diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index 9358ecfc9b..58277399bf 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.7",
- "serialNumber": "urn:uuid:3afa9eb1-4948-472a-bffc-204138519a06",
+ "serialNumber": "urn:uuid:0595a1e4-2ef0-4dc2-841a-966f4551abd7",
"version": 1,
"metadata": {
- "timestamp": "2025-11-10T00:43:04Z",
+ "timestamp": "2025-11-17T00:42:47Z",
"lifecycles": [
{
"phase": "build"
@@ -3219,7 +3219,7 @@
"type": "library",
"bom-ref": "49-rpds-py",
"name": "rpds-py",
- "version": "0.28.0",
+ "version": "0.29.0",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -3228,12 +3228,12 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.28.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.29.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"hashes": [
{
"alg": "SHA-256",
- "content": "7b6013db815417eeb56b2d9d7324e64fcd4fa289caeee6e7a78b2e11fc9b438a"
+ "content": "4ae4b88c6617e1b9e5038ab3fccd7bac0842fdda2b703117b2aa99bc85379113"
}
],
"externalReferences": [
@@ -3243,7 +3243,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.28.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.29.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -3272,11 +3272,11 @@
"type": "other"
}
],
- "purl": "pkg:pypi/rpds-py@0.28.0",
+ "purl": "pkg:pypi/rpds-py@0.29.0",
"properties": [
{
"name": "release_date",
- "value": "2025-10-22T22:21:15Z"
+ "value": "2025-11-16T14:47:36Z"
},
{
"name": "language",
@@ -3292,7 +3292,7 @@
"type": "library",
"bom-ref": "50-lib4sbom",
"name": "lib4sbom",
- "version": "0.9.0",
+ "version": "0.9.1",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -3301,12 +3301,12 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.9.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.9.1:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"hashes": [
{
"alg": "SHA-256",
- "content": "78b8584d10fc7fa28fc3c17c0afcb2967f3c2b96974e4bdbb60b3eb3744d01fd"
+ "content": "f2423d5e06a82f5462b05d0c5b9273d6e3674753ade9f5a0d4abdcf73f799117"
}
],
"licenses": [
@@ -3325,16 +3325,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/lib4sbom/0.9.0/#files",
+ "url": "https://pypi.org/project/lib4sbom/0.9.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.9.0",
+ "purl": "pkg:pypi/lib4sbom@0.9.1",
"properties": [
{
"name": "release_date",
- "value": "2025-10-28T09:09:40Z"
+ "value": "2025-11-13T20:07:13Z"
},
{
"name": "language",
@@ -4210,7 +4210,7 @@
"type": "library",
"bom-ref": "65-narwhals",
"name": "narwhals",
- "version": "2.10.2",
+ "version": "2.11.0",
"supplier": {
"name": "Marco Gorelli",
"contact": [
@@ -4219,7 +4219,7 @@
}
]
},
- "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.10.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.11.0:*:*:*:*:*:*:*",
"description": "Extremely lightweight compatibility layer between dataframe libraries",
"licenses": [
{
@@ -4237,7 +4237,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/narwhals/2.10.2/#files",
+ "url": "https://pypi.org/project/narwhals/2.11.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4254,7 +4254,7 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/narwhals@2.10.2",
+ "purl": "pkg:pypi/narwhals@2.11.0",
"properties": [
{
"name": "release_date",
@@ -4547,7 +4547,7 @@
"type": "library",
"bom-ref": "70-certifi",
"name": "certifi",
- "version": "2025.10.5",
+ "version": "2025.11.12",
"supplier": {
"name": "Kenneth Reitz",
"contact": [
@@ -4556,12 +4556,12 @@
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2025.10.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2025.11.12:*:*:*:*:*:*:*",
"description": "Python package for providing Mozilla's CA Bundle.",
"hashes": [
{
"alg": "SHA-256",
- "content": "0f212c2744a9bb6de0c56639a6f68afe01ecd92d91f14ae897c4fe7bbeeef0de"
+ "content": "97de8790030bbd5c2d96b7ec782fc2f7820ef8dba6db909ccf95449f2d062d4b"
}
],
"licenses": [
@@ -4580,7 +4580,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/certifi/2025.10.5/#files",
+ "url": "https://pypi.org/project/certifi/2025.11.12/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4589,11 +4589,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/certifi@2025.10.5",
+ "purl": "pkg:pypi/certifi@2025.11.12",
"properties": [
{
"name": "release_date",
- "value": "2025-10-05T04:12:14Z"
+ "value": "2025-11-12T02:54:49Z"
},
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index 38e6169d37..b2d238f354 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c37a6b38-02c7-4b17-a90d-c51629ac5075
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3cf9e13c-a1da-4f19-9ebd-5cb8dcc5e4c7
LicenseListVersion: 3.26
Creator: Tool: sbom4python-0.12.4
-Created: 2025-11-10T00:42:54Z
+Created: 2025-11-17T00:42:37Z
CreatorComment: SBOM Type: Build - This document has been automatically generated.
#####
@@ -1010,44 +1010,44 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.37.0:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-49-rpds-py
-PackageVersion: 0.28.0
+PackageVersion: 0.29.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.28.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.29.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA256: 7b6013db815417eeb56b2d9d7324e64fcd4fa289caeee6e7a78b2e11fc9b438a
+PackageChecksum: SHA256: 4ae4b88c6617e1b9e5038ab3fccd7bac0842fdda2b703117b2aa99bc85379113
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ReleaseDate: 2025-10-22T22:21:15Z
+ReleaseDate: 2025-11-16T14:47:36Z
ExternalRef: OTHER documentation https://rpds.readthedocs.io/
ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/
ExternalRef: OTHER other https://github.com/sponsors/Julian
ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link
ExternalRef: OTHER vcs https://github.com/crate-py/rpds
ExternalRef: OTHER other https://github.com/orium/rpds
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.28.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.28.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.29.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.29.0:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
SPDXID: SPDXRef-50-lib4sbom
-PackageVersion: 0.9.0
+PackageVersion: 0.9.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.9.0/#files
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.9.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4sbom
-PackageChecksum: SHA256: 78b8584d10fc7fa28fc3c17c0afcb2967f3c2b96974e4bdbb60b3eb3744d01fd
+PackageChecksum: SHA256: f2423d5e06a82f5462b05d0c5b9273d6e3674753ade9f5a0d4abdcf73f799117
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ReleaseDate: 2025-10-28T09:09:40Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.9.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.9.0:*:*:*:*:*:*:*
+ReleaseDate: 2025-11-13T20:07:13Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.9.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.9.1:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -1346,10 +1346,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.4.0:*:*:*:*:*:*:*
PackageName: narwhals
SPDXID: SPDXRef-65-narwhals
-PackageVersion: 2.10.2
+PackageVersion: 2.11.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Marco Gorelli (hello_narwhals@proton.me)
-PackageDownloadLocation: https://pypi.org/project/narwhals/2.10.2/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/2.11.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/narwhals-dev/narwhals
PackageLicenseDeclared: NOASSERTION
@@ -1361,8 +1361,8 @@ ReleaseDate: 2025-11-04T17:59:22Z
ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.10.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.10.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.11.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.11.0:*:*:*:*:*:*:*
#####
PackageName: python-gnupg
@@ -1451,21 +1451,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.5.0:*:*:*:*:*:
PackageName: certifi
SPDXID: SPDXRef-70-certifi
-PackageVersion: 2025.10.5
+PackageVersion: 2025.11.12
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2025.10.5/#files
+PackageDownloadLocation: https://pypi.org/project/certifi/2025.11.12/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/certifi/python-certifi
-PackageChecksum: SHA256: 0f212c2744a9bb6de0c56639a6f68afe01ecd92d91f14ae897c4fe7bbeeef0de
+PackageChecksum: SHA256: 97de8790030bbd5c2d96b7ec782fc2f7820ef8dba6db909ccf95449f2d062d4b
PackageLicenseDeclared: MPL-2.0
PackageLicenseConcluded: MPL-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python package for providing Mozilla's CA Bundle.
-ReleaseDate: 2025-10-05T04:12:14Z
+ReleaseDate: 2025-11-12T02:54:49Z
ExternalRef: OTHER vcs https://github.com/certifi/python-certifi
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2025.10.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2025.10.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2025.11.12
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2025.11.12:*:*:*:*:*:*:*
#####
PackageName: rpmfile