diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index 5cc8097714..b2e2c0e308 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:4b024eba-fa76-49a5-b076-b41b6de6f0fd",
+ "serialNumber": "urn:uuid:0fa43716-8c8f-48a5-9055-05a17bd14ee1",
"version": 1,
"metadata": {
- "timestamp": "2025-09-29T00:39:49Z",
+ "timestamp": "2025-10-13T00:40:50Z",
"lifecycles": [
{
"phase": "build"
@@ -71,7 +71,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -79,12 +79,12 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.12.15",
+ "version": "3.13.0",
"description": "Async http client/server framework (asyncio)",
"hashes": [
{
"alg": "SHA-256",
- "content": "b6fc902bff74d9b1879ad55f5404153e2b33a82e72a95c89cec5eb6cc9e92fbc"
+ "content": "ca69ec38adf5cadcc21d0b25e2144f6a25b7db7bea7e730bac25075bc305eff0"
}
],
"licenses": [
@@ -100,7 +100,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.12.15/#files",
+ "url": "https://pypi.org/project/aiohttp/3.13.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -137,11 +137,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/aiohttp@3.12.15",
+ "purl": "pkg:pypi/aiohttp@3.13.0",
"properties": [
{
"name": "release_date",
- "value": "2025-07-29T05:49:43Z"
+ "value": "2025-10-06T19:54:40Z"
},
{
"name": "language",
@@ -149,7 +149,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -218,7 +218,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -291,7 +291,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -303,14 +303,8 @@
"type": "library",
"bom-ref": "5-frozenlist",
"name": "frozenlist",
- "version": "1.7.0",
+ "version": "1.8.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "cc4df77d638aa2ed703b878dd093725b72a824c3c546c076e8fdf276f78ee84a"
- }
- ],
"licenses": [
{
"license": {
@@ -327,7 +321,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/frozenlist/1.7.0/#files",
+ "url": "https://pypi.org/project/frozenlist/1.8.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -368,11 +362,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/frozenlist@1.7.0",
+ "purl": "pkg:pypi/frozenlist@1.8.0",
"properties": [
{
"name": "release_date",
- "value": "2025-06-09T22:59:46Z"
+ "value": "2025-07-03T22:54:42Z"
},
{
"name": "language",
@@ -380,7 +374,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -449,7 +443,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -527,7 +521,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -539,7 +533,7 @@
"type": "library",
"bom-ref": "8-attrs",
"name": "attrs",
- "version": "25.3.0",
+ "version": "25.4.0",
"supplier": {
"name": "Hynek Schlawack",
"contact": [
@@ -548,17 +542,17 @@
}
]
},
- "cpe": "cpe:2.3:a:hynek_schlawack:attrs:25.3.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:hynek_schlawack:attrs:25.4.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
"hashes": [
{
"alg": "SHA-256",
- "content": "427318ce031701fea540783410126f03899a97ffc6f61596ad581ac2e40e3bc3"
+ "content": "adcf7e2a1fb3b36ac48d97835bb6d8ade15b8dcce26aba8bf1d14847b57a3373"
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/attrs/25.3.0/#files",
+ "url": "https://pypi.org/project/attrs/25.4.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -583,11 +577,11 @@
"type": "other"
}
],
- "purl": "pkg:pypi/attrs@25.3.0",
+ "purl": "pkg:pypi/attrs@25.4.0",
"properties": [
{
"name": "release_date",
- "value": "2025-03-13T11:10:21Z"
+ "value": "2025-10-06T13:54:43Z"
},
{
"name": "language",
@@ -595,7 +589,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -603,7 +597,7 @@
"type": "library",
"bom-ref": "9-multidict",
"name": "multidict",
- "version": "6.6.4",
+ "version": "6.7.0",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -612,12 +606,12 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.6.4:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.7.0:*:*:*:*:*:*:*",
"description": "multidict implementation",
"hashes": [
{
"alg": "SHA-256",
- "content": "b8aa6f0bd8125ddd04a6593437bad6a7e70f300ff4180a531654aa2ab3f6d58f"
+ "content": "9f474ad5acda359c8758c8accc22032c6abe6dc87a8be2440d097785e27a9349"
}
],
"licenses": [
@@ -636,7 +630,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/multidict/6.6.4/#files",
+ "url": "https://pypi.org/project/multidict/6.7.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -677,11 +671,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/multidict@6.6.4",
+ "purl": "pkg:pypi/multidict@6.7.0",
"properties": [
{
"name": "release_date",
- "value": "2025-08-11T12:06:02Z"
+ "value": "2025-10-06T14:48:26Z"
},
{
"name": "language",
@@ -689,7 +683,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -701,7 +695,7 @@
"type": "library",
"bom-ref": "10-propcache",
"name": "propcache",
- "version": "0.3.2",
+ "version": "0.4.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -710,12 +704,12 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.3.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.4.1:*:*:*:*:*:*:*",
"description": "Accelerated property cache",
"hashes": [
{
"alg": "SHA-256",
- "content": "22d9962a358aedbb7a2e36187ff273adeaab9743373a272976d2e348d08c7770"
+ "content": "7c2d1fa3201efaf55d730400d945b5b3ab6e672e100ba0f9a409d950ab25d7db"
}
],
"licenses": [
@@ -734,7 +728,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/propcache/0.3.2/#files",
+ "url": "https://pypi.org/project/propcache/0.4.1/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -775,11 +769,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/propcache@0.3.2",
+ "purl": "pkg:pypi/propcache@0.4.1",
"properties": [
{
"name": "release_date",
- "value": "2025-06-09T22:53:40Z"
+ "value": "2025-10-08T19:46:02Z"
},
{
"name": "language",
@@ -787,7 +781,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -795,7 +789,7 @@
"type": "library",
"bom-ref": "11-yarl",
"name": "yarl",
- "version": "1.20.1",
+ "version": "1.22.0",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -804,12 +798,12 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.20.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.22.0:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"hashes": [
{
"alg": "SHA-256",
- "content": "6032e6da6abd41e4acda34d75a816012717000fa6839f37124a47fcefc49bec4"
+ "content": "c7bd6683587567e5a49ee6e336e0612bec8329be1b7d4c8af5687dcdeb67ee1e"
}
],
"licenses": [
@@ -828,7 +822,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.20.1/#files",
+ "url": "https://pypi.org/project/yarl/1.22.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -869,11 +863,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/yarl@1.20.1",
+ "purl": "pkg:pypi/yarl@1.22.0",
"properties": [
{
"name": "release_date",
- "value": "2025-06-10T00:42:31Z"
+ "value": "2025-10-06T14:08:42Z"
},
{
"name": "language",
@@ -881,7 +875,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -889,7 +883,7 @@
"type": "library",
"bom-ref": "12-idna",
"name": "idna",
- "version": "3.10",
+ "version": "3.11",
"supplier": {
"name": "Kim Davies",
"contact": [
@@ -898,26 +892,11 @@
}
]
},
- "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kim_davies:idna:3.11:*:*:*:*:*:*:*",
"description": "Internationalized Domain Names in Applications (IDNA)",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
- "acknowledgement": "concluded"
- }
- }
- ],
"externalReferences": [
{
- "url": "https://pypi.org/project/idna/3.10/#files",
+ "url": "https://pypi.org/project/idna/3.11/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -934,11 +913,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/idna@3.10",
+ "purl": "pkg:pypi/idna@3.11",
"properties": [
{
"name": "release_date",
- "value": "2024-09-15T18:07:37Z"
+ "value": "2025-10-06T14:08:42Z"
},
{
"name": "language",
@@ -946,11 +925,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
- },
- {
- "name": "License Comments",
- "value": "idna declares BSD License which is not currently a valid SPDX License identifier or expression."
+ "value": "3.9.24"
}
]
},
@@ -958,7 +933,7 @@
"type": "library",
"bom-ref": "13-beautifulsoup4",
"name": "beautifulsoup4",
- "version": "4.14.0",
+ "version": "4.14.2",
"supplier": {
"name": "Leonard Richardson",
"contact": [
@@ -967,12 +942,12 @@
}
]
},
- "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.14.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.14.2:*:*:*:*:*:*:*",
"description": "Screen-scraping library",
"hashes": [
{
"alg": "SHA-256",
- "content": "aee96fbccdf2d2a8d1288b2afa51fc76bb60823b7881a50fb1ed5f711d1a7d73"
+ "content": "5ef6fa3a8cbece8488d66985560f97ed091e22bbc4e9c2338508a9d5de6d4515"
}
],
"licenses": [
@@ -991,7 +966,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/beautifulsoup4/4.14.0/#files",
+ "url": "https://pypi.org/project/beautifulsoup4/4.14.2/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -1000,11 +975,11 @@
"type": "other"
}
],
- "purl": "pkg:pypi/beautifulsoup4@4.14.0",
+ "purl": "pkg:pypi/beautifulsoup4@4.14.2",
"properties": [
{
"name": "release_date",
- "value": "2025-09-27T17:22:16Z"
+ "value": "2025-09-29T10:05:43Z"
},
{
"name": "language",
@@ -1012,7 +987,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -1074,7 +1049,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -1152,7 +1127,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -1214,7 +1189,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -1276,7 +1251,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -1338,7 +1313,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -1396,7 +1371,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -1474,7 +1449,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -1536,7 +1511,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -1580,7 +1555,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -1638,7 +1613,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -1700,7 +1675,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -1778,7 +1753,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -1836,7 +1811,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -1894,7 +1869,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -1956,7 +1931,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -2018,7 +1993,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -2076,7 +2051,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -2125,7 +2100,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -2183,7 +2158,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -2257,7 +2232,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -2323,7 +2298,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -2398,7 +2373,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -2461,7 +2436,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -2519,7 +2494,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -2577,7 +2552,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -2635,7 +2610,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -2697,7 +2672,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -2755,7 +2730,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -2817,7 +2792,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -2879,7 +2854,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -2940,7 +2915,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -2992,7 +2967,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -3056,7 +3031,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -3115,7 +3090,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -3188,7 +3163,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -3257,7 +3232,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -3330,7 +3305,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -3403,7 +3378,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -3461,7 +3436,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -3539,7 +3514,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -3597,7 +3572,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -3659,7 +3634,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -3712,7 +3687,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -3761,7 +3736,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -3769,7 +3744,7 @@
"type": "library",
"bom-ref": "58-lib4vex",
"name": "lib4vex",
- "version": "0.2.0",
+ "version": "0.2.1",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -3778,12 +3753,12 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4vex:0.2.1:*:*:*:*:*:*:*",
"description": "VEX generator and consumer library",
"hashes": [
{
"alg": "SHA-256",
- "content": "bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce"
+ "content": "7277b368807507b2808332954480c968f73a5f51edf0218f13260cbe7110a341"
}
],
"licenses": [
@@ -3802,16 +3777,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/lib4vex/0.2.0/#files",
+ "url": "https://pypi.org/project/lib4vex/0.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4vex@0.2.0",
+ "purl": "pkg:pypi/lib4vex@0.2.1",
"properties": [
{
"name": "release_date",
- "value": "2024-08-29T20:36:52Z"
+ "value": "2025-10-02T10:35:09Z"
},
{
"name": "language",
@@ -3819,7 +3794,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -3877,7 +3852,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -3930,7 +3905,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -3938,7 +3913,7 @@
"type": "library",
"bom-ref": "61-rich",
"name": "rich",
- "version": "14.1.0",
+ "version": "14.2.0",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -3947,12 +3922,12 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:14.1.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:14.2.0:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"hashes": [
{
"alg": "SHA-256",
- "content": "536f5f1785986d6dbdea3c75205c473f970777b4a0d6c6dd1b696aa05a3fa04f"
+ "content": "76bc51fe2e57d2b1be1f96c524b890b816e334ab4c1e45888799bfaab0021edd"
}
],
"licenses": [
@@ -3971,7 +3946,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rich/14.1.0/#files",
+ "url": "https://pypi.org/project/rich/14.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -3980,11 +3955,11 @@
"type": "documentation"
}
],
- "purl": "pkg:pypi/rich@14.1.0",
+ "purl": "pkg:pypi/rich@14.2.0",
"properties": [
{
"name": "release_date",
- "value": "2025-07-25T07:32:56Z"
+ "value": "2025-10-09T14:16:51Z"
},
{
"name": "language",
@@ -3992,7 +3967,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -4054,7 +4029,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -4116,7 +4091,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -4194,7 +4169,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -4252,7 +4227,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -4264,7 +4239,7 @@
"type": "library",
"bom-ref": "66-plotly",
"name": "plotly",
- "version": "6.3.0",
+ "version": "6.3.1",
"supplier": {
"name": "Chris P",
"contact": [
@@ -4273,12 +4248,12 @@
}
]
},
- "cpe": "cpe:2.3:a:chris_p:plotly:6.3.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:chris_p:plotly:6.3.1:*:*:*:*:*:*:*",
"description": "An open-source interactive data visualization library for Python",
"hashes": [
{
"alg": "SHA-256",
- "content": "7ad806edce9d3cdd882eaebaf97c0c9e252043ed1ed3d382c3e3520ec07806d4"
+ "content": "8b4420d1dcf2b040f5983eed433f95732ed24930e496d36eb70d211923532e64"
}
],
"externalReferences": [
@@ -4288,7 +4263,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/plotly/6.3.0/#files",
+ "url": "https://pypi.org/project/plotly/6.3.1/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4305,11 +4280,11 @@
"type": "log"
}
],
- "purl": "pkg:pypi/plotly@6.3.0",
+ "purl": "pkg:pypi/plotly@6.3.1",
"properties": [
{
"name": "release_date",
- "value": "2025-08-12T20:22:09Z"
+ "value": "2025-10-02T16:10:22Z"
},
{
"name": "language",
@@ -4317,7 +4292,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -4329,7 +4304,7 @@
"type": "library",
"bom-ref": "67-narwhals",
"name": "narwhals",
- "version": "2.5.0",
+ "version": "2.7.0",
"supplier": {
"name": "Marco Gorelli",
"contact": [
@@ -4338,14 +4313,8 @@
}
]
},
- "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.5.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.7.0:*:*:*:*:*:*:*",
"description": "Extremely lightweight compatibility layer between dataframe libraries",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "7e213f9ca7db3f8bf6f7eff35eaee6a1cf80902997e1b78d49b7755775d8f423"
- }
- ],
"licenses": [
{
"license": {
@@ -4362,7 +4331,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/narwhals/2.5.0/#files",
+ "url": "https://pypi.org/project/narwhals/2.7.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4379,11 +4348,11 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/narwhals@2.5.0",
+ "purl": "pkg:pypi/narwhals@2.7.0",
"properties": [
{
"name": "release_date",
- "value": "2025-09-12T10:04:22Z"
+ "value": "2025-10-02T16:10:22Z"
},
{
"name": "language",
@@ -4391,7 +4360,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -4465,7 +4434,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
},
{
"name": "License Comments",
@@ -4535,7 +4504,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -4604,7 +4573,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -4664,7 +4633,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -4672,7 +4641,7 @@
"type": "library",
"bom-ref": "72-certifi",
"name": "certifi",
- "version": "2025.8.3",
+ "version": "2025.10.5",
"supplier": {
"name": "Kenneth Reitz",
"contact": [
@@ -4681,12 +4650,12 @@
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2025.8.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2025.10.5:*:*:*:*:*:*:*",
"description": "Python package for providing Mozilla's CA Bundle.",
"hashes": [
{
"alg": "SHA-256",
- "content": "f6c12493cfb1b06ba2ff328595af9350c65d6644968e5d3a2ffd78699af217a5"
+ "content": "0f212c2744a9bb6de0c56639a6f68afe01ecd92d91f14ae897c4fe7bbeeef0de"
}
],
"licenses": [
@@ -4705,7 +4674,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/certifi/2025.8.3/#files",
+ "url": "https://pypi.org/project/certifi/2025.10.5/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4714,11 +4683,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/certifi@2025.8.3",
+ "purl": "pkg:pypi/certifi@2025.10.5",
"properties": [
{
"name": "release_date",
- "value": "2025-08-03T03:07:45Z"
+ "value": "2025-10-05T04:12:14Z"
},
{
"name": "language",
@@ -4726,7 +4695,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -4784,7 +4753,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -4840,7 +4809,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -4898,7 +4867,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
},
@@ -4951,7 +4920,7 @@
},
{
"name": "python_version",
- "value": "3.9.23"
+ "value": "3.9.24"
}
]
}
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index 168a876208..8210992811 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-f6a16c31-3314-4955-bf73-32bbf47bb496
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-389e7e0c-72a5-4fd1-81e1-a7100edeee49
LicenseListVersion: 3.26
Creator: Tool: sbom4python-0.12.4
-Created: 2025-09-29T00:39:37Z
+Created: 2025-10-13T00:40:32Z
CreatorComment: SBOM Type: Build - This document has been automatically generated.
#####
@@ -27,18 +27,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4.1:*:*:*:*:*
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.12.15
+PackageVersion: 3.13.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.12.15/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.13.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageChecksum: SHA256: b6fc902bff74d9b1879ad55f5404153e2b33a82e72a95c89cec5eb6cc9e92fbc
+PackageChecksum: SHA256: ca69ec38adf5cadcc21d0b25e2144f6a25b7db7bea7e730bac25075bc305eff0
PackageLicenseDeclared: Apache-2.0 AND MIT
PackageLicenseConcluded: Apache-2.0 AND MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ReleaseDate: 2025-07-29T05:49:43Z
+ReleaseDate: 2025-10-06T19:54:40Z
ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI
@@ -47,7 +47,7 @@ ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html
ExternalRef: OTHER other https://docs.aiohttp.org
ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues
ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.12.15
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.13.0
#####
PackageName: aiohappyeyeballs
@@ -97,18 +97,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.4.0
PackageName: frozenlist
SPDXID: SPDXRef-5-frozenlist
-PackageVersion: 1.7.0
+PackageVersion: 1.8.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/frozenlist/1.7.0/#files
+PackageDownloadLocation: https://pypi.org/project/frozenlist/1.8.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
-PackageChecksum: SHA256: cc4df77d638aa2ed703b878dd093725b72a824c3c546c076e8fdf276f78ee84a
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
-ReleaseDate: 2025-06-09T22:59:46Z
+ReleaseDate: 2025-07-03T22:54:42Z
ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions
@@ -118,7 +117,7 @@ ExternalRef: OTHER log https://github.com/aio-libs/frozenlist/blob/master/CHANGE
ExternalRef: OTHER other https://frozenlist.aio-libs.org
ExternalRef: OTHER issue-tracker https://github.com/aio-libs/frozenlist/issues
ExternalRef: OTHER vcs https://github.com/aio-libs/frozenlist
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.7.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.8.0
#####
PackageName: typing-extensions
@@ -170,41 +169,41 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*
PackageName: attrs
SPDXID: SPDXRef-8-attrs
-PackageVersion: 25.3.0
+PackageVersion: 25.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
-PackageDownloadLocation: https://pypi.org/project/attrs/25.3.0/#files
+PackageDownloadLocation: https://pypi.org/project/attrs/25.4.0/#files
FilesAnalyzed: false
-PackageChecksum: SHA256: 427318ce031701fea540783410126f03899a97ffc6f61596ad581ac2e40e3bc3
+PackageChecksum: SHA256: adcf7e2a1fb3b36ac48d97835bb6d8ade15b8dcce26aba8bf1d14847b57a3373
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Classes Without Boilerplate
-ReleaseDate: 2025-03-13T11:10:21Z
+ReleaseDate: 2025-10-06T13:54:43Z
ExternalRef: OTHER documentation https://www.attrs.org/
ExternalRef: OTHER log https://www.attrs.org/en/stable/changelog.html
ExternalRef: OTHER vcs https://github.com/python-attrs/attrs
ExternalRef: OTHER other https://github.com/sponsors/hynek
ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@25.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:25.3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@25.4.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:25.4.0:*:*:*:*:*:*:*
#####
PackageName: multidict
SPDXID: SPDXRef-9-multidict
-PackageVersion: 6.6.4
+PackageVersion: 6.7.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/multidict/6.6.4/#files
+PackageDownloadLocation: https://pypi.org/project/multidict/6.7.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/multidict
-PackageChecksum: SHA256: b8aa6f0bd8125ddd04a6593437bad6a7e70f300ff4180a531654aa2ab3f6d58f
+PackageChecksum: SHA256: 9f474ad5acda359c8758c8accc22032c6abe6dc87a8be2440d097785e27a9349
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: multidict declares Apache License 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: multidict implementation
-ReleaseDate: 2025-08-11T12:06:02Z
+ReleaseDate: 2025-10-06T14:48:26Z
ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions
@@ -214,24 +213,24 @@ ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/
ExternalRef: OTHER other https://multidict.aio-libs.org
ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues
ExternalRef: OTHER vcs https://github.com/aio-libs/multidict
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/multidict@6.6.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.6.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/multidict@6.7.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.7.0:*:*:*:*:*:*:*
#####
PackageName: propcache
SPDXID: SPDXRef-10-propcache
-PackageVersion: 0.3.2
+PackageVersion: 0.4.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/propcache/0.3.2/#files
+PackageDownloadLocation: https://pypi.org/project/propcache/0.4.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/propcache
-PackageChecksum: SHA256: 22d9962a358aedbb7a2e36187ff273adeaab9743373a272976d2e348d08c7770
+PackageChecksum: SHA256: 7c2d1fa3201efaf55d730400d945b5b3ab6e672e100ba0f9a409d950ab25d7db
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Accelerated property cache
-ReleaseDate: 2025-06-09T22:53:40Z
+ReleaseDate: 2025-10-08T19:46:02Z
ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master
@@ -241,24 +240,24 @@ ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/
ExternalRef: OTHER other https://propcache.readthedocs.io
ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues
ExternalRef: OTHER vcs https://github.com/aio-libs/propcache
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/propcache@0.3.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.3.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/propcache@0.4.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.4.1:*:*:*:*:*:*:*
#####
PackageName: yarl
SPDXID: SPDXRef-11-yarl
-PackageVersion: 1.20.1
+PackageVersion: 1.22.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.20.1/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.22.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
-PackageChecksum: SHA256: 6032e6da6abd41e4acda34d75a816012717000fa6839f37124a47fcefc49bec4
+PackageChecksum: SHA256: c7bd6683587567e5a49ee6e336e0612bec8329be1b7d4c8af5687dcdeb67ee1e
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ReleaseDate: 2025-06-10T00:42:31Z
+ReleaseDate: 2025-10-06T14:08:42Z
ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
ExternalRef: OTHER other https://github.com/aio-libs/yarl/actions?query=branch:master
@@ -268,49 +267,47 @@ ExternalRef: OTHER log https://yarl.aio-libs.org/en/latest/changes/
ExternalRef: OTHER other https://yarl.aio-libs.org
ExternalRef: OTHER issue-tracker https://github.com/aio-libs/yarl/issues
ExternalRef: OTHER vcs https://github.com/aio-libs/yarl
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.20.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.20.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.22.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.22.0:*:*:*:*:*:*:*
#####
PackageName: idna
SPDXID: SPDXRef-12-idna
-PackageVersion: 3.10
+PackageVersion: 3.11
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
-PackageDownloadLocation: https://pypi.org/project/idna/3.10/#files
+PackageDownloadLocation: https://pypi.org/project/idna/3.11/#files
FilesAnalyzed: false
-PackageChecksum: SHA256: 946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3
PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: idna declares BSD License which is not currently a valid SPDX License identifier or expression.
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Internationalized Domain Names in Applications (IDNA)
-ReleaseDate: 2024-09-15T18:07:37Z
+ReleaseDate: 2025-10-06T14:08:42Z
ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst
ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues
ExternalRef: OTHER vcs https://github.com/kjd/idna
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/idna@3.10
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/idna@3.11
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.11:*:*:*:*:*:*:*
#####
PackageName: beautifulsoup4
SPDXID: SPDXRef-13-beautifulsoup4
-PackageVersion: 4.14.0
+PackageVersion: 4.14.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
-PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.14.0/#files
+PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.14.2/#files
FilesAnalyzed: false
PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/
-PackageChecksum: SHA256: aee96fbccdf2d2a8d1288b2afa51fc76bb60823b7881a50fb1ed5f711d1a7d73
+PackageChecksum: SHA256: 5ef6fa3a8cbece8488d66985560f97ed091e22bbc4e9c2338508a9d5de6d4515
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: MIT
PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Screen-scraping library
-ReleaseDate: 2025-09-27T17:22:16Z
+ReleaseDate: 2025-09-29T10:05:43Z
ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.14.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.14.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.14.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.14.2:*:*:*:*:*:*:*
#####
PackageName: soupsieve
@@ -1187,20 +1184,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:5.0.4:*:*:*
PackageName: lib4vex
SPDXID: SPDXRef-58-lib4vex
-PackageVersion: 0.2.0
+PackageVersion: 0.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4vex
-PackageChecksum: SHA256: bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce
+PackageChecksum: SHA256: 7277b368807507b2808332954480c968f73a5f51edf0218f13260cbe7110a341
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: VEX generator and consumer library
-ReleaseDate: 2024-08-29T20:36:52Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4vex@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*
+ReleaseDate: 2025-10-02T10:35:09Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4vex@0.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.1:*:*:*:*:*:*:*
#####
PackageName: csaf-tool
@@ -1241,21 +1238,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1
PackageName: rich
SPDXID: SPDXRef-61-rich
-PackageVersion: 14.1.0
+PackageVersion: 14.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/14.1.0/#files
+PackageDownloadLocation: https://pypi.org/project/rich/14.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
-PackageChecksum: SHA256: 536f5f1785986d6dbdea3c75205c473f970777b4a0d6c6dd1b696aa05a3fa04f
+PackageChecksum: SHA256: 76bc51fe2e57d2b1be1f96c524b890b816e334ab4c1e45888799bfaab0021edd
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ReleaseDate: 2025-07-25T07:32:56Z
+ReleaseDate: 2025-10-09T14:16:51Z
ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@14.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:14.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@14.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:14.2.0:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -1341,13 +1338,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:25.0:*:*:*:*:*
PackageName: plotly
SPDXID: SPDXRef-66-plotly
-PackageVersion: 6.3.0
+PackageVersion: 6.3.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/6.3.0/#files
+PackageDownloadLocation: https://pypi.org/project/plotly/6.3.1/#files
FilesAnalyzed: false
PackageHomePage: https://plotly.com/python/
-PackageChecksum: SHA256: 7ad806edce9d3cdd882eaebaf97c0c9e252043ed1ed3d382c3e3520ec07806d4
+PackageChecksum: SHA256: 8b4420d1dcf2b040f5983eed433f95732ed24930e496d36eb70d211923532e64
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageLicenseComments: plotly declares MIT License
@@ -1374,34 +1371,33 @@ THE SOFTWARE.
which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source interactive data visualization library for Python
-ReleaseDate: 2025-08-12T20:22:09Z
+ReleaseDate: 2025-10-02T16:10:22Z
ExternalRef: OTHER documentation https://plotly.com/python/
ExternalRef: OTHER vcs https://github.com/plotly/plotly.py
ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/main/CHANGELOG.md
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@6.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@6.3.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.3.1:*:*:*:*:*:*:*
#####
PackageName: narwhals
SPDXID: SPDXRef-67-narwhals
-PackageVersion: 2.5.0
+PackageVersion: 2.7.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Marco Gorelli (hello_narwhals@proton.me)
-PackageDownloadLocation: https://pypi.org/project/narwhals/2.5.0/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/2.7.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/narwhals-dev/narwhals
-PackageChecksum: SHA256: 7e213f9ca7db3f8bf6f7eff35eaee6a1cf80902997e1b78d49b7755775d8f423
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: MIT
PackageLicenseComments: narwhals declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Extremely lightweight compatibility layer between dataframe libraries
-ReleaseDate: 2025-09-12T10:04:22Z
+ReleaseDate: 2025-10-02T16:10:22Z
ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.7.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.7.0:*:*:*:*:*:*:*
#####
PackageName: python-gnupg
@@ -1490,21 +1486,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.5.0:*:*:*:*:*:
PackageName: certifi
SPDXID: SPDXRef-72-certifi
-PackageVersion: 2025.8.3
+PackageVersion: 2025.10.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2025.8.3/#files
+PackageDownloadLocation: https://pypi.org/project/certifi/2025.10.5/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/certifi/python-certifi
-PackageChecksum: SHA256: f6c12493cfb1b06ba2ff328595af9350c65d6644968e5d3a2ffd78699af217a5
+PackageChecksum: SHA256: 0f212c2744a9bb6de0c56639a6f68afe01ecd92d91f14ae897c4fe7bbeeef0de
PackageLicenseDeclared: MPL-2.0
PackageLicenseConcluded: MPL-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python package for providing Mozilla's CA Bundle.
-ReleaseDate: 2025-08-03T03:07:45Z
+ReleaseDate: 2025-10-05T04:12:14Z
ExternalRef: OTHER vcs https://github.com/certifi/python-certifi
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2025.8.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2025.8.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2025.10.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2025.10.5:*:*:*:*:*:*:*
#####
PackageName: rpmfile