diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
index 22b452581f..f8f23688fa 100644
--- a/sbom/cve-bin-tool-py3.11.json
+++ b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
- "serialNumber": "urn:uuid:d207333a-18dd-4549-9979-6b7f093bf0f4",
+ "serialNumber": "urn:uuid:fd540fe5-735c-4d5a-add6-70ce9991d205",
"version": 1,
"metadata": {
- "timestamp": "2023-10-16T00:26:13Z",
+ "timestamp": "2023-10-30T00:27:00Z",
"tools": {
"components": [
{
@@ -218,7 +218,7 @@
"type": "library",
"bom-ref": "7-charset-normalizer",
"name": "charset-normalizer",
- "version": "3.3.0",
+ "version": "3.3.1",
"supplier": {
"name": "Ahmed TAHRI",
"contact": [
@@ -227,7 +227,7 @@
}
]
},
- "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.1:*:*:*:*:*:*:*",
"description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
"licenses": [
{
@@ -239,12 +239,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/charset-normalizer/3.3.0",
+ "url": "https://pypi.org/project/charset-normalizer/3.3.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/charset-normalizer@3.3.0"
+ "purl": "pkg:pypi/charset-normalizer@3.3.1"
},
{
"type": "library",
@@ -506,7 +506,7 @@
"type": "library",
"bom-ref": "16-gsutil",
"name": "gsutil",
- "version": "5.26",
+ "version": "5.27",
"supplier": {
"name": "Google Inc .",
"contact": [
@@ -515,7 +515,7 @@
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:gsutil:5.26:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*",
"description": "A command line tool for interacting with cloud storage services.",
"licenses": [
{
@@ -527,12 +527,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/gsutil/5.26",
+ "url": "https://pypi.org/project/gsutil/5.27",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/gsutil@5.26",
+ "purl": "pkg:pypi/gsutil@5.27",
"properties": [
{
"name": "License Comments",
@@ -1021,7 +1021,7 @@
"type": "library",
"bom-ref": "31-pyopenssl",
"name": "pyopenssl",
- "version": "23.2.0",
+ "version": "23.3.0",
"supplier": {
"name": "The pyOpenSSL developers",
"contact": [
@@ -1030,7 +1030,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.3.0:*:*:*:*:*:*:*",
"description": "Python wrapper module around the OpenSSL library",
"licenses": [
{
@@ -1042,12 +1042,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/pyOpenSSL/23.2.0",
+ "url": "https://pypi.org/project/pyOpenSSL/23.3.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyopenssl@23.2.0",
+ "purl": "pkg:pypi/pyopenssl@23.3.0",
"properties": [
{
"name": "License Comments",
@@ -1059,7 +1059,7 @@
"type": "library",
"bom-ref": "32-cryptography",
"name": "cryptography",
- "version": "41.0.4",
+ "version": "41.0.5",
"supplier": {
"name": "The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -1068,7 +1068,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.4:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.5:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
@@ -1077,12 +1077,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cryptography/41.0.4",
+ "url": "https://pypi.org/project/cryptography/41.0.5",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@41.0.4"
+ "purl": "pkg:pypi/cryptography@41.0.5"
},
{
"type": "library",
@@ -1266,7 +1266,7 @@
"type": "library",
"bom-ref": "38-cachetools",
"name": "cachetools",
- "version": "5.3.1",
+ "version": "5.3.2",
"supplier": {
"name": "Thomas Kemmer",
"contact": [
@@ -1275,7 +1275,7 @@
}
]
},
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.2:*:*:*:*:*:*:*",
"description": "Extensible memoizing collections and decorators",
"licenses": [
{
@@ -1287,12 +1287,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cachetools/5.3.1",
+ "url": "https://pypi.org/project/cachetools/5.3.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cachetools@5.3.1"
+ "purl": "pkg:pypi/cachetools@5.3.2"
},
{
"type": "library",
@@ -1667,7 +1667,7 @@
"type": "library",
"bom-ref": "51-plotly",
"name": "plotly",
- "version": "5.17.0",
+ "version": "5.18.0",
"supplier": {
"name": "Chris P",
"contact": [
@@ -1676,7 +1676,7 @@
}
]
},
- "cpe": "cpe:2.3:a:chris_p:plotly:5.17.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:chris_p:plotly:5.18.0:*:*:*:*:*:*:*",
"description": "An open-source, interactive data visualization library for Python",
"licenses": [
{
@@ -1688,12 +1688,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/plotly/5.17.0",
+ "url": "https://pypi.org/project/plotly/5.18.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/plotly@5.17.0"
+ "purl": "pkg:pypi/plotly@5.18.0"
},
{
"type": "library",
@@ -1845,7 +1845,7 @@
"type": "library",
"bom-ref": "56-urllib3",
"name": "urllib3",
- "version": "2.0.6",
+ "version": "2.0.7",
"supplier": {
"name": "Andrey Petrov",
"contact": [
@@ -1854,16 +1854,16 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.0.6:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.0.7:*:*:*:*:*:*:*",
"description": "HTTP library with thread-safe connection pooling, file post, and more.",
"externalReferences": [
{
- "url": "https://pypi.org/project/urllib3/2.0.6",
+ "url": "https://pypi.org/project/urllib3/2.0.7",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/urllib3@2.0.6"
+ "purl": "pkg:pypi/urllib3@2.0.7"
},
{
"type": "library",
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
index bb72066385..d657e274c4 100644
--- a/sbom/cve-bin-tool-py3.11.spdx
+++ b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-1630fc55-0869-4565-9fcd-5a9c2c3c3614
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-30721e1b-1104-43e5-8cca-937adefb7d03
LicenseListVersion: 3.21
Creator: Tool: sbom4python-0.10.0
-Created: 2023-10-16T00:24:59Z
+Created: 2023-10-30T00:25:17Z
CreatorComment: This document has been automatically generated.
#####
@@ -101,17 +101,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*
PackageName: charset-normalizer
SPDXID: SPDXRef-Package-7-charset-normalizer
-PackageVersion: 3.3.0
+PackageVersion: 3.3.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev)
-PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.3.0
+PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.3.1
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.3.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.1:*:*:*:*:*:*:*
#####
PackageName: multidict
@@ -240,18 +240,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:*
PackageName: gsutil
SPDXID: SPDXRef-Package-16-gsutil
-PackageVersion: 5.26
+PackageVersion: 5.27
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.26
+PackageDownloadLocation: https://pypi.org/project/gsutil/5.27
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A command line tool for interacting with cloud storage services.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.26
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.26:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.27
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*
#####
PackageName: argcomplete
@@ -473,33 +473,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*
PackageName: pyopenssl
SPDXID: SPDXRef-Package-31-pyopenssl
-PackageVersion: 23.2.0
+PackageVersion: 23.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.2.0
+PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.3.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.3.0:*:*:*:*:*:*:*
#####
PackageName: cryptography
SPDXID: SPDXRef-Package-32-cryptography
-PackageVersion: 41.0.4
+PackageVersion: 41.0.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.4
+PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.5
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.5:*:*:*:*:*:*:*
#####
PackageName: cffi
@@ -582,17 +582,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.23
PackageName: cachetools
SPDXID: SPDXRef-Package-38-cachetools
-PackageVersion: 5.3.1
+PackageVersion: 5.3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.1
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.2
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Extensible memoizing collections and decorators
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.2:*:*:*:*:*:*:*
#####
PackageName: monotonic
@@ -779,17 +779,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut
PackageName: plotly
SPDXID: SPDXRef-Package-51-plotly
-PackageVersion: 5.17.0
+PackageVersion: 5.18.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/5.17.0
+PackageDownloadLocation: https://pypi.org/project/plotly/5.18.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source, interactive data visualization library for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.17.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.17.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.18.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.18.0:*:*:*:*:*:*:*
#####
PackageName: tenacity
@@ -857,17 +857,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*:
PackageName: urllib3
SPDXID: SPDXRef-Package-56-urllib3
-PackageVersion: 2.0.6
+PackageVersion: 2.0.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
-PackageDownloadLocation: https://pypi.org/project/urllib3/2.0.6
+PackageDownloadLocation: https://pypi.org/project/urllib3/2.0.7
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@2.0.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.0.6:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@2.0.7
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.0.7:*:*:*:*:*:*:*
#####
PackageName: rich