diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index 226b9b886c..a1c1c87f99 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:d28666e2-3442-48bf-a616-d468c511b4c4",
+ "serialNumber": "urn:uuid:86cf0eb9-abd8-431a-91d2-9d3d845f4728",
"version": 1,
"metadata": {
- "timestamp": "2025-05-05T00:42:18Z",
+ "timestamp": "2025-05-12T00:42:32Z",
"lifecycles": [
{
"phase": "build"
@@ -4256,7 +4256,7 @@
"type": "library",
"bom-ref": "64-narwhals",
"name": "narwhals",
- "version": "1.37.1",
+ "version": "1.38.2",
"supplier": {
"name": "Marco Gorelli",
"contact": [
@@ -4265,12 +4265,12 @@
}
]
},
- "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.37.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.38.2:*:*:*:*:*:*:*",
"description": "Extremely lightweight compatibility layer between dataframe libraries",
"hashes": [
{
"alg": "SHA-256",
- "content": "6f358a23b7351897d6efb45496dc0528918ce4ca6c8f9631594885cd873576a7"
+ "content": "a33a182e32f18d794a04e7828a5c401fb26ce9083f609993e7e5064aace641c7"
}
],
"licenses": [
@@ -4289,7 +4289,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/narwhals/1.37.1/#files",
+ "url": "https://pypi.org/project/narwhals/1.38.2/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4306,11 +4306,11 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/narwhals@1.37.1",
+ "purl": "pkg:pypi/narwhals@1.38.2",
"properties": [
{
"name": "release_date",
- "value": "2025-04-29T13:56:31Z"
+ "value": "2025-05-08T17:02:25Z"
},
{
"name": "language",
@@ -4719,7 +4719,7 @@
"type": "library",
"bom-ref": "71-setuptools",
"name": "setuptools",
- "version": "80.3.1",
+ "version": "80.4.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -4728,17 +4728,17 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:80.3.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:80.4.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"hashes": [
{
"alg": "SHA-256",
- "content": "ea8e00d7992054c4c592aeb892f6ad51fe1b4d90cc6947cc45c45717c40ec537"
+ "content": "6cdc8cb9a7d590b237dbe4493614a9b75d0559b888047c1f67d49ba50fc3edb2"
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/80.3.1/#files",
+ "url": "https://pypi.org/project/setuptools/80.4.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4755,11 +4755,11 @@
"type": "log"
}
],
- "purl": "pkg:pypi/setuptools@80.3.1",
+ "purl": "pkg:pypi/setuptools@80.4.0",
"properties": [
{
"name": "release_date",
- "value": "2025-05-04T18:47:02Z"
+ "value": "2025-05-09T20:42:25Z"
},
{
"name": "language",
@@ -4882,7 +4882,7 @@
"type": "library",
"bom-ref": "74-elementpath",
"name": "elementpath",
- "version": "5.0.0",
+ "version": "5.0.1",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -4891,8 +4891,14 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:5.0.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:elementpath:5.0.1:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "334f796578d1d273e99838b6a731d265985ea9ab399e22b74ea1c3a3faa73c83"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/sissaschool/elementpath",
@@ -4900,16 +4906,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/elementpath/5.0.0/#files",
+ "url": "https://pypi.org/project/elementpath/5.0.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/elementpath@5.0.0",
+ "purl": "pkg:pypi/elementpath@5.0.1",
"properties": [
{
"name": "release_date",
- "value": "2025-04-13T20:41:21Z"
+ "value": "2025-05-11T16:01:16Z"
},
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index 98febeceba..f7e2afa5c4 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-47222339-f9f2-42f7-b026-7e64954a50c7
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-02ddd5bb-db60-48c0-8fe0-dd4cec92b8d9
LicenseListVersion: 3.25
Creator: Tool: sbom4python-0.12.3
-Created: 2025-05-05T00:42:11Z
+Created: 2025-05-12T00:42:26Z
CreatorComment: <text>SBOM Type: Build - This document has been automatically generated.</text>
#####
@@ -1363,24 +1363,24 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.0.1:*:*:*:*:*:*:*
PackageName: narwhals
SPDXID: SPDXRef-64-narwhals
-PackageVersion: 1.37.1
+PackageVersion: 1.38.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Marco Gorelli (33491632+MarcoGorelli@users.noreply.github.com)
-PackageDownloadLocation: https://pypi.org/project/narwhals/1.37.1/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/1.38.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/narwhals-dev/narwhals
-PackageChecksum: SHA256: 6f358a23b7351897d6efb45496dc0528918ce4ca6c8f9631594885cd873576a7
+PackageChecksum: SHA256: a33a182e32f18d794a04e7828a5c401fb26ce9083f609993e7e5064aace641c7
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: MIT
PackageLicenseComments: <text>narwhals declares MIT License which is not currently a valid SPDX License identifier or expression.</text>
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Extremely lightweight compatibility layer between dataframe libraries</text>
-ReleaseDate: 2025-04-29T13:56:31Z
+ReleaseDate: 2025-05-08T17:02:25Z
ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.37.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.37.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.38.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.38.2:*:*:*:*:*:*:*
#####
PackageName: python-gnupg
@@ -1506,22 +1506,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-71-setuptools
-PackageVersion: 80.3.1
+PackageVersion: 80.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/80.3.1/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/80.4.0/#files
FilesAnalyzed: false
-PackageChecksum: SHA256: ea8e00d7992054c4c592aeb892f6ad51fe1b4d90cc6947cc45c45717c40ec537
+PackageChecksum: SHA256: 6cdc8cb9a7d590b237dbe4493614a9b75d0559b888047c1f67d49ba50fc3edb2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Easily download, build, install, upgrade, and uninstall Python packages</text>
-ReleaseDate: 2025-05-04T18:47:02Z
+ReleaseDate: 2025-05-09T20:42:25Z
ExternalRef: OTHER vcs https://github.com/pypa/setuptools
ExternalRef: OTHER documentation https://setuptools.pypa.io/
ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@80.3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:80.3.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@80.4.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:80.4.0:*:*:*:*:*:*:*
#####
PackageName: toml
@@ -1562,19 +1562,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:4.0.1:*:*:*:*
PackageName: elementpath
SPDXID: SPDXRef-74-elementpath
-PackageVersion: 5.0.0
+PackageVersion: 5.0.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/5.0.0/#files
+PackageDownloadLocation: https://pypi.org/project/elementpath/5.0.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
+PackageChecksum: SHA256: 334f796578d1d273e99838b6a731d265985ea9ab399e22b74ea1c3a3faa73c83
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: <text>XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml</text>
-ReleaseDate: 2025-04-13T20:41:21Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@5.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:5.0.0:*:*:*:*:*:*:*
+ReleaseDate: 2025-05-11T16:01:16Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@5.0.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:5.0.1:*:*:*:*:*:*:*
#####
PackageName: zstandard