chore: update SBOM for Python 3.12 (#4673)

github-actions[bot] · web-flow · web-flow · commit 3fa9cfbd5edb · 2025-01-07T18:11:56.000Z
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:a96614bc-e99f-48ba-9bfe-beea6e6e2028",
+  "serialNumber": "urn:uuid:fcab39ff-a147-4ec9-beb0-46341817a2c0",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-12-30T00:36:13Z",
+    "timestamp": "2025-01-06T00:36:47Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -1290,7 +1290,7 @@
       "type": "library",
       "bom-ref": "19-argcomplete",
       "name": "argcomplete",
-      "version": "3.5.2",
+      "version": "3.5.3",
       "supplier": {
         "name": "Andrey Kislyuk",
         "contact": [
@@ -1299,12 +1299,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.3:*:*:*:*:*:*:*",
       "description": "Bash tab completion for argparse",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472"
+          "content": "2ab2c4a215c59fd6caaff41a869480a23e8f6a5f910b266c1808037f4e375b61"
         }
       ],
       "licenses": [
@@ -1323,7 +1323,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/argcomplete/3.5.2/#files",
+          "url": "https://pypi.org/project/argcomplete/3.5.3/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -1344,11 +1344,11 @@
           "type": "log"
         }
       ],
-      "purl": "pkg:pypi/argcomplete@3.5.2",
+      "purl": "pkg:pypi/argcomplete@3.5.3",
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-12-06T18:24:27Z"
+          "value": "2024-12-31T19:22:54Z"
         },
         {
           "name": "language",
@@ -1955,7 +1955,7 @@
       "type": "library",
       "bom-ref": "30-pyparsing",
       "name": "pyparsing",
-      "version": "3.2.0",
+      "version": "3.2.1",
       "supplier": {
         "name": "Paul McGuire",
         "contact": [
@@ -1964,12 +1964,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.1:*:*:*:*:*:*:*",
       "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84"
+          "content": "506ff4f4386c4cec0590ec19e6302d3aedb992fdc02c761e90416f158dacf8e1"
         }
       ],
       "externalReferences": [
@@ -1979,16 +1979,16 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/pyparsing/3.2.0/#files",
+          "url": "https://pypi.org/project/pyparsing/3.2.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/pyparsing@3.2.0",
+      "purl": "pkg:pypi/pyparsing@3.2.1",
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-10-13T10:01:13Z"
+          "value": "2024-12-31T20:59:42Z"
         },
         {
           "name": "language",
@@ -3782,7 +3782,7 @@
       "type": "library",
       "bom-ref": "60-pygments",
       "name": "pygments",
-      "version": "2.18.0",
+      "version": "2.19.0",
       "supplier": {
         "name": "Georg Brandl",
         "contact": [
@@ -3791,12 +3791,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:georg_brandl:pygments:2.19.0:*:*:*:*:*:*:*",
       "description": "Pygments is a syntax highlighting package written in Python.",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"
+          "content": "4755e6e64d22161d5b61432c0600c923c5927214e7c956e31c23923c89251a9b"
         }
       ],
       "licenses": [
@@ -3815,7 +3815,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/pygments/2.18.0/#files",
+          "url": "https://pypi.org/project/pygments/2.19.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -3836,11 +3836,11 @@
           "type": "log"
         }
       ],
-      "purl": "pkg:pypi/pygments@2.18.0",
+      "purl": "pkg:pypi/pygments@2.19.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-05-04T13:41:57Z"
+          "value": "2025-01-05T14:11:12Z"
         },
         {
           "name": "language",
@@ -4421,7 +4421,7 @@
       "type": "library",
       "bom-ref": "70-setuptools",
       "name": "setuptools",
-      "version": "75.6.0",
+      "version": "75.7.0",
       "supplier": {
         "name": "Python Packaging Authority",
         "contact": [
@@ -4430,17 +4430,17 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.7.0:*:*:*:*:*:*:*",
       "description": "Easily download, build, install, upgrade, and uninstall Python packages",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d"
+          "content": "84fb203f278ebcf5cd08f97d3fb96d3fbed4b629d500b29ad60d11e00769b183"
         }
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/setuptools/75.6.0/#files",
+          "url": "https://pypi.org/project/setuptools/75.7.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4457,11 +4457,11 @@
           "type": "log"
         }
       ],
-      "purl": "pkg:pypi/setuptools@75.6.0",
+      "purl": "pkg:pypi/setuptools@75.7.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-11-20T18:16:10Z"
+          "value": "2025-01-05T16:31:09Z"
         },
         {
           "name": "language",
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a67a67da-e7ea-41be-8157-ee7e9237e8b6
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fdb12592-02b6-41ec-bc50-b1ca7a76ab10
 LicenseListVersion: 3.25
 Creator: Tool: sbom4python-0.12.1
-Created: 2024-12-30T00:36:05Z
+Created: 2025-01-06T00:36:40Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -410,25 +410,25 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*
 
 PackageName: argcomplete
 SPDXID: SPDXRef-19-argcomplete
-PackageVersion: 3.5.2
+PackageVersion: 3.5.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.3/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/kislyuk/argcomplete
-PackageChecksum: SHA256: 036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472
+PackageChecksum: SHA256: 2ab2c4a215c59fd6caaff41a869480a23e8f6a5f910b266c1808037f4e375b61
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Bash tab completion for argparse</text>
-ReleaseDate: 2024-12-06T18:24:27Z
+ReleaseDate: 2024-12-31T19:22:54Z
 ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete
 ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete
 ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues
 ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.5.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.5.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: crcmod
@@ -621,20 +621,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*
 
 PackageName: pyparsing
 SPDXID: SPDXRef-30-pyparsing
-PackageVersion: 3.2.0
+PackageVersion: 3.2.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/pyparsing/pyparsing/
-PackageChecksum: SHA256: 93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84
+PackageChecksum: SHA256: 506ff4f4386c4cec0590ec19e6302d3aedb992fdc02c761e90416f158dacf8e1
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>pyparsing module - Classes and methods to define and execute parsing grammars</text>
-ReleaseDate: 2024-10-13T10:01:13Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-31T20:59:42Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: oauth2client
@@ -1248,24 +1248,24 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:
 
 PackageName: pygments
 SPDXID: SPDXRef-60-pygments
-PackageVersion: 2.18.0
+PackageVersion: 2.19.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Georg Brandl (georg@python.org)
-PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0/#files
+PackageDownloadLocation: https://pypi.org/project/pygments/2.19.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://pygments.org
-PackageChecksum: SHA256: b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a
+PackageChecksum: SHA256: 4755e6e64d22161d5b61432c0600c923c5927214e7c956e31c23923c89251a9b
 PackageLicenseDeclared: BSD-2-Clause
 PackageLicenseConcluded: BSD-2-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Pygments is a syntax highlighting package written in Python.</text>
-ReleaseDate: 2024-05-04T13:41:57Z
+ReleaseDate: 2025-01-05T14:11:12Z
 ExternalRef: OTHER documentation https://pygments.org/docs
 ExternalRef: OTHER vcs https://github.com/pygments/pygments
 ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues
 ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.18.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.19.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.19.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: python-gnupg
@@ -1450,22 +1450,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
 
 PackageName: setuptools
 SPDXID: SPDXRef-70-setuptools
-PackageVersion: 75.6.0
+PackageVersion: 75.7.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.7.0/#files
 FilesAnalyzed: false
-PackageChecksum: SHA256: ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d
+PackageChecksum: SHA256: 84fb203f278ebcf5cd08f97d3fb96d3fbed4b629d500b29ad60d11e00769b183
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Easily download, build, install, upgrade, and uninstall Python packages</text>
-ReleaseDate: 2024-11-20T18:16:10Z
+ReleaseDate: 2025-01-05T16:31:09Z
 ExternalRef: OTHER vcs https://github.com/pypa/setuptools
 ExternalRef: OTHER documentation https://setuptools.pypa.io/
 ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@75.6.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@75.7.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.7.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: xmlschema
