intel · terriko · Dec 2, 2024 · Dec 2, 2024
diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:099ac5d1-44dc-4e7b-a512-baee535fed8e",
+  "serialNumber": "urn:uuid:fc78560e-a48d-4966-a3c8-a50b47fc18e2",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-11-25T00:38:02Z",
+    "timestamp": "2024-12-02T00:40:57Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -118,7 +118,7 @@
       "type": "library",
       "bom-ref": "3-aiohappyeyeballs",
       "name": "aiohappyeyeballs",
-      "version": "2.4.3",
+      "version": "2.4.4",
       "supplier": {
         "name": "J. Nick Koston",
         "contact": [
@@ -127,14 +127,8 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*",
       "description": "Happy Eyeballs for asyncio",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -151,12 +145,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files",
+          "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].3",
+      "purl": "pkg:pypi/[email protected].4",
       "properties": [
         {
           "name": "language",
@@ -168,7 +162,7 @@
         },
         {
           "name": "package_release_date",
-          "value": "2024-09-30T19:42:26.000Z"
+          "value": "2024-11-30T18:43:39.000Z"
         }
       ]
     },
@@ -375,6 +369,12 @@
       },
       "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
       "description": "multidict implementation",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -1901,7 +1901,7 @@
       "type": "library",
       "bom-ref": "37-pyopenssl",
       "name": "pyopenssl",
-      "version": "24.2.1",
+      "version": "24.3.0",
       "supplier": {
         "name": "The pyOpenSSL developers",
         "contact": [
@@ -1910,7 +1910,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*",
       "description": "Python wrapper module around the OpenSSL library",
       "licenses": [
         {
@@ -1928,12 +1928,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
+          "url": "https://pypi.org/project/pyopenssl/24.3.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/pyopenssl@24.2.1",
+      "purl": "pkg:pypi/pyopenssl@24.3.0",
       "properties": [
         {
           "name": "language",
@@ -1945,15 +1945,15 @@
         },
         {
           "name": "package_release_date",
-          "value": "2024-07-20T17:26:29.000Z"
+          "value": "2024-11-27T20:43:21.000Z"
         }
       ]
     },
     {
       "type": "library",
       "bom-ref": "38-cryptography",
       "name": "cryptography",
-      "version": "43.0.3",
+      "version": "44.0.0",
       "supplier": {
         "name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
         "contact": [
@@ -1962,7 +1962,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
       "licenses": [
         {
@@ -1976,12 +1976,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/cryptography/43.0.3/#files",
+          "url": "https://pypi.org/project/cryptography/44.0.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cryptography@43.0.3",
+      "purl": "pkg:pypi/cryptography@44.0.0",
       "properties": [
         {
           "name": "language",
@@ -1993,7 +1993,7 @@
         },
         {
           "name": "package_release_date",
-          "value": "2024-10-18T15:57:36.000Z"
+          "value": "2024-11-27T18:05:55.000Z"
         }
       ]
     },
@@ -2012,6 +2012,12 @@
       },
       "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
       "description": "Foreign Function Interface for Python calling C code.",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51"
+        }
+      ],
       "licenses": [
         {
           "license": {

diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7f19c172-b669-4dca-bd16-69f1d7883e2a
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-222b7435-eba1-45ad-ae40-59503a72bcd8
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.11.3
-Created: 2024-11-25T00:37:11Z
+Created: 2024-12-02T00:40:03Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -43,19 +43,18 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected]
 
 PackageName: aiohappyeyeballs
 SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.3
+PackageVersion: 2.4.4
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: J. Nick Koston ([email protected])
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
 PackageLicenseDeclared: PSF-2.0
 PackageLicenseConcluded: PSF-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Happy Eyeballs for asyncio</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*
 ##### 
 
 PackageName: aiosignal
@@ -132,6 +131,7 @@ PackageSupplier: Person: Andrew Svetlov ([email protected])
 PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/multidict
+PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.</text>
@@ -621,35 +621,35 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*
 
 PackageName: pyopenssl
 SPDXID: SPDXRef-37-pyopenssl
-PackageVersion: 24.2.1
+PackageVersion: 24.3.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The pyOpenSSL developers ([email protected])
-PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files
+PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://pyopenssl.org/
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python wrapper module around the OpenSSL library</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cryptography
 SPDXID: SPDXRef-38-cryptography
-PackageVersion: 43.0.3
+PackageVersion: 44.0.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors ([email protected])
-PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
+PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/pyca/cryptography
 PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
 PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
@@ -660,6 +660,7 @@ PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroup
 PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files
 FilesAnalyzed: false
 PackageHomePage: http://cffi.readthedocs.org
+PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION