10-21T00:38:03Z",
"lifecycles": [
{
"phase": "build"
@@ -340,7 +340,7 @@
"type": "library",
"bom-ref": "8-yarl",
"name": "yarl",
- "version": "1.15.2",
+ "version": "1.15.5",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -349,7 +349,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -367,12 +367,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.15.2/#files",
+ "url": "https://pypi.org/project/yarl/1.15.5/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.15.2",
+ "purl": "pkg:pypi/yarl@1.15.5",
"properties": [
{
"name": "language",
@@ -1773,7 +1773,7 @@
"type": "library",
"bom-ref": "36-cryptography",
"name": "cryptography",
- "version": "43.0.1",
+ "version": "43.0.3",
"supplier": {
"name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -1782,7 +1782,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
@@ -1796,12 +1796,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cryptography/43.0.1/#files",
+ "url": "https://pypi.org/project/cryptography/43.0.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@43.0.1",
+ "purl": "pkg:pypi/cryptography@43.0.3",
"properties": [
{
"name": "language",
@@ -2132,16 +2132,16 @@
"type": "library",
"bom-ref": "43-markupsafe",
"name": "markupsafe",
- "version": "3.0.1",
+ "version": "3.0.2",
"description": "Safely add untrusted strings to HTML/XML markup.",
"externalReferences": [
{
- "url": "https://pypi.org/project/markupsafe/3.0.1/#files",
+ "url": "https://pypi.org/project/markupsafe/3.0.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/markupsafe@3.0.1",
+ "purl": "pkg:pypi/markupsafe@3.0.2",
"properties": [
{
"name": "language",
@@ -3290,7 +3290,7 @@
"type": "library",
"bom-ref": "67-setuptools",
"name": "setuptools",
- "version": "75.1.0",
+ "version": "75.2.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3299,16 +3299,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.1.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@75.1.0",
+ "purl": "pkg:pypi/setuptools@75.2.0",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
index 7b00545fc2..ae93fe6415 100644
--- a/sbom/cve-bin-tool-py3.12.spdx
+++ b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-5d63da73-221d-4efd-a80c-366b2d0c9435
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-b2973599-018f-42ec-9c3a-664a3e5f75a2
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-10-14T00:36:36Z
+Created: 2024-10-21T00:37:15Z
CreatorComment: This document has been automatically generated.
#####
@@ -124,18 +124,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*
PackageName: yarl
SPDXID: SPDXRef-8-yarl
-PackageVersion: 1.15.2
+PackageVersion: 1.15.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -599,18 +599,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.
PackageName: cryptography
SPDXID: SPDXRef-36-cryptography
-PackageVersion: 43.0.1
+PackageVersion: 43.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.1/#files
+PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyca/cryptography
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
#####
PackageName: cffi
@@ -716,17 +716,17 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4
PackageName: markupsafe
SPDXID: SPDXRef-43-markupsafe
-PackageVersion: 3.0.1
+PackageVersion: 3.0.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.1/#files
+PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Safely add untrusted strings to HTML/XML markup.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.2
#####
PackageName: jsonschema
@@ -1113,17 +1113,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-67-setuptools
-PackageVersion: 75.1.0
+PackageVersion: 75.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.1.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*
#####
PackageName: xmlschema