diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
index daa16f3049..ee98611c58 100644
--- a/sbom/cve-bin-tool-py3.11.json
+++ b/sbom/cve-bin-tool-py3.11.json
@@ -1,11 +1,11 @@
{
- "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
"bomFormat": "CycloneDX",
- "specVersion": "1.6",
- "serialNumber": "urn:uuid:47e6a14f-10a8-4eb7-966a-331648defc49",
+ "specVersion": "1.7",
+ "serialNumber": "urn:uuid:7028081c-321c-4f41-83d9-e4fb54855c7b",
"version": 1,
"metadata": {
- "timestamp": "2025-10-13T00:40:50Z",
+ "timestamp": "2025-11-03T00:42:32Z",
"lifecycles": [
{
"phase": "build"
@@ -24,6 +24,9 @@
"type": "application",
"bom-ref": "CDXRef-DOCUMENT",
"name": "Python-cve-bin-tool"
+ },
+ "distributionConstraints": {
+ "tlp": "CLEAR"
}
},
"components": [
@@ -79,12 +82,12 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.13.0",
+ "version": "3.13.2",
"description": "Async http client/server framework (asyncio)",
"hashes": [
{
"alg": "SHA-256",
- "content": "ca69ec38adf5cadcc21d0b25e2144f6a25b7db7bea7e730bac25075bc305eff0"
+ "content": "2372b15a5f62ed37789a6b383ff7344fc5b9f243999b0cd9b629d8bc5f5b4155"
}
],
"licenses": [
@@ -100,7 +103,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.13.0/#files",
+ "url": "https://pypi.org/project/aiohttp/3.13.2/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -137,11 +140,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/aiohttp@3.13.0",
+ "purl": "pkg:pypi/aiohttp@3.13.2",
"properties": [
{
"name": "release_date",
- "value": "2025-10-06T19:54:40Z"
+ "value": "2025-10-28T20:55:27Z"
},
{
"name": "language",
@@ -305,6 +308,12 @@
"name": "frozenlist",
"version": "1.8.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "b37f6d31b3dcea7deb5e9696e529a6aa4a898adc33db82da12e4c60a7c4d2011"
+ }
+ ],
"licenses": [
{
"license": {
@@ -366,7 +375,7 @@
"properties": [
{
"name": "release_date",
- "value": "2025-07-03T22:54:42Z"
+ "value": "2025-10-06T05:35:23Z"
},
{
"name": "language",
@@ -812,6 +821,12 @@
},
"cpe": "cpe:2.3:a:kim_davies:idna:3.11:*:*:*:*:*:*:*",
"description": "Internationalized Domain Names in Applications (IDNA)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "771a87f49d9defaf64091e6e6fe9c18d4833f140bd19464795bc32d966ca37ea"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/idna/3.11/#files",
@@ -835,7 +850,7 @@
"properties": [
{
"name": "release_date",
- "value": "2025-10-06T14:08:42Z"
+ "value": "2025-10-12T14:55:18Z"
},
{
"name": "language",
@@ -1301,7 +1316,7 @@
"type": "library",
"bom-ref": "19-argcomplete",
"name": "argcomplete",
- "version": "3.6.2",
+ "version": "3.6.3",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
@@ -1310,12 +1325,12 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.6.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.6.3:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
"hashes": [
{
"alg": "SHA-256",
- "content": "65b3133a29ad53fb42c48cf5114752c7ab66c1c38544fdf6460f450c09b42591"
+ "content": "f5007b3a600ccac5d25bbce33089211dfd49eab4a7718da3f10e3082525a92ce"
}
],
"licenses": [
@@ -1334,7 +1349,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/argcomplete/3.6.2/#files",
+ "url": "https://pypi.org/project/argcomplete/3.6.3/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -1355,11 +1370,11 @@
"type": "log"
}
],
- "purl": "pkg:pypi/argcomplete@3.6.2",
+ "purl": "pkg:pypi/argcomplete@3.6.3",
"properties": [
{
"name": "release_date",
- "value": "2025-04-03T04:57:01Z"
+ "value": "2025-10-20T03:33:33Z"
},
{
"name": "language",
@@ -2598,7 +2613,7 @@
"type": "library",
"bom-ref": "40-google-auth-httplib2",
"name": "google-auth-httplib2",
- "version": "0.2.0",
+ "version": "0.2.1",
"supplier": {
"name": "Google Cloud Platform",
"contact": [
@@ -2607,12 +2622,12 @@
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.1:*:*:*:*:*:*:*",
"description": "Google Authentication Library: httplib2 transport",
"hashes": [
{
"alg": "SHA-256",
- "content": "b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d"
+ "content": "1be94c611db91c01f9703e7f62b0a59bbd5587a95571c7b6fade510d648bc08b"
}
],
"licenses": [
@@ -2631,16 +2646,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files",
+ "url": "https://pypi.org/project/google-auth-httplib2/0.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
+ "purl": "pkg:pypi/google-auth-httplib2@0.2.1",
"properties": [
{
"name": "release_date",
- "value": "2023-12-12T17:40:13Z"
+ "value": "2025-10-30T21:13:15Z"
},
{
"name": "language",
@@ -3049,7 +3064,7 @@
"type": "library",
"bom-ref": "47-referencing",
"name": "referencing",
- "version": "0.36.2",
+ "version": "0.37.0",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -3058,12 +3073,12 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:referencing:0.36.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:referencing:0.37.0:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
"hashes": [
{
"alg": "SHA-256",
- "content": "e8699adbbf8b5c7de96d8ffa0eb5c158b3beafce084968e2ea8bb08c6794dcd0"
+ "content": "381329a9f99628c9069361716891d34ad94af76e461dcb0335825aecc7692231"
}
],
"externalReferences": [
@@ -3073,7 +3088,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/referencing/0.36.2/#files",
+ "url": "https://pypi.org/project/referencing/0.37.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -3102,11 +3117,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/referencing@0.36.2",
+ "purl": "pkg:pypi/referencing@0.37.0",
"properties": [
{
"name": "release_date",
- "value": "2025-01-25T08:48:14Z"
+ "value": "2025-10-13T15:30:47Z"
},
{
"name": "language",
@@ -3122,7 +3137,7 @@
"type": "library",
"bom-ref": "48-rpds-py",
"name": "rpds-py",
- "version": "0.27.1",
+ "version": "0.28.0",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -3131,12 +3146,12 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.27.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.28.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"hashes": [
{
"alg": "SHA-256",
- "content": "68afeec26d42ab3b47e541b272166a0b4400313946871cba3ed3a4fc0cab1cef"
+ "content": "7b6013db815417eeb56b2d9d7324e64fcd4fa289caeee6e7a78b2e11fc9b438a"
}
],
"externalReferences": [
@@ -3146,7 +3161,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.27.1/#files",
+ "url": "https://pypi.org/project/rpds-py/0.28.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -3175,11 +3190,11 @@
"type": "other"
}
],
- "purl": "pkg:pypi/rpds-py@0.27.1",
+ "purl": "pkg:pypi/rpds-py@0.28.0",
"properties": [
{
"name": "release_date",
- "value": "2025-08-27T12:12:25Z"
+ "value": "2025-10-22T22:21:15Z"
},
{
"name": "language",
@@ -3195,7 +3210,7 @@
"type": "library",
"bom-ref": "49-lib4sbom",
"name": "lib4sbom",
- "version": "0.8.8",
+ "version": "0.9.0",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -3204,12 +3219,12 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.8:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.9.0:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"hashes": [
{
"alg": "SHA-256",
- "content": "c8622549fddd568ac473e085be8d08d8eeb3338bd813612f50da189645cdaccf"
+ "content": "78b8584d10fc7fa28fc3c17c0afcb2967f3c2b96974e4bdbb60b3eb3744d01fd"
}
],
"licenses": [
@@ -3228,16 +3243,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/lib4sbom/0.8.8/#files",
+ "url": "https://pypi.org/project/lib4sbom/0.9.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.8.8",
+ "purl": "pkg:pypi/lib4sbom@0.9.0",
"properties": [
{
"name": "release_date",
- "value": "2025-08-29T17:06:49Z"
+ "value": "2025-10-28T09:09:40Z"
},
{
"name": "language",
@@ -3455,7 +3470,7 @@
"type": "library",
"bom-ref": "53-xmlschema",
"name": "xmlschema",
- "version": "4.1.0",
+ "version": "4.2.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3464,12 +3479,12 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:4.1.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:4.2.0:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"hashes": [
{
"alg": "SHA-256",
- "content": "eabf610f398a58700bc4ac94380ad9ce558297a3f9ca8b7722ed3f7888eb4498"
+ "content": "82d24a50eea5e7f2d603312813848cd66fddf8fa2b6730839c6aa3d66312e3b6"
}
],
"externalReferences": [
@@ -3479,16 +3494,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/xmlschema/4.1.0/#files",
+ "url": "https://pypi.org/project/xmlschema/4.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@4.1.0",
+ "purl": "pkg:pypi/xmlschema@4.2.0",
"properties": [
{
"name": "release_date",
- "value": "2025-06-05T21:17:35Z"
+ "value": "2025-10-14T09:19:28Z"
},
{
"name": "language",
@@ -4113,7 +4128,7 @@
"type": "library",
"bom-ref": "64-narwhals",
"name": "narwhals",
- "version": "2.7.0",
+ "version": "2.10.1",
"supplier": {
"name": "Marco Gorelli",
"contact": [
@@ -4122,7 +4137,7 @@
}
]
},
- "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.7.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.10.1:*:*:*:*:*:*:*",
"description": "Extremely lightweight compatibility layer between dataframe libraries",
"licenses": [
{
@@ -4140,7 +4155,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/narwhals/2.7.0/#files",
+ "url": "https://pypi.org/project/narwhals/2.10.1/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4157,7 +4172,7 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/narwhals@2.7.0",
+ "purl": "pkg:pypi/narwhals@2.10.1",
"properties": [
{
"name": "release_date",
@@ -4321,7 +4336,7 @@
"type": "library",
"bom-ref": "67-charset-normalizer",
"name": "charset-normalizer",
- "version": "3.4.3",
+ "version": "3.4.4",
"supplier": {
"name": "Ahmed R .",
"contact": [
@@ -4330,12 +4345,12 @@
}
]
},
- "cpe": "cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.4:*:*:*:*:*:*:*",
"description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
"hashes": [
{
"alg": "SHA-256",
- "content": "fb7f67a1bfa6e40b438170ebdc8158b78dc465a5a67b6dde178a46987b244a72"
+ "content": "e824f1492727fa856dd6eda4f7cee25f8518a12f3c4a56a74e8095695089cf6d"
}
],
"licenses": [
@@ -4349,7 +4364,7 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/charset-normalizer/3.4.3/#files",
+ "url": "https://pypi.org/project/charset-normalizer/3.4.4/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4370,11 +4385,11 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/charset-normalizer@3.4.3",
+ "purl": "pkg:pypi/charset-normalizer@3.4.4",
"properties": [
{
"name": "release_date",
- "value": "2025-08-09T07:55:36Z"
+ "value": "2025-10-14T04:40:11Z"
},
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
index 19b33e142d..bbc5cb00c3 100644
--- a/sbom/cve-bin-tool-py3.11.spdx
+++ b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-683bc658-a873-438f-abb1-b79704c83487
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-5cf11eb5-8c66-4959-9c9a-48fa6274697a
LicenseListVersion: 3.26
Creator: Tool: sbom4python-0.12.4
-Created: 2025-10-13T00:40:32Z
+Created: 2025-11-03T00:42:21Z
CreatorComment: SBOM Type: Build - This document has been automatically generated.
#####
@@ -27,18 +27,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4.1:*:*:*:*:*
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.13.0
+PackageVersion: 3.13.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.13.0/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.13.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageChecksum: SHA256: ca69ec38adf5cadcc21d0b25e2144f6a25b7db7bea7e730bac25075bc305eff0
+PackageChecksum: SHA256: 2372b15a5f62ed37789a6b383ff7344fc5b9f243999b0cd9b629d8bc5f5b4155
PackageLicenseDeclared: Apache-2.0 AND MIT
PackageLicenseConcluded: Apache-2.0 AND MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ReleaseDate: 2025-10-06T19:54:40Z
+ReleaseDate: 2025-10-28T20:55:27Z
ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI
@@ -47,7 +47,7 @@ ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html
ExternalRef: OTHER other https://docs.aiohttp.org
ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues
ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.13.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.13.2
#####
PackageName: aiohappyeyeballs
@@ -103,11 +103,12 @@ PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/frozenlist/1.8.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
+PackageChecksum: SHA256: b37f6d31b3dcea7deb5e9696e529a6aa4a898adc33db82da12e4c60a7c4d2011
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
-ReleaseDate: 2025-07-03T22:54:42Z
+ReleaseDate: 2025-10-06T05:35:23Z
ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions
@@ -254,11 +255,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
PackageDownloadLocation: https://pypi.org/project/idna/3.11/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: 771a87f49d9defaf64091e6e6fe9c18d4833f140bd19464795bc32d966ca37ea
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Internationalized Domain Names in Applications (IDNA)
-ReleaseDate: 2025-10-06T14:08:42Z
+ReleaseDate: 2025-10-12T14:55:18Z
ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst
ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues
ExternalRef: OTHER vcs https://github.com/kjd/idna
@@ -405,25 +407,25 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.35:*:*:*:*:*:*:*
PackageName: argcomplete
SPDXID: SPDXRef-19-argcomplete
-PackageVersion: 3.6.2
+PackageVersion: 3.6.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.6.2/#files
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.6.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/kislyuk/argcomplete
-PackageChecksum: SHA256: 65b3133a29ad53fb42c48cf5114752c7ab66c1c38544fdf6460f450c09b42591
+PackageChecksum: SHA256: f5007b3a600ccac5d25bbce33089211dfd49eab4a7718da3f10e3082525a92ce
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ReleaseDate: 2025-04-03T04:57:01Z
+ReleaseDate: 2025-10-20T03:33:33Z
ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete
ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete
ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues
ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.6.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.6.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.6.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.6.3:*:*:*:*:*:*:*
#####
PackageName: crcmod
@@ -813,21 +815,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.2:*:*:*:*
PackageName: google-auth-httplib2
SPDXID: SPDXRef-40-google-auth-httplib2
-PackageVersion: 0.2.0
+PackageVersion: 0.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2
-PackageChecksum: SHA256: b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d
+PackageChecksum: SHA256: 1be94c611db91c01f9703e7f62b0a59bbd5587a95571c7b6fade510d648bc08b
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Google Authentication Library: httplib2 transport
-ReleaseDate: 2023-12-12T17:40:13Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
+ReleaseDate: 2025-10-30T21:13:15Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth-httplib2@0.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.1:*:*:*:*:*:*:*
#####
PackageName: google-apitools
@@ -960,68 +962,68 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
PackageName: referencing
SPDXID: SPDXRef-47-referencing
-PackageVersion: 0.36.2
+PackageVersion: 0.37.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/referencing/0.36.2/#files
+PackageDownloadLocation: https://pypi.org/project/referencing/0.37.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/referencing
-PackageChecksum: SHA256: e8699adbbf8b5c7de96d8ffa0eb5c158b3beafce084968e2ea8bb08c6794dcd0
+PackageChecksum: SHA256: 381329a9f99628c9069361716891d34ad94af76e461dcb0335825aecc7692231
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
-ReleaseDate: 2025-01-25T08:48:14Z
+ReleaseDate: 2025-10-13T15:30:47Z
ExternalRef: OTHER documentation https://referencing.readthedocs.io/
ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/
ExternalRef: OTHER other https://github.com/sponsors/Julian
ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link
ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/
ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.36.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.36.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.37.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.37.0:*:*:*:*:*:*:*
#####
PackageName: rpds-py
SPDXID: SPDXRef-48-rpds-py
-PackageVersion: 0.27.1
+PackageVersion: 0.28.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.27.1/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.28.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA256: 68afeec26d42ab3b47e541b272166a0b4400313946871cba3ed3a4fc0cab1cef
+PackageChecksum: SHA256: 7b6013db815417eeb56b2d9d7324e64fcd4fa289caeee6e7a78b2e11fc9b438a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ReleaseDate: 2025-08-27T12:12:25Z
+ReleaseDate: 2025-10-22T22:21:15Z
ExternalRef: OTHER documentation https://rpds.readthedocs.io/
ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/
ExternalRef: OTHER other https://github.com/sponsors/Julian
ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link
ExternalRef: OTHER vcs https://github.com/crate-py/rpds
ExternalRef: OTHER other https://github.com/orium/rpds
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.27.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.27.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.28.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.28.0:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
SPDXID: SPDXRef-49-lib4sbom
-PackageVersion: 0.8.8
+PackageVersion: 0.9.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.8/#files
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.9.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4sbom
-PackageChecksum: SHA256: c8622549fddd568ac473e085be8d08d8eeb3338bd813612f50da189645cdaccf
+PackageChecksum: SHA256: 78b8584d10fc7fa28fc3c17c0afcb2967f3c2b96974e4bdbb60b3eb3744d01fd
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ReleaseDate: 2025-08-29T17:06:49Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.8.8
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.8:*:*:*:*:*:*:*
+ReleaseDate: 2025-10-28T09:09:40Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.9.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.9.0:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -1087,20 +1089,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:michal_horejsek:fastjsonschema:2.21.2:
PackageName: xmlschema
SPDXID: SPDXRef-53-xmlschema
-PackageVersion: 4.1.0
+PackageVersion: 4.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/4.1.0/#files
+PackageDownloadLocation: https://pypi.org/project/xmlschema/4.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
-PackageChecksum: SHA256: eabf610f398a58700bc4ac94380ad9ce558297a3f9ca8b7722ed3f7888eb4498
+PackageChecksum: SHA256: 82d24a50eea5e7f2d603312813848cd66fddf8fa2b6730839c6aa3d66312e3b6
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ReleaseDate: 2025-06-05T21:17:35Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@4.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:4.1.0:*:*:*:*:*:*:*
+ReleaseDate: 2025-10-14T09:19:28Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@4.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:4.2.0:*:*:*:*:*:*:*
#####
PackageName: elementpath
@@ -1320,10 +1322,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.3.1:*:*:*:*:*:*:*
PackageName: narwhals
SPDXID: SPDXRef-64-narwhals
-PackageVersion: 2.7.0
+PackageVersion: 2.10.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Marco Gorelli (hello_narwhals@proton.me)
-PackageDownloadLocation: https://pypi.org/project/narwhals/2.7.0/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/2.10.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/narwhals-dev/narwhals
PackageLicenseDeclared: NOASSERTION
@@ -1335,8 +1337,8 @@ ReleaseDate: 2025-10-02T16:10:22Z
ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.7.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.7.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.10.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.10.1:*:*:*:*:*:*:*
#####
PackageName: python-gnupg
@@ -1383,23 +1385,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.5:*:*:*:*:
PackageName: charset-normalizer
SPDXID: SPDXRef-67-charset-normalizer
-PackageVersion: 3.4.3
+PackageVersion: 3.4.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Ahmed R. (tahri.ahmed@proton.me)
-PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.3/#files
+PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.4/#files
FilesAnalyzed: false
-PackageChecksum: SHA256: fb7f67a1bfa6e40b438170ebdc8158b78dc465a5a67b6dde178a46987b244a72
+PackageChecksum: SHA256: e824f1492727fa856dd6eda4f7cee25f8518a12f3c4a56a74e8095695089cf6d
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
-ReleaseDate: 2025-08-09T07:55:36Z
+ReleaseDate: 2025-10-14T04:40:11Z
ExternalRef: OTHER log https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md
ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/
ExternalRef: OTHER vcs https://github.com/jawah/charset_normalizer
ExternalRef: OTHER issue-tracker https://github.com/jawah/charset_normalizer/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.4.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.4.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.4:*:*:*:*:*:*:*
#####
PackageName: urllib3