diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
index c0ec7aafc2..238c7f6374 100644
--- a/sbom/cve-bin-tool-py3.11.json
+++ b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:9445364b-91e6-4789-8aca-9a9c8deaafed",
+ "serialNumber": "urn:uuid:c0ad9887-1afc-490c-9a2f-74e4604b1a74",
"version": 1,
"metadata": {
- "timestamp": "2024-11-18T00:39:23Z",
+ "timestamp": "2024-11-25T00:37:53Z",
"lifecycles": [
{
"phase": "build"
@@ -79,7 +79,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.11.2",
+ "version": "3.11.7",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
@@ -97,12 +97,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.11.2/#files",
+ "url": "https://pypi.org/project/aiohttp/3.11.7/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohttp@3.11.2",
+ "purl": "pkg:pypi/aiohttp@3.11.7",
"properties": [
{
"name": "language",
@@ -111,6 +111,10 @@
{
"name": "python_version",
"value": "3.11.10"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-11-21T15:42:26.000Z"
}
]
},
@@ -375,6 +379,12 @@
},
"cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*",
"description": "Accelerated property cache",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda"
+ }
+ ],
"licenses": [
{
"license": {
@@ -416,7 +426,7 @@
"type": "library",
"bom-ref": "9-yarl",
"name": "yarl",
- "version": "1.17.2",
+ "version": "1.18.0",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -425,7 +435,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -443,12 +453,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.17.2/#files",
+ "url": "https://pypi.org/project/yarl/1.18.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.17.2",
+ "purl": "pkg:pypi/yarl@1.18.0",
"properties": [
{
"name": "language",
@@ -457,6 +467,10 @@
{
"name": "python_version",
"value": "3.11.10"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-11-21T15:02:50.000Z"
}
]
},
@@ -1938,6 +1952,10 @@
{
"name": "python_version",
"value": "3.11.10"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-09-04T20:43:30.000Z"
}
]
},
@@ -2705,6 +2723,10 @@
{
"name": "python_version",
"value": "3.11.10"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-06-12T20:10:06.000Z"
}
]
},
@@ -2718,6 +2740,12 @@
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9155d4173e4c1f29a345de86c280ab783c837882"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2748,6 +2776,10 @@
{
"name": "python_version",
"value": "3.11.10"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-10-22T05:51:23.000Z"
}
]
},
@@ -2980,6 +3012,12 @@
},
"cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d8e3b31b734926ebbcaff654279f6855a73e052f"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/packaging/24.2/#files",
@@ -3439,7 +3477,7 @@
"type": "library",
"bom-ref": "67-setuptools",
"name": "setuptools",
- "version": "75.5.0",
+ "version": "75.6.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3448,16 +3486,16 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.5.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/setuptools@75.5.0",
+ "purl": "pkg:pypi/setuptools@75.6.0",
"properties": [
{
"name": "language",
@@ -3466,10 +3504,6 @@
{
"name": "python_version",
"value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-13T11:22:04.000Z"
}
]
},
@@ -3570,6 +3604,10 @@
{
"name": "python_version",
"value": "3.11.10"
+ },
+ {
+ "name": "package_release_date",
+ "value": "2024-10-27T21:52:58.000Z"
}
]
},
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
index e37b1e32bc..8c726389a2 100644
--- a/sbom/cve-bin-tool-py3.11.spdx
+++ b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-75f97134-ae0b-4742-83bb-e1072b2baaf1
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a81bc690-1847-4a09-9e8a-8501cc865a70
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
-Created: 2024-11-18T00:38:42Z
+Created: 2024-11-25T00:37:14Z
CreatorComment: This document has been automatically generated.
#####
@@ -27,18 +27,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.11.2
+PackageVersion: 3.11.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.7/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageLicenseDeclared: NOASSERTION
+PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.7
#####
PackageName: aiohappyeyeballs
@@ -132,6 +131,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/propcache
+PackageChecksum: SHA1: f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
@@ -142,18 +142,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*
PackageName: yarl
SPDXID: SPDXRef-9-yarl
-PackageVersion: 1.17.2
+PackageVersion: 1.18.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.18.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -893,6 +893,7 @@ PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
+PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
@@ -976,6 +977,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -1120,17 +1122,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-67-setuptools
-PackageVersion: 75.5.0
+PackageVersion: 75.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*
#####
PackageName: xmlschema