diff --git a/sbom/cve-bin-tool-py3.13.json b/sbom/cve-bin-tool-py3.13.json
index f69c635a95..0cbbe4d36f 100644
--- a/sbom/cve-bin-tool-py3.13.json
+++ b/sbom/cve-bin-tool-py3.13.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:8efa4c61-b2ec-4228-b46d-02f7d9ed15ee",
+ "serialNumber": "urn:uuid:5caca1c3-32f7-4ae1-895e-4eb8a6ac245b",
"version": 1,
"metadata": {
- "timestamp": "2025-10-13T00:44:41Z",
+ "timestamp": "2025-10-27T00:42:37Z",
"lifecycles": [
{
"phase": "build"
@@ -71,7 +71,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -79,12 +79,12 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.13.0",
+ "version": "3.13.1",
"description": "Async http client/server framework (asyncio)",
"hashes": [
{
"alg": "SHA-256",
- "content": "ca69ec38adf5cadcc21d0b25e2144f6a25b7db7bea7e730bac25075bc305eff0"
+ "content": "2349a6b642020bf20116a8a5c83bae8ba071acf1461c7cbe45fc7fafd552e7e2"
}
],
"licenses": [
@@ -100,7 +100,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.13.0/#files",
+ "url": "https://pypi.org/project/aiohttp/3.13.1/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -137,11 +137,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/aiohttp@3.13.0",
+ "purl": "pkg:pypi/aiohttp@3.13.1",
"properties": [
{
"name": "release_date",
- "value": "2025-10-06T19:54:40Z"
+ "value": "2025-10-17T13:58:56Z"
},
{
"name": "language",
@@ -149,7 +149,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -218,7 +218,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -291,7 +291,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -305,6 +305,12 @@
"name": "frozenlist",
"version": "1.8.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "b37f6d31b3dcea7deb5e9696e529a6aa4a898adc33db82da12e4c60a7c4d2011"
+ }
+ ],
"licenses": [
{
"license": {
@@ -366,7 +372,7 @@
"properties": [
{
"name": "release_date",
- "value": "2025-07-03T22:54:42Z"
+ "value": "2025-10-06T05:35:23Z"
},
{
"name": "language",
@@ -374,7 +380,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -443,7 +449,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -507,7 +513,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -601,7 +607,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -699,7 +705,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -793,7 +799,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -812,6 +818,12 @@
},
"cpe": "cpe:2.3:a:kim_davies:idna:3.11:*:*:*:*:*:*:*",
"description": "Internationalized Domain Names in Applications (IDNA)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "771a87f49d9defaf64091e6e6fe9c18d4833f140bd19464795bc32d966ca37ea"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/idna/3.11/#files",
@@ -835,7 +847,7 @@
"properties": [
{
"name": "release_date",
- "value": "2025-10-06T14:08:42Z"
+ "value": "2025-10-12T14:55:18Z"
},
{
"name": "language",
@@ -843,7 +855,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -905,7 +917,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -967,7 +979,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -1045,7 +1057,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -1107,7 +1119,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -1169,7 +1181,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -1231,7 +1243,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -1289,7 +1301,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -1301,7 +1313,7 @@
"type": "library",
"bom-ref": "19-argcomplete",
"name": "argcomplete",
- "version": "3.6.2",
+ "version": "3.6.3",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
@@ -1310,12 +1322,12 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.6.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.6.3:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
"hashes": [
{
"alg": "SHA-256",
- "content": "65b3133a29ad53fb42c48cf5114752c7ab66c1c38544fdf6460f450c09b42591"
+ "content": "f5007b3a600ccac5d25bbce33089211dfd49eab4a7718da3f10e3082525a92ce"
}
],
"licenses": [
@@ -1334,7 +1346,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/argcomplete/3.6.2/#files",
+ "url": "https://pypi.org/project/argcomplete/3.6.3/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -1355,11 +1367,11 @@
"type": "log"
}
],
- "purl": "pkg:pypi/argcomplete@3.6.2",
+ "purl": "pkg:pypi/argcomplete@3.6.3",
"properties": [
{
"name": "release_date",
- "value": "2025-04-03T04:57:01Z"
+ "value": "2025-10-20T03:33:33Z"
},
{
"name": "language",
@@ -1367,7 +1379,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -1429,7 +1441,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -1473,7 +1485,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -1531,7 +1543,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -1593,7 +1605,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -1671,7 +1683,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -1729,7 +1741,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -1787,7 +1799,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -1849,7 +1861,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -1911,7 +1923,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -1969,7 +1981,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -2018,7 +2030,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -2076,7 +2088,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -2150,7 +2162,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -2216,7 +2228,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -2291,7 +2303,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -2354,7 +2366,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -2412,7 +2424,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -2470,7 +2482,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -2528,7 +2540,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -2590,7 +2602,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -2648,7 +2660,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -2710,7 +2722,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -2772,7 +2784,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -2840,7 +2852,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -2899,7 +2911,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -2972,7 +2984,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -3041,7 +3053,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -3049,7 +3061,7 @@
"type": "library",
"bom-ref": "47-referencing",
"name": "referencing",
- "version": "0.36.2",
+ "version": "0.37.0",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -3058,12 +3070,12 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:referencing:0.36.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:referencing:0.37.0:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
"hashes": [
{
"alg": "SHA-256",
- "content": "e8699adbbf8b5c7de96d8ffa0eb5c158b3beafce084968e2ea8bb08c6794dcd0"
+ "content": "381329a9f99628c9069361716891d34ad94af76e461dcb0335825aecc7692231"
}
],
"externalReferences": [
@@ -3073,7 +3085,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/referencing/0.36.2/#files",
+ "url": "https://pypi.org/project/referencing/0.37.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -3102,11 +3114,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/referencing@0.36.2",
+ "purl": "pkg:pypi/referencing@0.37.0",
"properties": [
{
"name": "release_date",
- "value": "2025-01-25T08:48:14Z"
+ "value": "2025-10-13T15:30:47Z"
},
{
"name": "language",
@@ -3114,7 +3126,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -3122,7 +3134,7 @@
"type": "library",
"bom-ref": "48-rpds-py",
"name": "rpds-py",
- "version": "0.27.1",
+ "version": "0.28.0",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -3131,12 +3143,12 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.27.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.28.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"hashes": [
{
"alg": "SHA-256",
- "content": "68afeec26d42ab3b47e541b272166a0b4400313946871cba3ed3a4fc0cab1cef"
+ "content": "7b6013db815417eeb56b2d9d7324e64fcd4fa289caeee6e7a78b2e11fc9b438a"
}
],
"externalReferences": [
@@ -3146,7 +3158,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.27.1/#files",
+ "url": "https://pypi.org/project/rpds-py/0.28.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -3175,11 +3187,11 @@
"type": "other"
}
],
- "purl": "pkg:pypi/rpds-py@0.27.1",
+ "purl": "pkg:pypi/rpds-py@0.28.0",
"properties": [
{
"name": "release_date",
- "value": "2025-08-27T12:12:25Z"
+ "value": "2025-10-22T22:21:15Z"
},
{
"name": "language",
@@ -3187,7 +3199,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -3245,7 +3257,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -3323,7 +3335,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -3381,7 +3393,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -3443,7 +3455,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -3455,7 +3467,7 @@
"type": "library",
"bom-ref": "53-xmlschema",
"name": "xmlschema",
- "version": "4.1.0",
+ "version": "4.2.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3464,12 +3476,12 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:4.1.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:4.2.0:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"hashes": [
{
"alg": "SHA-256",
- "content": "eabf610f398a58700bc4ac94380ad9ce558297a3f9ca8b7722ed3f7888eb4498"
+ "content": "82d24a50eea5e7f2d603312813848cd66fddf8fa2b6730839c6aa3d66312e3b6"
}
],
"externalReferences": [
@@ -3479,16 +3491,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/xmlschema/4.1.0/#files",
+ "url": "https://pypi.org/project/xmlschema/4.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@4.1.0",
+ "purl": "pkg:pypi/xmlschema@4.2.0",
"properties": [
{
"name": "release_date",
- "value": "2025-06-05T21:17:35Z"
+ "value": "2025-10-14T09:19:28Z"
},
{
"name": "language",
@@ -3496,7 +3508,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -3545,7 +3557,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -3603,7 +3615,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -3661,7 +3673,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -3714,7 +3726,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -3776,7 +3788,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -3838,7 +3850,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -3900,7 +3912,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -3978,7 +3990,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -4036,7 +4048,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -4101,7 +4113,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -4113,7 +4125,7 @@
"type": "library",
"bom-ref": "64-narwhals",
"name": "narwhals",
- "version": "2.7.0",
+ "version": "2.9.0",
"supplier": {
"name": "Marco Gorelli",
"contact": [
@@ -4122,8 +4134,14 @@
}
]
},
- "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.7.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.9.0:*:*:*:*:*:*:*",
"description": "Extremely lightweight compatibility layer between dataframe libraries",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "c59f7de4763004ae81691ce16df71b4e55aead0ead7ccde8c8f2ef8c9559c765"
+ }
+ ],
"licenses": [
{
"license": {
@@ -4140,7 +4158,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/narwhals/2.7.0/#files",
+ "url": "https://pypi.org/project/narwhals/2.9.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4157,11 +4175,11 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/narwhals@2.7.0",
+ "purl": "pkg:pypi/narwhals@2.9.0",
"properties": [
{
"name": "release_date",
- "value": "2025-10-02T16:10:22Z"
+ "value": "2025-10-20T12:19:15Z"
},
{
"name": "language",
@@ -4169,7 +4187,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -4243,7 +4261,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
},
{
"name": "License Comments",
@@ -4313,7 +4331,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -4321,7 +4339,7 @@
"type": "library",
"bom-ref": "67-charset-normalizer",
"name": "charset-normalizer",
- "version": "3.4.3",
+ "version": "3.4.4",
"supplier": {
"name": "Ahmed R .",
"contact": [
@@ -4330,12 +4348,12 @@
}
]
},
- "cpe": "cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.4:*:*:*:*:*:*:*",
"description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
"hashes": [
{
"alg": "SHA-256",
- "content": "fb7f67a1bfa6e40b438170ebdc8158b78dc465a5a67b6dde178a46987b244a72"
+ "content": "e824f1492727fa856dd6eda4f7cee25f8518a12f3c4a56a74e8095695089cf6d"
}
],
"licenses": [
@@ -4349,7 +4367,7 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/charset-normalizer/3.4.3/#files",
+ "url": "https://pypi.org/project/charset-normalizer/3.4.4/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4370,11 +4388,11 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/charset-normalizer@3.4.3",
+ "purl": "pkg:pypi/charset-normalizer@3.4.4",
"properties": [
{
"name": "release_date",
- "value": "2025-08-09T07:55:36Z"
+ "value": "2025-10-14T04:40:11Z"
},
{
"name": "language",
@@ -4382,7 +4400,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -4442,7 +4460,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -4504,7 +4522,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -4562,7 +4580,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -4618,7 +4636,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -4666,7 +4684,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
},
@@ -4719,7 +4737,7 @@
},
{
"name": "python_version",
- "value": "3.13.8"
+ "value": "3.13.9"
}
]
}
diff --git a/sbom/cve-bin-tool-py3.13.spdx b/sbom/cve-bin-tool-py3.13.spdx
index 600f65cc18..e242a92ce8 100644
--- a/sbom/cve-bin-tool-py3.13.spdx
+++ b/sbom/cve-bin-tool-py3.13.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-127fa2fd-d3a9-4dd0-b2f7-99f0ff0d88e7
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-d081b1de-b966-4e9b-9e5a-5f0b0bf9cf1b
LicenseListVersion: 3.26
Creator: Tool: sbom4python-0.12.4
-Created: 2025-10-13T00:44:30Z
+Created: 2025-10-27T00:42:18Z
CreatorComment: SBOM Type: Build - This document has been automatically generated.
#####
@@ -27,18 +27,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4.1:*:*:*:*:*
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.13.0
+PackageVersion: 3.13.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.13.0/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.13.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageChecksum: SHA256: ca69ec38adf5cadcc21d0b25e2144f6a25b7db7bea7e730bac25075bc305eff0
+PackageChecksum: SHA256: 2349a6b642020bf20116a8a5c83bae8ba071acf1461c7cbe45fc7fafd552e7e2
PackageLicenseDeclared: Apache-2.0 AND MIT
PackageLicenseConcluded: Apache-2.0 AND MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ReleaseDate: 2025-10-06T19:54:40Z
+ReleaseDate: 2025-10-17T13:58:56Z
ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI
@@ -47,7 +47,7 @@ ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html
ExternalRef: OTHER other https://docs.aiohttp.org
ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues
ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.13.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.13.1
#####
PackageName: aiohappyeyeballs
@@ -103,11 +103,12 @@ PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/frozenlist/1.8.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
+PackageChecksum: SHA256: b37f6d31b3dcea7deb5e9696e529a6aa4a898adc33db82da12e4c60a7c4d2011
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
-ReleaseDate: 2025-07-03T22:54:42Z
+ReleaseDate: 2025-10-06T05:35:23Z
ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions
@@ -254,11 +255,12 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
PackageDownloadLocation: https://pypi.org/project/idna/3.11/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: 771a87f49d9defaf64091e6e6fe9c18d4833f140bd19464795bc32d966ca37ea
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Internationalized Domain Names in Applications (IDNA)
-ReleaseDate: 2025-10-06T14:08:42Z
+ReleaseDate: 2025-10-12T14:55:18Z
ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst
ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues
ExternalRef: OTHER vcs https://github.com/kjd/idna
@@ -405,25 +407,25 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.35:*:*:*:*:*:*:*
PackageName: argcomplete
SPDXID: SPDXRef-19-argcomplete
-PackageVersion: 3.6.2
+PackageVersion: 3.6.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.6.2/#files
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.6.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/kislyuk/argcomplete
-PackageChecksum: SHA256: 65b3133a29ad53fb42c48cf5114752c7ab66c1c38544fdf6460f450c09b42591
+PackageChecksum: SHA256: f5007b3a600ccac5d25bbce33089211dfd49eab4a7718da3f10e3082525a92ce
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ReleaseDate: 2025-04-03T04:57:01Z
+ReleaseDate: 2025-10-20T03:33:33Z
ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete
ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete
ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues
ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.6.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.6.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.6.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.6.3:*:*:*:*:*:*:*
#####
PackageName: crcmod
@@ -960,50 +962,50 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
PackageName: referencing
SPDXID: SPDXRef-47-referencing
-PackageVersion: 0.36.2
+PackageVersion: 0.37.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/referencing/0.36.2/#files
+PackageDownloadLocation: https://pypi.org/project/referencing/0.37.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/referencing
-PackageChecksum: SHA256: e8699adbbf8b5c7de96d8ffa0eb5c158b3beafce084968e2ea8bb08c6794dcd0
+PackageChecksum: SHA256: 381329a9f99628c9069361716891d34ad94af76e461dcb0335825aecc7692231
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
-ReleaseDate: 2025-01-25T08:48:14Z
+ReleaseDate: 2025-10-13T15:30:47Z
ExternalRef: OTHER documentation https://referencing.readthedocs.io/
ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/
ExternalRef: OTHER other https://github.com/sponsors/Julian
ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link
ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/
ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.36.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.36.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.37.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.37.0:*:*:*:*:*:*:*
#####
PackageName: rpds-py
SPDXID: SPDXRef-48-rpds-py
-PackageVersion: 0.27.1
+PackageVersion: 0.28.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.27.1/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.28.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA256: 68afeec26d42ab3b47e541b272166a0b4400313946871cba3ed3a4fc0cab1cef
+PackageChecksum: SHA256: 7b6013db815417eeb56b2d9d7324e64fcd4fa289caeee6e7a78b2e11fc9b438a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ReleaseDate: 2025-08-27T12:12:25Z
+ReleaseDate: 2025-10-22T22:21:15Z
ExternalRef: OTHER documentation https://rpds.readthedocs.io/
ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/
ExternalRef: OTHER other https://github.com/sponsors/Julian
ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link
ExternalRef: OTHER vcs https://github.com/crate-py/rpds
ExternalRef: OTHER other https://github.com/orium/rpds
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.27.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.27.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.28.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.28.0:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
@@ -1087,20 +1089,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:michal_horejsek:fastjsonschema:2.21.2:
PackageName: xmlschema
SPDXID: SPDXRef-53-xmlschema
-PackageVersion: 4.1.0
+PackageVersion: 4.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/4.1.0/#files
+PackageDownloadLocation: https://pypi.org/project/xmlschema/4.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
-PackageChecksum: SHA256: eabf610f398a58700bc4ac94380ad9ce558297a3f9ca8b7722ed3f7888eb4498
+PackageChecksum: SHA256: 82d24a50eea5e7f2d603312813848cd66fddf8fa2b6730839c6aa3d66312e3b6
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ReleaseDate: 2025-06-05T21:17:35Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@4.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:4.1.0:*:*:*:*:*:*:*
+ReleaseDate: 2025-10-14T09:19:28Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@4.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:4.2.0:*:*:*:*:*:*:*
#####
PackageName: elementpath
@@ -1320,23 +1322,24 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.3.1:*:*:*:*:*:*:*
PackageName: narwhals
SPDXID: SPDXRef-64-narwhals
-PackageVersion: 2.7.0
+PackageVersion: 2.9.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Marco Gorelli (hello_narwhals@proton.me)
-PackageDownloadLocation: https://pypi.org/project/narwhals/2.7.0/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/2.9.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/narwhals-dev/narwhals
+PackageChecksum: SHA256: c59f7de4763004ae81691ce16df71b4e55aead0ead7ccde8c8f2ef8c9559c765
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: MIT
PackageLicenseComments: narwhals declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Extremely lightweight compatibility layer between dataframe libraries
-ReleaseDate: 2025-10-02T16:10:22Z
+ReleaseDate: 2025-10-20T12:19:15Z
ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.7.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.7.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.9.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.9.0:*:*:*:*:*:*:*
#####
PackageName: python-gnupg
@@ -1383,23 +1386,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.5:*:*:*:*:
PackageName: charset-normalizer
SPDXID: SPDXRef-67-charset-normalizer
-PackageVersion: 3.4.3
+PackageVersion: 3.4.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Ahmed R. (tahri.ahmed@proton.me)
-PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.3/#files
+PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.4/#files
FilesAnalyzed: false
-PackageChecksum: SHA256: fb7f67a1bfa6e40b438170ebdc8158b78dc465a5a67b6dde178a46987b244a72
+PackageChecksum: SHA256: e824f1492727fa856dd6eda4f7cee25f8518a12f3c4a56a74e8095695089cf6d
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
-ReleaseDate: 2025-08-09T07:55:36Z
+ReleaseDate: 2025-10-14T04:40:11Z
ExternalRef: OTHER log https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md
ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/
ExternalRef: OTHER vcs https://github.com/jawah/charset_normalizer
ExternalRef: OTHER issue-tracker https://github.com/jawah/charset_normalizer/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.4.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.4.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.4:*:*:*:*:*:*:*
#####
PackageName: urllib3