diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index c7e51e920e..ecdfdcf53c 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:d48f0dee-ab05-485f-b952-785d3826a1bc",
+ "serialNumber": "urn:uuid:a49b3b2e-848e-4270-b4b6-2c42aabe82e9",
"version": 1,
"metadata": {
- "timestamp": "2024-09-23T00:37:16Z",
+ "timestamp": "2024-09-30T00:40:12Z",
"lifecycles": [
{
"phase": "build"
@@ -79,7 +79,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.10.5",
+ "version": "3.10.8",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
@@ -97,12 +97,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.10.5/#files",
+ "url": "https://pypi.org/project/aiohttp/3.10.8/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohttp@3.10.5",
+ "purl": "pkg:pypi/aiohttp@3.10.8",
"properties": [
{
"name": "language",
@@ -118,7 +118,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
- "version": "2.4.0",
+ "version": "2.4.2",
"supplier": {
"name": "J. Nick Koston",
"contact": [
@@ -127,14 +127,8 @@
}
]
},
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.2:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "c31b127a69bdcd7895d1a521985d918061955348"
- }
- ],
"licenses": [
{
"license": {
@@ -151,12 +145,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohappyeyeballs/2.4.0/#files",
+ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohappyeyeballs@2.4.0",
+ "purl": "pkg:pypi/aiohappyeyeballs@2.4.2",
"properties": [
{
"name": "language",
@@ -438,7 +432,7 @@
"type": "library",
"bom-ref": "10-yarl",
"name": "yarl",
- "version": "1.11.1",
+ "version": "1.13.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -447,7 +441,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.11.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.13.1:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -465,12 +459,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.11.1/#files",
+ "url": "https://pypi.org/project/yarl/1.13.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.11.1",
+ "purl": "pkg:pypi/yarl@1.13.1",
"properties": [
{
"name": "language",
@@ -2348,6 +2342,12 @@
},
"cpe": "cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1863d4a5c18af1edd0f3b49caeb9fedfdaff9845"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/python-jsonschema/referencing",
@@ -2391,6 +2391,12 @@
},
"cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2593,6 +2599,12 @@
},
"cpe": "cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*",
"description": "VEX generator and consumer library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b7815c41b68867451b849d4d8e239cb79cc0acf2"
+ }
+ ],
"licenses": [
{
"license": {
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index 57e9c735ba..f05c3bf360 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-6faec0ff-af84-4dba-bf54-2b71bea6ecbb
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4705584a-ef66-4c66-b17b-3a81ce10e8e5
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.2
-Created: 2024-09-23T00:35:54Z
+Created: 2024-09-30T00:38:38Z
CreatorComment: This document has been automatically generated.
#####
@@ -27,10 +27,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.10.5
+PackageVersion: 3.10.8
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.5/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.8/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
PackageLicenseDeclared: NOASSERTION
@@ -38,24 +38,23 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.5
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.8
#####
PackageName: aiohappyeyeballs
SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.0
+PackageVersion: 2.4.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.0/#files
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageChecksum: SHA1: c31b127a69bdcd7895d1a521985d918061955348
PackageLicenseDeclared: Python-2.0.1
PackageLicenseConcluded: Python-2.0.1
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.2:*:*:*:*:*:*:*
#####
PackageName: aiosignal
@@ -158,18 +157,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
PackageName: yarl
SPDXID: SPDXRef-10-yarl
-PackageVersion: 1.11.1
+PackageVersion: 1.13.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.11.1/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.13.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.11.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.11.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.13.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.13.1:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -789,6 +788,7 @@ PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/referencing
+PackageChecksum: SHA1: 1863d4a5c18af1edd0f3b49caeb9fedfdaff9845
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -805,6 +805,7 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
+PackageChecksum: SHA1: fac4daa73aacf2df7b4341d51f0c24f5f80aa03d
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
@@ -871,6 +872,7 @@ PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4vex
+PackageChecksum: SHA1: b7815c41b68867451b849d4d8e239cb79cc0acf2
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION