diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index 8ccdac7c58..c0f1fd7fec 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:3ac59c73-875e-4d32-9a5a-2cacfe629cdd",
+ "serialNumber": "urn:uuid:8107b27f-aefb-4968-98d1-b9d0503ea396",
"version": 1,
"metadata": {
- "timestamp": "2025-01-06T00:36:19Z",
+ "timestamp": "2025-01-13T00:37:15Z",
"lifecycles": [
{
"phase": "build"
@@ -3860,7 +3860,7 @@
"type": "library",
"bom-ref": "61-pygments",
"name": "pygments",
- "version": "2.19.0",
+ "version": "2.19.1",
"supplier": {
"name": "Georg Brandl",
"contact": [
@@ -3869,12 +3869,12 @@
}
]
},
- "cpe": "cpe:2.3:a:georg_brandl:pygments:2.19.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:georg_brandl:pygments:2.19.1:*:*:*:*:*:*:*",
"description": "Pygments is a syntax highlighting package written in Python.",
"hashes": [
{
"alg": "SHA-256",
- "content": "4755e6e64d22161d5b61432c0600c923c5927214e7c956e31c23923c89251a9b"
+ "content": "9ea1544ad55cecf4b8242fab6dd35a93bbce657034b0611ee383099054ab6d8c"
}
],
"licenses": [
@@ -3893,7 +3893,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pygments/2.19.0/#files",
+ "url": "https://pypi.org/project/pygments/2.19.1/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -3914,11 +3914,11 @@
"type": "log"
}
],
- "purl": "pkg:pypi/pygments@2.19.0",
+ "purl": "pkg:pypi/pygments@2.19.1",
"properties": [
{
"name": "release_date",
- "value": "2025-01-05T14:11:12Z"
+ "value": "2025-01-06T17:26:25Z"
},
{
"name": "language",
@@ -3934,7 +3934,7 @@
"type": "library",
"bom-ref": "62-python-gnupg",
"name": "python-gnupg",
- "version": "0.5.3",
+ "version": "0.5.4",
"supplier": {
"name": "Vinay Sajip",
"contact": [
@@ -3943,12 +3943,12 @@
}
]
},
- "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.4:*:*:*:*:*:*:*",
"description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
"hashes": [
{
"alg": "SHA-256",
- "content": "2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248"
+ "content": "40ce25cde9df29af91fe931ce9df3ce544e14a37f62b13ca878c897217b2de6c"
}
],
"licenses": [
@@ -3967,7 +3967,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/python-gnupg/0.5.3/#files",
+ "url": "https://pypi.org/project/python-gnupg/0.5.4/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -3984,11 +3984,11 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/python-gnupg@0.5.3",
+ "purl": "pkg:pypi/python-gnupg@0.5.4",
"properties": [
{
"name": "release_date",
- "value": "2024-09-20T16:43:47Z"
+ "value": "2025-01-07T11:58:32Z"
},
{
"name": "language",
@@ -4499,7 +4499,7 @@
"type": "library",
"bom-ref": "71-setuptools",
"name": "setuptools",
- "version": "75.7.0",
+ "version": "75.8.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -4508,17 +4508,17 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.7.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.8.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"hashes": [
{
"alg": "SHA-256",
- "content": "84fb203f278ebcf5cd08f97d3fb96d3fbed4b629d500b29ad60d11e00769b183"
+ "content": "e3982f444617239225d675215d51f6ba05f845d4eec313da4418fdbb56fb27e3"
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.7.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.8.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4535,11 +4535,11 @@
"type": "log"
}
],
- "purl": "pkg:pypi/setuptools@75.7.0",
+ "purl": "pkg:pypi/setuptools@75.8.0",
"properties": [
{
"name": "release_date",
- "value": "2025-01-05T16:31:09Z"
+ "value": "2025-01-08T18:28:20Z"
},
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index 798ffeff0e..0a8ddcddf9 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-5be38161-3148-45bb-a7af-20ff2c08631c
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-b5a63ce0-27fa-49ca-8dc2-a124dfe9797f
LicenseListVersion: 3.25
Creator: Tool: sbom4python-0.12.1
-Created: 2025-01-06T00:36:11Z
+Created: 2025-01-13T00:37:08Z
CreatorComment: This document has been automatically generated.
#####
@@ -1272,46 +1272,46 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:
PackageName: pygments
SPDXID: SPDXRef-61-pygments
-PackageVersion: 2.19.0
+PackageVersion: 2.19.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
-PackageDownloadLocation: https://pypi.org/project/pygments/2.19.0/#files
+PackageDownloadLocation: https://pypi.org/project/pygments/2.19.1/#files
FilesAnalyzed: false
PackageHomePage: https://pygments.org
-PackageChecksum: SHA256: 4755e6e64d22161d5b61432c0600c923c5927214e7c956e31c23923c89251a9b
+PackageChecksum: SHA256: 9ea1544ad55cecf4b8242fab6dd35a93bbce657034b0611ee383099054ab6d8c
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
-ReleaseDate: 2025-01-05T14:11:12Z
+ReleaseDate: 2025-01-06T17:26:25Z
ExternalRef: OTHER documentation https://pygments.org/docs
ExternalRef: OTHER vcs https://github.com/pygments/pygments
ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues
ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.19.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.19.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.19.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.19.1:*:*:*:*:*:*:*
#####
PackageName: python-gnupg
SPDXID: SPDXRef-62-python-gnupg
-PackageVersion: 0.5.3
+PackageVersion: 0.5.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
-PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files
+PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/vsajip/python-gnupg
-PackageChecksum: SHA256: 2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248
+PackageChecksum: SHA256: 40ce25cde9df29af91fe931ce9df3ce544e14a37f62b13ca878c897217b2de6c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
-ReleaseDate: 2024-09-20T16:43:47Z
+ReleaseDate: 2025-01-07T11:58:32Z
ExternalRef: OTHER documentation https://gnupg.readthedocs.io/
ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg
ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.4:*:*:*:*:*:*:*
#####
PackageName: packaging
@@ -1474,22 +1474,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-71-setuptools
-PackageVersion: 75.7.0
+PackageVersion: 75.8.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.7.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.8.0/#files
FilesAnalyzed: false
-PackageChecksum: SHA256: 84fb203f278ebcf5cd08f97d3fb96d3fbed4b629d500b29ad60d11e00769b183
+PackageChecksum: SHA256: e3982f444617239225d675215d51f6ba05f845d4eec313da4418fdbb56fb27e3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ReleaseDate: 2025-01-05T16:31:09Z
+ReleaseDate: 2025-01-08T18:28:20Z
ExternalRef: OTHER vcs https://github.com/pypa/setuptools
ExternalRef: OTHER documentation https://setuptools.pypa.io/
ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@75.7.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.7.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@75.8.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.8.0:*:*:*:*:*:*:*
#####
PackageName: toml