chore: update SBOM for Python 3.11 (#5304)

github-actions[bot] · web-flow · web-flow · commit d7f143f85c60 · 2025-08-25T15:44:15.000-07:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:38584a19-1f30-4546-8bd8-14231eb9f7b9",
+  "serialNumber": "urn:uuid:568fe5b9-c817-4c18-acd3-376b87232894",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-08-18T00:46:00Z",
+    "timestamp": "2025-08-25T00:45:26Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -876,7 +876,7 @@
       "type": "library",
       "bom-ref": "12-beautifulsoup4",
       "name": "beautifulsoup4",
-      "version": "4.13.4",
+      "version": "4.13.5",
       "supplier": {
         "name": "Leonard Richardson",
         "contact": [
@@ -885,12 +885,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13.5:*:*:*:*:*:*:*",
       "description": "Screen-scraping library",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "9bbbb14bfde9d79f38b8cd5f8c7c85f4b8f2523190ebed90e950a8dea4cb1c4b"
+          "content": "642085eaa22233aceadff9c69651bc51e8bf3f874fb6d7104ece2beb24b47c4a"
         }
       ],
       "licenses": [
@@ -909,7 +909,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/beautifulsoup4/4.13.4/#files",
+          "url": "https://pypi.org/project/beautifulsoup4/4.13.5/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -918,11 +918,11 @@
           "type": "other"
         }
       ],
-      "purl": "pkg:pypi/beautifulsoup4@4.13.4",
+      "purl": "pkg:pypi/beautifulsoup4@4.13.5",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-04-15T17:05:12Z"
+          "value": "2025-08-24T14:06:14Z"
         },
         {
           "name": "language",
@@ -2968,7 +2968,7 @@
       "type": "library",
       "bom-ref": "45-jsonschema",
       "name": "jsonschema",
-      "version": "4.25.0",
+      "version": "4.25.1",
       "supplier": {
         "name": "Julian Berman",
         "contact": [
@@ -2977,12 +2977,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.25.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.25.1:*:*:*:*:*:*:*",
       "description": "An implementation of JSON Schema validation for Python",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "24c2e8da302de79c8b9382fee3e76b355e44d2a4364bb207159ce10b517bd716"
+          "content": "3fba0169e345c7175110351d456342c364814cfcf3b964ba4587f22915230a63"
         }
       ],
       "externalReferences": [
@@ -2992,7 +2992,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/jsonschema/4.25.0/#files",
+          "url": "https://pypi.org/project/jsonschema/4.25.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -3021,11 +3021,11 @@
           "type": "vcs"
         }
       ],
-      "purl": "pkg:pypi/jsonschema@4.25.0",
+      "purl": "pkg:pypi/jsonschema@4.25.1",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-07-18T15:39:42Z"
+          "value": "2025-08-18T17:03:48Z"
         },
         {
           "name": "language",
@@ -4254,7 +4254,7 @@
       "type": "library",
       "bom-ref": "65-requests",
       "name": "requests",
-      "version": "2.32.4",
+      "version": "2.32.5",
       "supplier": {
         "name": "Kenneth Reitz",
         "contact": [
@@ -4263,12 +4263,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.32.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.32.5:*:*:*:*:*:*:*",
       "description": "Python HTTP for Humans.",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "27babd3cda2a6d50b30443204ee89830707d396671944c998b5975b031ac2b2c"
+          "content": "2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6"
         }
       ],
       "licenses": [
@@ -4287,7 +4287,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/requests/2.32.4/#files",
+          "url": "https://pypi.org/project/requests/2.32.5/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4300,11 +4300,11 @@
           "type": "vcs"
         }
       ],
-      "purl": "pkg:pypi/requests@2.32.4",
+      "purl": "pkg:pypi/requests@2.32.5",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-06-09T16:43:05Z"
+          "value": "2025-08-18T20:46:00Z"
         },
         {
           "name": "language",
@@ -4684,6 +4684,12 @@
       },
       "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.24.0:*:*:*:*:*:*:*",
       "description": "Zstandard bindings for Python",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "af1394c2c5febc44e0bbf0fc6428263fa928b50d1b1982ce1d870dc793a8e5f4"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -4713,7 +4719,7 @@
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-06-08T17:06:38Z"
+          "value": "2025-08-17T18:21:12Z"
         },
         {
           "name": "language",
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-338caa4b-fa2f-4952-85af-6060239a3f2a
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3dbef033-c277-49cc-ad39-52824d6daa6c
 LicenseListVersion: 3.26
 Creator: Tool: sbom4python-0.12.4
-Created: 2025-08-18T00:45:46Z
+Created: 2025-08-25T00:45:01Z
 CreatorComment: <text>SBOM Type: Build - This document has been automatically generated.</text>
 ##### 
 
@@ -271,22 +271,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*
 
 PackageName: beautifulsoup4
 SPDXID: SPDXRef-12-beautifulsoup4
-PackageVersion: 4.13.4
+PackageVersion: 4.13.5
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
-PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.13.4/#files
+PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.13.5/#files
 FilesAnalyzed: false
 PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/
-PackageChecksum: SHA256: 9bbbb14bfde9d79f38b8cd5f8c7c85f4b8f2523190ebed90e950a8dea4cb1c4b
+PackageChecksum: SHA256: 642085eaa22233aceadff9c69651bc51e8bf3f874fb6d7104ece2beb24b47c4a
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: MIT
 PackageLicenseComments: <text>beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Screen-scraping library</text>
-ReleaseDate: 2025-04-15T17:05:12Z
+ReleaseDate: 2025-08-24T14:06:14Z
 ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.13.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.13.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13.5:*:*:*:*:*:*:*
 ##### 
 
 PackageName: soupsieve
@@ -902,7 +902,6 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: NOASSERTION
 PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
 FilesAnalyzed: false
-PackageChecksum: SHA256: 7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageLicenseComments: <text>markupsafe declares Copyright 2010 Pallets
@@ -936,7 +935,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Safely add untrusted strings to HTML/XML markup.</text>
-ReleaseDate: 2024-10-18T15:20:51Z
+ReleaseDate: 2025-03-05T20:05:00Z
 ExternalRef: OTHER other https://palletsprojects.com/donate
 ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/
 ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/
@@ -947,26 +946,26 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@3.0.2
 
 PackageName: jsonschema
 SPDXID: SPDXRef-45-jsonschema
-PackageVersion: 4.25.0
+PackageVersion: 4.25.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.25.0/#files
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.25.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/python-jsonschema/jsonschema
-PackageChecksum: SHA256: 24c2e8da302de79c8b9382fee3e76b355e44d2a4364bb207159ce10b517bd716
+PackageChecksum: SHA256: 3fba0169e345c7175110351d456342c364814cfcf3b964ba4587f22915230a63
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An implementation of JSON Schema validation for Python</text>
-ReleaseDate: 2025-07-18T15:39:42Z
+ReleaseDate: 2025-08-18T17:03:48Z
 ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/
 ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/
 ExternalRef: OTHER other https://github.com/sponsors/Julian
 ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link
 ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst
 ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.25.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.25.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.25.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.25.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jsonschema-specifications
@@ -1378,22 +1377,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.5:*:*:*:*
 
 PackageName: requests
 SPDXID: SPDXRef-65-requests
-PackageVersion: 2.32.4
+PackageVersion: 2.32.5
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
-PackageDownloadLocation: https://pypi.org/project/requests/2.32.4/#files
+PackageDownloadLocation: https://pypi.org/project/requests/2.32.5/#files
 FilesAnalyzed: false
 PackageHomePage: https://requests.readthedocs.io
-PackageChecksum: SHA256: 27babd3cda2a6d50b30443204ee89830707d396671944c998b5975b031ac2b2c
+PackageChecksum: SHA256: 2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python HTTP for Humans.</text>
-ReleaseDate: 2025-06-09T16:43:05Z
+ReleaseDate: 2025-08-18T20:46:00Z
 ExternalRef: OTHER documentation https://requests.readthedocs.io
 ExternalRef: OTHER vcs https://github.com/psf/requests
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.32.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.32.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.5:*:*:*:*:*:*:*
 ##### 
 
 PackageName: charset-normalizer
@@ -1521,12 +1520,13 @@ PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
 PackageDownloadLocation: https://pypi.org/project/zstandard/0.24.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/indygreg/python-zstandard
+PackageChecksum: SHA256: af1394c2c5febc44e0bbf0fc6428263fa928b50d1b1982ce1d870dc793a8e5f4
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: BSD-3-Clause
 PackageLicenseComments: <text>zstandard declares BSD which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Zstandard bindings for Python</text>
-ReleaseDate: 2025-06-08T17:06:38Z
+ReleaseDate: 2025-08-17T18:21:12Z
 ExternalRef: OTHER documentation https://python-zstandard.readthedocs.io/en/latest/
 ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.24.0
 ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.24.0:*:*:*:*:*:*:*
