intel · terriko · Feb 24, 2025 · Feb 24, 2025
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:f58ce13f-e21a-43b6-81cc-1341081b3452",
+  "serialNumber": "urn:uuid:c2ec4637-498d-4115-8035-cfb49724e20f",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-02-17T00:39:27Z",
+    "timestamp": "2025-02-24T00:38:21Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -702,7 +702,7 @@
       "type": "library",
       "bom-ref": "10-propcache",
       "name": "propcache",
-      "version": "0.2.1",
+      "version": "0.3.0",
       "supplier": {
         "name": "Andrew Svetlov",
         "contact": [
@@ -711,14 +711,8 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.3.0:*:*:*:*:*:*:*",
       "description": "Accelerated property cache",
-      "hashes": [
-        {
-          "alg": "SHA-256",
-          "content": "6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -735,7 +729,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/propcache/0.2.1/#files",
+          "url": "https://pypi.org/project/propcache/0.3.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -776,11 +770,11 @@
           "type": "vcs"
         }
       ],
-      "purl": "pkg:pypi/propcache@0.2.1",
+      "purl": "pkg:pypi/propcache@0.3.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-12-01T18:27:02Z"
+          "value": "2024-06-07T18:52:13Z"
         },
         {
           "name": "language",
@@ -2593,7 +2587,7 @@
       "type": "library",
       "bom-ref": "40-cachetools",
       "name": "cachetools",
-      "version": "5.5.1",
+      "version": "5.5.2",
       "supplier": {
         "name": "Thomas Kemmer",
         "contact": [
@@ -2602,12 +2596,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.2:*:*:*:*:*:*:*",
       "description": "Extensible memoizing collections and decorators",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "b76651fdc3b24ead3c648bbdeeb940c1b04d365b38b4af66788f9ec4a81d42bb"
+          "content": "d26a22bcc62eb95c3beabd9f1ee5e820d3d2704fe2967cbe350e20c8ffcd3f0a"
         }
       ],
       "licenses": [
@@ -2626,16 +2620,16 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/cachetools/5.5.1/#files",
+          "url": "https://pypi.org/project/cachetools/5.5.2/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].1",
+      "purl": "pkg:pypi/[email protected].2",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-01-21T21:27:54Z"
+          "value": "2025-02-20T21:01:16Z"
         },
         {
           "name": "language",
@@ -3255,7 +3249,7 @@
       "type": "library",
       "bom-ref": "51-rpds-py",
       "name": "rpds-py",
-      "version": "0.22.3",
+      "version": "0.23.1",
       "supplier": {
         "name": "Julian Berman",
         "contact": [
@@ -3264,12 +3258,15 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.23.1:*:*:*:*:*:*:*",
       "description": "Python bindings to Rust's persistent data structures (rpds)",
-      "hashes": [
+      "licenses": [
         {
-          "alg": "SHA-256",
-          "content": "6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967"
+          "license": {
+            "id": "MIT",
+            "url": "https://opensource.org/license/mit/",
+            "acknowledgement": "concluded"
+          }
         }
       ],
       "externalReferences": [
@@ -3279,7 +3276,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/rpds-py/0.22.3/#files",
+          "url": "https://pypi.org/project/rpds-py/0.23.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -3308,11 +3305,11 @@
           "type": "other"
         }
       ],
-      "purl": "pkg:pypi/rpds-py@0.22.3",
+      "purl": "pkg:pypi/rpds-py@0.23.1",
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-12-04T15:31:31Z"
+          "value": "2025-01-25T08:48:14Z"
         },
         {
           "name": "language",
@@ -4121,7 +4118,7 @@
       "type": "library",
       "bom-ref": "65-narwhals",
       "name": "narwhals",
-      "version": "1.26.0",
+      "version": "1.27.1",
       "supplier": {
         "name": "Marco Gorelli",
         "contact": [
@@ -4130,7 +4127,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.26.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.27.1:*:*:*:*:*:*:*",
       "description": "Extremely lightweight compatibility layer between dataframe libraries",
       "externalReferences": [
         {
@@ -4139,7 +4136,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/narwhals/1.26.0/#files",
+          "url": "https://pypi.org/project/narwhals/1.27.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4156,7 +4153,7 @@
           "type": "issue-tracker"
         }
       ],
-      "purl": "pkg:pypi/narwhals@1.26.0",
+      "purl": "pkg:pypi/narwhals@1.27.1",
       "properties": [
         {
           "name": "release_date",

diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-eca82738-6747-42db-aa4f-91e447767b71
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0d49cda3-5bee-49d3-9c8b-8b977420f8de
 LicenseListVersion: 3.25
 Creator: Tool: sbom4python-0.12.1
-Created: 2025-02-17T00:39:20Z
+Created: 2025-02-24T00:38:10Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -223,18 +223,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
 
 PackageName: propcache
 SPDXID: SPDXRef-10-propcache
-PackageVersion: 0.2.1
+PackageVersion: 0.3.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrew Svetlov ([email protected])
-PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files
+PackageDownloadLocation: https://pypi.org/project/propcache/0.3.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/propcache
-PackageChecksum: SHA256: 6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Accelerated property cache</text>
-ReleaseDate: 2024-12-01T18:27:02Z
+ReleaseDate: 2024-06-07T18:52:13Z
 ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
 ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
 ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master
@@ -244,8 +243,8 @@ ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/
 ExternalRef: OTHER other https://propcache.readthedocs.io
 ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues
 ExternalRef: OTHER vcs https://github.com/aio-libs/propcache
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/propcache@0.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/propcache@0.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.3.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: yarl
@@ -824,20 +823,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17
 
 PackageName: cachetools
 SPDXID: SPDXRef-40-cachetools
-PackageVersion: 5.5.1
+PackageVersion: 5.5.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Thomas Kemmer ([email protected])
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.1/#files
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.2/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/tkem/cachetools/
-PackageChecksum: SHA256: b76651fdc3b24ead3c648bbdeeb940c1b04d365b38b4af66788f9ec4a81d42bb
+PackageChecksum: SHA256: d26a22bcc62eb95c3beabd9f1ee5e820d3d2704fe2967cbe350e20c8ffcd3f0a
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Extensible memoizing collections and decorators</text>
-ReleaseDate: 2025-01-21T21:27:54Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.1:*:*:*:*:*:*:*
+ReleaseDate: 2025-02-20T21:01:16Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: google-auth-httplib2
@@ -1077,26 +1076,25 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.36.2:*:*:*
 
 PackageName: rpds-py
 SPDXID: SPDXRef-51-rpds-py
-PackageVersion: 0.22.3
+PackageVersion: 0.23.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman ([email protected])
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.22.3/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.23.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA256: 6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python bindings to Rust's persistent data structures (rpds)</text>
-ReleaseDate: 2024-12-04T15:31:31Z
+ReleaseDate: 2025-01-25T08:48:14Z
 ExternalRef: OTHER documentation https://rpds.readthedocs.io/
 ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/
 ExternalRef: OTHER other https://github.com/sponsors/Julian
 ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link
 ExternalRef: OTHER vcs https://github.com/crate-py/rpds
 ExternalRef: OTHER other https://github.com/orium/rpds
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.22.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.23.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.23.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: lib4sbom
@@ -1355,10 +1353,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.0.0:*:*:*:*:*:*:*
 
 PackageName: narwhals
 SPDXID: SPDXRef-65-narwhals
-PackageVersion: 1.26.0
+PackageVersion: 1.27.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Marco Gorelli ([email protected])
-PackageDownloadLocation: https://pypi.org/project/narwhals/1.26.0/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/1.27.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/narwhals-dev/narwhals
 PackageLicenseDeclared: NOASSERTION
@@ -1369,8 +1367,8 @@ ReleaseDate: 2025-01-28T19:33:47Z
 ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
 ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
 ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.26.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.26.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.27.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.27.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: requests