diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index d02c39aa5a..bab0e254a1 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:61069711-4704-416c-898b-175b041b2d5b",
+ "serialNumber": "urn:uuid:c33313e2-a6ab-4b87-b152-452c4a14a5b0",
"version": 1,
"metadata": {
- "timestamp": "2024-12-23T00:37:22Z",
+ "timestamp": "2024-12-30T00:38:05Z",
"lifecycles": [
{
"phase": "build"
@@ -246,6 +246,12 @@
"name": "aiosignal",
"version": "1.3.2",
"description": "aiosignal: a list of registered asynchronous callbacks",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "45cde58e409a301715980c2b01d0c28bdde3770d8290b5eb2173759d9acb31a5"
+ }
+ ],
"licenses": [
{
"license": {
@@ -295,7 +301,7 @@
"properties": [
{
"name": "release_date",
- "value": "2024-11-30T18:43:39Z"
+ "value": "2024-12-13T17:10:38Z"
},
{
"name": "language",
@@ -4244,21 +4250,21 @@
"type": "library",
"bom-ref": "67-charset-normalizer",
"name": "charset-normalizer",
- "version": "3.4.0",
+ "version": "3.4.1",
"supplier": {
- "name": "Ahmed TAHRI",
+ "name": "Ahmed R .",
"contact": [
{
"email": "tahri.ahmed@proton.me"
}
]
},
- "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.1:*:*:*:*:*:*:*",
"description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
"hashes": [
{
"alg": "SHA-256",
- "content": "4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6"
+ "content": "91b36a978b5ae0ee86c394f5a54d6ef44db1de0815eb43de826d41d21e4af3de"
}
],
"licenses": [
@@ -4272,29 +4278,32 @@
],
"externalReferences": [
{
- "url": "https://github.com/Ousret/charset_normalizer",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files",
+ "url": "https://pypi.org/project/charset-normalizer/3.4.1/#files",
"type": "distribution",
"comment": "Download location for component"
},
{
- "url": "https://github.com/Ousret/charset_normalizer/issues",
- "type": "issue-tracker"
+ "url": "https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md",
+ "type": "log"
},
{
- "url": "https://charset-normalizer.readthedocs.io/en/latest",
+ "url": "https://charset-normalizer.readthedocs.io/",
"type": "documentation"
+ },
+ {
+ "url": "https://github.com/jawah/charset_normalizer",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/jawah/charset_normalizer/issues",
+ "type": "issue-tracker"
}
],
- "purl": "pkg:pypi/charset-normalizer@3.4.0",
+ "purl": "pkg:pypi/charset-normalizer@3.4.1",
"properties": [
{
"name": "release_date",
- "value": "2024-10-09T07:38:02Z"
+ "value": "2024-12-24T18:09:43Z"
},
{
"name": "language",
@@ -4321,6 +4330,12 @@
},
"cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.3.0:*:*:*:*:*:*:*",
"description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "1cee9ad369867bfdbbb48b7dd50374c0967a0bb7710050facf0dd6911440e3df"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/urllib3/2.3.0/#files",
@@ -4348,7 +4363,7 @@
"properties": [
{
"name": "release_date",
- "value": "2024-10-09T07:38:02Z"
+ "value": "2024-12-22T07:47:28Z"
},
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index 45dd1c4256..eb70666300 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c7b63716-84f8-401e-b177-44cd670ab4a3
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-ad462e90-a3ce-44a6-bb5a-c2d653ced60d
LicenseListVersion: 3.25
Creator: Tool: sbom4python-0.12.1
-Created: 2024-12-23T00:37:14Z
+Created: 2024-12-30T00:37:57Z
CreatorComment: This document has been automatically generated.
#####
@@ -82,12 +82,13 @@ PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiosignal
+PackageChecksum: SHA256: 45cde58e409a301715980c2b01d0c28bdde3770d8290b5eb2173759d9acb31a5
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: aiosignal: a list of registered asynchronous callbacks
-ReleaseDate: 2024-11-30T18:43:39Z
+ReleaseDate: 2024-12-13T17:10:38Z
ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby
ExternalRef: OTHER build-system https://github.com/aio-libs/aiosignal/actions
ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal
@@ -1394,22 +1395,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:
PackageName: charset-normalizer
SPDXID: SPDXRef-67-charset-normalizer
-PackageVersion: 3.4.0
+PackageVersion: 3.4.1
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me)
-PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files
+PackageSupplier: Organization: Ahmed R. (tahri.ahmed@proton.me)
+PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.1/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/Ousret/charset_normalizer
-PackageChecksum: SHA256: 4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6
+PackageChecksum: SHA256: 91b36a978b5ae0ee86c394f5a54d6ef44db1de0815eb43de826d41d21e4af3de
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
-ReleaseDate: 2024-10-09T07:38:02Z
-ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues
-ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-24T18:09:43Z
+ExternalRef: OTHER log https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md
+ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/
+ExternalRef: OTHER vcs https://github.com/jawah/charset_normalizer
+ExternalRef: OTHER issue-tracker https://github.com/jawah/charset_normalizer/issues
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.4.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.1:*:*:*:*:*:*:*
#####
PackageName: urllib3
@@ -1419,11 +1421,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
PackageDownloadLocation: https://pypi.org/project/urllib3/2.3.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: 1cee9ad369867bfdbbb48b7dd50374c0967a0bb7710050facf0dd6911440e3df
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
-ReleaseDate: 2024-10-09T07:38:02Z
+ReleaseDate: 2024-12-22T07:47:28Z
ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst
ExternalRef: OTHER documentation https://urllib3.readthedocs.io
ExternalRef: OTHER vcs https://github.com/urllib3/urllib3