chore: update SBOM for Python 3.10 (#5306)

github-actions[bot] · web-flow · web-flow · commit 110eb4be2364 · 2025-08-25T15:43:38.000-07:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:6b34574a-35b0-4e05-a03e-28ee0af94232",
+  "serialNumber": "urn:uuid:ea198997-0707-405f-a689-a21afd663cff",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-08-18T00:44:14Z",
+    "timestamp": "2025-08-25T00:45:29Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -958,7 +958,7 @@
       "type": "library",
       "bom-ref": "13-beautifulsoup4",
       "name": "beautifulsoup4",
-      "version": "4.13.4",
+      "version": "4.13.5",
       "supplier": {
         "name": "Leonard Richardson",
         "contact": [
@@ -967,12 +967,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13.5:*:*:*:*:*:*:*",
       "description": "Screen-scraping library",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "9bbbb14bfde9d79f38b8cd5f8c7c85f4b8f2523190ebed90e950a8dea4cb1c4b"
+          "content": "642085eaa22233aceadff9c69651bc51e8bf3f874fb6d7104ece2beb24b47c4a"
         }
       ],
       "licenses": [
@@ -991,7 +991,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/beautifulsoup4/4.13.4/#files",
+          "url": "https://pypi.org/project/beautifulsoup4/4.13.5/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -1000,11 +1000,11 @@
           "type": "other"
         }
       ],
-      "purl": "pkg:pypi/beautifulsoup4@4.13.4",
+      "purl": "pkg:pypi/beautifulsoup4@4.13.5",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-04-15T17:05:12Z"
+          "value": "2025-08-24T14:06:14Z"
         },
         {
           "name": "language",
@@ -3050,7 +3050,7 @@
       "type": "library",
       "bom-ref": "46-jsonschema",
       "name": "jsonschema",
-      "version": "4.25.0",
+      "version": "4.25.1",
       "supplier": {
         "name": "Julian Berman",
         "contact": [
@@ -3059,12 +3059,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.25.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.25.1:*:*:*:*:*:*:*",
       "description": "An implementation of JSON Schema validation for Python",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "24c2e8da302de79c8b9382fee3e76b355e44d2a4364bb207159ce10b517bd716"
+          "content": "3fba0169e345c7175110351d456342c364814cfcf3b964ba4587f22915230a63"
         }
       ],
       "externalReferences": [
@@ -3074,7 +3074,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/jsonschema/4.25.0/#files",
+          "url": "https://pypi.org/project/jsonschema/4.25.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -3103,11 +3103,11 @@
           "type": "vcs"
         }
       ],
-      "purl": "pkg:pypi/jsonschema@4.25.0",
+      "purl": "pkg:pypi/jsonschema@4.25.1",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-07-18T15:39:42Z"
+          "value": "2025-08-18T17:03:48Z"
         },
         {
           "name": "language",
@@ -4336,7 +4336,7 @@
       "type": "library",
       "bom-ref": "66-requests",
       "name": "requests",
-      "version": "2.32.4",
+      "version": "2.32.5",
       "supplier": {
         "name": "Kenneth Reitz",
         "contact": [
@@ -4345,12 +4345,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.32.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.32.5:*:*:*:*:*:*:*",
       "description": "Python HTTP for Humans.",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "27babd3cda2a6d50b30443204ee89830707d396671944c998b5975b031ac2b2c"
+          "content": "2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6"
         }
       ],
       "licenses": [
@@ -4369,7 +4369,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/requests/2.32.4/#files",
+          "url": "https://pypi.org/project/requests/2.32.5/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4382,11 +4382,11 @@
           "type": "vcs"
         }
       ],
-      "purl": "pkg:pypi/requests@2.32.4",
+      "purl": "pkg:pypi/requests@2.32.5",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-06-09T16:43:05Z"
+          "value": "2025-08-18T20:46:00Z"
         },
         {
           "name": "language",
@@ -4824,6 +4824,12 @@
       },
       "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.24.0:*:*:*:*:*:*:*",
       "description": "Zstandard bindings for Python",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "af1394c2c5febc44e0bbf0fc6428263fa928b50d1b1982ce1d870dc793a8e5f4"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -4853,7 +4859,7 @@
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-06-08T17:06:38Z"
+          "value": "2025-08-17T18:21:12Z"
         },
         {
           "name": "language",
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-df214721-68d6-422c-a6a1-6e497cdfca1e
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0c3869b5-8163-4621-9e19-1aaaa24ae250
 LicenseListVersion: 3.26
 Creator: Tool: sbom4python-0.12.4
-Created: 2025-08-18T00:44:05Z
+Created: 2025-08-25T00:45:01Z
 CreatorComment: <text>SBOM Type: Build - This document has been automatically generated.</text>
 ##### 
 
@@ -295,22 +295,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*
 
 PackageName: beautifulsoup4
 SPDXID: SPDXRef-13-beautifulsoup4
-PackageVersion: 4.13.4
+PackageVersion: 4.13.5
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
-PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.13.4/#files
+PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.13.5/#files
 FilesAnalyzed: false
 PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/
-PackageChecksum: SHA256: 9bbbb14bfde9d79f38b8cd5f8c7c85f4b8f2523190ebed90e950a8dea4cb1c4b
+PackageChecksum: SHA256: 642085eaa22233aceadff9c69651bc51e8bf3f874fb6d7104ece2beb24b47c4a
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: MIT
 PackageLicenseComments: <text>beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Screen-scraping library</text>
-ReleaseDate: 2025-04-15T17:05:12Z
+ReleaseDate: 2025-08-24T14:06:14Z
 ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.13.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.13.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13.5:*:*:*:*:*:*:*
 ##### 
 
 PackageName: soupsieve
@@ -971,26 +971,26 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@3.0.2
 
 PackageName: jsonschema
 SPDXID: SPDXRef-46-jsonschema
-PackageVersion: 4.25.0
+PackageVersion: 4.25.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.25.0/#files
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.25.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/python-jsonschema/jsonschema
-PackageChecksum: SHA256: 24c2e8da302de79c8b9382fee3e76b355e44d2a4364bb207159ce10b517bd716
+PackageChecksum: SHA256: 3fba0169e345c7175110351d456342c364814cfcf3b964ba4587f22915230a63
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An implementation of JSON Schema validation for Python</text>
-ReleaseDate: 2025-07-18T15:39:42Z
+ReleaseDate: 2025-08-18T17:03:48Z
 ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/
 ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/
 ExternalRef: OTHER other https://github.com/sponsors/Julian
 ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link
 ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst
 ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.25.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.25.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.25.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.25.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jsonschema-specifications
@@ -1402,22 +1402,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.5:*:*:*:*
 
 PackageName: requests
 SPDXID: SPDXRef-66-requests
-PackageVersion: 2.32.4
+PackageVersion: 2.32.5
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
-PackageDownloadLocation: https://pypi.org/project/requests/2.32.4/#files
+PackageDownloadLocation: https://pypi.org/project/requests/2.32.5/#files
 FilesAnalyzed: false
 PackageHomePage: https://requests.readthedocs.io
-PackageChecksum: SHA256: 27babd3cda2a6d50b30443204ee89830707d396671944c998b5975b031ac2b2c
+PackageChecksum: SHA256: 2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python HTTP for Humans.</text>
-ReleaseDate: 2025-06-09T16:43:05Z
+ReleaseDate: 2025-08-18T20:46:00Z
 ExternalRef: OTHER documentation https://requests.readthedocs.io
 ExternalRef: OTHER vcs https://github.com/psf/requests
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.32.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.32.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.5:*:*:*:*:*:*:*
 ##### 
 
 PackageName: charset-normalizer
@@ -1563,12 +1563,13 @@ PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
 PackageDownloadLocation: https://pypi.org/project/zstandard/0.24.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/indygreg/python-zstandard
+PackageChecksum: SHA256: af1394c2c5febc44e0bbf0fc6428263fa928b50d1b1982ce1d870dc793a8e5f4
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: BSD-3-Clause
 PackageLicenseComments: <text>zstandard declares BSD which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Zstandard bindings for Python</text>
-ReleaseDate: 2025-06-08T17:06:38Z
+ReleaseDate: 2025-08-17T18:21:12Z
 ExternalRef: OTHER documentation https://python-zstandard.readthedocs.io/en/latest/
 ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.24.0
 ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.24.0:*:*:*:*:*:*:*
