ossf
diff --git a/‎sbom/cve-bin-tool-py3.11.json‎
Lines changed: 49 additions & 37 deletions b/‎sbom/cve-bin-tool-py3.11.json‎
Lines changed: 49 additions & 37 deletions
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:0756c440-35f1-4087-a1d1-b2150d425fe2",
+  "serialNumber": "urn:uuid:9af242dd-4082-4aa8-816f-1bde08e5ec39",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-08-19T00:34:30Z",
+    "timestamp": "2024-08-26T00:33:39Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -31,7 +31,7 @@
       "type": "application",
       "bom-ref": "1-cve-bin-tool",
       "name": "cve-bin-tool",
-      "version": "3.3.1.dev0",
+      "version": "3.4rc0",
       "supplier": {
         "name": "Terri Oda",
         "contact": [
@@ -40,7 +40,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc0:*:*:*:*:*:*:*",
       "description": "CVE Binary Checker Tool",
       "licenses": [
         {
@@ -53,12 +53,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cve-bin-tool/3.3.1.dev0",
+          "url": "https://pypi.org/project/cve-bin-tool/3.4rc0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cve-bin-tool@3.3.1.dev0",
+      "purl": "pkg:pypi/cve-bin-tool@3.4rc0",
       "properties": [
         {
           "name": "language",
@@ -74,7 +74,7 @@
       "type": "library",
       "bom-ref": "2-aiohttp",
       "name": "aiohttp",
-      "version": "3.10.4",
+      "version": "3.10.5",
       "description": "Async http client/server framework (asyncio)",
       "licenses": [
         {
@@ -87,12 +87,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/aiohttp/3.10.4",
+          "url": "https://pypi.org/project/aiohttp/3.10.5",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].4",
+      "purl": "pkg:pypi/[email protected].5",
       "properties": [
         {
           "name": "language",
@@ -108,7 +108,7 @@
       "type": "library",
       "bom-ref": "3-aiohappyeyeballs",
       "name": "aiohappyeyeballs",
-      "version": "2.3.7",
+      "version": "2.4.0",
       "supplier": {
         "name": "J. Nick Koston",
         "contact": [
@@ -117,7 +117,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.7:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.0:*:*:*:*:*:*:*",
       "description": "Happy Eyeballs for asyncio",
       "licenses": [
         {
@@ -130,12 +130,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/aiohappyeyeballs/2.3.7",
+          "url": "https://pypi.org/project/aiohappyeyeballs/2.4.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/aiohappyeyeballs@2.3.7",
+      "purl": "pkg:pypi/aiohappyeyeballs@2.4.0",
       "properties": [
         {
           "name": "language",
@@ -356,7 +356,7 @@
       "type": "library",
       "bom-ref": "9-idna",
       "name": "idna",
-      "version": "3.7",
+      "version": "3.8",
       "supplier": {
         "name": "Kim Davies",
         "contact": [
@@ -365,22 +365,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:kim_davies:idna:3.8:*:*:*:*:*:*:*",
       "description": "Internationalized Domain Names in Applications (IDNA)",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"
-        }
-      ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/idna/3.7",
+          "url": "https://pypi.org/project/idna/3.8",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/idna@3.7",
+      "purl": "pkg:pypi/idna@3.8",
       "properties": [
         {
           "name": "language",
@@ -847,6 +841,12 @@
       },
       "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*",
       "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "7dfa0149811e5617fe1428f692a18ab8b8c31ddb"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -1301,7 +1301,7 @@
       "type": "library",
       "bom-ref": "30-pyparsing",
       "name": "pyparsing",
-      "version": "3.1.2",
+      "version": "3.1.4",
       "supplier": {
         "name": "Paul McGuire",
         "contact": [
@@ -1310,22 +1310,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:*:*:*",
       "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "7d4bda2743ebc04f68d2594bc4fffc70cd65848f"
-        }
-      ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/pyparsing/3.1.2",
+          "url": "https://pypi.org/project/pyparsing/3.1.4",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].2",
+      "purl": "pkg:pypi/[email protected].4",
       "properties": [
         {
           "name": "language",
@@ -1811,6 +1805,12 @@
       "name": "jinja2",
       "version": "3.1.4",
       "description": "A very fast and expressive template engine.",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "dd4a8b5466d8790540c181590b14db4d4d889d57"
+        }
+      ],
       "externalReferences": [
         {
           "url": "https://pypi.org/project/jinja2/3.1.4",
@@ -2560,6 +2560,12 @@
       },
       "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*",
       "description": "Retry code until it succeeds",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "a662bbb487cd6d34541824589f8e8c7a1f7791bb"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -2865,7 +2871,7 @@
       "type": "library",
       "bom-ref": "66-setuptools",
       "name": "setuptools",
-      "version": "72.2.0",
+      "version": "73.0.1",
       "supplier": {
         "name": "Python Packaging Authority",
         "contact": [
@@ -2874,16 +2880,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:72.2.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:73.0.1:*:*:*:*:*:*:*",
       "description": "Easily download, build, install, upgrade, and uninstall Python packages",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/setuptools/72.2.0",
+          "url": "https://pypi.org/project/setuptools/73.0.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/setuptools@72.2.0",
+      "purl": "pkg:pypi/setuptools@73.0.1",
       "properties": [
         {
           "name": "language",
@@ -2910,6 +2916,12 @@
       },
       "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.2:*:*:*:*:*:*:*",
       "description": "An XML Schema validator and decoder",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "90a7233292cfe5d877110fe369869996a3a25928"
+        }
+      ],
       "licenses": [
         {
           "license": {