diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
index 705b3944d5..2d3047862d 100644
--- a/sbom/cve-bin-tool-py3.8.json
+++ b/sbom/cve-bin-tool-py3.8.json
@@ -2,15 +2,15 @@
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
- "serialNumber": "urn:uuid:1f029f96-8a45-4f02-b564-8c846f2ecd85",
+ "serialNumber": "urn:uuid:0692a5a1-db5c-47ac-97f9-f93b07c81ee8",
"version": 1,
"metadata": {
- "timestamp": "2023-12-25T00:30:36Z",
+ "timestamp": "2024-01-04T20:02:58Z",
"tools": {
"components": [
{
"name": "sbom4python",
- "version": "0.10.2",
+ "version": "0.10.3",
"type": "application"
}
]
@@ -248,7 +248,7 @@
"type": "library",
"bom-ref": "6-attrs",
"name": "attrs",
- "version": "23.1.0",
+ "version": "23.2.0",
"supplier": {
"name": "Hynek Schlawack",
"contact": [
@@ -257,22 +257,16 @@
}
]
},
- "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "1e2f6f9cac5cc60f0adab051c14adf09ffe39155"
- }
- ],
"externalReferences": [
{
- "url": "https://pypi.org/project/attrs/23.1.0",
+ "url": "https://pypi.org/project/attrs/23.2.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/attrs@23.1.0",
+ "purl": "pkg:pypi/attrs@23.2.0",
"properties": [
{
"name": "language",
@@ -1354,6 +1348,12 @@
},
"cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.3.0:*:*:*:*:*:*:*",
"description": "Python wrapper module around the OpenSSL library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "5ba8ce10ed7c318e57516a7ec8447cbb5626d3f9"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1628,7 +1628,7 @@
"type": "library",
"bom-ref": "36-google-auth",
"name": "google-auth",
- "version": "2.25.2",
+ "version": "2.26.1",
"supplier": {
"name": "Google Cloud Platform",
"contact": [
@@ -1637,7 +1637,7 @@
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.25.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.26.1:*:*:*:*:*:*:*",
"description": "Google Authentication Library",
"licenses": [
{
@@ -1649,12 +1649,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/google-auth/2.25.2",
+ "url": "https://pypi.org/project/google-auth/2.26.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth@2.25.2",
+ "purl": "pkg:pypi/google-auth@2.26.1",
"properties": [
{
"name": "language",
@@ -2018,16 +2018,16 @@
"type": "library",
"bom-ref": "45-jsonschema-specifications",
"name": "jsonschema-specifications",
- "version": "2023.11.2",
+ "version": "2023.12.1",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*",
"description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
"hashes": [
{
"alg": "SHA-1",
- "content": "a2fec386cdb2ed38041ccbfff0fc3e8a566997a3"
+ "content": "544e0ff86850af1c6d9e533c4b58b76c59542a76"
}
],
"licenses": [
@@ -2040,12 +2040,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/jsonschema-specifications/2023.11.2",
+ "url": "https://pypi.org/project/jsonschema-specifications/2023.12.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/jsonschema-specifications@2023.11.2",
+ "purl": "pkg:pypi/jsonschema-specifications@2023.12.1",
"properties": [
{
"name": "language",
@@ -2104,11 +2104,11 @@
"type": "library",
"bom-ref": "47-rpds-py",
"name": "rpds-py",
- "version": "0.15.2",
+ "version": "0.16.2",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.15.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.16.2:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"licenses": [
{
@@ -2120,12 +2120,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/rpds-py/0.15.2",
+ "url": "https://pypi.org/project/rpds-py/0.16.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.15.2",
+ "purl": "pkg:pypi/rpds-py@0.16.2",
"properties": [
{
"name": "language",
@@ -2175,7 +2175,7 @@
"type": "library",
"bom-ref": "49-lib4sbom",
"name": "lib4sbom",
- "version": "0.5.4",
+ "version": "0.6.1",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -2184,14 +2184,8 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.5.4:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.6.1:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "3de23e3f3b32c08f9bf8231e2765a06ebb82dc80"
- }
- ],
"licenses": [
{
"license": {
@@ -2202,12 +2196,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/lib4sbom/0.5.4",
+ "url": "https://pypi.org/project/lib4sbom/0.6.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.5.4",
+ "purl": "pkg:pypi/lib4sbom@0.6.1",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
index 18bce45ce6..394e2400d4 100644
--- a/sbom/cve-bin-tool-py3.8.spdx
+++ b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-93f8bd80-f232-48eb-96a1-6409b4c37d46
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3a7d6baa-0ca4-467b-ba41-971aef288c74
LicenseListVersion: 3.22
-Creator: Tool: sbom4python-0.10.2
-Created: 2023-12-25T00:28:46Z
+Creator: Tool: sbom4python-0.10.3
+Created: 2024-01-04T20:00:56Z
CreatorComment: This document has been automatically generated.
#####
@@ -90,18 +90,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*
PackageName: attrs
SPDXID: SPDXRef-Package-6-attrs
-PackageVersion: 23.1.0
+PackageVersion: 23.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
-PackageDownloadLocation: https://pypi.org/project/attrs/23.1.0
+PackageDownloadLocation: https://pypi.org/project/attrs/23.2.0
FilesAnalyzed: false
-PackageChecksum: SHA1: 1e2f6f9cac5cc60f0adab051c14adf09ffe39155
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Classes Without Boilerplate
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@23.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@23.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*
#####
PackageName: multidict
@@ -481,6 +480,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.3.0
FilesAnalyzed: false
+PackageChecksum: SHA1: 5ba8ce10ed7c318e57516a7ec8447cbb5626d3f9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
@@ -573,18 +573,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
PackageName: google-auth
SPDXID: SPDXRef-Package-36-google-auth
-PackageVersion: 2.25.2
+PackageVersion: 2.26.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.25.2
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.26.1
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.25.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.25.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.26.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.26.1:*:*:*:*:*:*:*
#####
PackageName: cachetools
@@ -716,18 +716,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*:
PackageName: jsonschema-specifications
SPDXID: SPDXRef-Package-45-jsonschema-specifications
-PackageVersion: 2023.11.2
+PackageVersion: 2023.12.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.11.2
+PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.12.1
FilesAnalyzed: false
-PackageChecksum: SHA1: a2fec386cdb2ed38041ccbfff0fc3e8a566997a3
+PackageChecksum: SHA1: 544e0ff86850af1c6d9e533c4b58b76c59542a76
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.11.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*
#####
PackageName: referencing
@@ -748,17 +748,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.32.0:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-Package-47-rpds-py
-PackageVersion: 0.15.2
+PackageVersion: 0.16.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.15.2
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.16.2
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.15.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.15.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.16.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.16.2:*:*:*:*:*:*:*
#####
PackageName: pkgutil-resolve-name
@@ -778,18 +778,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.1
PackageName: lib4sbom
SPDXID: SPDXRef-Package-49-lib4sbom
-PackageVersion: 0.5.4
+PackageVersion: 0.6.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.5.4
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.6.1
FilesAnalyzed: false
-PackageChecksum: SHA1: 3de23e3f3b32c08f9bf8231e2765a06ebb82dc80
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.5.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.5.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.6.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.6.1:*:*:*:*:*:*:*
#####
PackageName: pyyaml