diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index 238b9db4e6..159a748d29 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:b8d83946-2d28-40f4-a2b6-1e96486676ff",
+ "serialNumber": "urn:uuid:fd5b4bda-246c-4977-8b52-dc55bb5bdbf9",
"version": 1,
"metadata": {
- "timestamp": "2025-05-26T00:41:48Z",
+ "timestamp": "2025-06-02T00:41:53Z",
"lifecycles": [
{
"phase": "build"
@@ -89,8 +89,14 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.12.0",
+ "version": "3.12.6",
"description": "Async http client/server framework (asyncio)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "77ba53286c89486e8b02fb47352a5a8270bab1084e2a43fe8e35eb261befda13"
+ }
+ ],
"licenses": [
{
"license": {
@@ -107,7 +113,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.12.0/#files",
+ "url": "https://pypi.org/project/aiohttp/3.12.6/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -144,11 +150,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/aiohttp@3.12.0",
+ "purl": "pkg:pypi/aiohttp@3.12.6",
"properties": [
{
"name": "release_date",
- "value": "2024-09-17T18:57:44Z"
+ "value": "2025-05-31T05:54:32Z"
},
{
"name": "language",
@@ -2999,7 +3005,7 @@
"type": "library",
"bom-ref": "45-zipp",
"name": "zipp",
- "version": "3.21.0",
+ "version": "3.22.0",
"supplier": {
"name": "Jason R .",
"contact": [
@@ -3008,26 +3014,17 @@
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.22.0:*:*:*:*:*:*:*",
"description": "Backport of pathlib-compatible object wrapper for zip files",
"hashes": [
{
"alg": "SHA-256",
- "content": "ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
+ "content": "fe208f65f2aca48b81f9e6fd8cf7b8b32c26375266b009b413d45306b6148343"
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/zipp/3.21.0/#files",
+ "url": "https://pypi.org/project/zipp/3.22.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -3036,11 +3033,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/zipp@3.21.0",
+ "purl": "pkg:pypi/zipp@3.22.0",
"properties": [
{
"name": "release_date",
- "value": "2024-11-10T15:05:19Z"
+ "value": "2025-05-26T14:46:30Z"
},
{
"name": "language",
@@ -3049,10 +3046,6 @@
{
"name": "python_version",
"value": "3.10.17"
- },
- {
- "name": "License Comments",
- "value": "zipp declares MIT License which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -3187,7 +3180,7 @@
"type": "library",
"bom-ref": "48-jsonschema",
"name": "jsonschema",
- "version": "4.23.0",
+ "version": "4.24.0",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -3196,21 +3189,12 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.24.0:*:*:*:*:*:*:*",
"description": "An implementation of JSON Schema validation for Python",
"hashes": [
{
"alg": "SHA-256",
- "content": "fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
+ "content": "a462455f19f5faf404a7902952b6f0e3ce868f3ee09a359b05eca6673bd8412d"
}
],
"externalReferences": [
@@ -3220,7 +3204,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/jsonschema/4.23.0/#files",
+ "url": "https://pypi.org/project/jsonschema/4.24.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -3249,11 +3233,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/jsonschema@4.23.0",
+ "purl": "pkg:pypi/jsonschema@4.24.0",
"properties": [
{
"name": "release_date",
- "value": "2024-07-08T18:40:00Z"
+ "value": "2025-05-26T18:48:08Z"
},
{
"name": "language",
@@ -4185,7 +4169,7 @@
"type": "library",
"bom-ref": "63-plotly",
"name": "plotly",
- "version": "6.1.1",
+ "version": "6.1.2",
"supplier": {
"name": "Chris P",
"contact": [
@@ -4194,12 +4178,12 @@
}
]
},
- "cpe": "cpe:2.3:a:chris_p:plotly:6.1.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:chris_p:plotly:6.1.2:*:*:*:*:*:*:*",
"description": "An open-source interactive data visualization library for Python",
"hashes": [
{
"alg": "SHA-256",
- "content": "9cca7167406ebf7ff541422738402159ec3621a608ff7b3e2f025573a1c76225"
+ "content": "f1548a8ed9158d59e03d7fed548c7db5549f3130d9ae19293c8638c202648f6d"
}
],
"externalReferences": [
@@ -4209,7 +4193,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/plotly/6.1.1/#files",
+ "url": "https://pypi.org/project/plotly/6.1.2/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4226,11 +4210,11 @@
"type": "log"
}
],
- "purl": "pkg:pypi/plotly@6.1.1",
+ "purl": "pkg:pypi/plotly@6.1.2",
"properties": [
{
"name": "release_date",
- "value": "2025-05-20T20:09:26Z"
+ "value": "2025-05-27T20:21:46Z"
},
{
"name": "language",
@@ -4250,7 +4234,7 @@
"type": "library",
"bom-ref": "64-narwhals",
"name": "narwhals",
- "version": "1.40.0",
+ "version": "1.41.0",
"supplier": {
"name": "Marco Gorelli",
"contact": [
@@ -4259,14 +4243,8 @@
}
]
},
- "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.40.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.41.0:*:*:*:*:*:*:*",
"description": "Extremely lightweight compatibility layer between dataframe libraries",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "1e6c731811d01c61147c52433b4d4edfb6511aaf2c859aa01c2e8ca6ff4d27e5"
- }
- ],
"licenses": [
{
"license": {
@@ -4283,7 +4261,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/narwhals/1.40.0/#files",
+ "url": "https://pypi.org/project/narwhals/1.41.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4300,11 +4278,11 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/narwhals@1.40.0",
+ "purl": "pkg:pypi/narwhals@1.41.0",
"properties": [
{
"name": "release_date",
- "value": "2025-05-19T07:44:10Z"
+ "value": "2025-05-27T20:21:46Z"
},
{
"name": "language",
@@ -4713,7 +4691,7 @@
"type": "library",
"bom-ref": "71-setuptools",
"name": "setuptools",
- "version": "80.8.0",
+ "version": "80.9.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -4722,17 +4700,17 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:80.8.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:80.9.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"hashes": [
{
"alg": "SHA-256",
- "content": "95a60484590d24103af13b686121328cc2736bee85de8936383111e421b9edc0"
+ "content": "062d34222ad13e0cc312a4c02d73f059e86a4acbfbdea8f8f76b28c99f306922"
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/80.8.0/#files",
+ "url": "https://pypi.org/project/setuptools/80.9.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4749,11 +4727,11 @@
"type": "log"
}
],
- "purl": "pkg:pypi/setuptools@80.8.0",
+ "purl": "pkg:pypi/setuptools@80.9.0",
"properties": [
{
"name": "release_date",
- "value": "2025-05-20T14:02:51Z"
+ "value": "2025-05-27T00:56:49Z"
},
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index dc9c2655be..13d6c9a127 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-edd085a1-4639-4020-bc70-9b29dafb0378
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-58ad3260-c8bd-4f55-89f6-56218895a950
LicenseListVersion: 3.25
Creator: Tool: sbom4python-0.12.3
-Created: 2025-05-26T00:41:41Z
+Created: 2025-06-02T00:41:44Z
CreatorComment: SBOM Type: Build - This document has been automatically generated.
#####
@@ -29,17 +29,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.12.0
+PackageVersion: 3.12.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.12.0/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.12.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
+PackageChecksum: SHA256: 77ba53286c89486e8b02fb47352a5a8270bab1084e2a43fe8e35eb261befda13
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ReleaseDate: 2024-09-17T18:57:44Z
+ReleaseDate: 2025-05-31T05:54:32Z
ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI
@@ -48,7 +49,7 @@ ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html
ExternalRef: OTHER other https://docs.aiohttp.org
ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues
ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.12.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.12.6
#####
PackageName: aiohappyeyeballs
@@ -919,21 +920,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:
PackageName: zipp
SPDXID: SPDXRef-45-zipp
-PackageVersion: 3.21.0
+PackageVersion: 3.22.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
+PackageDownloadLocation: https://pypi.org/project/zipp/3.22.0/#files
FilesAnalyzed: false
-PackageChecksum: SHA256: ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931
+PackageChecksum: SHA256: fe208f65f2aca48b81f9e6fd8cf7b8b32c26375266b009b413d45306b6148343
PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: MIT
-PackageLicenseComments: zipp declares MIT License which is not currently a valid SPDX License identifier or expression.
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ReleaseDate: 2024-11-10T15:05:19Z
+ReleaseDate: 2025-05-26T14:46:30Z
ExternalRef: OTHER vcs https://github.com/jaraco/zipp
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.22.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.22.0:*:*:*:*:*:*:*
#####
PackageName: jinja2
@@ -1010,26 +1010,26 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@3.0.2
PackageName: jsonschema
SPDXID: SPDXRef-48-jsonschema
-PackageVersion: 4.23.0
+PackageVersion: 4.24.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0/#files
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.24.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/jsonschema
-PackageChecksum: SHA256: fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageChecksum: SHA256: a462455f19f5faf404a7902952b6f0e3ce868f3ee09a359b05eca6673bd8412d
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
-ReleaseDate: 2024-07-08T18:40:00Z
+ReleaseDate: 2025-05-26T18:48:08Z
ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/
ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/
ExternalRef: OTHER other https://github.com/sponsors/Julian
ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link
ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst
ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.23.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.24.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.24.0:*:*:*:*:*:*:*
#####
PackageName: jsonschema-specifications
@@ -1319,13 +1319,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:25.0:*:*:*:*:*
PackageName: plotly
SPDXID: SPDXRef-63-plotly
-PackageVersion: 6.1.1
+PackageVersion: 6.1.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/6.1.1/#files
+PackageDownloadLocation: https://pypi.org/project/plotly/6.1.2/#files
FilesAnalyzed: false
PackageHomePage: https://plotly.com/python/
-PackageChecksum: SHA256: 9cca7167406ebf7ff541422738402159ec3621a608ff7b3e2f025573a1c76225
+PackageChecksum: SHA256: f1548a8ed9158d59e03d7fed548c7db5549f3130d9ae19293c8638c202648f6d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageLicenseComments: plotly declares MIT License
@@ -1352,34 +1352,33 @@ THE SOFTWARE.
which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source interactive data visualization library for Python
-ReleaseDate: 2025-05-20T20:09:26Z
+ReleaseDate: 2025-05-27T20:21:46Z
ExternalRef: OTHER documentation https://plotly.com/python/
ExternalRef: OTHER vcs https://github.com/plotly/plotly.py
ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/main/CHANGELOG.md
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@6.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.1.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@6.1.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.1.2:*:*:*:*:*:*:*
#####
PackageName: narwhals
SPDXID: SPDXRef-64-narwhals
-PackageVersion: 1.40.0
+PackageVersion: 1.41.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Marco Gorelli (hello_narwhals@proton.me)
-PackageDownloadLocation: https://pypi.org/project/narwhals/1.40.0/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/1.41.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/narwhals-dev/narwhals
-PackageChecksum: SHA256: 1e6c731811d01c61147c52433b4d4edfb6511aaf2c859aa01c2e8ca6ff4d27e5
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: MIT
PackageLicenseComments: narwhals declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Extremely lightweight compatibility layer between dataframe libraries
-ReleaseDate: 2025-05-19T07:44:10Z
+ReleaseDate: 2025-05-27T20:21:46Z
ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.40.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.40.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.41.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.41.0:*:*:*:*:*:*:*
#####
PackageName: python-gnupg
@@ -1505,22 +1504,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-71-setuptools
-PackageVersion: 80.8.0
+PackageVersion: 80.9.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/80.8.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/80.9.0/#files
FilesAnalyzed: false
-PackageChecksum: SHA256: 95a60484590d24103af13b686121328cc2736bee85de8936383111e421b9edc0
+PackageChecksum: SHA256: 062d34222ad13e0cc312a4c02d73f059e86a4acbfbdea8f8f76b28c99f306922
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ReleaseDate: 2025-05-20T14:02:51Z
+ReleaseDate: 2025-05-27T00:56:49Z
ExternalRef: OTHER vcs https://github.com/pypa/setuptools
ExternalRef: OTHER documentation https://setuptools.pypa.io/
ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@80.8.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:80.8.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@80.9.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:80.9.0:*:*:*:*:*:*:*
#####
PackageName: toml