diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index 3287159339..5cc8097714 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:b727b64a-8125-43ab-a84c-ed40382e46ce",
+ "serialNumber": "urn:uuid:4b024eba-fa76-49a5-b076-b41b6de6f0fd",
"version": 1,
"metadata": {
- "timestamp": "2025-09-22T00:46:07Z",
+ "timestamp": "2025-09-29T00:39:49Z",
"lifecycles": [
{
"phase": "build"
@@ -958,7 +958,7 @@
"type": "library",
"bom-ref": "13-beautifulsoup4",
"name": "beautifulsoup4",
- "version": "4.13.5",
+ "version": "4.14.0",
"supplier": {
"name": "Leonard Richardson",
"contact": [
@@ -967,12 +967,12 @@
}
]
},
- "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.14.0:*:*:*:*:*:*:*",
"description": "Screen-scraping library",
"hashes": [
{
"alg": "SHA-256",
- "content": "642085eaa22233aceadff9c69651bc51e8bf3f874fb6d7104ece2beb24b47c4a"
+ "content": "aee96fbccdf2d2a8d1288b2afa51fc76bb60823b7881a50fb1ed5f711d1a7d73"
}
],
"licenses": [
@@ -991,7 +991,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/beautifulsoup4/4.13.5/#files",
+ "url": "https://pypi.org/project/beautifulsoup4/4.14.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -1000,11 +1000,11 @@
"type": "other"
}
],
- "purl": "pkg:pypi/beautifulsoup4@4.13.5",
+ "purl": "pkg:pypi/beautifulsoup4@4.14.0",
"properties": [
{
"name": "release_date",
- "value": "2025-08-24T14:06:14Z"
+ "value": "2025-09-27T17:22:16Z"
},
{
"name": "language",
@@ -2095,6 +2095,12 @@
},
"cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.5:*:*:*:*:*:*:*",
"description": "pyparsing - Classes and methods to define and execute parsing grammars",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "e38a4f02064cf41fe6593d328d0512495ad1f3d8a91c4f73fc401b3079a59a5e"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/pyparsing/pyparsing/",
@@ -2111,7 +2117,7 @@
"properties": [
{
"name": "release_date",
- "value": "2022-02-03T00:00:29Z"
+ "value": "2025-09-21T04:11:04Z"
},
{
"name": "language",
@@ -2761,7 +2767,7 @@
"type": "library",
"bom-ref": "42-google-apitools",
"name": "google-apitools",
- "version": "0.5.32",
+ "version": "0.5.35",
"supplier": {
"name": "Craig Citro",
"contact": [
@@ -2770,12 +2776,12 @@
}
]
},
- "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.35:*:*:*:*:*:*:*",
"description": "client libraries for humans",
"hashes": [
{
"alg": "SHA-256",
- "content": "b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688"
+ "content": "0f6f67fbe6f228f4777ae7e9d00e01476f7b8a48dca3a4353a1c32369437bbd0"
}
],
"licenses": [
@@ -2794,16 +2800,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-apitools/0.5.32/#files",
+ "url": "https://pypi.org/project/google-apitools/0.5.35/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-apitools@0.5.32",
+ "purl": "pkg:pypi/google-apitools@0.5.35",
"properties": [
{
"name": "release_date",
- "value": "2021-05-05T22:12:58Z"
+ "value": "2025-09-24T20:22:49Z"
},
{
"name": "language",
@@ -3062,17 +3068,17 @@
"type": "library",
"bom-ref": "47-markupsafe",
"name": "markupsafe",
- "version": "3.0.2",
+ "version": "3.0.3",
"description": "Safely add untrusted strings to HTML/XML markup.",
"hashes": [
{
"alg": "SHA-256",
- "content": "7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8"
+ "content": "2f981d352f04553a7171b8e44369f2af4055f888dfb147d55e42d29e29e74559"
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/markupsafe/3.0.2/#files",
+ "url": "https://pypi.org/project/markupsafe/3.0.3/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -3085,7 +3091,7 @@
"type": "documentation"
},
{
- "url": "https://markupsafe.palletsprojects.com/changes/",
+ "url": "https://markupsafe.palletsprojects.com/page/changes/",
"type": "log"
},
{
@@ -3097,11 +3103,11 @@
"type": "chat"
}
],
- "purl": "pkg:pypi/markupsafe@3.0.2",
+ "purl": "pkg:pypi/markupsafe@3.0.3",
"properties": [
{
"name": "release_date",
- "value": "2024-10-18T15:20:51Z"
+ "value": "2025-09-27T18:36:05Z"
},
{
"name": "language",
@@ -3110,10 +3116,6 @@
{
"name": "python_version",
"value": "3.9.23"
- },
- {
- "name": "License Comments",
- "value": "markupsafe declares Copyright 2010 Pallets\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer.\n\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in the\n documentation and/or other materials provided with the distribution.\n\n3. Neither the name of the copyright holder nor the names of its\n contributors may be used to endorse or promote products derived from\n this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A\nPARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nHOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED\nTO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR\nPROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\nLIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\nNEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n which is not currently a valid SPDX License identifier or expression."
}
]
},
@@ -3467,7 +3469,7 @@
"type": "library",
"bom-ref": "53-pyyaml",
"name": "pyyaml",
- "version": "6.0.2",
+ "version": "6.0.3",
"supplier": {
"name": "Kirill Simonov",
"contact": [
@@ -3476,12 +3478,12 @@
}
]
},
- "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.3:*:*:*:*:*:*:*",
"description": "YAML parser and emitter for Python",
"hashes": [
{
"alg": "SHA-256",
- "content": "0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"
+ "content": "214ed4befebe12df36bcc8bc2b64b396ca31be9304b8f59e25c11cf94a4c033b"
}
],
"licenses": [
@@ -3525,11 +3527,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/pyyaml@6.0.2",
+ "purl": "pkg:pypi/pyyaml@6.0.3",
"properties": [
{
"name": "release_date",
- "value": "2024-08-06T20:31:40Z"
+ "value": "2025-09-25T21:31:46Z"
},
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index c23fe8286d..168a876208 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-06511fdd-5d66-4e9d-aae8-faf2852fbca2
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-f6a16c31-3314-4955-bf73-32bbf47bb496
LicenseListVersion: 3.26
Creator: Tool: sbom4python-0.12.4
-Created: 2025-09-22T00:45:35Z
+Created: 2025-09-29T00:39:37Z
CreatorComment: SBOM Type: Build - This document has been automatically generated.
#####
@@ -295,22 +295,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*
PackageName: beautifulsoup4
SPDXID: SPDXRef-13-beautifulsoup4
-PackageVersion: 4.13.5
+PackageVersion: 4.14.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
-PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.13.5/#files
+PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.14.0/#files
FilesAnalyzed: false
PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/
-PackageChecksum: SHA256: 642085eaa22233aceadff9c69651bc51e8bf3f874fb6d7104ece2beb24b47c4a
+PackageChecksum: SHA256: aee96fbccdf2d2a8d1288b2afa51fc76bb60823b7881a50fb1ed5f711d1a7d73
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: MIT
PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Screen-scraping library
-ReleaseDate: 2025-08-24T14:06:14Z
+ReleaseDate: 2025-09-27T17:22:16Z
ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.13.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.14.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.14.0:*:*:*:*:*:*:*
#####
PackageName: soupsieve
@@ -419,12 +419,13 @@ PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install
FilesAnalyzed: false
PackageHomePage: https://cloud.google.com/storage/docs/gsutil
+PackageChecksum: SHA256: b6970ea6c0950c854ce2e33c591e177a6f4a657f2824a1b54eaefa2dff2576bb
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A command line tool for interacting with cloud storage services.
-ReleaseDate: 2022-11-02T17:34:01Z
+ReleaseDate: 2025-06-25T08:28:10Z
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.35
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.35:*:*:*:*:*:*:*
#####
@@ -574,12 +575,13 @@ PackageSupplier: Person: Google (googleapis-publisher@google.com)
PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Google/google-reauth-python
+PackageChecksum: SHA256: cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Google Reauth Library
-ReleaseDate: 2018-07-11T20:58:55Z
+ReleaseDate: 2020-12-01T17:35:45Z
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-reauth@0.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
#####
@@ -647,11 +649,12 @@ PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.5/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyparsing/pyparsing/
+PackageChecksum: SHA256: e38a4f02064cf41fe6593d328d0512495ad1f3d8a91c4f73fc401b3079a59a5e
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: pyparsing - Classes and methods to define and execute parsing grammars
-ReleaseDate: 2022-02-03T00:00:29Z
+ReleaseDate: 2025-09-21T04:11:04Z
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.2.5
ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.5:*:*:*:*:*:*:*
#####
@@ -856,21 +859,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-http
PackageName: google-apitools
SPDXID: SPDXRef-42-google-apitools
-PackageVersion: 0.5.32
+PackageVersion: 0.5.35
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Craig Citro (craigcitro@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files
+PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.35/#files
FilesAnalyzed: false
PackageHomePage: http://github.com/google/apitools
-PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688
+PackageChecksum: SHA256: 0f6f67fbe6f228f4777ae7e9d00e01476f7b8a48dca3a4353a1c32369437bbd0
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: client libraries for humans
-ReleaseDate: 2021-05-05T22:12:58Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-apitools@0.5.32
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
+ReleaseDate: 2025-09-24T20:22:49Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-apitools@0.5.35
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.35:*:*:*:*:*:*:*
#####
PackageName: monotonic
@@ -953,52 +956,23 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.1.6
PackageName: markupsafe
SPDXID: SPDXRef-47-markupsafe
-PackageVersion: 3.0.2
+PackageVersion: 3.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
+PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.3/#files
FilesAnalyzed: false
-PackageChecksum: SHA256: 7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8
+PackageChecksum: SHA256: 2f981d352f04553a7171b8e44369f2af4055f888dfb147d55e42d29e29e74559
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
-PackageLicenseComments: markupsafe declares Copyright 2010 Pallets
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
-3. Neither the name of the copyright holder nor the names of its
- contributors may be used to endorse or promote products derived from
- this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Safely add untrusted strings to HTML/XML markup.
-ReleaseDate: 2024-10-18T15:20:51Z
+ReleaseDate: 2025-09-27T18:36:05Z
ExternalRef: OTHER other https://palletsprojects.com/donate
ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/
-ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/
+ExternalRef: OTHER log https://markupsafe.palletsprojects.com/page/changes/
ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/
ExternalRef: OTHER chat https://discord.gg/pallets
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@3.0.2
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@3.0.3
#####
PackageName: jsonschema
@@ -1116,25 +1090,25 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.8:*:*:*:
PackageName: pyyaml
SPDXID: SPDXRef-53-pyyaml
-PackageVersion: 6.0.2
+PackageVersion: 6.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
PackageDownloadLocation: https://pypi.org/project/PyYAML/
FilesAnalyzed: false
PackageHomePage: https://pyyaml.org/
-PackageChecksum: SHA256: 0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086
+PackageChecksum: SHA256: 214ed4befebe12df36bcc8bc2b64b396ca31be9304b8f59e25c11cf94a4c033b
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: YAML parser and emitter for Python
-ReleaseDate: 2024-08-06T20:31:40Z
+ReleaseDate: 2025-09-25T21:31:46Z
ExternalRef: OTHER issue-tracker https://github.com/yaml/pyyaml/issues
ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions
ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation
ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core
ExternalRef: OTHER vcs https://github.com/yaml/pyyaml
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.3:*:*:*:*:*:*:*
#####
PackageName: semantic-version