diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
index 5085398b8f..ba22c24138 100644
--- a/sbom/cve-bin-tool-py3.8.json
+++ b/sbom/cve-bin-tool-py3.8.json
@@ -1,11 +1,11 @@
{
- "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
+ "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
- "serialNumber": "urn:uuidd6f17b21-d3b2-4528-bee5-76e137998772",
+ "serialNumber": "urn:uuid:5494b51c-654f-4bea-8b3e-c966161195f8",
"version": 1,
"metadata": {
- "timestamp": "2023-08-07T01:01:03Z",
+ "timestamp": "2023-08-14T00:47:27Z",
"tools": {
"components": [
{
@@ -144,7 +144,7 @@
"type": "library",
"bom-ref": "5-async-timeout",
"name": "async-timeout",
- "version": "4.0.2",
+ "version": "4.0.3",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -153,7 +153,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*",
"description": "Timeout context manager for asyncio programs",
"licenses": [
{
@@ -165,12 +165,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/async-timeout/4.0.2",
+ "url": "https://pypi.org/project/async-timeout/4.0.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/async-timeout@4.0.2",
+ "purl": "pkg:pypi/async-timeout@4.0.3",
"properties": [
{
"name": "License Comments",
@@ -1412,7 +1412,7 @@
"type": "library",
"bom-ref": "43-importlib-resources",
"name": "importlib-resources",
- "version": "6.0.0",
+ "version": "6.0.1",
"supplier": {
"name": "Barry Warsaw",
"contact": [
@@ -1421,16 +1421,16 @@
}
]
},
- "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.0.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.0.1:*:*:*:*:*:*:*",
"description": "Read resources from Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/importlib-resources/6.0.0",
+ "url": "https://pypi.org/project/importlib-resources/6.0.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/importlib-resources@6.0.0"
+ "purl": "pkg:pypi/importlib-resources@6.0.1"
},
{
"type": "library",
@@ -1491,11 +1491,11 @@
"type": "library",
"bom-ref": "46-jsonschema",
"name": "jsonschema",
- "version": "4.18.6",
+ "version": "4.19.0",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.19.0:*:*:*:*:*:*:*",
"description": "An implementation of JSON Schema validation for Python",
"licenses": [
{
@@ -1507,12 +1507,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/jsonschema/4.18.6",
+ "url": "https://pypi.org/project/jsonschema/4.19.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/jsonschema@4.18.6"
+ "purl": "pkg:pypi/jsonschema@4.19.0"
},
{
"type": "library",
@@ -1623,7 +1623,7 @@
"type": "library",
"bom-ref": "51-lib4sbom",
"name": "lib4sbom",
- "version": "0.4.1",
+ "version": "0.4.2",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -1632,7 +1632,7 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.2:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"licenses": [
{
@@ -1644,12 +1644,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/lib4sbom/0.4.1",
+ "url": "https://pypi.org/project/lib4sbom/0.4.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.4.1"
+ "purl": "pkg:pypi/lib4sbom@0.4.2"
},
{
"type": "library",
@@ -1762,7 +1762,7 @@
"type": "library",
"bom-ref": "55-plotly",
"name": "plotly",
- "version": "5.15.0",
+ "version": "5.16.0",
"supplier": {
"name": "Chris P",
"contact": [
@@ -1771,7 +1771,7 @@
}
]
},
- "cpe": "cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:chris_p:plotly:5.16.0:*:*:*:*:*:*:*",
"description": "An open-source, interactive data visualization library for Python",
"licenses": [
{
@@ -1783,12 +1783,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/plotly/5.15.0",
+ "url": "https://pypi.org/project/plotly/5.16.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/plotly@5.15.0"
+ "purl": "pkg:pypi/plotly@5.16.0"
},
{
"type": "library",
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
index fcf4e43cdb..dfe85b753b 100644
--- a/sbom/cve-bin-tool-py3.8.spdx
+++ b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4ebe989f-e3b4-43e2-996a-aee6d2303adf
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-76631d85-9eda-4a51-89e0-a11e820155ca
LicenseListVersion: 3.21
Creator: Tool: sbom4python-0.10.0
-Created: 2023-08-07T00:59:13Z
+Created: 2023-08-14T00:45:31Z
CreatorComment: This document has been automatically generated.
#####
@@ -70,18 +70,18 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.4.0
PackageName: async-timeout
SPDXID: SPDXRef-Package-5-async-timeout
-PackageVersion: 4.0.2
+PackageVersion: 4.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.2
+PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Timeout context manager for asyncio programs
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/async-timeout@4.0.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/async-timeout@4.0.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*
#####
PackageName: attrs
@@ -659,17 +659,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.16.2:*:*:*:*:*:
PackageName: importlib-resources
SPDXID: SPDXRef-Package-43-importlib-resources
-PackageVersion: 6.0.0
+PackageVersion: 6.0.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Barry Warsaw (barry@python.org)
-PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.0.0
+PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.0.1
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Read resources from Python packages
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-resources@6.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-resources@6.0.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.0.1:*:*:*:*:*:*:*
#####
PackageName: jinja2
@@ -703,17 +703,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3
PackageName: jsonschema
SPDXID: SPDXRef-Package-46-jsonschema
-PackageVersion: 4.18.6
+PackageVersion: 4.19.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.6
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.19.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.19.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.19.0:*:*:*:*:*:*:*
#####
PackageName: jsonschema-specifications
@@ -778,17 +778,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.1
PackageName: lib4sbom
SPDXID: SPDXRef-Package-51-lib4sbom
-PackageVersion: 0.4.1
+PackageVersion: 0.4.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.1
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.2
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.2:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -840,17 +840,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut
PackageName: plotly
SPDXID: SPDXRef-Package-55-plotly
-PackageVersion: 5.15.0
+PackageVersion: 5.16.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/5.15.0
+PackageDownloadLocation: https://pypi.org/project/plotly/5.16.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source, interactive data visualization library for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.15.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.16.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.16.0:*:*:*:*:*:*:*
#####
PackageName: tenacity