diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
index 803eb8e75a..6614ae38c8 100644
--- a/sbom/cve-bin-tool-py3.11.json
+++ b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:5ab92791-f41f-4b08-b4c4-db025c92b5b9",
+ "serialNumber": "urn:uuid:7f60e444-3679-43d3-abd4-a32013541228",
"version": 1,
"metadata": {
- "timestamp": "2025-08-04T00:53:01Z",
+ "timestamp": "2025-08-11T00:45:03Z",
"lifecycles": [
{
"phase": "build"
@@ -1004,7 +1004,7 @@
"type": "library",
"bom-ref": "14-cvss",
"name": "cvss",
- "version": "3.4",
+ "version": "3.6",
"supplier": {
"name": "Stanislav Red Hat Product Security",
"contact": [
@@ -1013,12 +1013,12 @@
}
]
},
- "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.4:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.6:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
"hashes": [
{
"alg": "SHA-256",
- "content": "d9950613758e60820f7fac37ca5f35158712f8f2ea4f6629858a60c4984fe4ef"
+ "content": "e342c6ad9c7eb69d2aebbbc2768a03cabd57eb947c806e145de5b936219833ea"
}
],
"licenses": [
@@ -1037,7 +1037,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cvss/3.4/#files",
+ "url": "https://pypi.org/project/cvss/3.6/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -1058,11 +1058,11 @@
"type": "build-system"
}
],
- "purl": "pkg:pypi/cvss@3.4",
+ "purl": "pkg:pypi/cvss@3.6",
"properties": [
{
"name": "release_date",
- "value": "2025-02-11T17:28:21Z"
+ "value": "2025-08-04T10:50:12Z"
},
{
"name": "language",
@@ -3192,7 +3192,7 @@
"type": "library",
"bom-ref": "48-rpds-py",
"name": "rpds-py",
- "version": "0.26.0",
+ "version": "0.27.0",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -3201,21 +3201,12 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.26.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.27.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"hashes": [
{
"alg": "SHA-256",
- "content": "4c70c70f9169692b36307a95f3d8c0a9fcd79f7b4a383aad5eaa0e9718b79b37"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/license/mit/",
- "acknowledgement": "concluded"
- }
+ "content": "130c1ffa5039a333f5926b09e346ab335f0d4ec393b030a18549a7c7e7c2cea4"
}
],
"externalReferences": [
@@ -3225,7 +3216,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.26.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.27.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -3254,11 +3245,11 @@
"type": "other"
}
],
- "purl": "pkg:pypi/rpds-py@0.26.0",
+ "purl": "pkg:pypi/rpds-py@0.27.0",
"properties": [
{
"name": "release_date",
- "value": "2025-07-01T15:53:40Z"
+ "value": "2025-08-07T08:23:06Z"
},
{
"name": "language",
@@ -3686,16 +3677,16 @@
"type": "library",
"bom-ref": "56-packageurl-python",
"name": "packageurl-python",
- "version": "0.17.3",
+ "version": "0.17.5",
"supplier": {
"name": "the purl authors"
},
- "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.17.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.17.5:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
"hashes": [
{
"alg": "SHA-256",
- "content": "f51b5aab570159f07258c8e998e9972ff3bf060da16b7334a42bd9f9737777d9"
+ "content": "f0e55452ab37b5c192c443de1458e3f3b4d8ac27f747df6e8c48adeab081d321"
}
],
"licenses": [
@@ -3714,16 +3705,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/packageurl-python/0.17.3/#files",
+ "url": "https://pypi.org/project/packageurl-python/0.17.5/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packageurl-python@0.17.3",
+ "purl": "pkg:pypi/packageurl-python@0.17.5",
"properties": [
{
"name": "release_date",
- "value": "2025-08-01T03:24:33Z"
+ "value": "2025-08-06T14:08:19Z"
},
{
"name": "language",
@@ -4204,7 +4195,7 @@
"type": "library",
"bom-ref": "64-python-gnupg",
"name": "python-gnupg",
- "version": "0.5.4",
+ "version": "0.5.5",
"supplier": {
"name": "Vinay Sajip",
"contact": [
@@ -4213,12 +4204,12 @@
}
]
},
- "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.4:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.5:*:*:*:*:*:*:*",
"description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
"hashes": [
{
"alg": "SHA-256",
- "content": "40ce25cde9df29af91fe931ce9df3ce544e14a37f62b13ca878c897217b2de6c"
+ "content": "51fa7b8831ff0914bc73d74c59b99c613de7247b91294323c39733bb85ac3fc1"
}
],
"licenses": [
@@ -4237,7 +4228,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/python-gnupg/0.5.4/#files",
+ "url": "https://pypi.org/project/python-gnupg/0.5.5/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4254,11 +4245,11 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/python-gnupg@0.5.4",
+ "purl": "pkg:pypi/python-gnupg@0.5.5",
"properties": [
{
"name": "release_date",
- "value": "2025-01-07T11:58:32Z"
+ "value": "2025-08-04T19:26:54Z"
},
{
"name": "language",
@@ -4344,7 +4335,7 @@
"type": "library",
"bom-ref": "66-charset-normalizer",
"name": "charset-normalizer",
- "version": "3.4.2",
+ "version": "3.4.3",
"supplier": {
"name": "Ahmed R .",
"contact": [
@@ -4353,12 +4344,12 @@
}
]
},
- "cpe": "cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.3:*:*:*:*:*:*:*",
"description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
"hashes": [
{
"alg": "SHA-256",
- "content": "7c48ed483eb946e6c04ccbe02c6b4d1d48e51944b6db70f697e089c193404941"
+ "content": "fb7f67a1bfa6e40b438170ebdc8158b78dc465a5a67b6dde178a46987b244a72"
}
],
"licenses": [
@@ -4372,7 +4363,7 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/charset-normalizer/3.4.2/#files",
+ "url": "https://pypi.org/project/charset-normalizer/3.4.3/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4393,11 +4384,11 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/charset-normalizer@3.4.2",
+ "purl": "pkg:pypi/charset-normalizer@3.4.3",
"properties": [
{
"name": "release_date",
- "value": "2025-05-02T08:31:46Z"
+ "value": "2025-08-09T07:55:36Z"
},
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
index 3a5f1cd800..970ecea1af 100644
--- a/sbom/cve-bin-tool-py3.11.spdx
+++ b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7c378e2d-f181-4971-b509-6b6e5d0f3d1a
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-1f900ec0-2ac0-41f7-a63d-8cea4dc39cf9
LicenseListVersion: 3.26
Creator: Tool: sbom4python-0.12.4
-Created: 2025-08-04T00:52:52Z
+Created: 2025-08-11T00:44:54Z
CreatorComment: SBOM Type: Build - This document has been automatically generated.
#####
@@ -310,25 +310,25 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.7:*:*:*:*:*:*:*
PackageName: cvss
SPDXID: SPDXRef-14-cvss
-PackageVersion: 3.4
+PackageVersion: 3.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
-PackageDownloadLocation: https://pypi.org/project/cvss/3.4/#files
+PackageDownloadLocation: https://pypi.org/project/cvss/3.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
-PackageChecksum: SHA256: d9950613758e60820f7fac37ca5f35158712f8f2ea4f6629858a60c4984fe4ef
+PackageChecksum: SHA256: e342c6ad9c7eb69d2aebbbc2768a03cabd57eb947c806e145de5b936219833ea
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
-ReleaseDate: 2025-02-11T17:28:21Z
+ReleaseDate: 2025-08-04T10:50:12Z
ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases
ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss
ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues
ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@3.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@3.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.6:*:*:*:*:*:*:*
#####
PackageName: defusedxml
@@ -1018,26 +1018,26 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.36.2:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-48-rpds-py
-PackageVersion: 0.26.0
+PackageVersion: 0.27.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.26.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.27.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA256: 4c70c70f9169692b36307a95f3d8c0a9fcd79f7b4a383aad5eaa0e9718b79b37
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageChecksum: SHA256: 130c1ffa5039a333f5926b09e346ab335f0d4ec393b030a18549a7c7e7c2cea4
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ReleaseDate: 2025-07-01T15:53:40Z
+ReleaseDate: 2025-08-07T08:23:06Z
ExternalRef: OTHER documentation https://rpds.readthedocs.io/
ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/
ExternalRef: OTHER other https://github.com/sponsors/Julian
ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link
ExternalRef: OTHER vcs https://github.com/crate-py/rpds
ExternalRef: OTHER other https://github.com/orium/rpds
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.26.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.26.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.27.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.27.0:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
@@ -1174,20 +1174,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*
PackageName: packageurl-python
SPDXID: SPDXRef-56-packageurl-python
-PackageVersion: 0.17.3
+PackageVersion: 0.17.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.17.3/#files
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.17.5/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
-PackageChecksum: SHA256: f51b5aab570159f07258c8e998e9972ff3bf060da16b7334a42bd9f9737777d9
+PackageChecksum: SHA256: f0e55452ab37b5c192c443de1458e3f3b4d8ac27f747df6e8c48adeab081d321
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
-ReleaseDate: 2025-08-01T03:24:33Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.17.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.17.3:*:*:*:*:*:*:*
+ReleaseDate: 2025-08-06T14:08:19Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.17.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.17.5:*:*:*:*:*:*:*
#####
PackageName: rich
@@ -1357,24 +1357,24 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.0.1:*:*:*:*:*
PackageName: python-gnupg
SPDXID: SPDXRef-64-python-gnupg
-PackageVersion: 0.5.4
+PackageVersion: 0.5.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
-PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.4/#files
+PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.5/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/vsajip/python-gnupg
-PackageChecksum: SHA256: 40ce25cde9df29af91fe931ce9df3ce544e14a37f62b13ca878c897217b2de6c
+PackageChecksum: SHA256: 51fa7b8831ff0914bc73d74c59b99c613de7247b91294323c39733bb85ac3fc1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
-ReleaseDate: 2025-01-07T11:58:32Z
+ReleaseDate: 2025-08-04T19:26:54Z
ExternalRef: OTHER documentation https://gnupg.readthedocs.io/
ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg
ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.5:*:*:*:*:*:*:*
#####
PackageName: requests
@@ -1399,23 +1399,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.4:*:*:*:*:
PackageName: charset-normalizer
SPDXID: SPDXRef-66-charset-normalizer
-PackageVersion: 3.4.2
+PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Ahmed R. (tahri.ahmed@proton.me)
-PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.2/#files
+PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.3/#files
FilesAnalyzed: false
-PackageChecksum: SHA256: 7c48ed483eb946e6c04ccbe02c6b4d1d48e51944b6db70f697e089c193404941
+PackageChecksum: SHA256: fb7f67a1bfa6e40b438170ebdc8158b78dc465a5a67b6dde178a46987b244a72
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
-ReleaseDate: 2025-05-02T08:31:46Z
+ReleaseDate: 2025-08-09T07:55:36Z
ExternalRef: OTHER log https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md
ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/
ExternalRef: OTHER vcs https://github.com/jawah/charset_normalizer
ExternalRef: OTHER issue-tracker https://github.com/jawah/charset_normalizer/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.4.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.3:*:*:*:*:*:*:*
#####
PackageName: urllib3