diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index 376a18ce82..21ea129f4c 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.7",
- "serialNumber": "urn:uuid:d190d704-123d-4c29-92f1-59ac8bf44db5",
+ "serialNumber": "urn:uuid:926383b1-3b8c-48f1-8db1-043a4f27904a",
"version": 1,
"metadata": {
- "timestamp": "2025-11-10T00:41:52Z",
+ "timestamp": "2025-12-01T00:49:21Z",
"lifecycles": [
{
"phase": "build"
@@ -948,7 +948,7 @@
"type": "library",
"bom-ref": "13-beautifulsoup4",
"name": "beautifulsoup4",
- "version": "4.14.2",
+ "version": "4.14.3",
"supplier": {
"name": "Leonard Richardson",
"contact": [
@@ -957,14 +957,8 @@
}
]
},
- "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.14.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.14.3:*:*:*:*:*:*:*",
"description": "Screen-scraping library",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "5ef6fa3a8cbece8488d66985560f97ed091e22bbc4e9c2338508a9d5de6d4515"
- }
- ],
"licenses": [
{
"license": {
@@ -981,7 +975,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/beautifulsoup4/4.14.2/#files",
+ "url": "https://pypi.org/project/beautifulsoup4/4.14.3/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -990,11 +984,11 @@
"type": "other"
}
],
- "purl": "pkg:pypi/beautifulsoup4@4.14.2",
+ "purl": "pkg:pypi/beautifulsoup4@4.14.3",
"properties": [
{
"name": "release_date",
- "value": "2025-09-29T10:05:43Z"
+ "value": "2025-10-12T14:55:18Z"
},
{
"name": "language",
@@ -3401,7 +3395,7 @@
"type": "library",
"bom-ref": "52-lib4sbom",
"name": "lib4sbom",
- "version": "0.9.0",
+ "version": "0.9.1",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -3410,12 +3404,12 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.9.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.9.1:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"hashes": [
{
"alg": "SHA-256",
- "content": "78b8584d10fc7fa28fc3c17c0afcb2967f3c2b96974e4bdbb60b3eb3744d01fd"
+ "content": "f2423d5e06a82f5462b05d0c5b9273d6e3674753ade9f5a0d4abdcf73f799117"
}
],
"licenses": [
@@ -3434,16 +3428,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/lib4sbom/0.9.0/#files",
+ "url": "https://pypi.org/project/lib4sbom/0.9.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.9.0",
+ "purl": "pkg:pypi/lib4sbom@0.9.1",
"properties": [
{
"name": "release_date",
- "value": "2025-10-28T09:09:40Z"
+ "value": "2025-11-13T20:07:13Z"
},
{
"name": "language",
@@ -3875,16 +3869,16 @@
"type": "library",
"bom-ref": "60-packageurl-python",
"name": "packageurl-python",
- "version": "0.17.5",
+ "version": "0.17.6",
"supplier": {
"name": "the purl authors"
},
- "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.17.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.17.6:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
"hashes": [
{
"alg": "SHA-256",
- "content": "f0e55452ab37b5c192c443de1458e3f3b4d8ac27f747df6e8c48adeab081d321"
+ "content": "31a85c2717bc41dd818f3c62908685ff9eebcb68588213745b14a6ee9e7df7c9"
}
],
"licenses": [
@@ -3903,16 +3897,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/packageurl-python/0.17.5/#files",
+ "url": "https://pypi.org/project/packageurl-python/0.17.6/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packageurl-python@0.17.5",
+ "purl": "pkg:pypi/packageurl-python@0.17.6",
"properties": [
{
"name": "release_date",
- "value": "2025-08-06T14:08:19Z"
+ "value": "2025-11-24T15:20:16Z"
},
{
"name": "language",
@@ -4254,7 +4248,7 @@
"type": "library",
"bom-ref": "66-plotly",
"name": "plotly",
- "version": "6.4.0",
+ "version": "6.5.0",
"supplier": {
"name": "Chris P",
"contact": [
@@ -4263,12 +4257,12 @@
}
]
},
- "cpe": "cpe:2.3:a:chris_p:plotly:6.4.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:chris_p:plotly:6.5.0:*:*:*:*:*:*:*",
"description": "An open-source interactive data visualization library for Python",
"hashes": [
{
"alg": "SHA-256",
- "content": "a1062eafbdc657976c2eedd276c90e184ccd6c21282a5e9ee8f20efca9c9a4c5"
+ "content": "5ac851e100367735250206788a2b1325412aa4a4917a4fe3e6f0bc5aa6f3d90a"
}
],
"externalReferences": [
@@ -4278,7 +4272,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/plotly/6.4.0/#files",
+ "url": "https://pypi.org/project/plotly/6.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4295,11 +4289,11 @@
"type": "log"
}
],
- "purl": "pkg:pypi/plotly@6.4.0",
+ "purl": "pkg:pypi/plotly@6.5.0",
"properties": [
{
"name": "release_date",
- "value": "2025-11-04T17:59:22Z"
+ "value": "2025-11-17T18:39:20Z"
},
{
"name": "language",
@@ -4319,7 +4313,7 @@
"type": "library",
"bom-ref": "67-narwhals",
"name": "narwhals",
- "version": "2.10.2",
+ "version": "2.12.0",
"supplier": {
"name": "Marco Gorelli",
"contact": [
@@ -4328,7 +4322,7 @@
}
]
},
- "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.10.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.12.0:*:*:*:*:*:*:*",
"description": "Extremely lightweight compatibility layer between dataframe libraries",
"licenses": [
{
@@ -4346,7 +4340,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/narwhals/2.10.2/#files",
+ "url": "https://pypi.org/project/narwhals/2.12.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4363,11 +4357,11 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/narwhals@2.10.2",
+ "purl": "pkg:pypi/narwhals@2.12.0",
"properties": [
{
"name": "release_date",
- "value": "2025-11-04T17:59:22Z"
+ "value": "2025-11-17T18:39:20Z"
},
{
"name": "language",
@@ -4656,7 +4650,7 @@
"type": "library",
"bom-ref": "72-certifi",
"name": "certifi",
- "version": "2025.10.5",
+ "version": "2025.11.12",
"supplier": {
"name": "Kenneth Reitz",
"contact": [
@@ -4665,12 +4659,12 @@
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2025.10.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2025.11.12:*:*:*:*:*:*:*",
"description": "Python package for providing Mozilla's CA Bundle.",
"hashes": [
{
"alg": "SHA-256",
- "content": "0f212c2744a9bb6de0c56639a6f68afe01ecd92d91f14ae897c4fe7bbeeef0de"
+ "content": "97de8790030bbd5c2d96b7ec782fc2f7820ef8dba6db909ccf95449f2d062d4b"
}
],
"licenses": [
@@ -4689,7 +4683,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/certifi/2025.10.5/#files",
+ "url": "https://pypi.org/project/certifi/2025.11.12/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4698,11 +4692,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/certifi@2025.10.5",
+ "purl": "pkg:pypi/certifi@2025.11.12",
"properties": [
{
"name": "release_date",
- "value": "2025-10-05T04:12:14Z"
+ "value": "2025-11-12T02:54:49Z"
},
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index b4f8d51795..e3ad68fb9a 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-57009a0b-d4a9-4bf8-9a82-3341168a260c
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-5a7e3a1a-f202-40bc-8783-3cebc51691ad
LicenseListVersion: 3.26
Creator: Tool: sbom4python-0.12.4
-Created: 2025-11-10T00:41:40Z
+Created: 2025-12-01T00:49:07Z
CreatorComment: SBOM Type: Build - This document has been automatically generated.
#####
@@ -294,22 +294,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.11:*:*:*:*:*:*:*
PackageName: beautifulsoup4
SPDXID: SPDXRef-13-beautifulsoup4
-PackageVersion: 4.14.2
+PackageVersion: 4.14.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
-PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.14.2/#files
+PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.14.3/#files
FilesAnalyzed: false
PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/
-PackageChecksum: SHA256: 5ef6fa3a8cbece8488d66985560f97ed091e22bbc4e9c2338508a9d5de6d4515
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: MIT
PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Screen-scraping library
-ReleaseDate: 2025-09-29T10:05:43Z
+ReleaseDate: 2025-10-12T14:55:18Z
ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.14.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.14.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.14.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.14.3:*:*:*:*:*:*:*
#####
PackageName: soupsieve
@@ -1071,20 +1070,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.27.1:*:*:*:*:*
PackageName: lib4sbom
SPDXID: SPDXRef-52-lib4sbom
-PackageVersion: 0.9.0
+PackageVersion: 0.9.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.9.0/#files
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.9.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4sbom
-PackageChecksum: SHA256: 78b8584d10fc7fa28fc3c17c0afcb2967f3c2b96974e4bdbb60b3eb3744d01fd
+PackageChecksum: SHA256: f2423d5e06a82f5462b05d0c5b9273d6e3674753ade9f5a0d4abdcf73f799117
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ReleaseDate: 2025-10-28T09:09:40Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.9.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.9.0:*:*:*:*:*:*:*
+ReleaseDate: 2025-11-13T20:07:13Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.9.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.9.1:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -1222,20 +1221,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*
PackageName: packageurl-python
SPDXID: SPDXRef-60-packageurl-python
-PackageVersion: 0.17.5
+PackageVersion: 0.17.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.17.5/#files
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.17.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
-PackageChecksum: SHA256: f0e55452ab37b5c192c443de1458e3f3b4d8ac27f747df6e8c48adeab081d321
+PackageChecksum: SHA256: 31a85c2717bc41dd818f3c62908685ff9eebcb68588213745b14a6ee9e7df7c9
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
-ReleaseDate: 2025-08-06T14:08:19Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.17.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.17.5:*:*:*:*:*:*:*
+ReleaseDate: 2025-11-24T15:20:16Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.17.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.17.6:*:*:*:*:*:*:*
#####
PackageName: rich
@@ -1340,13 +1339,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:25.0:*:*:*:*:*
PackageName: plotly
SPDXID: SPDXRef-66-plotly
-PackageVersion: 6.4.0
+PackageVersion: 6.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/6.4.0/#files
+PackageDownloadLocation: https://pypi.org/project/plotly/6.5.0/#files
FilesAnalyzed: false
PackageHomePage: https://plotly.com/python/
-PackageChecksum: SHA256: a1062eafbdc657976c2eedd276c90e184ccd6c21282a5e9ee8f20efca9c9a4c5
+PackageChecksum: SHA256: 5ac851e100367735250206788a2b1325412aa4a4917a4fe3e6f0bc5aa6f3d90a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageLicenseComments: plotly declares MIT License
@@ -1373,20 +1372,20 @@ THE SOFTWARE.
which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source interactive data visualization library for Python
-ReleaseDate: 2025-11-04T17:59:22Z
+ReleaseDate: 2025-11-17T18:39:20Z
ExternalRef: OTHER documentation https://plotly.com/python/
ExternalRef: OTHER vcs https://github.com/plotly/plotly.py
ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/main/CHANGELOG.md
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@6.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.4.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@6.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.5.0:*:*:*:*:*:*:*
#####
PackageName: narwhals
SPDXID: SPDXRef-67-narwhals
-PackageVersion: 2.10.2
+PackageVersion: 2.12.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Marco Gorelli (hello_narwhals@proton.me)
-PackageDownloadLocation: https://pypi.org/project/narwhals/2.10.2/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/2.12.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/narwhals-dev/narwhals
PackageLicenseDeclared: NOASSERTION
@@ -1394,12 +1393,12 @@ PackageLicenseConcluded: MIT
PackageLicenseComments: narwhals declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Extremely lightweight compatibility layer between dataframe libraries
-ReleaseDate: 2025-11-04T17:59:22Z
+ReleaseDate: 2025-11-17T18:39:20Z
ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.10.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.10.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.12.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.12.0:*:*:*:*:*:*:*
#####
PackageName: python-gnupg
@@ -1488,21 +1487,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.5.0:*:*:*:*:*:
PackageName: certifi
SPDXID: SPDXRef-72-certifi
-PackageVersion: 2025.10.5
+PackageVersion: 2025.11.12
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2025.10.5/#files
+PackageDownloadLocation: https://pypi.org/project/certifi/2025.11.12/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/certifi/python-certifi
-PackageChecksum: SHA256: 0f212c2744a9bb6de0c56639a6f68afe01ecd92d91f14ae897c4fe7bbeeef0de
+PackageChecksum: SHA256: 97de8790030bbd5c2d96b7ec782fc2f7820ef8dba6db909ccf95449f2d062d4b
PackageLicenseDeclared: MPL-2.0
PackageLicenseConcluded: MPL-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python package for providing Mozilla's CA Bundle.
-ReleaseDate: 2025-10-05T04:12:14Z
+ReleaseDate: 2025-11-12T02:54:49Z
ExternalRef: OTHER vcs https://github.com/certifi/python-certifi
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2025.10.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2025.10.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2025.11.12
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2025.11.12:*:*:*:*:*:*:*
#####
PackageName: rpmfile