diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
index 2529f2bb6f..ab631d5fcd 100644
--- a/sbom/cve-bin-tool-py3.11.json
+++ b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:10e931cf-1843-4135-aa46-65bcb078f08e",
+ "serialNumber": "urn:uuid:56cdbb59-a28a-4073-b404-d4f51e96841a",
"version": 1,
"metadata": {
- "timestamp": "2025-09-15T00:42:54Z",
+ "timestamp": "2025-09-22T00:45:57Z",
"lifecycles": [
{
"phase": "build"
@@ -2002,7 +2002,7 @@
"type": "library",
"bom-ref": "30-pyparsing",
"name": "pyparsing",
- "version": "3.2.4",
+ "version": "3.2.5",
"supplier": {
"name": "Paul McGuire",
"contact": [
@@ -2011,14 +2011,8 @@
}
]
},
- "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.4:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.5:*:*:*:*:*:*:*",
"description": "pyparsing - Classes and methods to define and execute parsing grammars",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "91d0fcde680d42cd031daf3a6ba20da3107e08a75de50da58360e7d94ab24d36"
- }
- ],
"externalReferences": [
{
"url": "https://github.com/pyparsing/pyparsing/",
@@ -2026,16 +2020,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyparsing/3.2.4/#files",
+ "url": "https://pypi.org/project/pyparsing/3.2.5/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyparsing@3.2.4",
+ "purl": "pkg:pypi/pyparsing@3.2.5",
"properties": [
{
"name": "release_date",
- "value": "2025-09-13T05:47:17Z"
+ "value": "2022-02-03T00:00:29Z"
},
{
"name": "language",
@@ -4720,6 +4714,12 @@
},
"cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.25.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "e59fdc271772f6686e01e1b3b74537259800f57e24280be3f29c8a0deb1904dd"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/indygreg/python-zstandard",
@@ -4740,7 +4740,7 @@
"properties": [
{
"name": "release_date",
- "value": "2025-06-08T17:06:38Z"
+ "value": "2025-09-14T22:15:56Z"
},
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
index 32bc810331..f05fd1262e 100644
--- a/sbom/cve-bin-tool-py3.11.spdx
+++ b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-93b6ffc8-05d8-42f2-963e-94a7dc07f735
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e4ffcd62-802d-455a-9431-b69f7b96202b
LicenseListVersion: 3.26
Creator: Tool: sbom4python-0.12.4
-Created: 2025-09-15T00:42:41Z
+Created: 2025-09-22T00:45:34Z
CreatorComment: SBOM Type: Build - This document has been automatically generated.
#####
@@ -395,13 +395,12 @@ PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install
FilesAnalyzed: false
PackageHomePage: https://cloud.google.com/storage/docs/gsutil
-PackageChecksum: SHA256: b6970ea6c0950c854ce2e33c591e177a6f4a657f2824a1b54eaefa2dff2576bb
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A command line tool for interacting with cloud storage services.
-ReleaseDate: 2025-06-25T08:28:10Z
+ReleaseDate: 2022-11-02T17:34:01Z
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.35
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.35:*:*:*:*:*:*:*
#####
@@ -619,20 +618,19 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*
PackageName: pyparsing
SPDXID: SPDXRef-30-pyparsing
-PackageVersion: 3.2.4
+PackageVersion: 3.2.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.4/#files
+PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.5/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyparsing/pyparsing/
-PackageChecksum: SHA256: 91d0fcde680d42cd031daf3a6ba20da3107e08a75de50da58360e7d94ab24d36
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: pyparsing - Classes and methods to define and execute parsing grammars
-ReleaseDate: 2025-09-13T05:47:17Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.2.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.4:*:*:*:*:*:*:*
+ReleaseDate: 2022-02-03T00:00:29Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.2.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.5:*:*:*:*:*:*:*
#####
PackageName: oauth2client
@@ -1539,11 +1537,12 @@ PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
PackageDownloadLocation: https://pypi.org/project/zstandard/0.25.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/indygreg/python-zstandard
+PackageChecksum: SHA256: e59fdc271772f6686e01e1b3b74537259800f57e24280be3f29c8a0deb1904dd
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Zstandard bindings for Python
-ReleaseDate: 2025-06-08T17:06:38Z
+ReleaseDate: 2025-09-14T22:15:56Z
ExternalRef: OTHER documentation https://python-zstandard.readthedocs.io/en/latest/
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.25.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.25.0:*:*:*:*:*:*:*