diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index b7cdbccbaa..e60b284e6f 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.4",
- "serialNumber": "urn:uuidc89719df-9ec0-4316-b73e-8723ff724b27",
+ "serialNumber": "urn:uuid9b76c916-732e-4270-b318-b3184bd48654",
"version": 1,
"metadata": {
- "timestamp": "2023-04-17T00:28:29Z",
+ "timestamp": "2023-04-24T00:26:29Z",
"tools": [
{
"name": "sbom4python",
@@ -309,7 +309,7 @@
"type": "library",
"bom-ref": "9-yarl",
"name": "yarl",
- "version": "1.8.2",
+ "version": "1.9.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -318,7 +318,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.8.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.1:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
@@ -335,18 +335,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.8.2",
+ "url": "https://pypi.org/project/yarl/1.9.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/yarl@1.8.2",
- "properties": [
- {
- "name": "License Comments",
- "value": "yarl declares Apache 2 which is not currently a valid SPDX License identifier or expression."
- }
- ]
+ "purl": "pkg:pypi/yarl@1.9.1"
},
{
"type": "library",
@@ -596,7 +590,7 @@
"type": "library",
"bom-ref": "17-argcomplete",
"name": "argcomplete",
- "version": "3.0.5",
+ "version": "3.0.8",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
@@ -605,7 +599,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.8:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
"licenses": [
{
@@ -622,12 +616,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/argcomplete/3.0.5",
+ "url": "https://pypi.org/project/argcomplete/3.0.8",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/argcomplete@3.0.5",
+ "purl": "pkg:pypi/argcomplete@3.0.8",
"properties": [
{
"name": "License Comments",
@@ -1021,7 +1015,7 @@
"type": "library",
"bom-ref": "28-pyasn1",
"name": "pyasn1",
- "version": "0.4.8",
+ "version": "0.5.0",
"supplier": {
"name": "Ilya Etingof",
"contact": [
@@ -1030,41 +1024,35 @@
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.4.8:*:*:*:*:*:*:*",
- "description": "ASN.1 types and codecs",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.5.0:*:*:*:*:*:*:*",
+ "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
+ "id": "BSD-2-Clause",
+ "url": "https://opensource.org/licenses/BSD-2-Clause"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/etingof/pyasn1",
+ "url": "https://github.com/pyasn1/pyasn1",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyasn1/0.4.8",
+ "url": "https://pypi.org/project/pyasn1/0.5.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1@0.4.8",
- "properties": [
- {
- "name": "License Comments",
- "value": "pyasn1 declares BSD which is not currently a valid SPDX License identifier or expression."
- }
- ]
+ "purl": "pkg:pypi/pyasn1@0.5.0"
},
{
"type": "library",
"bom-ref": "29-pyasn1-modules",
"name": "pyasn1-modules",
- "version": "0.2.8",
+ "version": "0.3.0",
"supplier": {
"name": "Ilya Etingof",
"contact": [
@@ -1073,29 +1061,35 @@
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.2.8:*:*:*:*:*:*:*",
- "description": "A collection of ASN.1-based protocols modules.",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.3.0:*:*:*:*:*:*:*",
+ "description": "A collection of ASN.1-based protocols modules",
"licenses": [
{
"license": {
- "id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause"
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/etingof/pyasn1-modules",
+ "url": "https://github.com/pyasn1/pyasn1-modules",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyasn1-modules/0.2.8",
+ "url": "https://pypi.org/project/pyasn1-modules/0.3.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1-modules@0.2.8"
+ "purl": "pkg:pypi/pyasn1-modules@0.3.0",
+ "properties": [
+ {
+ "name": "License Comments",
+ "value": "pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression."
+ }
+ ]
},
{
"type": "library",
@@ -2085,7 +2079,7 @@
"type": "library",
"bom-ref": "56-pygments",
"name": "pygments",
- "version": "2.15.0",
+ "version": "2.15.1",
"supplier": {
"name": "Georg Brandl",
"contact": [
@@ -2094,7 +2088,7 @@
}
]
},
- "cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*",
"description": "Pygments is a syntax highlighting package written in Python.",
"licenses": [
{
@@ -2106,12 +2100,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/Pygments/2.15.0",
+ "url": "https://pypi.org/project/Pygments/2.15.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pygments@2.15.0"
+ "purl": "pkg:pypi/pygments@2.15.1"
},
{
"type": "library",
@@ -2265,7 +2259,7 @@
"type": "library",
"bom-ref": "61-zstandard",
"name": "zstandard",
- "version": "0.20.0",
+ "version": "0.21.0",
"supplier": {
"name": "Gregory Szorc",
"contact": [
@@ -2274,7 +2268,7 @@
}
]
},
- "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.20.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
"licenses": [
{
@@ -2291,12 +2285,12 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/zstandard/0.20.0",
+ "url": "https://pypi.org/project/zstandard/0.21.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zstandard@0.20.0",
+ "purl": "pkg:pypi/zstandard@0.21.0",
"properties": [
{
"name": "License Comments",
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index 06433bbc0e..16e35b3029 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c5d5d886-7f9b-4e00-a349-8ae8947ccd9d
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-39a8443b-80ea-4d11-b1fe-547b534a2d42
LicenseListVersion: 3.20
Creator: Tool: sbom4python-0.9.1
-Created: 2023-04-17T00:27:05Z
+Created: 2023-04-24T00:25:19Z
CreatorComment: This document has been automatically generated.
#####
@@ -140,19 +140,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:*
PackageName: yarl
SPDXID: SPDXRef-Package-9-yarl
-PackageVersion: 1.8.2
+PackageVersion: 1.9.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.8.2
+PackageDownloadLocation: https://pypi.org/project/yarl/1.9.1
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl/
-PackageLicenseDeclared: NOASSERTION
+PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: yarl declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.8.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.8.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.1:*:*:*:*:*:*:*
#####
PackageName: idna
@@ -270,10 +269,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.23:*:*:*:*:*:*:*
PackageName: argcomplete
SPDXID: SPDXRef-Package-17-argcomplete
-PackageVersion: 3.0.5
+PackageVersion: 3.0.8
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.0.5
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.0.8
FilesAnalyzed: false
PackageHomePage: https://github.com/kislyuk/argcomplete
PackageLicenseDeclared: NOASSERTION
@@ -281,8 +280,8 @@ PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.0.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.0.8
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.8:*:*:*:*:*:*:*
#####
PackageName: crcmod
@@ -451,35 +450,35 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*
PackageName: pyasn1
SPDXID: SPDXRef-Package-28-pyasn1
-PackageVersion: 0.4.8
+PackageVersion: 0.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1/0.4.8
+PackageDownloadLocation: https://pypi.org/project/pyasn1/0.5.0
FilesAnalyzed: false
-PackageHomePage: https://github.com/etingof/pyasn1
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pyasn1 declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageHomePage: https://github.com/pyasn1/pyasn1
+PackageLicenseDeclared: BSD-2-Clause
+PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
-PackageSummary: ASN.1 types and codecs
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.4.8
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.4.8:*:*:*:*:*:*:*
+PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.5.0:*:*:*:*:*:*:*
#####
PackageName: pyasn1-modules
SPDXID: SPDXRef-Package-29-pyasn1-modules
-PackageVersion: 0.2.8
+PackageVersion: 0.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.2.8
+PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.3.0
FilesAnalyzed: false
-PackageHomePage: https://github.com/etingof/pyasn1-modules
-PackageLicenseDeclared: BSD-2-Clause
-PackageLicenseConcluded: BSD-2-Clause
+PackageHomePage: https://github.com/pyasn1/pyasn1-modules
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: A collection of ASN.1-based protocols modules.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1-modules@0.2.8
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.2.8:*:*:*:*:*:*:*
+PackageSummary: A collection of ASN.1-based protocols modules
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1-modules@0.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.3.0:*:*:*:*:*:*:*
#####
PackageName: rsa
@@ -907,17 +906,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:
PackageName: pygments
SPDXID: SPDXRef-Package-56-pygments
-PackageVersion: 2.15.0
+PackageVersion: 2.15.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
-PackageDownloadLocation: https://pypi.org/project/Pygments/2.15.0
+PackageDownloadLocation: https://pypi.org/project/Pygments/2.15.1
FilesAnalyzed: false
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.15.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.15.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*
#####
PackageName: rpmfile
@@ -986,10 +985,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.1:*:*:*
PackageName: zstandard
SPDXID: SPDXRef-Package-61-zstandard
-PackageVersion: 0.20.0
+PackageVersion: 0.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/zstandard/0.20.0
+PackageDownloadLocation: https://pypi.org/project/zstandard/0.21.0
FilesAnalyzed: false
PackageHomePage: https://github.com/indygreg/python-zstandard
PackageLicenseDeclared: NOASSERTION
@@ -997,8 +996,8 @@ PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Zstandard bindings for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.20.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:*
#####
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool