diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index 4ce75d6e52..2a55b3ba44 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
- "serialNumber": "urn:uuid:6baa9a42-0ae2-43de-ae54-80a7c7975217",
+ "serialNumber": "urn:uuid:9d4b0c1e-1f41-466b-9562-6dfb28a23baa",
"version": 1,
"metadata": {
- "timestamp": "2023-12-04T00:26:42Z",
+ "timestamp": "2023-12-11T00:27:30Z",
"tools": {
"components": [
{
@@ -288,7 +288,7 @@
"type": "library",
"bom-ref": "8-yarl",
"name": "yarl",
- "version": "1.9.3",
+ "version": "1.9.4",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -297,7 +297,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -309,12 +309,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/yarl/1.9.3",
+ "url": "https://pypi.org/project/yarl/1.9.4",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.9.3",
+ "purl": "pkg:pypi/yarl@1.9.4",
"properties": [
{
"name": "language",
@@ -584,7 +584,7 @@
"type": "library",
"bom-ref": "16-argcomplete",
"name": "argcomplete",
- "version": "3.1.6",
+ "version": "3.2.1",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
@@ -593,7 +593,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.6:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.1:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
"licenses": [
{
@@ -605,12 +605,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/argcomplete/3.1.6",
+ "url": "https://pypi.org/project/argcomplete/3.2.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/argcomplete@3.1.6",
+ "purl": "pkg:pypi/argcomplete@3.2.1",
"properties": [
{
"name": "language",
@@ -1368,7 +1368,7 @@
"type": "library",
"bom-ref": "36-google-auth",
"name": "google-auth",
- "version": "2.24.0",
+ "version": "2.25.2",
"supplier": {
"name": "Google Cloud Platform",
"contact": [
@@ -1377,7 +1377,7 @@
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.24.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.25.2:*:*:*:*:*:*:*",
"description": "Google Authentication Library",
"licenses": [
{
@@ -1389,12 +1389,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/google-auth/2.24.0",
+ "url": "https://pypi.org/project/google-auth/2.25.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth@2.24.0",
+ "purl": "pkg:pypi/google-auth@2.25.2",
"properties": [
{
"name": "language",
@@ -1627,11 +1627,11 @@
"type": "library",
"bom-ref": "43-referencing",
"name": "referencing",
- "version": "0.31.1",
+ "version": "0.32.0",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:referencing:0.31.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:referencing:0.32.0:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
"licenses": [
{
@@ -1643,12 +1643,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/referencing/0.31.1",
+ "url": "https://pypi.org/project/referencing/0.32.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/referencing@0.31.1",
+ "purl": "pkg:pypi/referencing@0.32.0",
"properties": [
{
"name": "language",
@@ -1811,11 +1811,11 @@
"type": "library",
"bom-ref": "48-packageurl-python",
"name": "packageurl-python",
- "version": "0.11.2",
+ "version": "0.12.0",
"supplier": {
"name": "the purl authors"
},
- "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.11.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.12.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
"licenses": [
{
@@ -1827,12 +1827,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/packageurl-python/0.11.2",
+ "url": "https://pypi.org/project/packageurl-python/0.12.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packageurl-python@0.11.2",
+ "purl": "pkg:pypi/packageurl-python@0.12.0",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index 857e1cb94e..7bde459d58 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0628dc5c-a9ba-4bef-85a5-0bff8ab02543
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4992f648-3aa3-4c7e-9862-6074ba2c3ba2
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.10.1
-Created: 2023-12-04T00:25:42Z
+Created: 2023-12-11T00:26:28Z
CreatorComment: This document has been automatically generated.
#####
@@ -117,17 +117,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:*
PackageName: yarl
SPDXID: SPDXRef-Package-8-yarl
-PackageVersion: 1.9.3
+PackageVersion: 1.9.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.9.3
+PackageDownloadLocation: https://pypi.org/project/yarl/1.9.4
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -241,18 +241,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*
PackageName: argcomplete
SPDXID: SPDXRef-Package-16-argcomplete
-PackageVersion: 3.1.6
+PackageVersion: 3.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.6
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.2.1
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.1.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.6:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.1:*:*:*:*:*:*:*
#####
PackageName: crcmod
@@ -551,18 +551,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
PackageName: google-auth
SPDXID: SPDXRef-Package-36-google-auth
-PackageVersion: 2.24.0
+PackageVersion: 2.25.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.24.0
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.25.2
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.24.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.24.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.25.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.25.2:*:*:*:*:*:*:*
#####
PackageName: cachetools
@@ -657,17 +657,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
PackageName: referencing
SPDXID: SPDXRef-Package-43-referencing
-PackageVersion: 0.31.1
+PackageVersion: 0.32.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.31.1
+PackageDownloadLocation: https://pypi.org/project/referencing/0.32.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.31.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.31.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.32.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.32.0:*:*:*:*:*:*:*
#####
PackageName: rpds-py
@@ -733,17 +733,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.
PackageName: packageurl-python
SPDXID: SPDXRef-Package-48-packageurl-python
-PackageVersion: 0.11.2
+PackageVersion: 0.12.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.11.2
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.12.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.11.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.11.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.12.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.12.0:*:*:*:*:*:*:*
#####
PackageName: packaging