diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index 636f70f11a..0c887a8417 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
- "serialNumber": "urn:uuid:6553fae0-504e-42c5-826d-dd969a8e3e77",
+ "serialNumber": "urn:uuid:62919f5f-5a0e-45fa-b5a8-fc0e233bcf21",
"version": 1,
"metadata": {
- "timestamp": "2024-01-04T20:03:01Z",
+ "timestamp": "2024-01-09T17:41:01Z",
"tools": {
"components": [
{
@@ -2021,18 +2021,12 @@
"type": "library",
"bom-ref": "45-referencing",
"name": "referencing",
- "version": "0.32.0",
+ "version": "0.32.1",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:referencing:0.32.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:referencing:0.32.1:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "ff99d1e5e46c43c63c0bc45188206d02615c0672"
- }
- ],
"licenses": [
{
"license": {
@@ -2043,12 +2037,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/referencing/0.32.0",
+ "url": "https://pypi.org/project/referencing/0.32.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/referencing@0.32.0",
+ "purl": "pkg:pypi/referencing@0.32.1",
"properties": [
{
"name": "language",
@@ -2243,18 +2237,12 @@
"type": "library",
"bom-ref": "50-packageurl-python",
"name": "packageurl-python",
- "version": "0.13.1",
+ "version": "0.13.4",
"supplier": {
"name": "the purl authors"
},
- "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.13.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.13.4:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "b820e15ae401cb2aa9b9efc9f239a098bc754e19"
- }
- ],
"licenses": [
{
"license": {
@@ -2265,12 +2253,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/packageurl-python/0.13.1",
+ "url": "https://pypi.org/project/packageurl-python/0.13.4",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packageurl-python@0.13.1",
+ "purl": "pkg:pypi/packageurl-python@0.13.4",
"properties": [
{
"name": "language",
@@ -2908,7 +2896,7 @@
"type": "library",
"bom-ref": "65-xmlschema",
"name": "xmlschema",
- "version": "2.5.1",
+ "version": "3.0.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -2917,14 +2905,8 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.5.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.0.0:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "faff4d8ca954d8722df89e1e77bc4246a36ed62c"
- }
- ],
"licenses": [
{
"license": {
@@ -2935,12 +2917,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/xmlschema/2.5.1",
+ "url": "https://pypi.org/project/xmlschema/3.0.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@2.5.1",
+ "purl": "pkg:pypi/xmlschema@3.0.0",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index 6bd2d171ce..3dcec06de6 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e11e4bca-29cf-4352-8278-5f74b9ab1ee2
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e2cebcb5-2a33-4a7c-919e-c425eee53aa8
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.10.3
-Created: 2024-01-04T20:01:00Z
+Created: 2024-01-09T17:39:20Z
CreatorComment: This document has been automatically generated.
#####
@@ -716,18 +716,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
PackageName: referencing
SPDXID: SPDXRef-Package-45-referencing
-PackageVersion: 0.32.0
+PackageVersion: 0.32.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.32.0
+PackageDownloadLocation: https://pypi.org/project/referencing/0.32.1
FilesAnalyzed: false
-PackageChecksum: SHA1: ff99d1e5e46c43c63c0bc45188206d02615c0672
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.32.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.32.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.32.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.32.1:*:*:*:*:*:*:*
#####
PackageName: rpds-py
@@ -795,18 +794,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.
PackageName: packageurl-python
SPDXID: SPDXRef-Package-50-packageurl-python
-PackageVersion: 0.13.1
+PackageVersion: 0.13.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.13.1
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.13.4
FilesAnalyzed: false
-PackageChecksum: SHA1: b820e15ae401cb2aa9b9efc9f239a098bc754e19
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.13.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.13.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.13.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.13.4:*:*:*:*:*:*:*
#####
PackageName: packaging
@@ -1033,18 +1031,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
PackageName: xmlschema
SPDXID: SPDXRef-Package-65-xmlschema
-PackageVersion: 2.5.1
+PackageVersion: 3.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/2.5.1
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.0.0
FilesAnalyzed: false
-PackageChecksum: SHA1: faff4d8ca954d8722df89e1e77bc4246a36ed62c
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.5.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.5.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.0.0:*:*:*:*:*:*:*
#####
PackageName: elementpath