diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
index 68ecc024bc..ae198562b6 100644
--- a/sbom/cve-bin-tool-py3.12.json
+++ b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:e27b5902-ba3a-444c-8a9d-845375e9619f",
+ "serialNumber": "urn:uuid:3f8d8251-ef82-48eb-a46a-125d2884925d",
"version": 1,
"metadata": {
- "timestamp": "2024-07-01T00:32:44Z",
+ "timestamp": "2024-07-29T00:30:22Z",
"tools": {
"components": [
{
@@ -41,7 +41,8 @@
{
"license": {
"id": "GPL-3.0-or-later",
- "url": "https://www.gnu.org/licenses/gpl-3.0-standalone.html"
+ "url": "https://www.gnu.org/licenses/gpl-3.0-standalone.html",
+ "acknowledgement": "concluded"
}
}
],
@@ -74,7 +75,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -112,7 +114,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -145,7 +148,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -227,7 +231,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -275,7 +280,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -357,7 +363,8 @@
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
@@ -445,7 +452,8 @@
{
"license": {
"id": "LGPL-3.0-or-later",
- "url": "https://www.gnu.org/licenses/lgpl-3.0-standalone.html"
+ "url": "https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
+ "acknowledgement": "concluded"
}
}
],
@@ -493,7 +501,8 @@
{
"license": {
"id": "PSF-2.0",
- "url": "https://opensource.org/licenses/Python-2.0"
+ "url": "https://opensource.org/licenses/Python-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -535,7 +544,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -583,7 +593,8 @@
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
@@ -625,7 +636,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -667,7 +679,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -709,7 +722,8 @@
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
@@ -752,7 +766,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -794,7 +809,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -842,7 +858,8 @@
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
@@ -890,7 +907,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -917,7 +935,7 @@
"type": "library",
"bom-ref": "22-cachetools",
"name": "cachetools",
- "version": "5.3.3",
+ "version": "5.4.0",
"supplier": {
"name": "Thomas Kemmer",
"contact": [
@@ -926,24 +944,25 @@
}
]
},
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.4.0:*:*:*:*:*:*:*",
"description": "Extensible memoizing collections and decorators",
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cachetools/5.3.3",
+ "url": "https://pypi.org/project/cachetools/5.4.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cachetools@5.3.3",
+ "purl": "pkg:pypi/cachetools@5.4.0",
"properties": [
{
"name": "language",
@@ -974,7 +993,8 @@
{
"license": {
"id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "acknowledgement": "concluded"
}
}
],
@@ -1016,7 +1036,8 @@
{
"license": {
"id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause"
+ "url": "https://opensource.org/licenses/BSD-2-Clause",
+ "acknowledgement": "concluded"
}
}
],
@@ -1064,7 +1085,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -1112,7 +1134,8 @@
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
@@ -1159,7 +1182,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -1207,7 +1231,8 @@
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
@@ -1295,7 +1320,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -1343,7 +1369,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -1391,7 +1418,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -1418,7 +1446,7 @@
"type": "library",
"bom-ref": "33-pyopenssl",
"name": "pyopenssl",
- "version": "24.1.0",
+ "version": "24.2.1",
"supplier": {
"name": "The pyOpenSSL developers",
"contact": [
@@ -1427,30 +1455,25 @@
}
]
},
- "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.1.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
"description": "Python wrapper module around the OpenSSL library",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "d9f2c46de70c1aee20a4309424d9f506b7aae68e"
- }
- ],
"licenses": [
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/pyOpenSSL/24.1.0",
+ "url": "https://pypi.org/project/pyOpenSSL/24.2.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyopenssl@24.1.0",
+ "purl": "pkg:pypi/pyopenssl@24.2.1",
"properties": [
{
"name": "language",
@@ -1466,16 +1489,16 @@
"type": "library",
"bom-ref": "34-cryptography",
"name": "cryptography",
- "version": "42.0.8",
+ "version": "43.0.0",
"supplier": {
- "name": "The Python Cryptographic Authority and individual contributors",
+ "name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
"contact": [
{
"email": "cryptography-dev@python.org"
}
]
},
- "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.8:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.0:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
@@ -1484,12 +1507,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cryptography/42.0.8",
+ "url": "https://pypi.org/project/cryptography/43.0.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@42.0.8",
+ "purl": "pkg:pypi/cryptography@43.0.0",
"properties": [
{
"name": "language",
@@ -1526,7 +1549,8 @@
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
@@ -1574,7 +1598,8 @@
{
"license": {
"id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "acknowledgement": "concluded"
}
}
],
@@ -1622,7 +1647,8 @@
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
@@ -1670,7 +1696,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -1718,7 +1745,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -1782,7 +1810,8 @@
{
"license": {
"id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "acknowledgement": "concluded"
}
}
],
@@ -1809,28 +1838,29 @@
"type": "library",
"bom-ref": "42-jsonschema",
"name": "jsonschema",
- "version": "4.22.0",
+ "version": "4.23.0",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*",
"description": "An implementation of JSON Schema validation for Python",
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/jsonschema/4.22.0",
+ "url": "https://pypi.org/project/jsonschema/4.23.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/jsonschema@4.22.0",
+ "purl": "pkg:pypi/jsonschema@4.23.0",
"properties": [
{
"name": "language",
@@ -1862,7 +1892,8 @@
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
@@ -1918,28 +1949,29 @@
"type": "library",
"bom-ref": "45-rpds-py",
"name": "rpds-py",
- "version": "0.18.1",
+ "version": "0.19.1",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.18.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.19.1:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/rpds-py/0.18.1",
+ "url": "https://pypi.org/project/rpds-py/0.19.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.18.1",
+ "purl": "pkg:pypi/rpds-py@0.19.1",
"properties": [
{
"name": "language",
@@ -1955,7 +1987,7 @@
"type": "library",
"bom-ref": "46-lib4sbom",
"name": "lib4sbom",
- "version": "0.7.1",
+ "version": "0.7.2",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -1964,30 +1996,25 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.2:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4"
- }
- ],
"licenses": [
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/lib4sbom/0.7.1",
+ "url": "https://pypi.org/project/lib4sbom/0.7.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.7.1",
+ "purl": "pkg:pypi/lib4sbom@0.7.2",
"properties": [
{
"name": "language",
@@ -2024,7 +2051,8 @@
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
@@ -2072,7 +2100,8 @@
{
"license": {
"id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "acknowledgement": "concluded"
}
}
],
@@ -2120,7 +2149,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -2168,7 +2198,8 @@
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
@@ -2195,34 +2226,29 @@
"type": "library",
"bom-ref": "51-packageurl-python",
"name": "packageurl-python",
- "version": "0.15.1",
+ "version": "0.15.6",
"supplier": {
"name": "the purl authors"
},
- "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "b744d07798b8aa1454f949e17d89791a18d85b0e"
- }
- ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/packageurl-python/0.15.1",
+ "url": "https://pypi.org/project/packageurl-python/0.15.6",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packageurl-python@0.15.1",
+ "purl": "pkg:pypi/packageurl-python@0.15.6",
"properties": [
{
"name": "language",
@@ -2253,7 +2279,8 @@
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
@@ -2381,7 +2408,8 @@
{
"license": {
"id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause"
+ "url": "https://opensource.org/licenses/BSD-2-Clause",
+ "acknowledgement": "concluded"
}
}
],
@@ -2442,7 +2470,7 @@
"type": "library",
"bom-ref": "57-plotly",
"name": "plotly",
- "version": "5.22.0",
+ "version": "5.23.0",
"supplier": {
"name": "Chris P",
"contact": [
@@ -2451,24 +2479,25 @@
}
]
},
- "cpe": "cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:chris_p:plotly:5.23.0:*:*:*:*:*:*:*",
"description": "An open-source, interactive data visualization library for Python",
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/plotly/5.22.0",
+ "url": "https://pypi.org/project/plotly/5.23.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/plotly@5.22.0",
+ "purl": "pkg:pypi/plotly@5.23.0",
"properties": [
{
"name": "language",
@@ -2484,7 +2513,7 @@
"type": "library",
"bom-ref": "58-tenacity",
"name": "tenacity",
- "version": "8.4.2",
+ "version": "8.5.0",
"supplier": {
"name": "Julien Danjou",
"contact": [
@@ -2493,24 +2522,25 @@
}
]
},
- "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.4.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.5.0:*:*:*:*:*:*:*",
"description": "Retry code until it succeeds",
"licenses": [
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/tenacity/8.4.2",
+ "url": "https://pypi.org/project/tenacity/8.5.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/tenacity@8.4.2",
+ "purl": "pkg:pypi/tenacity@8.5.0",
"properties": [
{
"name": "language",
@@ -2547,7 +2577,8 @@
{
"license": {
"id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "acknowledgement": "concluded"
}
}
],
@@ -2595,7 +2626,8 @@
{
"license": {
"id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
}
}
],
@@ -2622,7 +2654,7 @@
"type": "library",
"bom-ref": "61-certifi",
"name": "certifi",
- "version": "2024.6.2",
+ "version": "2024.7.4",
"supplier": {
"name": "Kenneth Reitz",
"contact": [
@@ -2631,24 +2663,25 @@
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.6.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.7.4:*:*:*:*:*:*:*",
"description": "Python package for providing Mozilla's CA Bundle.",
"licenses": [
{
"license": {
"id": "MPL-2.0",
- "url": "https://www.mozilla.org/MPL/2.0/"
+ "url": "https://www.mozilla.org/MPL/2.0/",
+ "acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/certifi/2024.6.2",
+ "url": "https://pypi.org/project/certifi/2024.7.4",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/certifi@2024.6.2",
+ "purl": "pkg:pypi/certifi@2024.7.4",
"properties": [
{
"name": "language",
@@ -2685,7 +2718,8 @@
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
@@ -2746,7 +2780,7 @@
"type": "library",
"bom-ref": "64-rpmfile",
"name": "rpmfile",
- "version": "2.0.0",
+ "version": "2.1.0",
"supplier": {
"name": "Sean Ross",
"contact": [
@@ -2755,30 +2789,31 @@
}
]
},
- "cpe": "cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*",
"description": "Read rpm archive files",
"hashes": [
{
"alg": "SHA-1",
- "content": "c0498cd5173afb6fb0af9ed5c7d61335b7c9af0e"
+ "content": "4cd4ae2bd191d3489c95dfa540da14585670adb5"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/rpmfile/2.0.0",
+ "url": "https://pypi.org/project/rpmfile/2.1.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpmfile@2.0.0",
+ "purl": "pkg:pypi/rpmfile@2.1.0",
"properties": [
{
"name": "language",
@@ -2809,7 +2844,8 @@
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
@@ -2857,7 +2893,8 @@
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "url": "https://opensource.org/licenses/MIT",
+ "acknowledgement": "concluded"
}
}
],
@@ -2884,7 +2921,7 @@
"type": "library",
"bom-ref": "67-zstandard",
"name": "zstandard",
- "version": "0.22.0",
+ "version": "0.23.0",
"supplier": {
"name": "Gregory Szorc",
"contact": [
@@ -2893,30 +2930,25 @@
}
]
},
- "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.22.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "255b579735f26c2d0e08257f632de75d2ab882cf"
- }
- ],
"licenses": [
{
"license": {
"id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/zstandard/0.22.0",
+ "url": "https://pypi.org/project/zstandard/0.23.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zstandard@0.22.0",
+ "purl": "pkg:pypi/zstandard@0.23.0",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
index 402cb629ab..204efb1af9 100644
--- a/sbom/cve-bin-tool-py3.12.spdx
+++ b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-75779e7c-ca25-46c2-85fa-80dc4ed349c7
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-158f8405-532c-4623-bb08-eeaa53e36cee
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.10.4
-Created: 2024-07-01T00:31:47Z
+Created: 2024-07-29T00:29:23Z
CreatorComment: This document has been automatically generated.
#####
@@ -345,17 +345,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17
PackageName: cachetools
SPDXID: SPDXRef-Package-22-cachetools
-PackageVersion: 5.3.3
+PackageVersion: 5.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.3
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.4.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Extensible memoizing collections and decorators
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.4.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.4.0:*:*:*:*:*:*:*
#####
PackageName: pyasn1-modules
@@ -523,34 +523,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*
PackageName: pyopenssl
SPDXID: SPDXRef-Package-33-pyopenssl
-PackageVersion: 24.1.0
+PackageVersion: 24.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/24.1.0
+PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/24.2.1
FilesAnalyzed: false
-PackageChecksum: SHA1: d9f2c46de70c1aee20a4309424d9f506b7aae68e
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
#####
PackageName: cryptography
SPDXID: SPDXRef-Package-34-cryptography
-PackageVersion: 42.0.8
+PackageVersion: 43.0.0
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.8
+PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
+PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.0
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.8
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.8:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.0:*:*:*:*:*:*:*
#####
PackageName: cffi
@@ -666,17 +665,17 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5
PackageName: jsonschema
SPDXID: SPDXRef-Package-42-jsonschema
-PackageVersion: 4.22.0
+PackageVersion: 4.23.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.22.0
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.22.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.23.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*
#####
PackageName: jsonschema-specifications
@@ -712,33 +711,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-Package-45-rpds-py
-PackageVersion: 0.18.1
+PackageVersion: 0.19.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.18.1
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.19.1
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.18.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.19.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.19.1:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
SPDXID: SPDXRef-Package-46-lib4sbom
-PackageVersion: 0.7.1
+PackageVersion: 0.7.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.1
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.2
FilesAnalyzed: false
-PackageChecksum: SHA1: 4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.2:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -808,18 +806,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*
PackageName: packageurl-python
SPDXID: SPDXRef-Package-51-packageurl-python
-PackageVersion: 0.15.1
+PackageVersion: 0.15.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.1
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6
FilesAnalyzed: false
-PackageChecksum: SHA1: b744d07798b8aa1454f949e17d89791a18d85b0e
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*
#####
PackageName: rich
@@ -902,33 +899,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*
PackageName: plotly
SPDXID: SPDXRef-Package-57-plotly
-PackageVersion: 5.22.0
+PackageVersion: 5.23.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/5.22.0
+PackageDownloadLocation: https://pypi.org/project/plotly/5.23.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source, interactive data visualization library for Python
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.22.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.23.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.23.0:*:*:*:*:*:*:*
#####
PackageName: tenacity
SPDXID: SPDXRef-Package-58-tenacity
-PackageVersion: 8.4.2
+PackageVersion: 8.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
-PackageDownloadLocation: https://pypi.org/project/tenacity/8.4.2
+PackageDownloadLocation: https://pypi.org/project/tenacity/8.5.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Retry code until it succeeds
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.5.0:*:*:*:*:*:*:*
#####
PackageName: python-gnupg
@@ -966,17 +963,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:
PackageName: certifi
SPDXID: SPDXRef-Package-61-certifi
-PackageVersion: 2024.6.2
+PackageVersion: 2024.7.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2024.6.2
+PackageDownloadLocation: https://pypi.org/project/certifi/2024.7.4
FilesAnalyzed: false
PackageLicenseDeclared: MPL-2.0
PackageLicenseConcluded: MPL-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python package for providing Mozilla's CA Bundle.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.6.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.6.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.7.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.7.4:*:*:*:*:*:*:*
#####
PackageName: charset-normalizer
@@ -1012,18 +1009,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.2:*:*:*:*:*:
PackageName: rpmfile
SPDXID: SPDXRef-Package-64-rpmfile
-PackageVersion: 2.0.0
+PackageVersion: 2.1.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Sean Ross (srossross@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rpmfile/2.0.0
+PackageDownloadLocation: https://pypi.org/project/rpmfile/2.1.0
FilesAnalyzed: false
-PackageChecksum: SHA1: c0498cd5173afb6fb0af9ed5c7d61335b7c9af0e
+PackageChecksum: SHA1: 4cd4ae2bd191d3489c95dfa540da14585670adb5
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Read rpm archive files
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
#####
PackageName: xmlschema
@@ -1059,19 +1056,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*
PackageName: zstandard
SPDXID: SPDXRef-Package-67-zstandard
-PackageVersion: 0.22.0
+PackageVersion: 0.23.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/zstandard/0.22.0
+PackageDownloadLocation: https://pypi.org/project/zstandard/0.23.0
FilesAnalyzed: false
-PackageChecksum: SHA1: 255b579735f26c2d0e08257f632de75d2ab882cf
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Zstandard bindings for Python
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.22.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.22.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*
#####
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool