diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index a9dfe1d156..c0190371f3 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:30bcc6da-78f0-4cff-8b86-46b538305353",
+ "serialNumber": "urn:uuid:cc4c1587-f7c9-47e1-9748-a28d02e87e61",
"version": 1,
"metadata": {
- "timestamp": "2024-12-02T00:41:01Z",
+ "timestamp": "2024-12-09T00:40:33Z",
"lifecycles": [
{
"phase": "build"
@@ -79,7 +79,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.11.9",
+ "version": "3.11.10",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
@@ -97,12 +97,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.11.9/#files",
+ "url": "https://pypi.org/project/aiohttp/3.11.10/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohttp@3.11.9",
+ "purl": "pkg:pypi/aiohttp@3.11.10",
"properties": [
{
"name": "language",
@@ -111,6 +111,10 @@
{
"name": "python_version",
"value": "3.10.15"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-12-05T23:51:02.000Z"
}
]
},
@@ -549,6 +553,10 @@
{
"name": "python_version",
"value": "3.10.15"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-12-01T20:32:32.000Z"
}
]
},
@@ -917,7 +925,7 @@
"type": "library",
"bom-ref": "19-gsutil",
"name": "gsutil",
- "version": "5.31",
+ "version": "5.32",
"supplier": {
"name": "Google Inc .",
"contact": [
@@ -926,7 +934,7 @@
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:*",
"description": "A command line tool for interacting with cloud storage services.",
"licenses": [
{
@@ -944,12 +952,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/gsutil/5.31/#files",
+ "url": "https://pypi.org/project/gsutil/5.32/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/gsutil@5.31",
+ "purl": "pkg:pypi/gsutil@5.32",
"properties": [
{
"name": "language",
@@ -961,7 +969,7 @@
},
{
"name": "package_release_date",
- "value": "2024-10-10T15:59:06.000Z"
+ "value": "2024-12-04T14:56:46.000Z"
}
]
},
@@ -969,7 +977,7 @@
"type": "library",
"bom-ref": "20-argcomplete",
"name": "argcomplete",
- "version": "3.5.1",
+ "version": "3.5.2",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
@@ -978,8 +986,14 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc"
+ }
+ ],
"licenses": [
{
"license": {
@@ -996,12 +1010,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/argcomplete/3.5.1/#files",
+ "url": "https://pypi.org/project/argcomplete/3.5.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/argcomplete@3.5.1",
+ "purl": "pkg:pypi/argcomplete@3.5.2",
"properties": [
{
"name": "language",
@@ -1013,7 +1027,7 @@
},
{
"name": "package_release_date",
- "value": "2024-10-07T04:00:36.000Z"
+ "value": "2024-12-06T18:24:27.000Z"
}
]
},
@@ -1502,7 +1516,7 @@
"type": "library",
"bom-ref": "30-six",
"name": "six",
- "version": "1.16.0",
+ "version": "1.17.0",
"supplier": {
"name": "Benjamin Peterson",
"contact": [
@@ -1511,14 +1525,8 @@
}
]
},
- "cpe": "cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*",
"description": "Python 2 and 3 compatibility utilities",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "65486e4383f9f411da95937451205d3c7b61b9e1"
- }
- ],
"licenses": [
{
"license": {
@@ -1535,12 +1543,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/six/1.16.0/#files",
+ "url": "https://pypi.org/project/six/1.17.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/six@1.16.0",
+ "purl": "pkg:pypi/six@1.17.0",
"properties": [
{
"name": "language",
@@ -1552,7 +1560,7 @@
},
{
"name": "package_release_date",
- "value": "2021-05-05T14:18:17.000Z"
+ "value": "2024-12-04T17:35:26.000Z"
}
]
},
@@ -1889,7 +1897,7 @@
"type": "library",
"bom-ref": "37-pyopenssl",
"name": "pyopenssl",
- "version": "24.3.0",
+ "version": "24.2.1",
"supplier": {
"name": "The pyOpenSSL developers",
"contact": [
@@ -1898,7 +1906,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
"description": "Python wrapper module around the OpenSSL library",
"licenses": [
{
@@ -1916,12 +1924,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyopenssl/24.3.0/#files",
+ "url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyopenssl@24.3.0",
+ "purl": "pkg:pypi/pyopenssl@24.2.1",
"properties": [
{
"name": "language",
@@ -1930,10 +1938,6 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-27T20:43:21.000Z"
}
]
},
@@ -1941,7 +1945,7 @@
"type": "library",
"bom-ref": "38-cryptography",
"name": "cryptography",
- "version": "44.0.0",
+ "version": "43.0.3",
"supplier": {
"name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -1950,7 +1954,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
@@ -1964,12 +1968,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cryptography/44.0.0/#files",
+ "url": "https://pypi.org/project/cryptography/43.0.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@44.0.0",
+ "purl": "pkg:pypi/cryptography@43.0.3",
"properties": [
{
"name": "language",
@@ -1978,10 +1982,6 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-27T18:05:55.000Z"
}
]
},
@@ -2499,7 +2499,7 @@
"type": "library",
"bom-ref": "49-rpds-py",
"name": "rpds-py",
- "version": "0.21.0",
+ "version": "0.22.3",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -2508,14 +2508,8 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "73581d8dfc56a24eac6ee32c83e6759b4506bb71"
- }
- ],
"externalReferences": [
{
"url": "https://github.com/crate-py/rpds",
@@ -2523,12 +2517,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.21.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.22.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.21.0",
+ "purl": "pkg:pypi/rpds-py@0.22.3",
"properties": [
{
"name": "language",
@@ -2540,7 +2534,7 @@
},
{
"name": "package_release_date",
- "value": "2024-11-06T13:57:41.000Z"
+ "value": "2024-12-04T15:31:31.000Z"
}
]
},
@@ -2589,6 +2583,10 @@
{
"name": "python_version",
"value": "3.10.15"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-09-18T21:36:24.000Z"
}
]
},
@@ -2753,6 +2751,10 @@
{
"name": "python_version",
"value": "3.10.15"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-08-29T20:36:52.000Z"
}
]
},
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index 272b86f58c..345f7bc049 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e49aac3f-4241-44ab-a2f5-36ab7d594e3a
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3116a9e0-cfe7-4bba-8c51-73272f16f233
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-12-02T00:39:48Z
+Created: 2024-12-09T00:39:40Z
CreatorComment: This document has been automatically generated.
#####
@@ -27,17 +27,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.11.9
+PackageVersion: 3.11.10
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.9/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.10/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.9
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.10
#####
PackageName: aiohappyeyeballs
@@ -309,10 +309,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:
PackageName: gsutil
SPDXID: SPDXRef-19-gsutil
-PackageVersion: 5.31
+PackageVersion: 5.32
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.31/#files
+PackageDownloadLocation: https://pypi.org/project/gsutil/5.32/#files
FilesAnalyzed: false
PackageHomePage: https://cloud.google.com/storage/docs/gsutil
PackageLicenseDeclared: NOASSERTION
@@ -320,25 +320,26 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A command line tool for interacting with cloud storage services.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.31
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.32
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:*
#####
PackageName: argcomplete
SPDXID: SPDXRef-20-argcomplete
-PackageVersion: 3.5.1
+PackageVersion: 3.5.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.1/#files
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/kislyuk/argcomplete
+PackageChecksum: SHA1: fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*
#####
PackageName: crcmod
@@ -496,19 +497,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*
PackageName: six
SPDXID: SPDXRef-30-six
-PackageVersion: 1.16.0
+PackageVersion: 1.17.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Benjamin Peterson (benjamin@python.org)
-PackageDownloadLocation: https://pypi.org/project/six/1.16.0/#files
+PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/benjaminp/six
-PackageChecksum: SHA1: 65486e4383f9f411da95937451205d3c7b61b9e1
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python 2 and 3 compatibility utilities
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*
#####
PackageName: google-auth-httplib2
@@ -618,10 +618,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*
PackageName: pyopenssl
SPDXID: SPDXRef-37-pyopenssl
-PackageVersion: 24.3.0
+PackageVersion: 24.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files
+PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://pyopenssl.org/
PackageLicenseDeclared: NOASSERTION
@@ -629,24 +629,24 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
#####
PackageName: cryptography
SPDXID: SPDXRef-38-cryptography
-PackageVersion: 44.0.0
+PackageVersion: 43.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files
+PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyca/cryptography
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
#####
PackageName: cffi
@@ -819,19 +819,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-49-rpds-py
-PackageVersion: 0.21.0
+PackageVersion: 0.22.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.22.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA1: 73581d8dfc56a24eac6ee32c83e6759b4506bb71
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.22.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*
#####
PackageName: lib4sbom