diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index cd4475ddb6..a2caf0fec1 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:f58ce13f-e21a-43b6-81cc-1341081b3452",
+ "serialNumber": "urn:uuid:c2ec4637-498d-4115-8035-cfb49724e20f",
"version": 1,
"metadata": {
- "timestamp": "2025-02-17T00:39:27Z",
+ "timestamp": "2025-02-24T00:38:21Z",
"lifecycles": [
{
"phase": "build"
@@ -702,7 +702,7 @@
"type": "library",
"bom-ref": "10-propcache",
"name": "propcache",
- "version": "0.2.1",
+ "version": "0.3.0",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -711,14 +711,8 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.3.0:*:*:*:*:*:*:*",
"description": "Accelerated property cache",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6"
- }
- ],
"licenses": [
{
"license": {
@@ -735,7 +729,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/propcache/0.2.1/#files",
+ "url": "https://pypi.org/project/propcache/0.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -776,11 +770,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/propcache@0.2.1",
+ "purl": "pkg:pypi/propcache@0.3.0",
"properties": [
{
"name": "release_date",
- "value": "2024-12-01T18:27:02Z"
+ "value": "2024-06-07T18:52:13Z"
},
{
"name": "language",
@@ -2593,7 +2587,7 @@
"type": "library",
"bom-ref": "40-cachetools",
"name": "cachetools",
- "version": "5.5.1",
+ "version": "5.5.2",
"supplier": {
"name": "Thomas Kemmer",
"contact": [
@@ -2602,12 +2596,12 @@
}
]
},
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.2:*:*:*:*:*:*:*",
"description": "Extensible memoizing collections and decorators",
"hashes": [
{
"alg": "SHA-256",
- "content": "b76651fdc3b24ead3c648bbdeeb940c1b04d365b38b4af66788f9ec4a81d42bb"
+ "content": "d26a22bcc62eb95c3beabd9f1ee5e820d3d2704fe2967cbe350e20c8ffcd3f0a"
}
],
"licenses": [
@@ -2626,16 +2620,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cachetools/5.5.1/#files",
+ "url": "https://pypi.org/project/cachetools/5.5.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cachetools@5.5.1",
+ "purl": "pkg:pypi/cachetools@5.5.2",
"properties": [
{
"name": "release_date",
- "value": "2025-01-21T21:27:54Z"
+ "value": "2025-02-20T21:01:16Z"
},
{
"name": "language",
@@ -3255,7 +3249,7 @@
"type": "library",
"bom-ref": "51-rpds-py",
"name": "rpds-py",
- "version": "0.22.3",
+ "version": "0.23.1",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -3264,12 +3258,15 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.23.1:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
- "hashes": [
+ "licenses": [
{
- "alg": "SHA-256",
- "content": "6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967"
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
+ "acknowledgement": "concluded"
+ }
}
],
"externalReferences": [
@@ -3279,7 +3276,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.22.3/#files",
+ "url": "https://pypi.org/project/rpds-py/0.23.1/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -3308,11 +3305,11 @@
"type": "other"
}
],
- "purl": "pkg:pypi/rpds-py@0.22.3",
+ "purl": "pkg:pypi/rpds-py@0.23.1",
"properties": [
{
"name": "release_date",
- "value": "2024-12-04T15:31:31Z"
+ "value": "2025-01-25T08:48:14Z"
},
{
"name": "language",
@@ -4121,7 +4118,7 @@
"type": "library",
"bom-ref": "65-narwhals",
"name": "narwhals",
- "version": "1.26.0",
+ "version": "1.27.1",
"supplier": {
"name": "Marco Gorelli",
"contact": [
@@ -4130,7 +4127,7 @@
}
]
},
- "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.26.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.27.1:*:*:*:*:*:*:*",
"description": "Extremely lightweight compatibility layer between dataframe libraries",
"externalReferences": [
{
@@ -4139,7 +4136,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/narwhals/1.26.0/#files",
+ "url": "https://pypi.org/project/narwhals/1.27.1/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4156,7 +4153,7 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/narwhals@1.26.0",
+ "purl": "pkg:pypi/narwhals@1.27.1",
"properties": [
{
"name": "release_date",
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index 7e1c5fc5ab..c30713fb32 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-eca82738-6747-42db-aa4f-91e447767b71
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0d49cda3-5bee-49d3-9c8b-8b977420f8de
LicenseListVersion: 3.25
Creator: Tool: sbom4python-0.12.1
-Created: 2025-02-17T00:39:20Z
+Created: 2025-02-24T00:38:10Z
CreatorComment: This document has been automatically generated.
#####
@@ -223,18 +223,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
PackageName: propcache
SPDXID: SPDXRef-10-propcache
-PackageVersion: 0.2.1
+PackageVersion: 0.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files
+PackageDownloadLocation: https://pypi.org/project/propcache/0.3.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/propcache
-PackageChecksum: SHA256: 6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Accelerated property cache
-ReleaseDate: 2024-12-01T18:27:02Z
+ReleaseDate: 2024-06-07T18:52:13Z
ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master
@@ -244,8 +243,8 @@ ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/
ExternalRef: OTHER other https://propcache.readthedocs.io
ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues
ExternalRef: OTHER vcs https://github.com/aio-libs/propcache
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/propcache@0.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/propcache@0.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.3.0:*:*:*:*:*:*:*
#####
PackageName: yarl
@@ -824,20 +823,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17
PackageName: cachetools
SPDXID: SPDXRef-40-cachetools
-PackageVersion: 5.5.1
+PackageVersion: 5.5.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.1/#files
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/tkem/cachetools/
-PackageChecksum: SHA256: b76651fdc3b24ead3c648bbdeeb940c1b04d365b38b4af66788f9ec4a81d42bb
+PackageChecksum: SHA256: d26a22bcc62eb95c3beabd9f1ee5e820d3d2704fe2967cbe350e20c8ffcd3f0a
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Extensible memoizing collections and decorators
-ReleaseDate: 2025-01-21T21:27:54Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.5.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.1:*:*:*:*:*:*:*
+ReleaseDate: 2025-02-20T21:01:16Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.5.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.2:*:*:*:*:*:*:*
#####
PackageName: google-auth-httplib2
@@ -1077,26 +1076,25 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.36.2:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-51-rpds-py
-PackageVersion: 0.22.3
+PackageVersion: 0.23.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.22.3/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.23.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA256: 6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ReleaseDate: 2024-12-04T15:31:31Z
+ReleaseDate: 2025-01-25T08:48:14Z
ExternalRef: OTHER documentation https://rpds.readthedocs.io/
ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/
ExternalRef: OTHER other https://github.com/sponsors/Julian
ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link
ExternalRef: OTHER vcs https://github.com/crate-py/rpds
ExternalRef: OTHER other https://github.com/orium/rpds
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.22.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.23.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.23.1:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
@@ -1355,10 +1353,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.0.0:*:*:*:*:*:*:*
PackageName: narwhals
SPDXID: SPDXRef-65-narwhals
-PackageVersion: 1.26.0
+PackageVersion: 1.27.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Marco Gorelli (33491632+MarcoGorelli@users.noreply.github.com)
-PackageDownloadLocation: https://pypi.org/project/narwhals/1.26.0/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/1.27.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/narwhals-dev/narwhals
PackageLicenseDeclared: NOASSERTION
@@ -1369,8 +1367,8 @@ ReleaseDate: 2025-01-28T19:33:47Z
ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.26.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.26.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.27.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.27.1:*:*:*:*:*:*:*
#####
PackageName: requests