diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index bab0e254a1..204ad2eb09 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:c33313e2-a6ab-4b87-b152-452c4a14a5b0",
+ "serialNumber": "urn:uuid:479f7136-1f8c-4345-9ff1-dd1cc73d455a",
"version": 1,
"metadata": {
- "timestamp": "2024-12-30T00:38:05Z",
+ "timestamp": "2025-01-06T00:38:36Z",
"lifecycles": [
{
"phase": "build"
@@ -1368,7 +1368,7 @@
"type": "library",
"bom-ref": "20-argcomplete",
"name": "argcomplete",
- "version": "3.5.2",
+ "version": "3.5.3",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
@@ -1377,12 +1377,12 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.3:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
"hashes": [
{
"alg": "SHA-256",
- "content": "036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472"
+ "content": "2ab2c4a215c59fd6caaff41a869480a23e8f6a5f910b266c1808037f4e375b61"
}
],
"licenses": [
@@ -1401,7 +1401,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/argcomplete/3.5.2/#files",
+ "url": "https://pypi.org/project/argcomplete/3.5.3/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -1422,11 +1422,11 @@
"type": "log"
}
],
- "purl": "pkg:pypi/argcomplete@3.5.2",
+ "purl": "pkg:pypi/argcomplete@3.5.3",
"properties": [
{
"name": "release_date",
- "value": "2024-12-06T18:24:27Z"
+ "value": "2024-12-31T19:22:54Z"
},
{
"name": "language",
@@ -2033,7 +2033,7 @@
"type": "library",
"bom-ref": "31-pyparsing",
"name": "pyparsing",
- "version": "3.2.0",
+ "version": "3.2.1",
"supplier": {
"name": "Paul McGuire",
"contact": [
@@ -2042,12 +2042,12 @@
}
]
},
- "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.1:*:*:*:*:*:*:*",
"description": "pyparsing module - Classes and methods to define and execute parsing grammars",
"hashes": [
{
"alg": "SHA-256",
- "content": "93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84"
+ "content": "506ff4f4386c4cec0590ec19e6302d3aedb992fdc02c761e90416f158dacf8e1"
}
],
"externalReferences": [
@@ -2057,16 +2057,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyparsing/3.2.0/#files",
+ "url": "https://pypi.org/project/pyparsing/3.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyparsing@3.2.0",
+ "purl": "pkg:pypi/pyparsing@3.2.1",
"properties": [
{
"name": "release_date",
- "value": "2024-10-13T10:01:13Z"
+ "value": "2024-12-31T20:59:42Z"
},
{
"name": "language",
@@ -3860,7 +3860,7 @@
"type": "library",
"bom-ref": "61-pygments",
"name": "pygments",
- "version": "2.18.0",
+ "version": "2.19.0",
"supplier": {
"name": "Georg Brandl",
"contact": [
@@ -3869,12 +3869,12 @@
}
]
},
- "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:georg_brandl:pygments:2.19.0:*:*:*:*:*:*:*",
"description": "Pygments is a syntax highlighting package written in Python.",
"hashes": [
{
"alg": "SHA-256",
- "content": "b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"
+ "content": "4755e6e64d22161d5b61432c0600c923c5927214e7c956e31c23923c89251a9b"
}
],
"licenses": [
@@ -3893,7 +3893,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pygments/2.18.0/#files",
+ "url": "https://pypi.org/project/pygments/2.19.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -3914,11 +3914,11 @@
"type": "log"
}
],
- "purl": "pkg:pypi/pygments@2.18.0",
+ "purl": "pkg:pypi/pygments@2.19.0",
"properties": [
{
"name": "release_date",
- "value": "2024-05-04T13:41:57Z"
+ "value": "2025-01-05T14:11:12Z"
},
{
"name": "language",
@@ -4499,7 +4499,7 @@
"type": "library",
"bom-ref": "71-setuptools",
"name": "setuptools",
- "version": "75.6.0",
+ "version": "75.7.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -4508,17 +4508,17 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.7.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"hashes": [
{
"alg": "SHA-256",
- "content": "ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d"
+ "content": "84fb203f278ebcf5cd08f97d3fb96d3fbed4b629d500b29ad60d11e00769b183"
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.6.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.7.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4535,11 +4535,11 @@
"type": "log"
}
],
- "purl": "pkg:pypi/setuptools@75.6.0",
+ "purl": "pkg:pypi/setuptools@75.7.0",
"properties": [
{
"name": "release_date",
- "value": "2024-11-20T18:16:10Z"
+ "value": "2025-01-05T16:31:09Z"
},
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index eb70666300..59b75f3fd0 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-ad462e90-a3ce-44a6-bb5a-c2d653ced60d
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-f67ad1c3-97c5-451f-b1a8-0254d2355315
LicenseListVersion: 3.25
Creator: Tool: sbom4python-0.12.1
-Created: 2024-12-30T00:37:57Z
+Created: 2025-01-06T00:38:28Z
CreatorComment: This document has been automatically generated.
#####
@@ -434,25 +434,25 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*
PackageName: argcomplete
SPDXID: SPDXRef-20-argcomplete
-PackageVersion: 3.5.2
+PackageVersion: 3.5.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/kislyuk/argcomplete
-PackageChecksum: SHA256: 036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472
+PackageChecksum: SHA256: 2ab2c4a215c59fd6caaff41a869480a23e8f6a5f910b266c1808037f4e375b61
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ReleaseDate: 2024-12-06T18:24:27Z
+ReleaseDate: 2024-12-31T19:22:54Z
ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete
ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete
ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues
ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.5.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.5.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.3:*:*:*:*:*:*:*
#####
PackageName: crcmod
@@ -645,20 +645,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*
PackageName: pyparsing
SPDXID: SPDXRef-31-pyparsing
-PackageVersion: 3.2.0
+PackageVersion: 3.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyparsing/pyparsing/
-PackageChecksum: SHA256: 93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84
+PackageChecksum: SHA256: 506ff4f4386c4cec0590ec19e6302d3aedb992fdc02c761e90416f158dacf8e1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
-ReleaseDate: 2024-10-13T10:01:13Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-31T20:59:42Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.1:*:*:*:*:*:*:*
#####
PackageName: oauth2client
@@ -1272,24 +1272,24 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:
PackageName: pygments
SPDXID: SPDXRef-61-pygments
-PackageVersion: 2.18.0
+PackageVersion: 2.19.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
-PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0/#files
+PackageDownloadLocation: https://pypi.org/project/pygments/2.19.0/#files
FilesAnalyzed: false
PackageHomePage: https://pygments.org
-PackageChecksum: SHA256: b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a
+PackageChecksum: SHA256: 4755e6e64d22161d5b61432c0600c923c5927214e7c956e31c23923c89251a9b
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
-ReleaseDate: 2024-05-04T13:41:57Z
+ReleaseDate: 2025-01-05T14:11:12Z
ExternalRef: OTHER documentation https://pygments.org/docs
ExternalRef: OTHER vcs https://github.com/pygments/pygments
ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues
ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.18.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.19.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.19.0:*:*:*:*:*:*:*
#####
PackageName: python-gnupg
@@ -1474,22 +1474,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
PackageName: setuptools
SPDXID: SPDXRef-71-setuptools
-PackageVersion: 75.6.0
+PackageVersion: 75.7.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.7.0/#files
FilesAnalyzed: false
-PackageChecksum: SHA256: ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d
+PackageChecksum: SHA256: 84fb203f278ebcf5cd08f97d3fb96d3fbed4b629d500b29ad60d11e00769b183
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ReleaseDate: 2024-11-20T18:16:10Z
+ReleaseDate: 2025-01-05T16:31:09Z
ExternalRef: OTHER vcs https://github.com/pypa/setuptools
ExternalRef: OTHER documentation https://setuptools.pypa.io/
ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@75.6.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@75.7.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.7.0:*:*:*:*:*:*:*
#####
PackageName: toml