diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index b2e2c0e308..8380cdb5c8 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -1,11 +1,11 @@
{
- "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
"bomFormat": "CycloneDX",
- "specVersion": "1.6",
- "serialNumber": "urn:uuid:0fa43716-8c8f-48a5-9055-05a17bd14ee1",
+ "specVersion": "1.7",
+ "serialNumber": "urn:uuid:7bb811f5-d63f-44b6-878c-8a666158e40e",
"version": 1,
"metadata": {
- "timestamp": "2025-10-13T00:40:50Z",
+ "timestamp": "2025-11-03T00:42:18Z",
"lifecycles": [
{
"phase": "build"
@@ -24,6 +24,9 @@
"type": "application",
"bom-ref": "CDXRef-DOCUMENT",
"name": "Python-cve-bin-tool"
+ },
+ "distributionConstraints": {
+ "tlp": "CLEAR"
}
},
"components": [
@@ -79,12 +82,12 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.13.0",
+ "version": "3.13.2",
"description": "Async http client/server framework (asyncio)",
"hashes": [
{
"alg": "SHA-256",
- "content": "ca69ec38adf5cadcc21d0b25e2144f6a25b7db7bea7e730bac25075bc305eff0"
+ "content": "2372b15a5f62ed37789a6b383ff7344fc5b9f243999b0cd9b629d8bc5f5b4155"
}
],
"licenses": [
@@ -100,7 +103,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.13.0/#files",
+ "url": "https://pypi.org/project/aiohttp/3.13.2/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -137,11 +140,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/aiohttp@3.13.0",
+ "purl": "pkg:pypi/aiohttp@3.13.2",
"properties": [
{
"name": "release_date",
- "value": "2025-10-06T19:54:40Z"
+ "value": "2025-10-28T20:55:27Z"
},
{
"name": "language",
@@ -305,6 +308,12 @@
"name": "frozenlist",
"version": "1.8.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "b37f6d31b3dcea7deb5e9696e529a6aa4a898adc33db82da12e4c60a7c4d2011"
+ }
+ ],
"licenses": [
{
"license": {
@@ -366,7 +375,7 @@
"properties": [
{
"name": "release_date",
- "value": "2025-07-03T22:54:42Z"
+ "value": "2025-10-06T05:35:23Z"
},
{
"name": "language",
@@ -894,6 +903,12 @@
},
"cpe": "cpe:2.3:a:kim_davies:idna:3.11:*:*:*:*:*:*:*",
"description": "Internationalized Domain Names in Applications (IDNA)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "771a87f49d9defaf64091e6e6fe9c18d4833f140bd19464795bc32d966ca37ea"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/idna/3.11/#files",
@@ -917,7 +932,7 @@
"properties": [
{
"name": "release_date",
- "value": "2025-10-06T14:08:42Z"
+ "value": "2025-10-12T14:55:18Z"
},
{
"name": "language",
@@ -1383,7 +1398,7 @@
"type": "library",
"bom-ref": "20-argcomplete",
"name": "argcomplete",
- "version": "3.6.2",
+ "version": "3.6.3",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
@@ -1392,12 +1407,12 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.6.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.6.3:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
"hashes": [
{
"alg": "SHA-256",
- "content": "65b3133a29ad53fb42c48cf5114752c7ab66c1c38544fdf6460f450c09b42591"
+ "content": "f5007b3a600ccac5d25bbce33089211dfd49eab4a7718da3f10e3082525a92ce"
}
],
"licenses": [
@@ -1416,7 +1431,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/argcomplete/3.6.2/#files",
+ "url": "https://pypi.org/project/argcomplete/3.6.3/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -1437,11 +1452,11 @@
"type": "log"
}
],
- "purl": "pkg:pypi/argcomplete@3.6.2",
+ "purl": "pkg:pypi/argcomplete@3.6.3",
"properties": [
{
"name": "release_date",
- "value": "2025-04-03T04:57:01Z"
+ "value": "2025-10-20T03:33:33Z"
},
{
"name": "language",
@@ -2680,7 +2695,7 @@
"type": "library",
"bom-ref": "41-google-auth-httplib2",
"name": "google-auth-httplib2",
- "version": "0.2.0",
+ "version": "0.2.1",
"supplier": {
"name": "Google Cloud Platform",
"contact": [
@@ -2689,12 +2704,12 @@
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.1:*:*:*:*:*:*:*",
"description": "Google Authentication Library: httplib2 transport",
"hashes": [
{
"alg": "SHA-256",
- "content": "b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d"
+ "content": "1be94c611db91c01f9703e7f62b0a59bbd5587a95571c7b6fade510d648bc08b"
}
],
"licenses": [
@@ -2713,16 +2728,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files",
+ "url": "https://pypi.org/project/google-auth-httplib2/0.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
+ "purl": "pkg:pypi/google-auth-httplib2@0.2.1",
"properties": [
{
"name": "release_date",
- "value": "2023-12-12T17:40:13Z"
+ "value": "2025-10-30T21:13:15Z"
},
{
"name": "language",
@@ -3386,7 +3401,7 @@
"type": "library",
"bom-ref": "52-lib4sbom",
"name": "lib4sbom",
- "version": "0.8.8",
+ "version": "0.9.0",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -3395,12 +3410,12 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.8:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.9.0:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"hashes": [
{
"alg": "SHA-256",
- "content": "c8622549fddd568ac473e085be8d08d8eeb3338bd813612f50da189645cdaccf"
+ "content": "78b8584d10fc7fa28fc3c17c0afcb2967f3c2b96974e4bdbb60b3eb3744d01fd"
}
],
"licenses": [
@@ -3419,16 +3434,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/lib4sbom/0.8.8/#files",
+ "url": "https://pypi.org/project/lib4sbom/0.9.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.8.8",
+ "purl": "pkg:pypi/lib4sbom@0.9.0",
"properties": [
{
"name": "release_date",
- "value": "2025-08-29T17:06:49Z"
+ "value": "2025-10-28T09:09:40Z"
},
{
"name": "language",
@@ -3646,7 +3661,7 @@
"type": "library",
"bom-ref": "56-xmlschema",
"name": "xmlschema",
- "version": "4.1.0",
+ "version": "4.2.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3655,12 +3670,12 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:4.1.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:4.2.0:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"hashes": [
{
"alg": "SHA-256",
- "content": "eabf610f398a58700bc4ac94380ad9ce558297a3f9ca8b7722ed3f7888eb4498"
+ "content": "82d24a50eea5e7f2d603312813848cd66fddf8fa2b6730839c6aa3d66312e3b6"
}
],
"externalReferences": [
@@ -3670,16 +3685,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/xmlschema/4.1.0/#files",
+ "url": "https://pypi.org/project/xmlschema/4.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@4.1.0",
+ "purl": "pkg:pypi/xmlschema@4.2.0",
"properties": [
{
"name": "release_date",
- "value": "2025-06-05T21:17:35Z"
+ "value": "2025-10-14T09:19:28Z"
},
{
"name": "language",
@@ -4304,7 +4319,7 @@
"type": "library",
"bom-ref": "67-narwhals",
"name": "narwhals",
- "version": "2.7.0",
+ "version": "2.10.1",
"supplier": {
"name": "Marco Gorelli",
"contact": [
@@ -4313,7 +4328,7 @@
}
]
},
- "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.7.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.10.1:*:*:*:*:*:*:*",
"description": "Extremely lightweight compatibility layer between dataframe libraries",
"licenses": [
{
@@ -4331,7 +4346,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/narwhals/2.7.0/#files",
+ "url": "https://pypi.org/project/narwhals/2.10.1/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4348,7 +4363,7 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/narwhals@2.7.0",
+ "purl": "pkg:pypi/narwhals@2.10.1",
"properties": [
{
"name": "release_date",
@@ -4512,7 +4527,7 @@
"type": "library",
"bom-ref": "70-charset-normalizer",
"name": "charset-normalizer",
- "version": "3.4.3",
+ "version": "3.4.4",
"supplier": {
"name": "Ahmed R .",
"contact": [
@@ -4521,12 +4536,12 @@
}
]
},
- "cpe": "cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.4:*:*:*:*:*:*:*",
"description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
"hashes": [
{
"alg": "SHA-256",
- "content": "fb7f67a1bfa6e40b438170ebdc8158b78dc465a5a67b6dde178a46987b244a72"
+ "content": "e824f1492727fa856dd6eda4f7cee25f8518a12f3c4a56a74e8095695089cf6d"
}
],
"licenses": [
@@ -4540,7 +4555,7 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/charset-normalizer/3.4.3/#files",
+ "url": "https://pypi.org/project/charset-normalizer/3.4.4/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4561,11 +4576,11 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/charset-normalizer@3.4.3",
+ "purl": "pkg:pypi/charset-normalizer@3.4.4",
"properties": [
{
"name": "release_date",
- "value": "2025-08-09T07:55:36Z"
+ "value": "2025-10-14T04:40:11Z"
},
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index 8210992811..7158abe54d 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-389e7e0c-72a5-4fd1-81e1-a7100edeee49
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-5d7ae6bf-8b6f-42af-8eef-dbd6cc6e3fc6
LicenseListVersion: 3.26
Creator: Tool: sbom4python-0.12.4
-Created: 2025-10-13T00:40:32Z
+Created: 2025-11-03T00:42:03Z
CreatorComment: SBOM Type: Build - This document has been automatically generated.
#####
@@ -27,18 +27,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4.1:*:*:*:*:*
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.13.0
+PackageVersion: 3.13.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.13.0/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.13.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageChecksum: SHA256: ca69ec38adf5cadcc21d0b25e2144f6a25b7db7bea7e730bac25075bc305eff0
+PackageChecksum: SHA256: 2372b15a5f62ed37789a6b383ff7344fc5b9f243999b0cd9b629d8bc5f5b4155
PackageLicenseDeclared: Apache-2.0 AND MIT
PackageLicenseConcluded: Apache-2.0 AND MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ReleaseDate: 2025-10-06T19:54:40Z
+ReleaseDate: 2025-10-28T20:55:27Z
ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI
@@ -47,7 +47,7 @@ ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html
ExternalRef: OTHER other https://docs.aiohttp.org
ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues
ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.13.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.13.2
#####
PackageName: aiohappyeyeballs
@@ -103,11 +103,12 @@ PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/frozenlist/1.8.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
+PackageChecksum: SHA256: b37f6d31b3dcea7deb5e9696e529a6aa4a898adc33db82da12e4c60a7c4d2011
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
-ReleaseDate: 2025-07-03T22:54:42Z
+ReleaseDate: 2025-10-06T05:35:23Z
ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions
@@ -278,11 +279,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
PackageDownloadLocation: https://pypi.org/project/idna/3.11/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: 771a87f49d9defaf64091e6e6fe9c18d4833f140bd19464795bc32d966ca37ea
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Internationalized Domain Names in Applications (IDNA)
-ReleaseDate: 2025-10-06T14:08:42Z
+ReleaseDate: 2025-10-12T14:55:18Z
ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst
ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues
ExternalRef: OTHER vcs https://github.com/kjd/idna
@@ -429,25 +431,25 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.35:*:*:*:*:*:*:*
PackageName: argcomplete
SPDXID: SPDXRef-20-argcomplete
-PackageVersion: 3.6.2
+PackageVersion: 3.6.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.6.2/#files
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.6.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/kislyuk/argcomplete
-PackageChecksum: SHA256: 65b3133a29ad53fb42c48cf5114752c7ab66c1c38544fdf6460f450c09b42591
+PackageChecksum: SHA256: f5007b3a600ccac5d25bbce33089211dfd49eab4a7718da3f10e3082525a92ce
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ReleaseDate: 2025-04-03T04:57:01Z
+ReleaseDate: 2025-10-20T03:33:33Z
ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete
ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete
ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues
ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.6.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.6.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.6.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.6.3:*:*:*:*:*:*:*
#####
PackageName: crcmod
@@ -837,21 +839,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.2:*:*:*:*
PackageName: google-auth-httplib2
SPDXID: SPDXRef-41-google-auth-httplib2
-PackageVersion: 0.2.0
+PackageVersion: 0.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2
-PackageChecksum: SHA256: b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d
+PackageChecksum: SHA256: 1be94c611db91c01f9703e7f62b0a59bbd5587a95571c7b6fade510d648bc08b
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Google Authentication Library: httplib2 transport
-ReleaseDate: 2023-12-12T17:40:13Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
+ReleaseDate: 2025-10-30T21:13:15Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth-httplib2@0.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.1:*:*:*:*:*:*:*
#####
PackageName: google-apitools
@@ -1069,20 +1071,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.27.1:*:*:*:*:*
PackageName: lib4sbom
SPDXID: SPDXRef-52-lib4sbom
-PackageVersion: 0.8.8
+PackageVersion: 0.9.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.8/#files
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.9.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4sbom
-PackageChecksum: SHA256: c8622549fddd568ac473e085be8d08d8eeb3338bd813612f50da189645cdaccf
+PackageChecksum: SHA256: 78b8584d10fc7fa28fc3c17c0afcb2967f3c2b96974e4bdbb60b3eb3744d01fd
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ReleaseDate: 2025-08-29T17:06:49Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.8.8
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.8:*:*:*:*:*:*:*
+ReleaseDate: 2025-10-28T09:09:40Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.9.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.9.0:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -1148,20 +1150,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:michal_horejsek:fastjsonschema:2.21.2:
PackageName: xmlschema
SPDXID: SPDXRef-56-xmlschema
-PackageVersion: 4.1.0
+PackageVersion: 4.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/4.1.0/#files
+PackageDownloadLocation: https://pypi.org/project/xmlschema/4.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
-PackageChecksum: SHA256: eabf610f398a58700bc4ac94380ad9ce558297a3f9ca8b7722ed3f7888eb4498
+PackageChecksum: SHA256: 82d24a50eea5e7f2d603312813848cd66fddf8fa2b6730839c6aa3d66312e3b6
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ReleaseDate: 2025-06-05T21:17:35Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@4.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:4.1.0:*:*:*:*:*:*:*
+ReleaseDate: 2025-10-14T09:19:28Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@4.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:4.2.0:*:*:*:*:*:*:*
#####
PackageName: elementpath
@@ -1381,10 +1383,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.3.1:*:*:*:*:*:*:*
PackageName: narwhals
SPDXID: SPDXRef-67-narwhals
-PackageVersion: 2.7.0
+PackageVersion: 2.10.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Marco Gorelli (hello_narwhals@proton.me)
-PackageDownloadLocation: https://pypi.org/project/narwhals/2.7.0/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/2.10.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/narwhals-dev/narwhals
PackageLicenseDeclared: NOASSERTION
@@ -1396,8 +1398,8 @@ ReleaseDate: 2025-10-02T16:10:22Z
ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.7.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.7.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.10.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.10.1:*:*:*:*:*:*:*
#####
PackageName: python-gnupg
@@ -1444,23 +1446,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.5:*:*:*:*:
PackageName: charset-normalizer
SPDXID: SPDXRef-70-charset-normalizer
-PackageVersion: 3.4.3
+PackageVersion: 3.4.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Ahmed R. (tahri.ahmed@proton.me)
-PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.3/#files
+PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.4/#files
FilesAnalyzed: false
-PackageChecksum: SHA256: fb7f67a1bfa6e40b438170ebdc8158b78dc465a5a67b6dde178a46987b244a72
+PackageChecksum: SHA256: e824f1492727fa856dd6eda4f7cee25f8518a12f3c4a56a74e8095695089cf6d
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
-ReleaseDate: 2025-08-09T07:55:36Z
+ReleaseDate: 2025-10-14T04:40:11Z
ExternalRef: OTHER log https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md
ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/
ExternalRef: OTHER vcs https://github.com/jawah/charset_normalizer
ExternalRef: OTHER issue-tracker https://github.com/jawah/charset_normalizer/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.4.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.4.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.4:*:*:*:*:*:*:*
#####
PackageName: urllib3