diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
index 238c7f6374..39b9a567bd 100644
--- a/sbom/cve-bin-tool-py3.11.json
+++ b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:c0ad9887-1afc-490c-9a2f-74e4604b1a74",
+ "serialNumber": "urn:uuid:26cf65a2-3634-40ba-9952-49f2946933a2",
"version": 1,
"metadata": {
- "timestamp": "2024-11-25T00:37:53Z",
+ "timestamp": "2024-12-02T00:40:31Z",
"lifecycles": [
{
"phase": "build"
@@ -79,7 +79,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.11.7",
+ "version": "3.11.9",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
@@ -97,12 +97,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.11.7/#files",
+ "url": "https://pypi.org/project/aiohttp/3.11.9/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohttp@3.11.7",
+ "purl": "pkg:pypi/aiohttp@3.11.9",
"properties": [
{
"name": "language",
@@ -114,7 +114,7 @@
},
{
"name": "package_release_date",
- "value": "2024-11-21T15:42:26.000Z"
+ "value": "2024-12-01T23:26:48.000Z"
}
]
},
@@ -122,7 +122,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
- "version": "2.4.3",
+ "version": "2.4.4",
"supplier": {
"name": "J. Nick Koston",
"contact": [
@@ -131,14 +131,8 @@
}
]
},
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
- }
- ],
"licenses": [
{
"license": {
@@ -155,12 +149,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files",
+ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohappyeyeballs@2.4.3",
+ "purl": "pkg:pypi/aiohappyeyeballs@2.4.4",
"properties": [
{
"name": "language",
@@ -172,7 +166,7 @@
},
{
"name": "package_release_date",
- "value": "2024-09-30T19:42:26.000Z"
+ "value": "2024-11-30T18:43:39.000Z"
}
]
},
@@ -327,6 +321,12 @@
},
"cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
"description": "multidict implementation",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68"
+ }
+ ],
"licenses": [
{
"license": {
@@ -368,7 +368,7 @@
"type": "library",
"bom-ref": "8-propcache",
"name": "propcache",
- "version": "0.2.0",
+ "version": "0.2.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -377,14 +377,8 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*",
"description": "Accelerated property cache",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda"
- }
- ],
"licenses": [
{
"license": {
@@ -401,12 +395,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/propcache/0.2.0/#files",
+ "url": "https://pypi.org/project/propcache/0.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/propcache@0.2.0",
+ "purl": "pkg:pypi/propcache@0.2.1",
"properties": [
{
"name": "language",
@@ -415,10 +409,6 @@
{
"name": "python_version",
"value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2024-10-07T12:54:02.000Z"
}
]
},
@@ -426,7 +416,7 @@
"type": "library",
"bom-ref": "9-yarl",
"name": "yarl",
- "version": "1.18.0",
+ "version": "1.18.3",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -435,7 +425,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -453,12 +443,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.18.0/#files",
+ "url": "https://pypi.org/project/yarl/1.18.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.18.0",
+ "purl": "pkg:pypi/yarl@1.18.3",
"properties": [
{
"name": "language",
@@ -467,10 +457,6 @@
{
"name": "python_version",
"value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-21T15:02:50.000Z"
}
]
},
@@ -1811,7 +1797,7 @@
"type": "library",
"bom-ref": "35-pyopenssl",
"name": "pyopenssl",
- "version": "24.2.1",
+ "version": "24.3.0",
"supplier": {
"name": "The pyOpenSSL developers",
"contact": [
@@ -1820,7 +1806,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*",
"description": "Python wrapper module around the OpenSSL library",
"licenses": [
{
@@ -1838,12 +1824,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
+ "url": "https://pypi.org/project/pyopenssl/24.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyopenssl@24.2.1",
+ "purl": "pkg:pypi/pyopenssl@24.3.0",
"properties": [
{
"name": "language",
@@ -1855,7 +1841,7 @@
},
{
"name": "package_release_date",
- "value": "2024-07-20T17:26:29.000Z"
+ "value": "2024-11-27T20:43:21.000Z"
}
]
},
@@ -1863,7 +1849,7 @@
"type": "library",
"bom-ref": "36-cryptography",
"name": "cryptography",
- "version": "43.0.3",
+ "version": "44.0.0",
"supplier": {
"name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -1872,7 +1858,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
@@ -1886,12 +1872,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cryptography/43.0.3/#files",
+ "url": "https://pypi.org/project/cryptography/44.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@43.0.3",
+ "purl": "pkg:pypi/cryptography@44.0.0",
"properties": [
{
"name": "language",
@@ -1903,7 +1889,7 @@
},
{
"name": "package_release_date",
- "value": "2024-10-18T15:57:36.000Z"
+ "value": "2024-11-27T18:05:55.000Z"
}
]
},
@@ -1922,6 +1908,12 @@
},
"cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
"description": "Foreign Function Interface for Python calling C code.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51"
+ }
+ ],
"licenses": [
{
"license": {
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
index 8c726389a2..c6b330f164 100644
--- a/sbom/cve-bin-tool-py3.11.spdx
+++ b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a81bc690-1847-4a09-9e8a-8501cc865a70
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7d24f8cb-8f3b-41e7-bad7-84f6018d8c85
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-11-25T00:37:14Z
+Created: 2024-12-02T00:39:32Z
CreatorComment: This document has been automatically generated.
#####
@@ -27,34 +27,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.11.7
+PackageVersion: 3.11.9
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.7/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.9/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.7
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.9
#####
PackageName: aiohappyeyeballs
SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.3
+PackageVersion: 2.4.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*
#####
PackageName: aiosignal
@@ -114,6 +113,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/multidict
+PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
@@ -125,35 +125,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*
PackageName: propcache
SPDXID: SPDXRef-8-propcache
-PackageVersion: 0.2.0
+PackageVersion: 0.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/propcache
-PackageChecksum: SHA1: f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Accelerated property cache
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*
#####
PackageName: yarl
SPDXID: SPDXRef-9-yarl
-PackageVersion: 1.18.0
+PackageVersion: 1.18.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.18.0/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -586,10 +585,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*
PackageName: pyopenssl
SPDXID: SPDXRef-35-pyopenssl
-PackageVersion: 24.2.1
+PackageVersion: 24.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files
+PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files
FilesAnalyzed: false
PackageHomePage: https://pyopenssl.org/
PackageLicenseDeclared: NOASSERTION
@@ -597,24 +596,24 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*
#####
PackageName: cryptography
SPDXID: SPDXRef-36-cryptography
-PackageVersion: 43.0.3
+PackageVersion: 44.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
+PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyca/cryptography
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*
#####
PackageName: cffi
@@ -625,6 +624,7 @@ PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroup
PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: http://cffi.readthedocs.org
+PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION