chore: update SBOM for Python 3.9 (#5307)

github-actions[bot] · web-flow · web-flow · commit 036e8a3c6be3 · 2025-08-25T15:15:16.000-07:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:8d43bb02-7713-4031-9086-da6767d198d2",
+  "serialNumber": "urn:uuid:275d9d61-3398-4ebd-bb86-1a266a901a44",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-08-18T00:44:13Z",
+    "timestamp": "2025-08-25T00:45:31Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -958,7 +958,7 @@
       "type": "library",
       "bom-ref": "13-beautifulsoup4",
       "name": "beautifulsoup4",
-      "version": "4.13.4",
+      "version": "4.13.5",
       "supplier": {
         "name": "Leonard Richardson",
         "contact": [
@@ -967,12 +967,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13.5:*:*:*:*:*:*:*",
       "description": "Screen-scraping library",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "9bbbb14bfde9d79f38b8cd5f8c7c85f4b8f2523190ebed90e950a8dea4cb1c4b"
+          "content": "642085eaa22233aceadff9c69651bc51e8bf3f874fb6d7104ece2beb24b47c4a"
         }
       ],
       "licenses": [
@@ -991,7 +991,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/beautifulsoup4/4.13.4/#files",
+          "url": "https://pypi.org/project/beautifulsoup4/4.13.5/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -1000,11 +1000,11 @@
           "type": "other"
         }
       ],
-      "purl": "pkg:pypi/beautifulsoup4@4.13.4",
+      "purl": "pkg:pypi/beautifulsoup4@4.13.5",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-04-15T17:05:12Z"
+          "value": "2025-08-24T14:06:14Z"
         },
         {
           "name": "language",
@@ -3159,7 +3159,7 @@
       "type": "library",
       "bom-ref": "48-jsonschema",
       "name": "jsonschema",
-      "version": "4.25.0",
+      "version": "4.25.1",
       "supplier": {
         "name": "Julian Berman",
         "contact": [
@@ -3168,12 +3168,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.25.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.25.1:*:*:*:*:*:*:*",
       "description": "An implementation of JSON Schema validation for Python",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "24c2e8da302de79c8b9382fee3e76b355e44d2a4364bb207159ce10b517bd716"
+          "content": "3fba0169e345c7175110351d456342c364814cfcf3b964ba4587f22915230a63"
         }
       ],
       "externalReferences": [
@@ -3183,7 +3183,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/jsonschema/4.25.0/#files",
+          "url": "https://pypi.org/project/jsonschema/4.25.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -3212,11 +3212,11 @@
           "type": "vcs"
         }
       ],
-      "purl": "pkg:pypi/jsonschema@4.25.0",
+      "purl": "pkg:pypi/jsonschema@4.25.1",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-07-18T15:39:42Z"
+          "value": "2025-08-18T17:03:48Z"
         },
         {
           "name": "language",
@@ -4445,7 +4445,7 @@
       "type": "library",
       "bom-ref": "68-requests",
       "name": "requests",
-      "version": "2.32.4",
+      "version": "2.32.5",
       "supplier": {
         "name": "Kenneth Reitz",
         "contact": [
@@ -4454,12 +4454,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.32.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.32.5:*:*:*:*:*:*:*",
       "description": "Python HTTP for Humans.",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "27babd3cda2a6d50b30443204ee89830707d396671944c998b5975b031ac2b2c"
+          "content": "2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6"
         }
       ],
       "licenses": [
@@ -4478,7 +4478,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/requests/2.32.4/#files",
+          "url": "https://pypi.org/project/requests/2.32.5/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4491,11 +4491,11 @@
           "type": "vcs"
         }
       ],
-      "purl": "pkg:pypi/requests@2.32.4",
+      "purl": "pkg:pypi/requests@2.32.5",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-06-09T16:43:05Z"
+          "value": "2025-08-18T20:46:00Z"
         },
         {
           "name": "language",
@@ -4885,6 +4885,12 @@
       },
       "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.24.0:*:*:*:*:*:*:*",
       "description": "Zstandard bindings for Python",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "af1394c2c5febc44e0bbf0fc6428263fa928b50d1b1982ce1d870dc793a8e5f4"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -4914,7 +4920,7 @@
       "properties": [
         {
           "name": "release_date",
-          "value": "2020-11-01T01:40:20Z"
+          "value": "2025-08-17T18:21:12Z"
         },
         {
           "name": "language",
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-22592c8c-2e96-4e23-9dd9-6efedccf94d4
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-6b6327f9-c338-44ab-a104-aa61fbd714b1
 LicenseListVersion: 3.26
 Creator: Tool: sbom4python-0.12.4
-Created: 2025-08-18T00:44:04Z
+Created: 2025-08-25T00:45:01Z
 CreatorComment: <text>SBOM Type: Build - This document has been automatically generated.</text>
 ##### 
 
@@ -295,22 +295,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*
 
 PackageName: beautifulsoup4
 SPDXID: SPDXRef-13-beautifulsoup4
-PackageVersion: 4.13.4
+PackageVersion: 4.13.5
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
-PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.13.4/#files
+PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.13.5/#files
 FilesAnalyzed: false
 PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/
-PackageChecksum: SHA256: 9bbbb14bfde9d79f38b8cd5f8c7c85f4b8f2523190ebed90e950a8dea4cb1c4b
+PackageChecksum: SHA256: 642085eaa22233aceadff9c69651bc51e8bf3f874fb6d7104ece2beb24b47c4a
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: MIT
 PackageLicenseComments: <text>beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Screen-scraping library</text>
-ReleaseDate: 2025-04-15T17:05:12Z
+ReleaseDate: 2025-08-24T14:06:14Z
 ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.13.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.13.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13.5:*:*:*:*:*:*:*
 ##### 
 
 PackageName: soupsieve
@@ -1008,26 +1008,26 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@3.0.2
 
 PackageName: jsonschema
 SPDXID: SPDXRef-48-jsonschema
-PackageVersion: 4.25.0
+PackageVersion: 4.25.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.25.0/#files
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.25.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/python-jsonschema/jsonschema
-PackageChecksum: SHA256: 24c2e8da302de79c8b9382fee3e76b355e44d2a4364bb207159ce10b517bd716
+PackageChecksum: SHA256: 3fba0169e345c7175110351d456342c364814cfcf3b964ba4587f22915230a63
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An implementation of JSON Schema validation for Python</text>
-ReleaseDate: 2025-07-18T15:39:42Z
+ReleaseDate: 2025-08-18T17:03:48Z
 ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/
 ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/
 ExternalRef: OTHER other https://github.com/sponsors/Julian
 ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link
 ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst
 ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.25.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.25.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.25.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.25.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jsonschema-specifications
@@ -1439,22 +1439,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.5:*:*:*:*
 
 PackageName: requests
 SPDXID: SPDXRef-68-requests
-PackageVersion: 2.32.4
+PackageVersion: 2.32.5
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
-PackageDownloadLocation: https://pypi.org/project/requests/2.32.4/#files
+PackageDownloadLocation: https://pypi.org/project/requests/2.32.5/#files
 FilesAnalyzed: false
 PackageHomePage: https://requests.readthedocs.io
-PackageChecksum: SHA256: 27babd3cda2a6d50b30443204ee89830707d396671944c998b5975b031ac2b2c
+PackageChecksum: SHA256: 2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python HTTP for Humans.</text>
-ReleaseDate: 2025-06-09T16:43:05Z
+ReleaseDate: 2025-08-18T20:46:00Z
 ExternalRef: OTHER documentation https://requests.readthedocs.io
 ExternalRef: OTHER vcs https://github.com/psf/requests
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.32.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.32.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.5:*:*:*:*:*:*:*
 ##### 
 
 PackageName: charset-normalizer
@@ -1582,12 +1582,13 @@ PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
 PackageDownloadLocation: https://pypi.org/project/zstandard/0.24.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/indygreg/python-zstandard
+PackageChecksum: SHA256: af1394c2c5febc44e0bbf0fc6428263fa928b50d1b1982ce1d870dc793a8e5f4
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: BSD-3-Clause
 PackageLicenseComments: <text>zstandard declares BSD which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Zstandard bindings for Python</text>
-ReleaseDate: 2020-11-01T01:40:20Z
+ReleaseDate: 2025-08-17T18:21:12Z
 ExternalRef: OTHER documentation https://python-zstandard.readthedocs.io/en/latest/
 ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.24.0
 ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.24.0:*:*:*:*:*:*:*
