diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index e33432a541..20cd6643f4 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:b64a8515-10ab-45eb-9a0f-f50a8cda2ddd",
+ "serialNumber": "urn:uuid:315f2a51-50c8-4ce3-85a6-4d80347c618d",
"version": 1,
"metadata": {
- "timestamp": "2024-06-24T00:29:14Z",
+ "timestamp": "2024-07-01T00:32:36Z",
"tools": {
"components": [
{
@@ -1793,7 +1793,7 @@
"type": "library",
"bom-ref": "41-importlib-metadata",
"name": "importlib-metadata",
- "version": "7.2.1",
+ "version": "8.0.0",
"supplier": {
"name": "Jason R .",
"contact": [
@@ -1802,16 +1802,16 @@
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:7.2.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*",
"description": "Read metadata from Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/importlib_metadata/7.2.1",
+ "url": "https://pypi.org/project/importlib_metadata/8.0.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/importlib-metadata@7.2.1",
+ "purl": "pkg:pypi/importlib-metadata@8.0.0",
"properties": [
{
"name": "language",
@@ -2600,7 +2600,7 @@
"type": "library",
"bom-ref": "61-tenacity",
"name": "tenacity",
- "version": "8.4.1",
+ "version": "8.4.2",
"supplier": {
"name": "Julien Danjou",
"contact": [
@@ -2609,7 +2609,7 @@
}
]
},
- "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.4.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.4.2:*:*:*:*:*:*:*",
"description": "Retry code until it succeeds",
"licenses": [
{
@@ -2621,12 +2621,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/tenacity/8.4.1",
+ "url": "https://pypi.org/project/tenacity/8.4.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/tenacity@8.4.1",
+ "purl": "pkg:pypi/tenacity@8.4.2",
"properties": [
{
"name": "language",
@@ -3011,6 +3011,12 @@
},
"cpe": "cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "004fca18366974c34193176bd3a356f711330ca0"
+ }
+ ],
"licenses": [
{
"license": {
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index 25e7defb6c..b6f03ad5c0 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0285a098-d27d-4a0a-95c6-622e42111687
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-66a1e2ed-d350-4ec2-a045-9233ae2258a5
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.10.4
-Created: 2024-06-24T00:28:19Z
+Created: 2024-07-01T00:31:42Z
CreatorComment: This document has been automatically generated.
#####
@@ -654,17 +654,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
PackageName: importlib-metadata
SPDXID: SPDXRef-Package-41-importlib-metadata
-PackageVersion: 7.2.1
+PackageVersion: 8.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/importlib_metadata/7.2.1
+PackageDownloadLocation: https://pypi.org/project/importlib_metadata/8.0.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Read metadata from Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@7.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:7.2.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*
#####
PackageName: zipp
@@ -964,18 +964,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*
PackageName: tenacity
SPDXID: SPDXRef-Package-61-tenacity
-PackageVersion: 8.4.1
+PackageVersion: 8.4.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
-PackageDownloadLocation: https://pypi.org/project/tenacity/8.4.1
+PackageDownloadLocation: https://pypi.org/project/tenacity/8.4.2
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Retry code until it succeeds
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.4.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.4.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.4.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.4.2:*:*:*:*:*:*:*
#####
PackageName: python-gnupg
@@ -1111,6 +1111,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/elementpath/4.4.0
FilesAnalyzed: false
+PackageChecksum: SHA1: 004fca18366974c34193176bd3a356f711330ca0
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION