diff --git a/sbom/cve-bin-tool-py3.13.json b/sbom/cve-bin-tool-py3.13.json
index 01e186ab6a..a61aaf4979 100644
--- a/sbom/cve-bin-tool-py3.13.json
+++ b/sbom/cve-bin-tool-py3.13.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:90aaba4a-af7b-439b-91f7-8e0b4aa66ad8",
+ "serialNumber": "urn:uuid:6ba14494-7aa6-4bde-9c20-ccda965eec28",
"version": 1,
"metadata": {
- "timestamp": "2025-02-17T00:38:42Z",
+ "timestamp": "2025-02-24T00:37:34Z",
"lifecycles": [
{
"phase": "build"
@@ -624,7 +624,7 @@
"type": "library",
"bom-ref": "9-propcache",
"name": "propcache",
- "version": "0.2.1",
+ "version": "0.3.0",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -633,14 +633,8 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.3.0:*:*:*:*:*:*:*",
"description": "Accelerated property cache",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6"
- }
- ],
"licenses": [
{
"license": {
@@ -657,7 +651,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/propcache/0.2.1/#files",
+ "url": "https://pypi.org/project/propcache/0.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -698,11 +692,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/propcache@0.2.1",
+ "purl": "pkg:pypi/propcache@0.3.0",
"properties": [
{
"name": "release_date",
- "value": "2024-12-01T18:27:02Z"
+ "value": "2024-06-07T18:52:13Z"
},
{
"name": "language",
@@ -2515,7 +2509,7 @@
"type": "library",
"bom-ref": "39-cachetools",
"name": "cachetools",
- "version": "5.5.1",
+ "version": "5.5.2",
"supplier": {
"name": "Thomas Kemmer",
"contact": [
@@ -2524,12 +2518,12 @@
}
]
},
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.2:*:*:*:*:*:*:*",
"description": "Extensible memoizing collections and decorators",
"hashes": [
{
"alg": "SHA-256",
- "content": "b76651fdc3b24ead3c648bbdeeb940c1b04d365b38b4af66788f9ec4a81d42bb"
+ "content": "d26a22bcc62eb95c3beabd9f1ee5e820d3d2704fe2967cbe350e20c8ffcd3f0a"
}
],
"licenses": [
@@ -2548,16 +2542,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cachetools/5.5.1/#files",
+ "url": "https://pypi.org/project/cachetools/5.5.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cachetools@5.5.1",
+ "purl": "pkg:pypi/cachetools@5.5.2",
"properties": [
{
"name": "release_date",
- "value": "2025-01-21T21:27:54Z"
+ "value": "2025-02-20T21:01:16Z"
},
{
"name": "language",
@@ -3177,7 +3171,7 @@
"type": "library",
"bom-ref": "50-rpds-py",
"name": "rpds-py",
- "version": "0.22.3",
+ "version": "0.23.1",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -3186,12 +3180,15 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.23.1:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
- "hashes": [
+ "licenses": [
{
- "alg": "SHA-256",
- "content": "6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967"
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
+ "acknowledgement": "concluded"
+ }
}
],
"externalReferences": [
@@ -3201,7 +3198,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.22.3/#files",
+ "url": "https://pypi.org/project/rpds-py/0.23.1/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -3230,11 +3227,11 @@
"type": "other"
}
],
- "purl": "pkg:pypi/rpds-py@0.22.3",
+ "purl": "pkg:pypi/rpds-py@0.23.1",
"properties": [
{
"name": "release_date",
- "value": "2024-12-04T15:31:31Z"
+ "value": "2025-01-25T08:48:14Z"
},
{
"name": "language",
@@ -4043,7 +4040,7 @@
"type": "library",
"bom-ref": "64-narwhals",
"name": "narwhals",
- "version": "1.26.0",
+ "version": "1.27.1",
"supplier": {
"name": "Marco Gorelli",
"contact": [
@@ -4052,7 +4049,7 @@
}
]
},
- "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.26.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.27.1:*:*:*:*:*:*:*",
"description": "Extremely lightweight compatibility layer between dataframe libraries",
"externalReferences": [
{
@@ -4061,7 +4058,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/narwhals/1.26.0/#files",
+ "url": "https://pypi.org/project/narwhals/1.27.1/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4078,7 +4075,7 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/narwhals@1.26.0",
+ "purl": "pkg:pypi/narwhals@1.27.1",
"properties": [
{
"name": "release_date",
diff --git a/sbom/cve-bin-tool-py3.13.spdx b/sbom/cve-bin-tool-py3.13.spdx
index e0525695d2..9f01d2b22e 100644
--- a/sbom/cve-bin-tool-py3.13.spdx
+++ b/sbom/cve-bin-tool-py3.13.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7ed3e28d-0790-40c6-b9ec-d99e500ef3ac
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4e8423db-7a25-45cb-a3b1-97b12f7b004b
LicenseListVersion: 3.25
Creator: Tool: sbom4python-0.12.1
-Created: 2025-02-17T00:38:35Z
+Created: 2025-02-24T00:37:23Z
CreatorComment: This document has been automatically generated.
#####
@@ -199,18 +199,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
PackageName: propcache
SPDXID: SPDXRef-9-propcache
-PackageVersion: 0.2.1
+PackageVersion: 0.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files
+PackageDownloadLocation: https://pypi.org/project/propcache/0.3.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/propcache
-PackageChecksum: SHA256: 6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Accelerated property cache
-ReleaseDate: 2024-12-01T18:27:02Z
+ReleaseDate: 2024-06-07T18:52:13Z
ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master
@@ -220,8 +219,8 @@ ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/
ExternalRef: OTHER other https://propcache.readthedocs.io
ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues
ExternalRef: OTHER vcs https://github.com/aio-libs/propcache
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/propcache@0.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/propcache@0.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.3.0:*:*:*:*:*:*:*
#####
PackageName: yarl
@@ -800,20 +799,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17
PackageName: cachetools
SPDXID: SPDXRef-39-cachetools
-PackageVersion: 5.5.1
+PackageVersion: 5.5.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.1/#files
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/tkem/cachetools/
-PackageChecksum: SHA256: b76651fdc3b24ead3c648bbdeeb940c1b04d365b38b4af66788f9ec4a81d42bb
+PackageChecksum: SHA256: d26a22bcc62eb95c3beabd9f1ee5e820d3d2704fe2967cbe350e20c8ffcd3f0a
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Extensible memoizing collections and decorators
-ReleaseDate: 2025-01-21T21:27:54Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.5.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.1:*:*:*:*:*:*:*
+ReleaseDate: 2025-02-20T21:01:16Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.5.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.2:*:*:*:*:*:*:*
#####
PackageName: google-auth-httplib2
@@ -1053,26 +1052,25 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.36.2:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-50-rpds-py
-PackageVersion: 0.22.3
+PackageVersion: 0.23.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.22.3/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.23.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA256: 6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ReleaseDate: 2024-12-04T15:31:31Z
+ReleaseDate: 2025-01-25T08:48:14Z
ExternalRef: OTHER documentation https://rpds.readthedocs.io/
ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/
ExternalRef: OTHER other https://github.com/sponsors/Julian
ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link
ExternalRef: OTHER vcs https://github.com/crate-py/rpds
ExternalRef: OTHER other https://github.com/orium/rpds
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.22.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.23.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.23.1:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
@@ -1331,10 +1329,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.0.0:*:*:*:*:*:*:*
PackageName: narwhals
SPDXID: SPDXRef-64-narwhals
-PackageVersion: 1.26.0
+PackageVersion: 1.27.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Marco Gorelli (33491632+MarcoGorelli@users.noreply.github.com)
-PackageDownloadLocation: https://pypi.org/project/narwhals/1.26.0/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/1.27.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/narwhals-dev/narwhals
PackageLicenseDeclared: NOASSERTION
@@ -1345,8 +1343,8 @@ ReleaseDate: 2025-01-28T19:33:47Z
ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.26.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.26.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.27.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.27.1:*:*:*:*:*:*:*
#####
PackageName: requests