chore: update SBOM for Python 3.12 (#4688)

Co-authored-by: GitHub <[email protected]>

Author: github-actions[bot]

sbom/cve-bin-tool-py3.12.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:fcab39ff-a147-4ec9-beb0-46341817a2c0",
+  "serialNumber": "urn:uuid:cbffac4d-bb66-46fa-87d7-12e1dfdd35ed",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-01-06T00:36:47Z",
+    "timestamp": "2025-01-13T00:37:15Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -3782,7 +3782,7 @@
       "type": "library",
       "bom-ref": "60-pygments",
       "name": "pygments",
-      "version": "2.19.0",
+      "version": "2.19.1",
       "supplier": {
         "name": "Georg Brandl",
         "contact": [
@@ -3791,12 +3791,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:georg_brandl:pygments:2.19.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:georg_brandl:pygments:2.19.1:*:*:*:*:*:*:*",
       "description": "Pygments is a syntax highlighting package written in Python.",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4755e6e64d22161d5b61432c0600c923c5927214e7c956e31c23923c89251a9b"
+          "content": "9ea1544ad55cecf4b8242fab6dd35a93bbce657034b0611ee383099054ab6d8c"
         }
       ],
       "licenses": [
@@ -3815,7 +3815,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/pygments/2.19.0/#files",
+          "url": "https://pypi.org/project/pygments/2.19.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -3836,11 +3836,11 @@
           "type": "log"
         }
       ],
-      "purl": "pkg:pypi/[email protected].0",
+      "purl": "pkg:pypi/[email protected].1",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-01-05T14:11:12Z"
+          "value": "2025-01-06T17:26:25Z"
         },
         {
           "name": "language",
@@ -3856,7 +3856,7 @@
       "type": "library",
       "bom-ref": "61-python-gnupg",
       "name": "python-gnupg",
-      "version": "0.5.3",
+      "version": "0.5.4",
       "supplier": {
         "name": "Vinay Sajip",
         "contact": [
@@ -3865,12 +3865,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.4:*:*:*:*:*:*:*",
       "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248"
+          "content": "40ce25cde9df29af91fe931ce9df3ce544e14a37f62b13ca878c897217b2de6c"
         }
       ],
       "licenses": [
@@ -3889,7 +3889,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/python-gnupg/0.5.3/#files",
+          "url": "https://pypi.org/project/python-gnupg/0.5.4/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -3906,11 +3906,11 @@
           "type": "issue-tracker"
         }
       ],
-      "purl": "pkg:pypi/[email protected].3",
+      "purl": "pkg:pypi/[email protected].4",
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-09-20T16:43:47Z"
+          "value": "2025-01-07T11:58:32Z"
         },
         {
           "name": "language",
@@ -4421,7 +4421,7 @@
       "type": "library",
       "bom-ref": "70-setuptools",
       "name": "setuptools",
-      "version": "75.7.0",
+      "version": "75.8.0",
       "supplier": {
         "name": "Python Packaging Authority",
         "contact": [
@@ -4430,17 +4430,17 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.7.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.8.0:*:*:*:*:*:*:*",
       "description": "Easily download, build, install, upgrade, and uninstall Python packages",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "84fb203f278ebcf5cd08f97d3fb96d3fbed4b629d500b29ad60d11e00769b183"
+          "content": "e3982f444617239225d675215d51f6ba05f845d4eec313da4418fdbb56fb27e3"
         }
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/setuptools/75.7.0/#files",
+          "url": "https://pypi.org/project/setuptools/75.8.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4457,11 +4457,11 @@
           "type": "log"
         }
       ],
-      "purl": "pkg:pypi/setuptools@75.7.0",
+      "purl": "pkg:pypi/setuptools@75.8.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-01-05T16:31:09Z"
+          "value": "2025-01-08T18:28:20Z"
         },
         {
           "name": "language",

sbom/cve-bin-tool-py3.12.spdx

@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fdb12592-02b6-41ec-bc50-b1ca7a76ab10
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c66c7546-184a-4e83-b762-cfe09cebf66d
 LicenseListVersion: 3.25
 Creator: Tool: sbom4python-0.12.1
-Created: 2025-01-06T00:36:40Z
+Created: 2025-01-13T00:37:08Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -1248,46 +1248,46 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:
 
 PackageName: pygments
 SPDXID: SPDXRef-60-pygments
-PackageVersion: 2.19.0
+PackageVersion: 2.19.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Georg Brandl ([email protected])
-PackageDownloadLocation: https://pypi.org/project/pygments/2.19.0/#files
+PackageDownloadLocation: https://pypi.org/project/pygments/2.19.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://pygments.org
-PackageChecksum: SHA256: 4755e6e64d22161d5b61432c0600c923c5927214e7c956e31c23923c89251a9b
+PackageChecksum: SHA256: 9ea1544ad55cecf4b8242fab6dd35a93bbce657034b0611ee383099054ab6d8c
 PackageLicenseDeclared: BSD-2-Clause
 PackageLicenseConcluded: BSD-2-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Pygments is a syntax highlighting package written in Python.</text>
-ReleaseDate: 2025-01-05T14:11:12Z
+ReleaseDate: 2025-01-06T17:26:25Z
 ExternalRef: OTHER documentation https://pygments.org/docs
 ExternalRef: OTHER vcs https://github.com/pygments/pygments
 ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues
 ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.19.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.19.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: python-gnupg
 SPDXID: SPDXRef-61-python-gnupg
-PackageVersion: 0.5.3
+PackageVersion: 0.5.4
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Vinay Sajip ([email protected])
-PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files
+PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.4/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/vsajip/python-gnupg
-PackageChecksum: SHA256: 2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248
+PackageChecksum: SHA256: 40ce25cde9df29af91fe931ce9df3ce544e14a37f62b13ca878c897217b2de6c
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: BSD-3-Clause
 PackageLicenseComments: <text>python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A wrapper for the Gnu Privacy Guard (GPG or GnuPG)</text>
-ReleaseDate: 2024-09-20T16:43:47Z
+ReleaseDate: 2025-01-07T11:58:32Z
 ExternalRef: OTHER documentation https://gnupg.readthedocs.io/
 ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg
 ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.4:*:*:*:*:*:*:*
 ##### 
 
 PackageName: packaging
@@ -1450,22 +1450,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
 
 PackageName: setuptools
 SPDXID: SPDXRef-70-setuptools
-PackageVersion: 75.7.0
+PackageVersion: 75.8.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Python Packaging Authority ([email protected])
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.7.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.8.0/#files
 FilesAnalyzed: false
-PackageChecksum: SHA256: 84fb203f278ebcf5cd08f97d3fb96d3fbed4b629d500b29ad60d11e00769b183
+PackageChecksum: SHA256: e3982f444617239225d675215d51f6ba05f845d4eec313da4418fdbb56fb27e3
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Easily download, build, install, upgrade, and uninstall Python packages</text>
-ReleaseDate: 2025-01-05T16:31:09Z
+ReleaseDate: 2025-01-08T18:28:20Z
 ExternalRef: OTHER vcs https://github.com/pypa/setuptools
 ExternalRef: OTHER documentation https://setuptools.pypa.io/
 ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@75.7.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.7.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@75.8.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.8.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: xmlschema