diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml
index 6cf415295b..77f770d804 100644
--- a/.github/workflows/build-wheel.yml
+++ b/.github/workflows/build-wheel.yml
@@ -23,7 +23,7 @@ jobs:
if: github.repository == 'intel/cve-bin-tool' # run on origin repo only
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 8e21d96eda..86efaccec7 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -42,7 +42,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 6ad8ebb3ac..28ab5b0c38 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -14,7 +14,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/cve_scan.yml b/.github/workflows/cve_scan.yml
index c97248eeb3..56d60d6a22 100644
--- a/.github/workflows/cve_scan.yml
+++ b/.github/workflows/cve_scan.yml
@@ -17,7 +17,7 @@ jobs:
timeout-minutes: 60
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index d99c952123..de970949f3 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -17,11 +17,11 @@ jobs:
runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: 'Checkout Repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: 'Dependency Review'
- uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0
+ uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml
index 5ef52b7699..a864aeb4c8 100644
--- a/.github/workflows/formatting.yml
+++ b/.github/workflows/formatting.yml
@@ -19,7 +19,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
index c4737601f6..a7cacf22e2 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -18,7 +18,7 @@ jobs:
tool: ['isort', 'black', 'pyupgrade', 'flake8', 'bandit', 'gitlint', 'mypy', 'interrogate']
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
index 1d42ac5baa..ad5cca1bf2 100644
--- a/.github/workflows/sbom.yml
+++ b/.github/workflows/sbom.yml
@@ -22,7 +22,7 @@ jobs:
python: ['3.8', '3.9', '3.10', '3.11', '3.12']
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index e6c3614f67..d5f8c3dfad 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -22,7 +22,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml
index 2dec16dcae..4676520a5e 100644
--- a/.github/workflows/spelling.yml
+++ b/.github/workflows/spelling.yml
@@ -14,7 +14,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
index dbfe66a755..6310c69d43 100644
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@@ -39,7 +39,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
@@ -76,7 +76,7 @@ jobs:
timeout-minutes: 90
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: block
allowed-endpoints: >
@@ -203,7 +203,7 @@ jobs:
LONG_TESTS: 1
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: block
allowed-endpoints: >
@@ -365,7 +365,7 @@ jobs:
EXTERNAL_SYSTEM: 1
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: block
allowed-endpoints: >
@@ -498,7 +498,7 @@ jobs:
PYTHONIOENCODING: 'utf8'
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/update-cache.yml b/.github/workflows/update-cache.yml
index fa2c93fae7..3ff143f678 100644
--- a/.github/workflows/update-cache.yml
+++ b/.github/workflows/update-cache.yml
@@ -26,7 +26,7 @@ jobs:
timeout-minutes: 60
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/update-js-dependencies.yml b/.github/workflows/update-js-dependencies.yml
index f2b3fc0bd9..be00a1298d 100644
--- a/.github/workflows/update-js-dependencies.yml
+++ b/.github/workflows/update-js-dependencies.yml
@@ -22,7 +22,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/update-pre-commit.yml b/.github/workflows/update-pre-commit.yml
index 2b3be9cf39..192b599ee4 100644
--- a/.github/workflows/update-pre-commit.yml
+++ b/.github/workflows/update-pre-commit.yml
@@ -22,7 +22,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/update-spdx-header.yml b/.github/workflows/update-spdx-header.yml
index 68cde73344..adb37a09d6 100644
--- a/.github/workflows/update-spdx-header.yml
+++ b/.github/workflows/update-spdx-header.yml
@@ -23,7 +23,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/validate-yml.yml b/.github/workflows/validate-yml.yml
index b4bd97f31d..821a621727 100644
--- a/.github/workflows/validate-yml.yml
+++ b/.github/workflows/validate-yml.yml
@@ -12,7 +12,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index 5f95347048..a9dfe1d156 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:88a7c280-7920-491a-a98e-db2939f852a4",
+ "serialNumber": "urn:uuid:30bcc6da-78f0-4cff-8b86-46b538305353",
"version": 1,
"metadata": {
- "timestamp": "2024-11-18T00:38:34Z",
+ "timestamp": "2024-12-02T00:41:01Z",
"lifecycles": [
{
"phase": "build"
@@ -79,7 +79,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.11.2",
+ "version": "3.11.9",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
@@ -97,12 +97,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.11.2/#files",
+ "url": "https://pypi.org/project/aiohttp/3.11.9/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohttp@3.11.2",
+ "purl": "pkg:pypi/aiohttp@3.11.9",
"properties": [
{
"name": "language",
@@ -118,7 +118,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
- "version": "2.4.3",
+ "version": "2.4.4",
"supplier": {
"name": "J. Nick Koston",
"contact": [
@@ -127,14 +127,8 @@
}
]
},
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
- }
- ],
"licenses": [
{
"license": {
@@ -151,12 +145,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files",
+ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohappyeyeballs@2.4.3",
+ "purl": "pkg:pypi/aiohappyeyeballs@2.4.4",
"properties": [
{
"name": "language",
@@ -168,7 +162,7 @@
},
{
"name": "package_release_date",
- "value": "2024-09-30T19:42:26.000Z"
+ "value": "2024-11-30T18:43:39.000Z"
}
]
},
@@ -375,6 +369,12 @@
},
"cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
"description": "multidict implementation",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68"
+ }
+ ],
"licenses": [
{
"license": {
@@ -460,7 +460,7 @@
"type": "library",
"bom-ref": "10-propcache",
"name": "propcache",
- "version": "0.2.0",
+ "version": "0.2.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -469,7 +469,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*",
"description": "Accelerated property cache",
"licenses": [
{
@@ -487,12 +487,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/propcache/0.2.0/#files",
+ "url": "https://pypi.org/project/propcache/0.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/propcache@0.2.0",
+ "purl": "pkg:pypi/propcache@0.2.1",
"properties": [
{
"name": "language",
@@ -501,10 +501,6 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2024-10-07T12:54:02.000Z"
}
]
},
@@ -512,7 +508,7 @@
"type": "library",
"bom-ref": "11-yarl",
"name": "yarl",
- "version": "1.17.2",
+ "version": "1.18.3",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -521,7 +517,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -539,12 +535,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.17.2/#files",
+ "url": "https://pypi.org/project/yarl/1.18.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.17.2",
+ "purl": "pkg:pypi/yarl@1.18.3",
"properties": [
{
"name": "language",
@@ -1893,7 +1889,7 @@
"type": "library",
"bom-ref": "37-pyopenssl",
"name": "pyopenssl",
- "version": "24.2.1",
+ "version": "24.3.0",
"supplier": {
"name": "The pyOpenSSL developers",
"contact": [
@@ -1902,7 +1898,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*",
"description": "Python wrapper module around the OpenSSL library",
"licenses": [
{
@@ -1920,12 +1916,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
+ "url": "https://pypi.org/project/pyopenssl/24.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyopenssl@24.2.1",
+ "purl": "pkg:pypi/pyopenssl@24.3.0",
"properties": [
{
"name": "language",
@@ -1937,7 +1933,7 @@
},
{
"name": "package_release_date",
- "value": "2024-07-20T17:26:29.000Z"
+ "value": "2024-11-27T20:43:21.000Z"
}
]
},
@@ -1945,7 +1941,7 @@
"type": "library",
"bom-ref": "38-cryptography",
"name": "cryptography",
- "version": "43.0.3",
+ "version": "44.0.0",
"supplier": {
"name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -1954,7 +1950,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
@@ -1968,12 +1964,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cryptography/43.0.3/#files",
+ "url": "https://pypi.org/project/cryptography/44.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@43.0.3",
+ "purl": "pkg:pypi/cryptography@44.0.0",
"properties": [
{
"name": "language",
@@ -1985,7 +1981,7 @@
},
{
"name": "package_release_date",
- "value": "2024-10-18T15:57:36.000Z"
+ "value": "2024-11-27T18:05:55.000Z"
}
]
},
@@ -2004,6 +2000,12 @@
},
"cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
"description": "Foreign Function Interface for Python calling C code.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2034,6 +2036,10 @@
{
"name": "python_version",
"value": "3.10.15"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-09-04T20:43:30.000Z"
}
]
},
@@ -2801,6 +2807,10 @@
{
"name": "python_version",
"value": "3.10.15"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-06-12T20:10:06.000Z"
}
]
},
@@ -2814,6 +2824,12 @@
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9155d4173e4c1f29a345de86c280ab783c837882"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2844,6 +2860,10 @@
{
"name": "python_version",
"value": "3.10.15"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-10-22T05:51:23.000Z"
}
]
},
@@ -3076,6 +3096,12 @@
},
"cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d8e3b31b734926ebbcaff654279f6855a73e052f"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/packaging/24.2/#files",
@@ -3535,7 +3561,7 @@
"type": "library",
"bom-ref": "69-setuptools",
"name": "setuptools",
- "version": "75.5.0",
+ "version": "75.6.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3544,16 +3570,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.5.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@75.5.0",
+ "purl": "pkg:pypi/setuptools@75.6.0",
"properties": [
{
"name": "language",
@@ -3562,10 +3588,6 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-13T11:22:04.000Z"
}
]
},
@@ -3724,6 +3746,10 @@
{
"name": "python_version",
"value": "3.10.15"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-10-27T21:52:58.000Z"
}
]
},
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index a6ebbb424d..272b86f58c 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-53fcdacf-66b9-407a-8e03-8d9eee658c35
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e49aac3f-4241-44ab-a2f5-36ab7d594e3a
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-11-18T00:37:44Z
+Created: 2024-12-02T00:39:48Z
CreatorComment: This document has been automatically generated.
#####
@@ -27,35 +27,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.11.2
+PackageVersion: 3.11.9
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.9/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageLicenseDeclared: NOASSERTION
+PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.9
#####
PackageName: aiohappyeyeballs
SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.3
+PackageVersion: 2.4.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*
#####
PackageName: aiosignal
@@ -132,6 +130,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/multidict
+PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
@@ -159,34 +158,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
PackageName: propcache
SPDXID: SPDXRef-10-propcache
-PackageVersion: 0.2.0
+PackageVersion: 0.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/propcache
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Accelerated property cache
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*
#####
PackageName: yarl
SPDXID: SPDXRef-11-yarl
-PackageVersion: 1.17.2
+PackageVersion: 1.18.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -619,10 +618,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*
PackageName: pyopenssl
SPDXID: SPDXRef-37-pyopenssl
-PackageVersion: 24.2.1
+PackageVersion: 24.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files
+PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files
FilesAnalyzed: false
PackageHomePage: https://pyopenssl.org/
PackageLicenseDeclared: NOASSERTION
@@ -630,24 +629,24 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*
#####
PackageName: cryptography
SPDXID: SPDXRef-38-cryptography
-PackageVersion: 43.0.3
+PackageVersion: 44.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
+PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyca/cryptography
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*
#####
PackageName: cffi
@@ -658,6 +657,7 @@ PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroup
PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: http://cffi.readthedocs.org
+PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
@@ -926,6 +926,7 @@ PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
+PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
@@ -1009,6 +1010,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -1153,17 +1155,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-69-setuptools
-PackageVersion: 75.5.0
+PackageVersion: 75.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*
#####
PackageName: toml
diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
index c0ec7aafc2..39b9a567bd 100644
--- a/sbom/cve-bin-tool-py3.11.json
+++ b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:9445364b-91e6-4789-8aca-9a9c8deaafed",
+ "serialNumber": "urn:uuid:26cf65a2-3634-40ba-9952-49f2946933a2",
"version": 1,
"metadata": {
- "timestamp": "2024-11-18T00:39:23Z",
+ "timestamp": "2024-12-02T00:40:31Z",
"lifecycles": [
{
"phase": "build"
@@ -79,7 +79,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.11.2",
+ "version": "3.11.9",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
@@ -97,12 +97,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.11.2/#files",
+ "url": "https://pypi.org/project/aiohttp/3.11.9/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohttp@3.11.2",
+ "purl": "pkg:pypi/aiohttp@3.11.9",
"properties": [
{
"name": "language",
@@ -111,6 +111,10 @@
{
"name": "python_version",
"value": "3.11.10"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-12-01T23:26:48.000Z"
}
]
},
@@ -118,7 +122,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
- "version": "2.4.3",
+ "version": "2.4.4",
"supplier": {
"name": "J. Nick Koston",
"contact": [
@@ -127,14 +131,8 @@
}
]
},
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
- }
- ],
"licenses": [
{
"license": {
@@ -151,12 +149,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files",
+ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohappyeyeballs@2.4.3",
+ "purl": "pkg:pypi/aiohappyeyeballs@2.4.4",
"properties": [
{
"name": "language",
@@ -168,7 +166,7 @@
},
{
"name": "package_release_date",
- "value": "2024-09-30T19:42:26.000Z"
+ "value": "2024-11-30T18:43:39.000Z"
}
]
},
@@ -323,6 +321,12 @@
},
"cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
"description": "multidict implementation",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68"
+ }
+ ],
"licenses": [
{
"license": {
@@ -364,7 +368,7 @@
"type": "library",
"bom-ref": "8-propcache",
"name": "propcache",
- "version": "0.2.0",
+ "version": "0.2.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -373,7 +377,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*",
"description": "Accelerated property cache",
"licenses": [
{
@@ -391,12 +395,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/propcache/0.2.0/#files",
+ "url": "https://pypi.org/project/propcache/0.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/propcache@0.2.0",
+ "purl": "pkg:pypi/propcache@0.2.1",
"properties": [
{
"name": "language",
@@ -405,10 +409,6 @@
{
"name": "python_version",
"value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2024-10-07T12:54:02.000Z"
}
]
},
@@ -416,7 +416,7 @@
"type": "library",
"bom-ref": "9-yarl",
"name": "yarl",
- "version": "1.17.2",
+ "version": "1.18.3",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -425,7 +425,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -443,12 +443,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.17.2/#files",
+ "url": "https://pypi.org/project/yarl/1.18.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.17.2",
+ "purl": "pkg:pypi/yarl@1.18.3",
"properties": [
{
"name": "language",
@@ -1797,7 +1797,7 @@
"type": "library",
"bom-ref": "35-pyopenssl",
"name": "pyopenssl",
- "version": "24.2.1",
+ "version": "24.3.0",
"supplier": {
"name": "The pyOpenSSL developers",
"contact": [
@@ -1806,7 +1806,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*",
"description": "Python wrapper module around the OpenSSL library",
"licenses": [
{
@@ -1824,12 +1824,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
+ "url": "https://pypi.org/project/pyopenssl/24.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyopenssl@24.2.1",
+ "purl": "pkg:pypi/pyopenssl@24.3.0",
"properties": [
{
"name": "language",
@@ -1841,7 +1841,7 @@
},
{
"name": "package_release_date",
- "value": "2024-07-20T17:26:29.000Z"
+ "value": "2024-11-27T20:43:21.000Z"
}
]
},
@@ -1849,7 +1849,7 @@
"type": "library",
"bom-ref": "36-cryptography",
"name": "cryptography",
- "version": "43.0.3",
+ "version": "44.0.0",
"supplier": {
"name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -1858,7 +1858,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
@@ -1872,12 +1872,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cryptography/43.0.3/#files",
+ "url": "https://pypi.org/project/cryptography/44.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@43.0.3",
+ "purl": "pkg:pypi/cryptography@44.0.0",
"properties": [
{
"name": "language",
@@ -1889,7 +1889,7 @@
},
{
"name": "package_release_date",
- "value": "2024-10-18T15:57:36.000Z"
+ "value": "2024-11-27T18:05:55.000Z"
}
]
},
@@ -1908,6 +1908,12 @@
},
"cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
"description": "Foreign Function Interface for Python calling C code.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1938,6 +1944,10 @@
{
"name": "python_version",
"value": "3.11.10"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-09-04T20:43:30.000Z"
}
]
},
@@ -2705,6 +2715,10 @@
{
"name": "python_version",
"value": "3.11.10"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-06-12T20:10:06.000Z"
}
]
},
@@ -2718,6 +2732,12 @@
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9155d4173e4c1f29a345de86c280ab783c837882"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2748,6 +2768,10 @@
{
"name": "python_version",
"value": "3.11.10"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-10-22T05:51:23.000Z"
}
]
},
@@ -2980,6 +3004,12 @@
},
"cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d8e3b31b734926ebbcaff654279f6855a73e052f"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/packaging/24.2/#files",
@@ -3439,7 +3469,7 @@
"type": "library",
"bom-ref": "67-setuptools",
"name": "setuptools",
- "version": "75.5.0",
+ "version": "75.6.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3448,16 +3478,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.5.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@75.5.0",
+ "purl": "pkg:pypi/setuptools@75.6.0",
"properties": [
{
"name": "language",
@@ -3466,10 +3496,6 @@
{
"name": "python_version",
"value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-13T11:22:04.000Z"
}
]
},
@@ -3570,6 +3596,10 @@
{
"name": "python_version",
"value": "3.11.10"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-10-27T21:52:58.000Z"
}
]
},
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
index e37b1e32bc..c6b330f164 100644
--- a/sbom/cve-bin-tool-py3.11.spdx
+++ b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-75f97134-ae0b-4742-83bb-e1072b2baaf1
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7d24f8cb-8f3b-41e7-bad7-84f6018d8c85
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-11-18T00:38:42Z
+Created: 2024-12-02T00:39:32Z
CreatorComment: This document has been automatically generated.
#####
@@ -27,35 +27,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.11.2
+PackageVersion: 3.11.9
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.9/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageLicenseDeclared: NOASSERTION
+PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.9
#####
PackageName: aiohappyeyeballs
SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.3
+PackageVersion: 2.4.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*
#####
PackageName: aiosignal
@@ -115,6 +113,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/multidict
+PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
@@ -126,34 +125,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*
PackageName: propcache
SPDXID: SPDXRef-8-propcache
-PackageVersion: 0.2.0
+PackageVersion: 0.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/propcache
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Accelerated property cache
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*
#####
PackageName: yarl
SPDXID: SPDXRef-9-yarl
-PackageVersion: 1.17.2
+PackageVersion: 1.18.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -586,10 +585,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*
PackageName: pyopenssl
SPDXID: SPDXRef-35-pyopenssl
-PackageVersion: 24.2.1
+PackageVersion: 24.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files
+PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files
FilesAnalyzed: false
PackageHomePage: https://pyopenssl.org/
PackageLicenseDeclared: NOASSERTION
@@ -597,24 +596,24 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*
#####
PackageName: cryptography
SPDXID: SPDXRef-36-cryptography
-PackageVersion: 43.0.3
+PackageVersion: 44.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
+PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyca/cryptography
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*
#####
PackageName: cffi
@@ -625,6 +624,7 @@ PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroup
PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: http://cffi.readthedocs.org
+PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
@@ -893,6 +893,7 @@ PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
+PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
@@ -976,6 +977,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -1120,17 +1122,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-67-setuptools
-PackageVersion: 75.5.0
+PackageVersion: 75.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*
#####
PackageName: xmlschema
diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
index 4c2b0f704a..b58600031e 100644
--- a/sbom/cve-bin-tool-py3.12.json
+++ b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:b68a2b85-9212-4889-b7b2-84f3edf441ff",
+ "serialNumber": "urn:uuid:5548b4f9-442d-4b36-9090-15eb81f1a49c",
"version": 1,
"metadata": {
- "timestamp": "2024-11-18T00:38:25Z",
+ "timestamp": "2024-12-02T00:39:46Z",
"lifecycles": [
{
"phase": "build"
@@ -79,7 +79,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.11.2",
+ "version": "3.11.9",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
@@ -97,12 +97,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.11.2/#files",
+ "url": "https://pypi.org/project/aiohttp/3.11.9/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohttp@3.11.2",
+ "purl": "pkg:pypi/aiohttp@3.11.9",
"properties": [
{
"name": "language",
@@ -111,6 +111,10 @@
{
"name": "python_version",
"value": "3.12.7"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-12-01T23:26:48.000Z"
}
]
},
@@ -118,7 +122,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
- "version": "2.4.3",
+ "version": "2.4.4",
"supplier": {
"name": "J. Nick Koston",
"contact": [
@@ -127,14 +131,8 @@
}
]
},
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
- }
- ],
"licenses": [
{
"license": {
@@ -151,12 +149,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files",
+ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohappyeyeballs@2.4.3",
+ "purl": "pkg:pypi/aiohappyeyeballs@2.4.4",
"properties": [
{
"name": "language",
@@ -168,7 +166,7 @@
},
{
"name": "package_release_date",
- "value": "2024-09-30T19:42:26.000Z"
+ "value": "2024-11-30T18:43:39.000Z"
}
]
},
@@ -323,6 +321,12 @@
},
"cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
"description": "multidict implementation",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68"
+ }
+ ],
"licenses": [
{
"license": {
@@ -364,7 +368,7 @@
"type": "library",
"bom-ref": "8-propcache",
"name": "propcache",
- "version": "0.2.0",
+ "version": "0.2.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -373,7 +377,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*",
"description": "Accelerated property cache",
"licenses": [
{
@@ -391,12 +395,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/propcache/0.2.0/#files",
+ "url": "https://pypi.org/project/propcache/0.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/propcache@0.2.0",
+ "purl": "pkg:pypi/propcache@0.2.1",
"properties": [
{
"name": "language",
@@ -405,10 +409,6 @@
{
"name": "python_version",
"value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2024-10-07T12:54:02.000Z"
}
]
},
@@ -416,7 +416,7 @@
"type": "library",
"bom-ref": "9-yarl",
"name": "yarl",
- "version": "1.17.2",
+ "version": "1.18.3",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -425,7 +425,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -443,12 +443,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.17.2/#files",
+ "url": "https://pypi.org/project/yarl/1.18.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.17.2",
+ "purl": "pkg:pypi/yarl@1.18.3",
"properties": [
{
"name": "language",
@@ -1797,7 +1797,7 @@
"type": "library",
"bom-ref": "35-pyopenssl",
"name": "pyopenssl",
- "version": "24.2.1",
+ "version": "24.3.0",
"supplier": {
"name": "The pyOpenSSL developers",
"contact": [
@@ -1806,7 +1806,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*",
"description": "Python wrapper module around the OpenSSL library",
"licenses": [
{
@@ -1824,12 +1824,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
+ "url": "https://pypi.org/project/pyopenssl/24.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyopenssl@24.2.1",
+ "purl": "pkg:pypi/pyopenssl@24.3.0",
"properties": [
{
"name": "language",
@@ -1841,7 +1841,7 @@
},
{
"name": "package_release_date",
- "value": "2024-07-20T17:26:29.000Z"
+ "value": "2024-11-27T20:43:21.000Z"
}
]
},
@@ -1849,7 +1849,7 @@
"type": "library",
"bom-ref": "36-cryptography",
"name": "cryptography",
- "version": "43.0.3",
+ "version": "44.0.0",
"supplier": {
"name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -1858,7 +1858,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
@@ -1872,12 +1872,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cryptography/43.0.3/#files",
+ "url": "https://pypi.org/project/cryptography/44.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@43.0.3",
+ "purl": "pkg:pypi/cryptography@44.0.0",
"properties": [
{
"name": "language",
@@ -1889,7 +1889,7 @@
},
{
"name": "package_release_date",
- "value": "2024-10-18T15:57:36.000Z"
+ "value": "2024-11-27T18:05:55.000Z"
}
]
},
@@ -1908,6 +1908,12 @@
},
"cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
"description": "Foreign Function Interface for Python calling C code.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1938,6 +1944,10 @@
{
"name": "python_version",
"value": "3.12.7"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-09-04T20:43:30.000Z"
}
]
},
@@ -2705,6 +2715,10 @@
{
"name": "python_version",
"value": "3.12.7"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-06-12T20:10:06.000Z"
}
]
},
@@ -2718,6 +2732,12 @@
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9155d4173e4c1f29a345de86c280ab783c837882"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2748,6 +2768,10 @@
{
"name": "python_version",
"value": "3.12.7"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-10-22T05:51:23.000Z"
}
]
},
@@ -2980,6 +3004,12 @@
},
"cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d8e3b31b734926ebbcaff654279f6855a73e052f"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/packaging/24.2/#files",
@@ -3439,7 +3469,7 @@
"type": "library",
"bom-ref": "67-setuptools",
"name": "setuptools",
- "version": "75.5.0",
+ "version": "75.6.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3448,16 +3478,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.5.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@75.5.0",
+ "purl": "pkg:pypi/setuptools@75.6.0",
"properties": [
{
"name": "language",
@@ -3466,10 +3496,6 @@
{
"name": "python_version",
"value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-13T11:22:04.000Z"
}
]
},
@@ -3570,6 +3596,10 @@
{
"name": "python_version",
"value": "3.12.7"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-10-27T21:52:58.000Z"
}
]
},
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
index 495c06d14d..796826637e 100644
--- a/sbom/cve-bin-tool-py3.12.spdx
+++ b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-babbb628-7d9c-4a26-8587-854eedfee7d8
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-998a45ca-d4b4-40a5-aabc-67947aef36d5
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-11-18T00:37:38Z
+Created: 2024-12-02T00:38:59Z
CreatorComment: This document has been automatically generated.
#####
@@ -27,35 +27,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.11.2
+PackageVersion: 3.11.9
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.9/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageLicenseDeclared: NOASSERTION
+PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.9
#####
PackageName: aiohappyeyeballs
SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.3
+PackageVersion: 2.4.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*
#####
PackageName: aiosignal
@@ -115,6 +113,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/multidict
+PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
@@ -126,34 +125,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*
PackageName: propcache
SPDXID: SPDXRef-8-propcache
-PackageVersion: 0.2.0
+PackageVersion: 0.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/propcache
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Accelerated property cache
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*
#####
PackageName: yarl
SPDXID: SPDXRef-9-yarl
-PackageVersion: 1.17.2
+PackageVersion: 1.18.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -586,10 +585,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*
PackageName: pyopenssl
SPDXID: SPDXRef-35-pyopenssl
-PackageVersion: 24.2.1
+PackageVersion: 24.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files
+PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files
FilesAnalyzed: false
PackageHomePage: https://pyopenssl.org/
PackageLicenseDeclared: NOASSERTION
@@ -597,24 +596,24 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*
#####
PackageName: cryptography
SPDXID: SPDXRef-36-cryptography
-PackageVersion: 43.0.3
+PackageVersion: 44.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
+PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyca/cryptography
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*
#####
PackageName: cffi
@@ -625,6 +624,7 @@ PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroup
PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: http://cffi.readthedocs.org
+PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
@@ -893,6 +893,7 @@ PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
+PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
@@ -976,6 +977,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -1120,17 +1122,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-67-setuptools
-PackageVersion: 75.5.0
+PackageVersion: 75.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*
#####
PackageName: xmlschema
diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
index fecc01dcdd..a22590f7db 100644
--- a/sbom/cve-bin-tool-py3.8.json
+++ b/sbom/cve-bin-tool-py3.8.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:bfb08152-9dd5-424d-9678-3ee862935199",
+ "serialNumber": "urn:uuid:fc78560e-a48d-4966-a3c8-a50b47fc18e2",
"version": 1,
"metadata": {
- "timestamp": "2024-11-18T00:39:22Z",
+ "timestamp": "2024-12-02T00:40:57Z",
"lifecycles": [
{
"phase": "build"
@@ -118,7 +118,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
- "version": "2.4.3",
+ "version": "2.4.4",
"supplier": {
"name": "J. Nick Koston",
"contact": [
@@ -127,14 +127,8 @@
}
]
},
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
- }
- ],
"licenses": [
{
"license": {
@@ -151,12 +145,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files",
+ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohappyeyeballs@2.4.3",
+ "purl": "pkg:pypi/aiohappyeyeballs@2.4.4",
"properties": [
{
"name": "language",
@@ -168,7 +162,7 @@
},
{
"name": "package_release_date",
- "value": "2024-09-30T19:42:26.000Z"
+ "value": "2024-11-30T18:43:39.000Z"
}
]
},
@@ -375,6 +369,12 @@
},
"cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
"description": "multidict implementation",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68"
+ }
+ ],
"licenses": [
{
"license": {
@@ -563,6 +563,12 @@
},
"cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*",
"description": "Accelerated property cache",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1895,7 +1901,7 @@
"type": "library",
"bom-ref": "37-pyopenssl",
"name": "pyopenssl",
- "version": "24.2.1",
+ "version": "24.3.0",
"supplier": {
"name": "The pyOpenSSL developers",
"contact": [
@@ -1904,7 +1910,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*",
"description": "Python wrapper module around the OpenSSL library",
"licenses": [
{
@@ -1922,12 +1928,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
+ "url": "https://pypi.org/project/pyopenssl/24.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyopenssl@24.2.1",
+ "purl": "pkg:pypi/pyopenssl@24.3.0",
"properties": [
{
"name": "language",
@@ -1939,7 +1945,7 @@
},
{
"name": "package_release_date",
- "value": "2024-07-20T17:26:29.000Z"
+ "value": "2024-11-27T20:43:21.000Z"
}
]
},
@@ -1947,7 +1953,7 @@
"type": "library",
"bom-ref": "38-cryptography",
"name": "cryptography",
- "version": "43.0.3",
+ "version": "44.0.0",
"supplier": {
"name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -1956,7 +1962,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
@@ -1970,12 +1976,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cryptography/43.0.3/#files",
+ "url": "https://pypi.org/project/cryptography/44.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@43.0.3",
+ "purl": "pkg:pypi/cryptography@44.0.0",
"properties": [
{
"name": "language",
@@ -1987,7 +1993,7 @@
},
{
"name": "package_release_date",
- "value": "2024-10-18T15:57:36.000Z"
+ "value": "2024-11-27T18:05:55.000Z"
}
]
},
@@ -2006,6 +2012,12 @@
},
"cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
"description": "Foreign Function Interface for Python calling C code.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2036,6 +2048,10 @@
{
"name": "python_version",
"value": "3.8.18"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-09-04T20:43:30.000Z"
}
]
},
@@ -2988,6 +3004,10 @@
{
"name": "python_version",
"value": "3.8.18"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-06-12T20:10:06.000Z"
}
]
},
@@ -3001,6 +3021,12 @@
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9155d4173e4c1f29a345de86c280ab783c837882"
+ }
+ ],
"licenses": [
{
"license": {
@@ -3031,6 +3057,10 @@
{
"name": "python_version",
"value": "3.8.18"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-10-22T05:51:23.000Z"
}
]
},
@@ -3263,6 +3293,12 @@
},
"cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d8e3b31b734926ebbcaff654279f6855a73e052f"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/packaging/24.2/#files",
@@ -3907,6 +3943,10 @@
{
"name": "python_version",
"value": "3.8.18"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-10-27T21:52:58.000Z"
}
]
},
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
index d2d54cd53b..6f892b9852 100644
--- a/sbom/cve-bin-tool-py3.8.spdx
+++ b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8ea077c5-e561-4e98-a8ff-c481a83d795b
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-222b7435-eba1-45ad-ae40-59503a72bcd8
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-11-18T00:38:18Z
+Created: 2024-12-02T00:40:03Z
CreatorComment: This document has been automatically generated.
#####
@@ -43,19 +43,18 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.11
PackageName: aiohappyeyeballs
SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.3
+PackageVersion: 2.4.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*
#####
PackageName: aiosignal
@@ -132,6 +131,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/multidict
+PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
@@ -197,6 +197,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/propcache
+PackageChecksum: SHA1: f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
@@ -620,10 +621,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*
PackageName: pyopenssl
SPDXID: SPDXRef-37-pyopenssl
-PackageVersion: 24.2.1
+PackageVersion: 24.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files
+PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files
FilesAnalyzed: false
PackageHomePage: https://pyopenssl.org/
PackageLicenseDeclared: NOASSERTION
@@ -631,24 +632,24 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*
#####
PackageName: cryptography
SPDXID: SPDXRef-38-cryptography
-PackageVersion: 43.0.3
+PackageVersion: 44.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
+PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyca/cryptography
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*
#####
PackageName: cffi
@@ -659,6 +660,7 @@ PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroup
PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: http://cffi.readthedocs.org
+PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
@@ -990,6 +992,7 @@ PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
+PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
@@ -1073,6 +1076,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index 3b323e9810..bab3241bc9 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:4cd7fc8c-899c-44d7-99ce-13fd8013ebd6",
+ "serialNumber": "urn:uuid:776dd2f8-4200-429f-a71b-22e3b595f38e",
"version": 1,
"metadata": {
- "timestamp": "2024-11-18T00:41:13Z",
+ "timestamp": "2024-12-02T00:41:54Z",
"lifecycles": [
{
"phase": "build"
@@ -79,7 +79,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.11.2",
+ "version": "3.11.9",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
@@ -97,12 +97,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.11.2/#files",
+ "url": "https://pypi.org/project/aiohttp/3.11.9/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohttp@3.11.2",
+ "purl": "pkg:pypi/aiohttp@3.11.9",
"properties": [
{
"name": "language",
@@ -111,6 +111,10 @@
{
"name": "python_version",
"value": "3.9.20"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-12-01T23:26:48.000Z"
}
]
},
@@ -118,7 +122,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
- "version": "2.4.3",
+ "version": "2.4.4",
"supplier": {
"name": "J. Nick Koston",
"contact": [
@@ -127,14 +131,8 @@
}
]
},
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
- }
- ],
"licenses": [
{
"license": {
@@ -151,12 +149,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files",
+ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohappyeyeballs@2.4.3",
+ "purl": "pkg:pypi/aiohappyeyeballs@2.4.4",
"properties": [
{
"name": "language",
@@ -168,7 +166,7 @@
},
{
"name": "package_release_date",
- "value": "2024-09-30T19:42:26.000Z"
+ "value": "2024-11-30T18:43:39.000Z"
}
]
},
@@ -375,6 +373,12 @@
},
"cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
"description": "multidict implementation",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68"
+ }
+ ],
"licenses": [
{
"license": {
@@ -460,7 +464,7 @@
"type": "library",
"bom-ref": "10-propcache",
"name": "propcache",
- "version": "0.2.0",
+ "version": "0.2.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -469,7 +473,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*",
"description": "Accelerated property cache",
"licenses": [
{
@@ -487,12 +491,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/propcache/0.2.0/#files",
+ "url": "https://pypi.org/project/propcache/0.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/propcache@0.2.0",
+ "purl": "pkg:pypi/propcache@0.2.1",
"properties": [
{
"name": "language",
@@ -501,10 +505,6 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2024-10-07T12:54:02.000Z"
}
]
},
@@ -512,7 +512,7 @@
"type": "library",
"bom-ref": "11-yarl",
"name": "yarl",
- "version": "1.17.2",
+ "version": "1.18.3",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -521,7 +521,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -539,12 +539,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.17.2/#files",
+ "url": "https://pypi.org/project/yarl/1.18.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.17.2",
+ "purl": "pkg:pypi/yarl@1.18.3",
"properties": [
{
"name": "language",
@@ -1893,7 +1893,7 @@
"type": "library",
"bom-ref": "37-pyopenssl",
"name": "pyopenssl",
- "version": "24.2.1",
+ "version": "24.3.0",
"supplier": {
"name": "The pyOpenSSL developers",
"contact": [
@@ -1902,7 +1902,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*",
"description": "Python wrapper module around the OpenSSL library",
"licenses": [
{
@@ -1920,12 +1920,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
+ "url": "https://pypi.org/project/pyopenssl/24.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyopenssl@24.2.1",
+ "purl": "pkg:pypi/pyopenssl@24.3.0",
"properties": [
{
"name": "language",
@@ -1937,7 +1937,7 @@
},
{
"name": "package_release_date",
- "value": "2024-07-20T17:26:29.000Z"
+ "value": "2024-11-27T20:43:21.000Z"
}
]
},
@@ -1945,7 +1945,7 @@
"type": "library",
"bom-ref": "38-cryptography",
"name": "cryptography",
- "version": "43.0.3",
+ "version": "44.0.0",
"supplier": {
"name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -1954,7 +1954,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
@@ -1968,12 +1968,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cryptography/43.0.3/#files",
+ "url": "https://pypi.org/project/cryptography/44.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@43.0.3",
+ "purl": "pkg:pypi/cryptography@44.0.0",
"properties": [
{
"name": "language",
@@ -1985,7 +1985,7 @@
},
{
"name": "package_release_date",
- "value": "2024-10-18T15:57:36.000Z"
+ "value": "2024-11-27T18:05:55.000Z"
}
]
},
@@ -2004,6 +2004,12 @@
},
"cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
"description": "Foreign Function Interface for Python calling C code.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2034,6 +2040,10 @@
{
"name": "python_version",
"value": "3.9.20"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-09-04T20:43:30.000Z"
}
]
},
@@ -2883,6 +2893,10 @@
{
"name": "python_version",
"value": "3.9.20"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-06-12T20:10:06.000Z"
}
]
},
@@ -2896,6 +2910,12 @@
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9155d4173e4c1f29a345de86c280ab783c837882"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2926,6 +2946,10 @@
{
"name": "python_version",
"value": "3.9.20"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-10-22T05:51:23.000Z"
}
]
},
@@ -3158,6 +3182,12 @@
},
"cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d8e3b31b734926ebbcaff654279f6855a73e052f"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/packaging/24.2/#files",
@@ -3617,7 +3647,7 @@
"type": "library",
"bom-ref": "71-setuptools",
"name": "setuptools",
- "version": "75.5.0",
+ "version": "75.6.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3626,16 +3656,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.5.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@75.5.0",
+ "purl": "pkg:pypi/setuptools@75.6.0",
"properties": [
{
"name": "language",
@@ -3644,10 +3674,6 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-13T11:22:04.000Z"
}
]
},
@@ -3806,6 +3832,10 @@
{
"name": "python_version",
"value": "3.9.20"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-10-27T21:52:58.000Z"
}
]
},
@@ -4055,12 +4085,6 @@
"30-six"
]
},
- {
- "ref": "44-importlib-metadata",
- "dependsOn": [
- "45-zipp"
- ]
- },
{
"ref": "46-jinja2",
"dependsOn": [
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index 69f0851dff..db64b97d7f 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7537a80d-caef-4a47-a5f9-73259eba4425
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fd502d23-ddda-46a2-92c0-86c59d9fd3e7
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-11-18T00:40:10Z
+Created: 2024-12-02T00:41:00Z
CreatorComment: This document has been automatically generated.
#####
@@ -27,35 +27,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.11.2
+PackageVersion: 3.11.9
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.9/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageLicenseDeclared: NOASSERTION
+PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.9
#####
PackageName: aiohappyeyeballs
SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.3
+PackageVersion: 2.4.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*
#####
PackageName: aiosignal
@@ -132,6 +130,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/multidict
+PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
@@ -159,34 +158,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
PackageName: propcache
SPDXID: SPDXRef-10-propcache
-PackageVersion: 0.2.0
+PackageVersion: 0.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/propcache
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Accelerated property cache
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*
#####
PackageName: yarl
SPDXID: SPDXRef-11-yarl
-PackageVersion: 1.17.2
+PackageVersion: 1.18.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -619,10 +618,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*
PackageName: pyopenssl
SPDXID: SPDXRef-37-pyopenssl
-PackageVersion: 24.2.1
+PackageVersion: 24.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files
+PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files
FilesAnalyzed: false
PackageHomePage: https://pyopenssl.org/
PackageLicenseDeclared: NOASSERTION
@@ -630,24 +629,24 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*
#####
PackageName: cryptography
SPDXID: SPDXRef-38-cryptography
-PackageVersion: 43.0.3
+PackageVersion: 44.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
+PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyca/cryptography
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*
#####
PackageName: cffi
@@ -658,6 +657,7 @@ PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroup
PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: http://cffi.readthedocs.org
+PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
@@ -957,6 +957,7 @@ PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
+PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
@@ -1040,6 +1041,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -1184,17 +1186,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-71-setuptools
-PackageVersion: 75.5.0
+PackageVersion: 75.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*
#####
PackageName: toml
@@ -1348,7 +1350,6 @@ Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-22-fasteners
Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-30-six
Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-32-httplib2
Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-36-oauth2client
-Relationship: SPDXRef-44-importlib-metadata DEPENDS_ON SPDXRef-45-zipp
Relationship: SPDXRef-46-jinja2 DEPENDS_ON SPDXRef-47-markupsafe
Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-49-jsonschema-specifications
Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-50-referencing