diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
index 4813552976..e0e1a65bdd 100644
--- a/sbom/cve-bin-tool-py3.12.json
+++ b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
- "serialNumber": "urn:uuid:c8083159-b1db-4f5a-ad4c-83cbd650dd44",
+ "serialNumber": "urn:uuid:d6742e01-bf88-4caa-8f8b-b26631534de5",
"version": 1,
"metadata": {
- "timestamp": "2024-03-11T00:28:00Z",
+ "timestamp": "2024-03-18T00:28:13Z",
"tools": {
"components": [
{
@@ -1778,28 +1778,20 @@
"type": "library",
"bom-ref": "43-referencing",
"name": "referencing",
- "version": "0.33.0",
+ "version": "0.34.0",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:referencing:0.33.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
"externalReferences": [
{
- "url": "https://pypi.org/project/referencing/0.33.0",
+ "url": "https://pypi.org/project/referencing/0.34.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/referencing@0.33.0",
+ "purl": "pkg:pypi/referencing@0.34.0",
"properties": [
{
"name": "language",
@@ -1982,11 +1974,11 @@
"type": "library",
"bom-ref": "48-packageurl-python",
"name": "packageurl-python",
- "version": "0.14.0",
+ "version": "0.15.0",
"supplier": {
"name": "the purl authors"
},
- "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.14.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
"licenses": [
{
@@ -1998,12 +1990,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/packageurl-python/0.14.0",
+ "url": "https://pypi.org/project/packageurl-python/0.15.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packageurl-python@0.14.0",
+ "purl": "pkg:pypi/packageurl-python@0.15.0",
"properties": [
{
"name": "language",
@@ -2053,7 +2045,7 @@
"type": "library",
"bom-ref": "50-plotly",
"name": "plotly",
- "version": "5.19.0",
+ "version": "5.20.0",
"supplier": {
"name": "Chris P",
"contact": [
@@ -2062,7 +2054,7 @@
}
]
},
- "cpe": "cpe:2.3:a:chris_p:plotly:5.19.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*",
"description": "An open-source, interactive data visualization library for Python",
"licenses": [
{
@@ -2074,12 +2066,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/plotly/5.19.0",
+ "url": "https://pypi.org/project/plotly/5.20.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/plotly@5.19.0",
+ "purl": "pkg:pypi/plotly@5.20.0",
"properties": [
{
"name": "language",
@@ -2545,7 +2537,7 @@
"type": "library",
"bom-ref": "62-xmlschema",
"name": "xmlschema",
- "version": "3.0.2",
+ "version": "3.1.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -2554,7 +2546,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.0.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.1.0:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -2566,12 +2558,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/xmlschema/3.0.2",
+ "url": "https://pypi.org/project/xmlschema/3.1.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@3.0.2",
+ "purl": "pkg:pypi/xmlschema@3.1.0",
"properties": [
{
"name": "language",
@@ -2587,7 +2579,7 @@
"type": "library",
"bom-ref": "63-elementpath",
"name": "elementpath",
- "version": "4.3.0",
+ "version": "4.4.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -2596,7 +2588,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.3.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
"licenses": [
{
@@ -2608,12 +2600,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/elementpath/4.3.0",
+ "url": "https://pypi.org/project/elementpath/4.4.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/elementpath@4.3.0",
+ "purl": "pkg:pypi/elementpath@4.4.0",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
index 656769c2e6..dbc837c513 100644
--- a/sbom/cve-bin-tool-py3.12.spdx
+++ b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-d772a27a-9054-4dc4-892b-cc78f6dfb8bd
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c793249f-eefd-4410-9bef-aae22d313531
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.10.3
-Created: 2024-03-11T00:26:19Z
+Created: 2024-03-18T00:26:33Z
CreatorComment: This document has been automatically generated.
#####
@@ -656,17 +656,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
PackageName: referencing
SPDXID: SPDXRef-Package-43-referencing
-PackageVersion: 0.33.0
+PackageVersion: 0.34.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.33.0
+PackageDownloadLocation: https://pypi.org/project/referencing/0.34.0
FilesAnalyzed: false
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.33.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.33.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.34.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*
#####
PackageName: rpds-py
@@ -732,17 +732,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.
PackageName: packageurl-python
SPDXID: SPDXRef-Package-48-packageurl-python
-PackageVersion: 0.14.0
+PackageVersion: 0.15.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.14.0
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.14.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.14.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.15.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.0:*:*:*:*:*:*:*
#####
PackageName: packaging
@@ -762,17 +762,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:*
PackageName: plotly
SPDXID: SPDXRef-Package-50-plotly
-PackageVersion: 5.19.0
+PackageVersion: 5.20.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/5.19.0
+PackageDownloadLocation: https://pypi.org/project/plotly/5.20.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source, interactive data visualization library for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.19.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.19.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.20.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*
#####
PackageName: tenacity
@@ -945,32 +945,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*
PackageName: xmlschema
SPDXID: SPDXRef-Package-62-xmlschema
-PackageVersion: 3.0.2
+PackageVersion: 3.1.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.0.2
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.1.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.0.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.0.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.1.0:*:*:*:*:*:*:*
#####
PackageName: elementpath
SPDXID: SPDXRef-Package-63-elementpath
-PackageVersion: 4.3.0
+PackageVersion: 4.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.3.0
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.4.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.4.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*:*:*:*:*
#####
PackageName: zstandard