diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
index b7d8e20428..131bae4d82 100644
--- a/sbom/cve-bin-tool-py3.8.json
+++ b/sbom/cve-bin-tool-py3.8.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
- "serialNumber": "urn:uuid:bd4dc772-3281-4b09-82cb-4c763a0777b2",
+ "serialNumber": "urn:uuid:0d337128-8043-410a-958f-5b759eb2bc29",
"version": 1,
"metadata": {
- "timestamp": "2023-10-30T00:27:18Z",
+ "timestamp": "2023-11-06T00:26:15Z",
"tools": {
"components": [
{
@@ -218,7 +218,7 @@
"type": "library",
"bom-ref": "7-charset-normalizer",
"name": "charset-normalizer",
- "version": "3.3.1",
+ "version": "3.3.2",
"supplier": {
"name": "Ahmed TAHRI",
"contact": [
@@ -227,7 +227,7 @@
}
]
},
- "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*",
"description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
"licenses": [
{
@@ -239,12 +239,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/charset-normalizer/3.3.1",
+ "url": "https://pypi.org/project/charset-normalizer/3.3.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/charset-normalizer@3.3.1"
+ "purl": "pkg:pypi/charset-normalizer@3.3.2"
},
{
"type": "library",
@@ -544,7 +544,7 @@
"type": "library",
"bom-ref": "17-argcomplete",
"name": "argcomplete",
- "version": "3.1.2",
+ "version": "3.1.4",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
@@ -553,7 +553,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.4:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
"licenses": [
{
@@ -565,12 +565,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/argcomplete/3.1.2",
+ "url": "https://pypi.org/project/argcomplete/3.1.4",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/argcomplete@3.1.2",
+ "purl": "pkg:pypi/argcomplete@3.1.4",
"properties": [
{
"name": "License Comments",
@@ -1228,7 +1228,7 @@
"type": "library",
"bom-ref": "37-google-auth",
"name": "google-auth",
- "version": "2.23.3",
+ "version": "2.23.4",
"supplier": {
"name": "Google Cloud Platform",
"contact": [
@@ -1237,7 +1237,7 @@
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.23.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.23.4:*:*:*:*:*:*:*",
"description": "Google Authentication Library",
"licenses": [
{
@@ -1249,12 +1249,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/google-auth/2.23.3",
+ "url": "https://pypi.org/project/google-auth/2.23.4",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth@2.23.3",
+ "purl": "pkg:pypi/google-auth@2.23.4",
"properties": [
{
"name": "License Comments",
@@ -1467,11 +1467,11 @@
"type": "library",
"bom-ref": "45-jsonschema",
"name": "jsonschema",
- "version": "4.19.1",
+ "version": "4.19.2",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.19.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.19.2:*:*:*:*:*:*:*",
"description": "An implementation of JSON Schema validation for Python",
"licenses": [
{
@@ -1483,12 +1483,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/jsonschema/4.19.1",
+ "url": "https://pypi.org/project/jsonschema/4.19.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/jsonschema@4.19.1"
+ "purl": "pkg:pypi/jsonschema@4.19.2"
},
{
"type": "library",
@@ -1548,11 +1548,11 @@
"type": "library",
"bom-ref": "48-rpds-py",
"name": "rpds-py",
- "version": "0.10.6",
+ "version": "0.12.0",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.10.6:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.12.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"licenses": [
{
@@ -1564,12 +1564,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/rpds-py/0.10.6",
+ "url": "https://pypi.org/project/rpds-py/0.12.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.10.6"
+ "purl": "pkg:pypi/rpds-py@0.12.0"
},
{
"type": "library",
@@ -2229,7 +2229,7 @@
"type": "library",
"bom-ref": "70-zstandard",
"name": "zstandard",
- "version": "0.21.0",
+ "version": "0.22.0",
"supplier": {
"name": "Gregory Szorc",
"contact": [
@@ -2238,7 +2238,7 @@
}
]
},
- "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.22.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
"licenses": [
{
@@ -2250,12 +2250,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/zstandard/0.21.0",
+ "url": "https://pypi.org/project/zstandard/0.22.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zstandard@0.21.0",
+ "purl": "pkg:pypi/zstandard@0.22.0",
"properties": [
{
"name": "License Comments",
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
index 0394c1d092..5e8d44aa49 100644
--- a/sbom/cve-bin-tool-py3.8.spdx
+++ b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4a971d10-35e5-4f7d-a0f5-c0b1fb37a726
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-f51c8a98-01cc-461e-9cb6-719415e95c01
LicenseListVersion: 3.21
Creator: Tool: sbom4python-0.10.0
-Created: 2023-10-30T00:25:22Z
+Created: 2023-11-06T00:25:00Z
CreatorComment: This document has been automatically generated.
#####
@@ -101,17 +101,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*
PackageName: charset-normalizer
SPDXID: SPDXRef-Package-7-charset-normalizer
-PackageVersion: 3.3.1
+PackageVersion: 3.3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev)
-PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.3.1
+PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.3.2
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.3.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*
#####
PackageName: multidict
@@ -256,18 +256,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*
PackageName: argcomplete
SPDXID: SPDXRef-Package-17-argcomplete
-PackageVersion: 3.1.2
+PackageVersion: 3.1.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.2
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.4
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.1.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.1.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.4:*:*:*:*:*:*:*
#####
PackageName: crcmod
@@ -566,18 +566,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
PackageName: google-auth
SPDXID: SPDXRef-Package-37-google-auth
-PackageVersion: 2.23.3
+PackageVersion: 2.23.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.23.3
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.23.4
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.23.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.23.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.23.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.23.4:*:*:*:*:*:*:*
#####
PackageName: cachetools
@@ -687,17 +687,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3
PackageName: jsonschema
SPDXID: SPDXRef-Package-45-jsonschema
-PackageVersion: 4.19.1
+PackageVersion: 4.19.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.19.1
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.19.2
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.19.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.19.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.19.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.19.2:*:*:*:*:*:*:*
#####
PackageName: jsonschema-specifications
@@ -732,17 +732,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-Package-48-rpds-py
-PackageVersion: 0.10.6
+PackageVersion: 0.12.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.10.6
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.12.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.10.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.10.6:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.12.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.12.0:*:*:*:*:*:*:*
#####
PackageName: pkgutil-resolve-name
@@ -1067,18 +1067,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*
PackageName: zstandard
SPDXID: SPDXRef-Package-70-zstandard
-PackageVersion: 0.21.0
+PackageVersion: 0.22.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/zstandard/0.21.0
+PackageDownloadLocation: https://pypi.org/project/zstandard/0.22.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Zstandard bindings for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.22.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.22.0:*:*:*:*:*:*:*
#####
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-11-beautifulsoup4