diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml
index 8072d5fc17..f2b0195499 100644
--- a/.github/workflows/build-wheel.yml
+++ b/.github/workflows/build-wheel.yml
@@ -28,7 +28,7 @@ jobs:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python-version }}
cache: 'pip'
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 9c0c72cf4a..aa82ed9ecf 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -51,7 +51,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+ uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -76,4 +76,4 @@ jobs:
# make release
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+ uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
diff --git a/.github/workflows/cve_scan.yml b/.github/workflows/cve_scan.yml
index 212af4496b..c97248eeb3 100644
--- a/.github/workflows/cve_scan.yml
+++ b/.github/workflows/cve_scan.yml
@@ -12,8 +12,9 @@ permissions:
jobs:
cve_scan:
name: CVE scan on dependencies
- runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
- timeout-minutes: 30
+ # runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
+ runs-on: 'ubuntu-latest'
+ timeout-minutes: 60
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
@@ -21,7 +22,7 @@ jobs:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.11'
cache: 'pip'
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 717e3e7f10..d99c952123 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -24,4 +24,4 @@ jobs:
- name: 'Checkout Repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: 'Dependency Review'
- uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5
+ uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0
diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml
index dc99b6d2e2..5ef52b7699 100644
--- a/.github/workflows/formatting.yml
+++ b/.github/workflows/formatting.yml
@@ -24,7 +24,7 @@ jobs:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.11'
cache: 'pip'
diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml
index 478c5a8b42..b4fb4a9fcb 100644
--- a/.github/workflows/fuzzing.yml
+++ b/.github/workflows/fuzzing.yml
@@ -19,7 +19,7 @@ jobs:
uses: actions/checkout@v4
- name: Set up Python
- uses: actions/setup-python@v5.2.0
+ uses: actions/setup-python@v5.3.0
with:
python-version: 3.9
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
index 48f759c58e..c4737601f6 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -23,7 +23,7 @@ jobs:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.11'
cache: 'pip'
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
index 05fe91de08..1d42ac5baa 100644
--- a/.github/workflows/sbom.yml
+++ b/.github/workflows/sbom.yml
@@ -27,7 +27,7 @@ jobs:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python }}
cache: 'pip'
diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml
index fd7d1d7d4b..2dec16dcae 100644
--- a/.github/workflows/spelling.yml
+++ b/.github/workflows/spelling.yml
@@ -19,7 +19,7 @@ jobs:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: check-spelling/check-spelling@v0.0.22
+ - uses: check-spelling/check-spelling@v0.0.24
with:
extra_dictionaries:
cspell:python/src/python/python.txt
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
index b74a2a89d5..6ed476bcb6 100644
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@@ -49,7 +49,7 @@ jobs:
pypi.org:443
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.11'
cache: 'pip'
@@ -108,7 +108,7 @@ jobs:
www.sqlite.org:443
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python }}
cache: 'pip'
@@ -197,7 +197,7 @@ jobs:
github.head_ref
)
)
- runs-on: 'ubuntu-latest'
+ runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
timeout-minutes: 120
env:
LONG_TESTS: 1
@@ -240,7 +240,7 @@ jobs:
www.sqlite.org:443
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.10'
cache: 'pip'
@@ -397,7 +397,7 @@ jobs:
www.sqlite.org:443
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.10'
cache: 'pip'
@@ -503,7 +503,7 @@ jobs:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.12'
cache: 'pip'
@@ -566,7 +566,7 @@ jobs:
path: ~/conda_pkgs_dir
key: ${{ runner.os }}-conda-${{ env.CACHE_NUMBER }}-${{
hashFiles('requirements.txt') }}
- - uses: conda-incubator/setup-miniconda@a4260408e20b96e80095f42ff7f1a15b27dd94ca # v3.0.4
+ - uses: conda-incubator/setup-miniconda@d2e6a045a86077fb6cad6f5adf368e9076ddaa8d # v3.1.0
with:
auto-update-conda: true
activate-environment: pdftotext
diff --git a/.github/workflows/update-cache.yml b/.github/workflows/update-cache.yml
index 7e77e1ecf1..fa2c93fae7 100644
--- a/.github/workflows/update-cache.yml
+++ b/.github/workflows/update-cache.yml
@@ -31,7 +31,7 @@ jobs:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.10'
cache: 'pip'
diff --git a/.github/workflows/update-js-dependencies.yml b/.github/workflows/update-js-dependencies.yml
index d4921f0f4d..f2b3fc0bd9 100644
--- a/.github/workflows/update-js-dependencies.yml
+++ b/.github/workflows/update-js-dependencies.yml
@@ -28,7 +28,7 @@ jobs:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.11'
diff --git a/.github/workflows/update-pre-commit.yml b/.github/workflows/update-pre-commit.yml
index 23a58da58f..2b3be9cf39 100644
--- a/.github/workflows/update-pre-commit.yml
+++ b/.github/workflows/update-pre-commit.yml
@@ -28,7 +28,7 @@ jobs:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.11'
diff --git a/.github/workflows/validate-yml.yml b/.github/workflows/validate-yml.yml
index 477aba9b85..b4bd97f31d 100644
--- a/.github/workflows/validate-yml.yml
+++ b/.github/workflows/validate-yml.yml
@@ -19,7 +19,7 @@ jobs:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.11'
cache: 'pip'
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 5e194bd6b9..8a14acb674 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -15,13 +15,13 @@ repos:
exclude: ^fuzz/generated/
- repo: https://github.com/psf/black-pre-commit-mirror
- rev: 24.8.0
+ rev: 24.10.0
hooks:
- id: black
exclude: ^fuzz/generated/
- repo: https://github.com/asottile/pyupgrade
- rev: v3.17.0
+ rev: v3.19.0
hooks:
- id: pyupgrade
exclude: ^fuzz/generated/
@@ -46,7 +46,7 @@ repos:
- id: gitlint
- repo: https://github.com/pre-commit/mirrors-mypy
- rev: v1.11.2
+ rev: v1.13.0
hooks:
- id: mypy
additional_dependencies:
diff --git a/cve_bin_tool/output_engine/__init__.py b/cve_bin_tool/output_engine/__init__.py
index a697785d1f..0de9c28a2e 100644
--- a/cve_bin_tool/output_engine/__init__.py
+++ b/cve_bin_tool/output_engine/__init__.py
@@ -882,7 +882,10 @@ def output_file(self, output_type="console"):
with open(self.filename, "wb") as f:
self.output_cves(f, output_type)
else:
- with open(self.filename, "w", encoding="utf8") as f:
+ # if type is csv, file should be opened with newline=''
+ # see https://docs.python.org/3/library/csv.html#csv.writer
+ newline = "" if output_type == "csv" else None
+ with open(self.filename, mode="w", newline=newline, encoding="utf8") as f:
self.output_cves(f, output_type)
def check_file_path(self, filepath: str, output_type: str, prefix: str = "output"):
diff --git a/cve_bin_tool/parsers/env.py b/cve_bin_tool/parsers/env.py
index 536f681752..e4cb15a55c 100644
--- a/cve_bin_tool/parsers/env.py
+++ b/cve_bin_tool/parsers/env.py
@@ -15,6 +15,12 @@
@dataclasses.dataclass
class EnvNamespaceConfig:
+ """
+ Configuration details for environment namespace in the CVE Bin tool
+ Attributes:
+ CVE ID associated with this namespace, vendor name, product name, version of the product, file path where product is located
+ """
+
ad_hoc_cve_id: str
vendor: str
product: str
@@ -24,6 +30,12 @@ class EnvNamespaceConfig:
@dataclasses.dataclass
class EnvConfig:
+ """
+ Configuration for multiple environment namespaces
+ Attributes:
+ A dictionary mapping namespace names to their configurations
+ """
+
namespaces: dict[str, EnvNamespaceConfig]
@@ -40,6 +52,13 @@ class EnvParser(Parser):
@staticmethod
def parse_file_contents(contents):
+ """
+ Parse the contents of an environment configuration file
+ Args:
+ contents(str): textual content of environment configuration file
+ Returns:
+ EnvConfig: EnvConfig instance containing parsed namespace configurations
+ """
lines = list(
[
line
diff --git a/dev-requirements.txt b/dev-requirements.txt
index 676d73734d..d98d7977bb 100644
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@@ -1,14 +1,15 @@
-black==24.8.0
+black==24.10.0; python_version > "3.8"
+black==24.8.0; python_version <= "3.8"
isort; python_version < "3.8"
isort==5.13.2; python_version >= "3.8"
pre-commit; python_version <= "3.8"
-pre-commit==3.8.0; python_version > "3.8"
+pre-commit==4.0.1; python_version > "3.8"
flake8; python_version < "3.8"
flake8==7.1.1; python_version >= "3.8"
bandit==1.7.10
gitlint==v0.19.1
interrogate
-mypy==v1.11.2
+mypy==v1.13.0
pytest>=7.2.0
pytest-xdist
pytest-cov
diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index 19a898bcac..11e8b80d5a 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:f845813e-87fb-4b9d-a68b-cf62b5eebeb4",
+ "serialNumber": "urn:uuid:9d8b3f1e-c984-4279-a86b-50bcec4fda9b",
"version": 1,
"metadata": {
- "timestamp": "2024-10-28T00:37:59Z",
+ "timestamp": "2024-11-11T00:37:52Z",
"lifecycles": [
{
"phase": "build"
@@ -329,6 +329,12 @@
},
"cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/attrs/24.2.0/#files",
@@ -411,6 +417,12 @@
},
"cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
"description": "Backported and Experimental Type Hints for Python 3.8+",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
@@ -434,7 +446,7 @@
"type": "library",
"bom-ref": "10-yarl",
"name": "yarl",
- "version": "1.16.0",
+ "version": "1.17.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -443,7 +455,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -461,12 +473,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.16.0/#files",
+ "url": "https://pypi.org/project/yarl/1.17.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.16.0",
+ "purl": "pkg:pypi/yarl@1.17.1",
"properties": [
{
"name": "language",
@@ -627,6 +639,12 @@
},
"cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/facelessuser/soupsieve",
@@ -655,7 +673,7 @@
"type": "library",
"bom-ref": "15-cvss",
"name": "cvss",
- "version": "3.2",
+ "version": "3.3",
"supplier": {
"name": "Stanislav Red Hat Product Security",
"contact": [
@@ -664,7 +682,7 @@
}
]
},
- "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
"licenses": [
{
@@ -682,12 +700,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cvss/3.2/#files",
+ "url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cvss@3.2",
+ "purl": "pkg:pypi/cvss@3.3",
"properties": [
{
"name": "language",
@@ -2228,6 +2246,12 @@
"name": "markupsafe",
"version": "3.0.2",
"description": "Safely add untrusted strings to HTML/XML markup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/markupsafe/3.0.2/#files",
@@ -2393,7 +2417,7 @@
"type": "library",
"bom-ref": "49-rpds-py",
"name": "rpds-py",
- "version": "0.20.0",
+ "version": "0.21.0",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -2402,23 +2426,8 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
- }
- ],
"externalReferences": [
{
"url": "https://github.com/crate-py/rpds",
@@ -2426,12 +2435,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.20.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.20.0",
+ "purl": "pkg:pypi/rpds-py@0.21.0",
"properties": [
{
"name": "language",
@@ -2752,7 +2761,7 @@
"type": "library",
"bom-ref": "56-rich",
"name": "rich",
- "version": "13.9.3",
+ "version": "13.9.4",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -2761,8 +2770,14 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2779,12 +2794,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rich/13.9.3/#files",
+ "url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.9.3",
+ "purl": "pkg:pypi/rich@13.9.4",
"properties": [
{
"name": "language",
@@ -2956,7 +2971,7 @@
"type": "library",
"bom-ref": "60-packaging",
"name": "packaging",
- "version": "24.1",
+ "version": "24.2",
"supplier": {
"name": "Donald Stufft",
"contact": [
@@ -2965,16 +2980,16 @@
}
]
},
- "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/packaging/24.1/#files",
+ "url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packaging@24.1",
+ "purl": "pkg:pypi/packaging@24.2",
"properties": [
{
"name": "language",
@@ -3378,7 +3393,7 @@
"type": "library",
"bom-ref": "69-setuptools",
"name": "setuptools",
- "version": "75.2.0",
+ "version": "75.3.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3387,16 +3402,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.2.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@75.2.0",
+ "purl": "pkg:pypi/setuptools@75.3.0",
"properties": [
{
"name": "language",
@@ -3470,7 +3485,7 @@
"type": "library",
"bom-ref": "71-xmlschema",
"name": "xmlschema",
- "version": "3.4.2",
+ "version": "3.4.3",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3479,7 +3494,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -3497,12 +3512,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/xmlschema/3.4.2/#files",
+ "url": "https://pypi.org/project/xmlschema/3.4.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@3.4.2",
+ "purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
{
"name": "language",
@@ -3566,7 +3581,7 @@
"type": "library",
"bom-ref": "73-zipp",
"name": "zipp",
- "version": "3.20.2",
+ "version": "3.21.0",
"supplier": {
"name": "Jason R .",
"contact": [
@@ -3575,16 +3590,16 @@
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
"description": "Backport of pathlib-compatible object wrapper for zip files",
"externalReferences": [
{
- "url": "https://pypi.org/project/zipp/3.20.2/#files",
+ "url": "https://pypi.org/project/zipp/3.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zipp@3.20.2",
+ "purl": "pkg:pypi/zipp@3.21.0",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index 6adec42bb4..3450e18661 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9d9a0807-ce81-4de1-9676-a3d3dbacf13f
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fbb1f496-d598-4256-ad86-451dd81c5ec2
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-10-28T00:37:06Z
+Created: 2024-11-11T00:37:01Z
CreatorComment: This document has been automatically generated.
#####
@@ -116,6 +116,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -148,6 +149,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -158,18 +160,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
PackageName: yarl
SPDXID: SPDXRef-10-yarl
-PackageVersion: 1.16.0
+PackageVersion: 1.17.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.16.0/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.16.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -228,6 +230,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
+PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -238,10 +241,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
PackageName: cvss
SPDXID: SPDXRef-15-cvss
-PackageVersion: 3.2
+PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
-PackageDownloadLocation: https://pypi.org/project/cvss/3.2/#files
+PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
PackageLicenseDeclared: NOASSERTION
@@ -249,8 +252,8 @@ PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
@@ -755,6 +758,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.
@@ -815,19 +819,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-49-rpds-py
-PackageVersion: 0.20.0
+PackageVersion: 0.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
@@ -932,18 +935,19 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1
PackageName: rich
SPDXID: SPDXRef-56-rich
-PackageVersion: 13.9.3
+PackageVersion: 13.9.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files
+PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
+PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -999,17 +1003,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*
PackageName: packaging
SPDXID: SPDXRef-60-packaging
-PackageVersion: 24.1
+PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
-PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files
+PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
PackageName: plotly
@@ -1146,17 +1150,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-69-setuptools
-PackageVersion: 75.2.0
+PackageVersion: 75.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
#####
PackageName: toml
@@ -1178,18 +1182,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
PackageName: xmlschema
SPDXID: SPDXRef-71-xmlschema
-PackageVersion: 3.4.2
+PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.2/#files
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
@@ -1210,17 +1214,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*
PackageName: zipp
SPDXID: SPDXRef-73-zipp
-PackageVersion: 3.20.2
+PackageVersion: 3.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files
+PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
#####
PackageName: zstandard
diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
index 9fd08a49aa..5ba8175fb4 100644
--- a/sbom/cve-bin-tool-py3.11.json
+++ b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:0f266371-5f01-4b1f-a630-b4a42e8ab4c2",
+ "serialNumber": "urn:uuid:427b46ae-e987-4f40-8517-9a8d3fcec56e",
"version": 1,
"metadata": {
- "timestamp": "2024-10-28T00:37:40Z",
+ "timestamp": "2024-11-11T00:37:40Z",
"lifecycles": [
{
"phase": "build"
@@ -271,6 +271,12 @@
},
"cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/attrs/24.2.0/#files",
@@ -342,7 +348,7 @@
"type": "library",
"bom-ref": "8-yarl",
"name": "yarl",
- "version": "1.16.0",
+ "version": "1.17.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -351,7 +357,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -369,12 +375,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.16.0/#files",
+ "url": "https://pypi.org/project/yarl/1.17.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.16.0",
+ "purl": "pkg:pypi/yarl@1.17.1",
"properties": [
{
"name": "language",
@@ -535,6 +541,12 @@
},
"cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/facelessuser/soupsieve",
@@ -563,7 +575,7 @@
"type": "library",
"bom-ref": "13-cvss",
"name": "cvss",
- "version": "3.2",
+ "version": "3.3",
"supplier": {
"name": "Stanislav Red Hat Product Security",
"contact": [
@@ -572,7 +584,7 @@
}
]
},
- "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
"licenses": [
{
@@ -590,12 +602,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cvss/3.2/#files",
+ "url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cvss@3.2",
+ "purl": "pkg:pypi/cvss@3.3",
"properties": [
{
"name": "language",
@@ -2136,6 +2148,12 @@
"name": "markupsafe",
"version": "3.0.2",
"description": "Safely add untrusted strings to HTML/XML markup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/markupsafe/3.0.2/#files",
@@ -2301,7 +2319,7 @@
"type": "library",
"bom-ref": "47-rpds-py",
"name": "rpds-py",
- "version": "0.20.0",
+ "version": "0.21.0",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -2310,23 +2328,8 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
- }
- ],
"externalReferences": [
{
"url": "https://github.com/crate-py/rpds",
@@ -2334,12 +2337,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.20.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.20.0",
+ "purl": "pkg:pypi/rpds-py@0.21.0",
"properties": [
{
"name": "language",
@@ -2660,7 +2663,7 @@
"type": "library",
"bom-ref": "54-rich",
"name": "rich",
- "version": "13.9.3",
+ "version": "13.9.4",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -2669,8 +2672,14 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2687,12 +2696,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rich/13.9.3/#files",
+ "url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.9.3",
+ "purl": "pkg:pypi/rich@13.9.4",
"properties": [
{
"name": "language",
@@ -2864,7 +2873,7 @@
"type": "library",
"bom-ref": "58-packaging",
"name": "packaging",
- "version": "24.1",
+ "version": "24.2",
"supplier": {
"name": "Donald Stufft",
"contact": [
@@ -2873,16 +2882,16 @@
}
]
},
- "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/packaging/24.1/#files",
+ "url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packaging@24.1",
+ "purl": "pkg:pypi/packaging@24.2",
"properties": [
{
"name": "language",
@@ -3286,7 +3295,7 @@
"type": "library",
"bom-ref": "67-setuptools",
"name": "setuptools",
- "version": "75.2.0",
+ "version": "75.3.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3295,16 +3304,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.2.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@75.2.0",
+ "purl": "pkg:pypi/setuptools@75.3.0",
"properties": [
{
"name": "language",
@@ -3320,7 +3329,7 @@
"type": "library",
"bom-ref": "68-xmlschema",
"name": "xmlschema",
- "version": "3.4.2",
+ "version": "3.4.3",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3329,7 +3338,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -3347,12 +3356,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/xmlschema/3.4.2/#files",
+ "url": "https://pypi.org/project/xmlschema/3.4.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@3.4.2",
+ "purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
{
"name": "language",
@@ -3416,7 +3425,7 @@
"type": "library",
"bom-ref": "70-zipp",
"name": "zipp",
- "version": "3.20.2",
+ "version": "3.21.0",
"supplier": {
"name": "Jason R .",
"contact": [
@@ -3425,16 +3434,16 @@
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
"description": "Backport of pathlib-compatible object wrapper for zip files",
"externalReferences": [
{
- "url": "https://pypi.org/project/zipp/3.20.2/#files",
+ "url": "https://pypi.org/project/zipp/3.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zipp@3.20.2",
+ "purl": "pkg:pypi/zipp@3.21.0",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
index 19aef3bfe5..272ff4e086 100644
--- a/sbom/cve-bin-tool-py3.11.spdx
+++ b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-74592506-2886-44ae-895a-da1f0f1334ca
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-efe4b143-b05c-44c4-852e-b6b21a68340f
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-10-28T00:36:57Z
+Created: 2024-11-11T00:37:01Z
CreatorComment: This document has been automatically generated.
#####
@@ -98,6 +98,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -125,18 +126,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*
PackageName: yarl
SPDXID: SPDXRef-8-yarl
-PackageVersion: 1.16.0
+PackageVersion: 1.17.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.16.0/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.16.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -195,6 +196,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
+PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -205,10 +207,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
PackageName: cvss
SPDXID: SPDXRef-13-cvss
-PackageVersion: 3.2
+PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
-PackageDownloadLocation: https://pypi.org/project/cvss/3.2/#files
+PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
PackageLicenseDeclared: NOASSERTION
@@ -216,8 +218,8 @@ PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
@@ -722,6 +724,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.
@@ -782,19 +785,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-47-rpds-py
-PackageVersion: 0.20.0
+PackageVersion: 0.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
@@ -899,18 +901,19 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1
PackageName: rich
SPDXID: SPDXRef-54-rich
-PackageVersion: 13.9.3
+PackageVersion: 13.9.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files
+PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
+PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -966,17 +969,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*
PackageName: packaging
SPDXID: SPDXRef-58-packaging
-PackageVersion: 24.1
+PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
-PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files
+PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
PackageName: plotly
@@ -1113,33 +1116,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-67-setuptools
-PackageVersion: 75.2.0
+PackageVersion: 75.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
#####
PackageName: xmlschema
SPDXID: SPDXRef-68-xmlschema
-PackageVersion: 3.4.2
+PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.2/#files
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
@@ -1160,17 +1163,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*
PackageName: zipp
SPDXID: SPDXRef-70-zipp
-PackageVersion: 3.20.2
+PackageVersion: 3.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files
+PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
#####
PackageName: zstandard
diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
index beafd63bdf..60821f01a1 100644
--- a/sbom/cve-bin-tool-py3.12.json
+++ b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:c3f0a58f-1000-4930-b89e-cb88efacd5d3",
+ "serialNumber": "urn:uuid:473bf76a-fad4-4e1d-858c-96c7fb94c47b",
"version": 1,
"metadata": {
- "timestamp": "2024-10-28T00:38:50Z",
+ "timestamp": "2024-11-11T00:37:48Z",
"lifecycles": [
{
"phase": "build"
@@ -271,6 +271,12 @@
},
"cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/attrs/24.2.0/#files",
@@ -342,7 +348,7 @@
"type": "library",
"bom-ref": "8-yarl",
"name": "yarl",
- "version": "1.16.0",
+ "version": "1.17.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -351,7 +357,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -369,12 +375,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.16.0/#files",
+ "url": "https://pypi.org/project/yarl/1.17.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.16.0",
+ "purl": "pkg:pypi/yarl@1.17.1",
"properties": [
{
"name": "language",
@@ -535,6 +541,12 @@
},
"cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/facelessuser/soupsieve",
@@ -563,7 +575,7 @@
"type": "library",
"bom-ref": "13-cvss",
"name": "cvss",
- "version": "3.2",
+ "version": "3.3",
"supplier": {
"name": "Stanislav Red Hat Product Security",
"contact": [
@@ -572,7 +584,7 @@
}
]
},
- "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
"licenses": [
{
@@ -590,12 +602,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cvss/3.2/#files",
+ "url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cvss@3.2",
+ "purl": "pkg:pypi/cvss@3.3",
"properties": [
{
"name": "language",
@@ -2136,6 +2148,12 @@
"name": "markupsafe",
"version": "3.0.2",
"description": "Safely add untrusted strings to HTML/XML markup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/markupsafe/3.0.2/#files",
@@ -2301,7 +2319,7 @@
"type": "library",
"bom-ref": "47-rpds-py",
"name": "rpds-py",
- "version": "0.20.0",
+ "version": "0.21.0",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -2310,23 +2328,8 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
- }
- ],
"externalReferences": [
{
"url": "https://github.com/crate-py/rpds",
@@ -2334,12 +2337,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.20.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.20.0",
+ "purl": "pkg:pypi/rpds-py@0.21.0",
"properties": [
{
"name": "language",
@@ -2660,7 +2663,7 @@
"type": "library",
"bom-ref": "54-rich",
"name": "rich",
- "version": "13.9.3",
+ "version": "13.9.4",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -2669,8 +2672,14 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2687,12 +2696,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rich/13.9.3/#files",
+ "url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.9.3",
+ "purl": "pkg:pypi/rich@13.9.4",
"properties": [
{
"name": "language",
@@ -2864,7 +2873,7 @@
"type": "library",
"bom-ref": "58-packaging",
"name": "packaging",
- "version": "24.1",
+ "version": "24.2",
"supplier": {
"name": "Donald Stufft",
"contact": [
@@ -2873,16 +2882,16 @@
}
]
},
- "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/packaging/24.1/#files",
+ "url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packaging@24.1",
+ "purl": "pkg:pypi/packaging@24.2",
"properties": [
{
"name": "language",
@@ -3286,7 +3295,7 @@
"type": "library",
"bom-ref": "67-setuptools",
"name": "setuptools",
- "version": "75.2.0",
+ "version": "75.3.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3295,16 +3304,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.2.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@75.2.0",
+ "purl": "pkg:pypi/setuptools@75.3.0",
"properties": [
{
"name": "language",
@@ -3320,7 +3329,7 @@
"type": "library",
"bom-ref": "68-xmlschema",
"name": "xmlschema",
- "version": "3.4.2",
+ "version": "3.4.3",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3329,7 +3338,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -3347,12 +3356,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/xmlschema/3.4.2/#files",
+ "url": "https://pypi.org/project/xmlschema/3.4.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@3.4.2",
+ "purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
{
"name": "language",
@@ -3416,7 +3425,7 @@
"type": "library",
"bom-ref": "70-zipp",
"name": "zipp",
- "version": "3.20.2",
+ "version": "3.21.0",
"supplier": {
"name": "Jason R .",
"contact": [
@@ -3425,16 +3434,16 @@
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
"description": "Backport of pathlib-compatible object wrapper for zip files",
"externalReferences": [
{
- "url": "https://pypi.org/project/zipp/3.20.2/#files",
+ "url": "https://pypi.org/project/zipp/3.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zipp@3.20.2",
+ "purl": "pkg:pypi/zipp@3.21.0",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
index d5dd7e4fb8..132341bedb 100644
--- a/sbom/cve-bin-tool-py3.12.spdx
+++ b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8092be7a-891d-43e8-92da-4f3a027149cf
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-780d67c5-e334-4774-85fc-7ad1e1961493
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-10-28T00:38:09Z
+Created: 2024-11-11T00:37:00Z
CreatorComment: This document has been automatically generated.
#####
@@ -98,6 +98,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -125,18 +126,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*
PackageName: yarl
SPDXID: SPDXRef-8-yarl
-PackageVersion: 1.16.0
+PackageVersion: 1.17.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.16.0/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.16.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -195,6 +196,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
+PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -205,10 +207,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
PackageName: cvss
SPDXID: SPDXRef-13-cvss
-PackageVersion: 3.2
+PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
-PackageDownloadLocation: https://pypi.org/project/cvss/3.2/#files
+PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
PackageLicenseDeclared: NOASSERTION
@@ -216,8 +218,8 @@ PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
@@ -722,6 +724,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.
@@ -782,19 +785,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-47-rpds-py
-PackageVersion: 0.20.0
+PackageVersion: 0.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
@@ -899,18 +901,19 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1
PackageName: rich
SPDXID: SPDXRef-54-rich
-PackageVersion: 13.9.3
+PackageVersion: 13.9.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files
+PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
+PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -966,17 +969,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*
PackageName: packaging
SPDXID: SPDXRef-58-packaging
-PackageVersion: 24.1
+PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
-PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files
+PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
PackageName: plotly
@@ -1113,33 +1116,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-67-setuptools
-PackageVersion: 75.2.0
+PackageVersion: 75.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
#####
PackageName: xmlschema
SPDXID: SPDXRef-68-xmlschema
-PackageVersion: 3.4.2
+PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.2/#files
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
@@ -1160,17 +1163,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*
PackageName: zipp
SPDXID: SPDXRef-70-zipp
-PackageVersion: 3.20.2
+PackageVersion: 3.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files
+PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
#####
PackageName: zstandard
diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
index aaa515d518..8e6c4b88f2 100644
--- a/sbom/cve-bin-tool-py3.8.json
+++ b/sbom/cve-bin-tool-py3.8.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:e019cd5f-9c97-4fd6-b01a-e1fdc281d319",
+ "serialNumber": "urn:uuid:09185e60-2171-4493-a4fd-eaadb9d689b9",
"version": 1,
"metadata": {
- "timestamp": "2024-10-28T00:40:20Z",
+ "timestamp": "2024-11-11T00:37:58Z",
"lifecycles": [
{
"phase": "build"
@@ -329,6 +329,12 @@
},
"cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/attrs/24.2.0/#files",
@@ -411,6 +417,12 @@
},
"cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
"description": "Backported and Experimental Type Hints for Python 3.8+",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
@@ -445,6 +457,12 @@
},
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*",
"description": "Yet another URL library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "33294bf084d2dde1ac1e8133b0125e1f142a8274"
+ }
+ ],
"licenses": [
{
"license": {
@@ -627,6 +645,12 @@
},
"cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/facelessuser/soupsieve",
@@ -655,7 +679,7 @@
"type": "library",
"bom-ref": "15-cvss",
"name": "cvss",
- "version": "3.2",
+ "version": "3.3",
"supplier": {
"name": "Stanislav Red Hat Product Security",
"contact": [
@@ -664,7 +688,7 @@
}
]
},
- "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
"licenses": [
{
@@ -682,12 +706,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cvss/3.2/#files",
+ "url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cvss@3.2",
+ "purl": "pkg:pypi/cvss@3.3",
"properties": [
{
"name": "language",
@@ -2202,6 +2226,12 @@
},
"cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*",
"description": "Read metadata from Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b34810b1e0665580a91ea19b6317a1890ecd42c1"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/importlib-metadata/8.5.0/#files",
@@ -2270,6 +2300,12 @@
},
"cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*",
"description": "Read resources from Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "284148b005b57031a354402c446473f53cab2c49"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/importlib-resources/6.4.5/#files",
@@ -2532,7 +2568,7 @@
"type": "library",
"bom-ref": "52-rpds-py",
"name": "rpds-py",
- "version": "0.20.0",
+ "version": "0.20.1",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -2541,14 +2577,8 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d"
- }
- ],
"licenses": [
{
"license": {
@@ -2565,12 +2595,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.20.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.20.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.20.0",
+ "purl": "pkg:pypi/rpds-py@0.20.1",
"properties": [
{
"name": "language",
@@ -2934,7 +2964,7 @@
"type": "library",
"bom-ref": "60-rich",
"name": "rich",
- "version": "13.9.3",
+ "version": "13.9.4",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -2943,8 +2973,14 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2961,12 +2997,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rich/13.9.3/#files",
+ "url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.9.3",
+ "purl": "pkg:pypi/rich@13.9.4",
"properties": [
{
"name": "language",
@@ -3138,7 +3174,7 @@
"type": "library",
"bom-ref": "64-packaging",
"name": "packaging",
- "version": "24.1",
+ "version": "24.2",
"supplier": {
"name": "Donald Stufft",
"contact": [
@@ -3147,16 +3183,16 @@
}
]
},
- "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/packaging/24.1/#files",
+ "url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packaging@24.1",
+ "purl": "pkg:pypi/packaging@24.2",
"properties": [
{
"name": "language",
@@ -3560,7 +3596,7 @@
"type": "library",
"bom-ref": "73-setuptools",
"name": "setuptools",
- "version": "75.2.0",
+ "version": "75.3.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3569,16 +3605,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.2.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@75.2.0",
+ "purl": "pkg:pypi/setuptools@75.3.0",
"properties": [
{
"name": "language",
@@ -3652,7 +3688,7 @@
"type": "library",
"bom-ref": "75-xmlschema",
"name": "xmlschema",
- "version": "3.4.2",
+ "version": "3.4.3",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3661,7 +3697,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -3679,12 +3715,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/xmlschema/3.4.2/#files",
+ "url": "https://pypi.org/project/xmlschema/3.4.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@3.4.2",
+ "purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
index 8522bd1ea0..c66cbe5150 100644
--- a/sbom/cve-bin-tool-py3.8.spdx
+++ b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a8eca549-4f66-4938-9caa-1ff2abaec047
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7d29612d-e195-4775-b376-646cc2514ac4
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-10-28T00:39:21Z
+Created: 2024-11-11T00:36:58Z
CreatorComment: This document has been automatically generated.
#####
@@ -116,6 +116,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -148,6 +149,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -164,6 +166,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
+PackageChecksum: SHA1: 33294bf084d2dde1ac1e8133b0125e1f142a8274
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
@@ -228,6 +231,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
+PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -238,10 +242,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
PackageName: cvss
SPDXID: SPDXRef-15-cvss
-PackageVersion: 3.2
+PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
-PackageDownloadLocation: https://pypi.org/project/cvss/3.2/#files
+PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
PackageLicenseDeclared: NOASSERTION
@@ -249,8 +253,8 @@ PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
@@ -740,6 +744,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: b34810b1e0665580a91ea19b6317a1890ecd42c1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -770,6 +775,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Barry Warsaw (barry@python.org)
PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.4.5/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 284148b005b57031a354402c446473f53cab2c49
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -861,19 +867,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-52-rpds-py
-PackageVersion: 0.20.0
+PackageVersion: 0.20.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*
#####
PackageName: pkgutil-resolve-name
@@ -994,18 +999,19 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1
PackageName: rich
SPDXID: SPDXRef-60-rich
-PackageVersion: 13.9.3
+PackageVersion: 13.9.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files
+PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
+PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -1061,17 +1067,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*
PackageName: packaging
SPDXID: SPDXRef-64-packaging
-PackageVersion: 24.1
+PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
-PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files
+PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
PackageName: plotly
@@ -1208,17 +1214,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-73-setuptools
-PackageVersion: 75.2.0
+PackageVersion: 75.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
#####
PackageName: toml
@@ -1240,18 +1246,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
PackageName: xmlschema
SPDXID: SPDXRef-75-xmlschema
-PackageVersion: 3.4.2
+PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.2/#files
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index b3bd6dc437..2f66f324d6 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:fad70535-a2c6-4cf6-84b8-75bf196560b4",
+ "serialNumber": "urn:uuid:b533a6a5-37a1-49d0-ac98-ad45000656d8",
"version": 1,
"metadata": {
- "timestamp": "2024-10-28T00:40:22Z",
+ "timestamp": "2024-11-11T00:38:15Z",
"lifecycles": [
{
"phase": "build"
@@ -329,6 +329,12 @@
},
"cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/attrs/24.2.0/#files",
@@ -411,6 +417,12 @@
},
"cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
"description": "Backported and Experimental Type Hints for Python 3.8+",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
@@ -434,7 +446,7 @@
"type": "library",
"bom-ref": "10-yarl",
"name": "yarl",
- "version": "1.16.0",
+ "version": "1.17.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -443,7 +455,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -461,12 +473,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.16.0/#files",
+ "url": "https://pypi.org/project/yarl/1.17.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.16.0",
+ "purl": "pkg:pypi/yarl@1.17.1",
"properties": [
{
"name": "language",
@@ -627,6 +639,12 @@
},
"cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/facelessuser/soupsieve",
@@ -655,7 +673,7 @@
"type": "library",
"bom-ref": "15-cvss",
"name": "cvss",
- "version": "3.2",
+ "version": "3.3",
"supplier": {
"name": "Stanislav Red Hat Product Security",
"contact": [
@@ -664,7 +682,7 @@
}
]
},
- "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
"licenses": [
{
@@ -682,12 +700,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cvss/3.2/#files",
+ "url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cvss@3.2",
+ "purl": "pkg:pypi/cvss@3.3",
"properties": [
{
"name": "language",
@@ -2202,6 +2220,12 @@
},
"cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*",
"description": "Read metadata from Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b34810b1e0665580a91ea19b6317a1890ecd42c1"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/importlib-metadata/8.5.0/#files",
@@ -2225,7 +2249,7 @@
"type": "library",
"bom-ref": "45-zipp",
"name": "zipp",
- "version": "3.20.2",
+ "version": "3.21.0",
"supplier": {
"name": "Jason R .",
"contact": [
@@ -2234,16 +2258,16 @@
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
"description": "Backport of pathlib-compatible object wrapper for zip files",
"externalReferences": [
{
- "url": "https://pypi.org/project/zipp/3.20.2/#files",
+ "url": "https://pypi.org/project/zipp/3.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zipp@3.20.2",
+ "purl": "pkg:pypi/zipp@3.21.0",
"properties": [
{
"name": "language",
@@ -2296,6 +2320,12 @@
"name": "markupsafe",
"version": "3.0.2",
"description": "Safely add untrusted strings to HTML/XML markup.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/markupsafe/3.0.2/#files",
@@ -2461,7 +2491,7 @@
"type": "library",
"bom-ref": "51-rpds-py",
"name": "rpds-py",
- "version": "0.20.0",
+ "version": "0.21.0",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -2470,23 +2500,8 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
- }
- ],
"externalReferences": [
{
"url": "https://github.com/crate-py/rpds",
@@ -2494,12 +2509,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.20.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.20.0",
+ "purl": "pkg:pypi/rpds-py@0.21.0",
"properties": [
{
"name": "language",
@@ -2820,7 +2835,7 @@
"type": "library",
"bom-ref": "58-rich",
"name": "rich",
- "version": "13.9.3",
+ "version": "13.9.4",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -2829,8 +2844,14 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2847,12 +2868,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rich/13.9.3/#files",
+ "url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.9.3",
+ "purl": "pkg:pypi/rich@13.9.4",
"properties": [
{
"name": "language",
@@ -3024,7 +3045,7 @@
"type": "library",
"bom-ref": "62-packaging",
"name": "packaging",
- "version": "24.1",
+ "version": "24.2",
"supplier": {
"name": "Donald Stufft",
"contact": [
@@ -3033,16 +3054,16 @@
}
]
},
- "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/packaging/24.1/#files",
+ "url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packaging@24.1",
+ "purl": "pkg:pypi/packaging@24.2",
"properties": [
{
"name": "language",
@@ -3446,7 +3467,7 @@
"type": "library",
"bom-ref": "71-setuptools",
"name": "setuptools",
- "version": "75.2.0",
+ "version": "75.3.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3455,16 +3476,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.2.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@75.2.0",
+ "purl": "pkg:pypi/setuptools@75.3.0",
"properties": [
{
"name": "language",
@@ -3538,7 +3559,7 @@
"type": "library",
"bom-ref": "73-xmlschema",
"name": "xmlschema",
- "version": "3.4.2",
+ "version": "3.4.3",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3547,7 +3568,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -3565,12 +3586,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/xmlschema/3.4.2/#files",
+ "url": "https://pypi.org/project/xmlschema/3.4.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@3.4.2",
+ "purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index b948398790..e3fee52bd3 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-eb859755-2df3-4cff-8f13-6688d449550c
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9649f957-449f-4148-b2c1-9a5ec28d0ff8
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-10-28T00:39:33Z
+Created: 2024-11-11T00:37:24Z
CreatorComment: This document has been automatically generated.
#####
@@ -116,6 +116,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -148,6 +149,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -158,18 +160,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
PackageName: yarl
SPDXID: SPDXRef-10-yarl
-PackageVersion: 1.16.0
+PackageVersion: 1.17.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.16.0/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.16.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -228,6 +230,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
+PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -238,10 +241,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
PackageName: cvss
SPDXID: SPDXRef-15-cvss
-PackageVersion: 3.2
+PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
-PackageDownloadLocation: https://pypi.org/project/cvss/3.2/#files
+PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
PackageLicenseDeclared: NOASSERTION
@@ -249,8 +252,8 @@ PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
@@ -740,6 +743,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: b34810b1e0665580a91ea19b6317a1890ecd42c1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -750,17 +754,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:
PackageName: zipp
SPDXID: SPDXRef-45-zipp
-PackageVersion: 3.20.2
+PackageVersion: 3.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files
+PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
#####
PackageName: jinja2
@@ -785,6 +789,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.
@@ -845,19 +850,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-51-rpds-py
-PackageVersion: 0.20.0
+PackageVersion: 0.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
@@ -962,18 +966,19 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1
PackageName: rich
SPDXID: SPDXRef-58-rich
-PackageVersion: 13.9.3
+PackageVersion: 13.9.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files
+PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
+PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -1029,17 +1034,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*
PackageName: packaging
SPDXID: SPDXRef-62-packaging
-PackageVersion: 24.1
+PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
-PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files
+PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
PackageName: plotly
@@ -1176,17 +1181,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-71-setuptools
-PackageVersion: 75.2.0
+PackageVersion: 75.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
#####
PackageName: toml
@@ -1208,18 +1213,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
PackageName: xmlschema
SPDXID: SPDXRef-73-xmlschema
-PackageVersion: 3.4.2
+PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.2/#files
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
diff --git a/test/test_output_engine.py b/test/test_output_engine.py
index 5510738a9f..5a65e5c4cd 100644
--- a/test/test_output_engine.py
+++ b/test/test_output_engine.py
@@ -1270,6 +1270,16 @@ def test_output_file(self):
self.assertEqual(contains_filename, True)
self.assertEqual(contains_msg, True)
+ def test_csv_output_file(self):
+ self.output_engine.output_file(output_type="csv")
+ filename = Path(self.output_engine.filename)
+ n_cves = sum(len(c["cves"]) for c in self.MOCK_OUTPUT.values())
+ with filename.open(newline="", mode="r") as f:
+ n_lines = len(f.read().splitlines())
+ # cvs file should have one line per cve plus a header line
+ assert n_lines == n_cves + 1
+ filename.unlink()
+
def test_output_file_wrapper(self):
"""Test file generation logic in output_file_wrapper"""
logger = logging.getLogger()