diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
index 170aff0f9d..9230fc70c1 100644
--- a/sbom/cve-bin-tool-py3.11.json
+++ b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
- "serialNumber": "urn:uuid:d9f62955-0393-492e-be69-19e739a19137",
+ "serialNumber": "urn:uuid:71a49ade-e8ea-4cfb-917a-86225833fa76",
"version": 1,
"metadata": {
- "timestamp": "2023-11-27T00:26:25Z",
+ "timestamp": "2023-12-04T00:26:50Z",
"tools": {
"components": [
{
@@ -26,7 +26,7 @@
"type": "application",
"bom-ref": "1-cve-bin-tool",
"name": "cve-bin-tool",
- "version": "3.2.2.dev0",
+ "version": "3.3a0",
"supplier": {
"name": "Terri Oda",
"contact": [
@@ -35,7 +35,7 @@
}
]
},
- "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.2.2.dev0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3a0:*:*:*:*:*:*:*",
"description": "CVE Binary Checker Tool",
"licenses": [
{
@@ -47,12 +47,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cve-bin-tool/3.2.2.dev0",
+ "url": "https://pypi.org/project/cve-bin-tool/3.3a0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cve-bin-tool@3.2.2.dev0",
+ "purl": "pkg:pypi/cve-bin-tool@3.3a0",
"properties": [
{
"name": "language",
@@ -1131,7 +1131,7 @@
"type": "library",
"bom-ref": "30-cryptography",
"name": "cryptography",
- "version": "41.0.5",
+ "version": "41.0.7",
"supplier": {
"name": "The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -1140,7 +1140,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.7:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
@@ -1149,12 +1149,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cryptography/41.0.5",
+ "url": "https://pypi.org/project/cryptography/41.0.7",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@41.0.5",
+ "purl": "pkg:pypi/cryptography@41.0.7",
"properties": [
{
"name": "language",
@@ -1326,7 +1326,7 @@
"type": "library",
"bom-ref": "35-google-auth",
"name": "google-auth",
- "version": "2.23.4",
+ "version": "2.24.0",
"supplier": {
"name": "Google Cloud Platform",
"contact": [
@@ -1335,7 +1335,7 @@
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.23.4:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.24.0:*:*:*:*:*:*:*",
"description": "Google Authentication Library",
"licenses": [
{
@@ -1347,12 +1347,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/google-auth/2.23.4",
+ "url": "https://pypi.org/project/google-auth/2.24.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth@2.23.4",
+ "purl": "pkg:pypi/google-auth@2.24.0",
"properties": [
{
"name": "language",
@@ -1552,11 +1552,11 @@
"type": "library",
"bom-ref": "41-jsonschema-specifications",
"name": "jsonschema-specifications",
- "version": "2023.11.1",
+ "version": "2023.11.2",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:*",
"description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
"licenses": [
{
@@ -1568,12 +1568,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/jsonschema-specifications/2023.11.1",
+ "url": "https://pypi.org/project/jsonschema-specifications/2023.11.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/jsonschema-specifications@2023.11.1",
+ "purl": "pkg:pypi/jsonschema-specifications@2023.11.2",
"properties": [
{
"name": "language",
@@ -1585,11 +1585,11 @@
"type": "library",
"bom-ref": "42-referencing",
"name": "referencing",
- "version": "0.31.0",
+ "version": "0.31.1",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:referencing:0.31.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:referencing:0.31.1:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
"licenses": [
{
@@ -1601,12 +1601,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/referencing/0.31.0",
+ "url": "https://pypi.org/project/referencing/0.31.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/referencing@0.31.0",
+ "purl": "pkg:pypi/referencing@0.31.1",
"properties": [
{
"name": "language",
@@ -1618,11 +1618,11 @@
"type": "library",
"bom-ref": "43-rpds-py",
"name": "rpds-py",
- "version": "0.13.1",
+ "version": "0.13.2",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.13.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.13.2:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"licenses": [
{
@@ -1634,12 +1634,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/rpds-py/0.13.1",
+ "url": "https://pypi.org/project/rpds-py/0.13.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.13.1",
+ "purl": "pkg:pypi/rpds-py@0.13.2",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
index 39b44e9786..3edfbe5300 100644
--- a/sbom/cve-bin-tool-py3.11.spdx
+++ b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,26 +2,26 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-28e1e2c8-9f7b-4191-b4ee-2c26df091a89
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a5fee435-b502-47c2-bfb7-f15ddbde470d
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.10.1
-Created: 2023-11-27T00:25:25Z
+Created: 2023-12-04T00:25:50Z
CreatorComment: This document has been automatically generated.
#####
PackageName: cve-bin-tool
SPDXID: SPDXRef-Package-1-cve-bin-tool
-PackageVersion: 3.2.2.dev0
+PackageVersion: 3.3a0
PrimaryPackagePurpose: APPLICATION
PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
-PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.2.2.dev0
+PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3a0
FilesAnalyzed: false
PackageLicenseDeclared: GPL-3.0-or-later
PackageLicenseConcluded: GPL-3.0-or-later
PackageCopyrightText: NOASSERTION
PackageSummary: CVE Binary Checker Tool
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.2.2.dev0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.2.dev0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.3a0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3a0:*:*:*:*:*:*:*
#####
PackageName: aiohttp
@@ -458,17 +458,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.
PackageName: cryptography
SPDXID: SPDXRef-Package-30-cryptography
-PackageVersion: 41.0.5
+PackageVersion: 41.0.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.5
+PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.7
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.7
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.7:*:*:*:*:*:*:*
#####
PackageName: cffi
@@ -535,18 +535,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
PackageName: google-auth
SPDXID: SPDXRef-Package-35-google-auth
-PackageVersion: 2.23.4
+PackageVersion: 2.24.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.23.4
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.24.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.23.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.23.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.24.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.24.0:*:*:*:*:*:*:*
#####
PackageName: cachetools
@@ -626,47 +626,47 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*:
PackageName: jsonschema-specifications
SPDXID: SPDXRef-Package-41-jsonschema-specifications
-PackageVersion: 2023.11.1
+PackageVersion: 2023.11.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.11.1
+PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.11.2
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.11.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.11.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:*
#####
PackageName: referencing
SPDXID: SPDXRef-Package-42-referencing
-PackageVersion: 0.31.0
+PackageVersion: 0.31.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.31.0
+PackageDownloadLocation: https://pypi.org/project/referencing/0.31.1
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.31.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.31.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.31.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.31.1:*:*:*:*:*:*:*
#####
PackageName: rpds-py
SPDXID: SPDXRef-Package-43-rpds-py
-PackageVersion: 0.13.1
+PackageVersion: 0.13.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.13.1
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.13.2
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.13.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.13.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.13.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.13.2:*:*:*:*:*:*:*
#####
PackageName: lib4sbom