chore: update SBOM for Python 3.9

sbom/cve-bin-tool-py3.9.json

@@ -2,15 +2,15 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:90dd997d-aca1-428d-8ef9-39962e37a532",
+  "serialNumber": "urn:uuid:6553fae0-504e-42c5-826d-dd969a8e3e77",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-12-25T00:30:12Z",
+    "timestamp": "2024-01-04T20:03:01Z",
     "tools": {
       "components": [
         {
           "name": "sbom4python",
-          "version": "0.10.2",
+          "version": "0.10.3",
           "type": "application"
         }
       ]
@@ -248,7 +248,7 @@
       "type": "library",
       "bom-ref": "6-attrs",
       "name": "attrs",
-      "version": "23.1.0",
+      "version": "23.2.0",
       "supplier": {
         "name": "Hynek Schlawack",
         "contact": [
@@ -257,22 +257,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*",
       "description": "Classes Without Boilerplate",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "1e2f6f9cac5cc60f0adab051c14adf09ffe39155"
-        }
-      ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/attrs/23.1.0",
+          "url": "https://pypi.org/project/attrs/23.2.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/attrs@23.1.0",
+      "purl": "pkg:pypi/attrs@23.2.0",
       "properties": [
         {
           "name": "language",
@@ -1354,6 +1348,12 @@
       },
       "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.3.0:*:*:*:*:*:*:*",
       "description": "Python wrapper module around the OpenSSL library",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "5ba8ce10ed7c318e57516a7ec8447cbb5626d3f9"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -1628,7 +1628,7 @@
       "type": "library",
       "bom-ref": "36-google-auth",
       "name": "google-auth",
-      "version": "2.25.2",
+      "version": "2.26.1",
       "supplier": {
         "name": "Google Cloud Platform",
         "contact": [
@@ -1637,7 +1637,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.25.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.26.1:*:*:*:*:*:*:*",
       "description": "Google Authentication Library",
       "licenses": [
         {
@@ -1649,12 +1649,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/google-auth/2.25.2",
+          "url": "https://pypi.org/project/google-auth/2.26.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/google-auth@2.25.2",
+      "purl": "pkg:pypi/google-auth@2.26.1",
       "properties": [
         {
           "name": "language",
@@ -1978,16 +1978,16 @@
       "type": "library",
       "bom-ref": "44-jsonschema-specifications",
       "name": "jsonschema-specifications",
-      "version": "2023.11.2",
+      "version": "2023.12.1",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*",
       "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
       "hashes": [
         {
           "alg": "SHA-1",
-          "content": "a2fec386cdb2ed38041ccbfff0fc3e8a566997a3"
+          "content": "544e0ff86850af1c6d9e533c4b58b76c59542a76"
         }
       ],
       "licenses": [
@@ -2000,12 +2000,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/jsonschema-specifications/2023.11.2",
+          "url": "https://pypi.org/project/jsonschema-specifications/2023.12.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/jsonschema-specifications@2023.11.2",
+      "purl": "pkg:pypi/jsonschema-specifications@2023.12.1",
       "properties": [
         {
           "name": "language",
@@ -2064,11 +2064,11 @@
       "type": "library",
       "bom-ref": "46-rpds-py",
       "name": "rpds-py",
-      "version": "0.15.2",
+      "version": "0.16.2",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.15.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.16.2:*:*:*:*:*:*:*",
       "description": "Python bindings to Rust's persistent data structures (rpds)",
       "licenses": [
         {
@@ -2080,12 +2080,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/rpds-py/0.15.2",
+          "url": "https://pypi.org/project/rpds-py/0.16.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rpds-py@0.15.2",
+      "purl": "pkg:pypi/rpds-py@0.16.2",
       "properties": [
         {
           "name": "language",
@@ -2101,7 +2101,7 @@
       "type": "library",
       "bom-ref": "47-lib4sbom",
       "name": "lib4sbom",
-      "version": "0.5.4",
+      "version": "0.6.1",
       "supplier": {
         "name": "Anthony Harrison",
         "contact": [
@@ -2110,14 +2110,8 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.5.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.6.1:*:*:*:*:*:*:*",
       "description": "Software Bill of Material (SBOM) generator and consumer library",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "3de23e3f3b32c08f9bf8231e2765a06ebb82dc80"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -2128,12 +2122,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/lib4sbom/0.5.4",
+          "url": "https://pypi.org/project/lib4sbom/0.6.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/lib4sbom@0.5.4",
+      "purl": "pkg:pypi/lib4sbom@0.6.1",
       "properties": [
         {
           "name": "language",

sbom/cve-bin-tool-py3.9.spdx

@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7bfe4ec0-78d6-4778-aaa1-1a6ed11aac0d
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e11e4bca-29cf-4352-8278-5f74b9ab1ee2
 LicenseListVersion: 3.22
-Creator: Tool: sbom4python-0.10.2
-Created: 2023-12-25T00:28:32Z
+Creator: Tool: sbom4python-0.10.3
+Created: 2024-01-04T20:01:00Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -90,18 +90,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*
 
 PackageName: attrs
 SPDXID: SPDXRef-Package-6-attrs
-PackageVersion: 23.1.0
+PackageVersion: 23.2.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
-PackageDownloadLocation: https://pypi.org/project/attrs/23.1.0
+PackageDownloadLocation: https://pypi.org/project/attrs/23.2.0
 FilesAnalyzed: false
-PackageChecksum: SHA1: 1e2f6f9cac5cc60f0adab051c14adf09ffe39155
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Classes Without Boilerplate</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@23.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@23.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: multidict
@@ -481,6 +480,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
 PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.3.0
 FilesAnalyzed: false
+PackageChecksum: SHA1: 5ba8ce10ed7c318e57516a7ec8447cbb5626d3f9
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.</text>
@@ -573,18 +573,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
 
 PackageName: google-auth
 SPDXID: SPDXRef-Package-36-google-auth
-PackageVersion: 2.25.2
+PackageVersion: 2.26.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.25.2
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.26.1
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Google Authentication Library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.25.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.25.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.26.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.26.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cachetools
@@ -700,18 +700,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*:
 
 PackageName: jsonschema-specifications
 SPDXID: SPDXRef-Package-44-jsonschema-specifications
-PackageVersion: 2023.11.2
+PackageVersion: 2023.12.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.11.2
+PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.12.1
 FilesAnalyzed: false
-PackageChecksum: SHA1: a2fec386cdb2ed38041ccbfff0fc3e8a566997a3
+PackageChecksum: SHA1: 544e0ff86850af1c6d9e533c4b58b76c59542a76
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>The JSON Schema meta-schemas and vocabularies, exposed as a Registry</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.11.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: referencing
@@ -732,33 +732,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.32.0:*:*:*
 
 PackageName: rpds-py
 SPDXID: SPDXRef-Package-46-rpds-py
-PackageVersion: 0.15.2
+PackageVersion: 0.16.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.15.2
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.16.2
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python bindings to Rust's persistent data structures (rpds)</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.15.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.15.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.16.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.16.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: lib4sbom
 SPDXID: SPDXRef-Package-47-lib4sbom
-PackageVersion: 0.5.4
+PackageVersion: 0.6.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.5.4
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.6.1
 FilesAnalyzed: false
-PackageChecksum: SHA1: 3de23e3f3b32c08f9bf8231e2765a06ebb82dc80
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Software Bill of Material (SBOM) generator and consumer library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.5.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.5.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.6.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.6.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: pyyaml