diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
index 26683c1d72..20ec510517 100644
--- a/sbom/cve-bin-tool-py3.12.json
+++ b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:23c5d27f-d3a1-444a-b45f-d69ddd2a673f",
+ "serialNumber": "urn:uuid:8316613f-dd02-4aec-8a2a-73ff18f6422b",
"version": 1,
"metadata": {
- "timestamp": "2024-06-03T00:28:48Z",
+ "timestamp": "2024-06-10T00:29:49Z",
"tools": {
"components": [
{
@@ -1472,7 +1472,7 @@
"type": "library",
"bom-ref": "34-cryptography",
"name": "cryptography",
- "version": "42.0.7",
+ "version": "42.0.8",
"supplier": {
"name": "The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -1481,7 +1481,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.8:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
@@ -1490,12 +1490,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cryptography/42.0.7",
+ "url": "https://pypi.org/project/cryptography/42.0.8",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@42.0.7",
+ "purl": "pkg:pypi/cryptography@42.0.8",
"properties": [
{
"name": "language",
@@ -2148,7 +2148,7 @@
"type": "library",
"bom-ref": "50-packaging",
"name": "packaging",
- "version": "24.0",
+ "version": "24.1",
"supplier": {
"name": "Donald Stufft",
"contact": [
@@ -2157,16 +2157,16 @@
}
]
},
- "cpe": "cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
"externalReferences": [
{
- "url": "https://pypi.org/project/packaging/24.0",
+ "url": "https://pypi.org/project/packaging/24.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/packaging@24.0",
+ "purl": "pkg:pypi/packaging@24.1",
"properties": [
{
"name": "language",
@@ -2613,6 +2613,12 @@
},
"cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*",
"description": "Pygments is a syntax highlighting package written in Python.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb"
+ }
+ ],
"licenses": [
{
"license": {
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
index 77e9ac460d..74606b98ea 100644
--- a/sbom/cve-bin-tool-py3.12.spdx
+++ b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0bb854db-7900-478f-a6db-ac05450d289f
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c55e1c0f-6eea-4196-9431-42bf341c87f6
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.10.4
-Created: 2024-06-03T00:27:23Z
+Created: 2024-06-10T00:28:26Z
CreatorComment: This document has been automatically generated.
#####
@@ -541,17 +541,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.
PackageName: cryptography
SPDXID: SPDXRef-Package-34-cryptography
-PackageVersion: 42.0.7
+PackageVersion: 42.0.8
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.7
+PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.8
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.7
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.8
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.8:*:*:*:*:*:*:*
#####
PackageName: cffi
@@ -793,17 +793,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1
PackageName: packaging
SPDXID: SPDXRef-Package-50-packaging
-PackageVersion: 24.0
+PackageVersion: 24.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
-PackageDownloadLocation: https://pypi.org/project/packaging/24.0
+PackageDownloadLocation: https://pypi.org/project/packaging/24.1
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*
#####
PackageName: plotly
@@ -969,6 +969,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0
FilesAnalyzed: false
+PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION