chore: update SBOM for Python 3.9 (#4340)

Co-authored-by: GitHub <[email protected]>

Author: github-actions[bot]

sbom/cve-bin-tool-py3.9.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:485924ac-6344-4b78-b66d-e84d13270170",
+  "serialNumber": "urn:uuid:87b9b11e-38e1-4e9a-8f7a-3548bf602f43",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-08-05T00:37:48Z",
+    "timestamp": "2024-08-12T00:35:43Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -15,7 +15,7 @@
       "components": [
         {
           "name": "sbom4python",
-          "version": "0.11.0",
+          "version": "0.11.1",
           "type": "application"
         }
       ]
@@ -74,7 +74,7 @@
       "type": "library",
       "bom-ref": "2-aiohttp",
       "name": "aiohttp",
-      "version": "3.10.1",
+      "version": "3.10.3",
       "description": "Async http client/server framework (asyncio)",
       "licenses": [
         {
@@ -87,12 +87,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/aiohttp/3.10.1",
+          "url": "https://pypi.org/project/aiohttp/3.10.3",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].1",
+      "purl": "pkg:pypi/[email protected].3",
       "properties": [
         {
           "name": "language",
@@ -108,7 +108,7 @@
       "type": "library",
       "bom-ref": "3-aiohappyeyeballs",
       "name": "aiohappyeyeballs",
-      "version": "2.3.4",
+      "version": "2.3.5",
       "supplier": {
         "name": "J. Nick Koston",
         "contact": [
@@ -117,25 +117,31 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.5:*:*:*:*:*:*:*",
       "description": "Happy Eyeballs for asyncio",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "01595bbda3380154cc4e72702a1f82502a15940a"
+        }
+      ],
       "licenses": [
         {
           "license": {
-            "id": "PSF-2.0",
+            "id": "Python-2.0",
             "url": "https://opensource.org/licenses/Python-2.0",
             "acknowledgement": "concluded"
           }
         }
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/aiohappyeyeballs/2.3.4",
+          "url": "https://pypi.org/project/aiohappyeyeballs/2.3.5",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].4",
+      "purl": "pkg:pypi/[email protected].5",
       "properties": [
         {
           "name": "language",
@@ -273,7 +279,7 @@
       "type": "library",
       "bom-ref": "7-attrs",
       "name": "attrs",
-      "version": "24.1.0",
+      "version": "24.2.0",
       "supplier": {
         "name": "Hynek Schlawack",
         "contact": [
@@ -282,16 +288,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.1.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
       "description": "Classes Without Boilerplate",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/attrs/24.1.0",
+          "url": "https://pypi.org/project/attrs/24.2.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/attrs@24.1.0",
+      "purl": "pkg:pypi/attrs@24.2.0",
       "properties": [
         {
           "name": "language",
@@ -761,7 +767,7 @@
       "type": "library",
       "bom-ref": "18-argcomplete",
       "name": "argcomplete",
-      "version": "3.4.0",
+      "version": "3.5.0",
       "supplier": {
         "name": "Andrey Kislyuk",
         "contact": [
@@ -770,7 +776,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.4.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.0:*:*:*:*:*:*:*",
       "description": "Bash tab completion for argparse",
       "licenses": [
         {
@@ -783,12 +789,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/argcomplete/3.4.0",
+          "url": "https://pypi.org/project/argcomplete/3.5.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/argcomplete@3.4.0",
+      "purl": "pkg:pypi/argcomplete@3.5.0",
       "properties": [
         {
           "name": "language",
@@ -1625,7 +1631,7 @@
       "type": "library",
       "bom-ref": "37-cffi",
       "name": "cffi",
-      "version": "1.16.0",
+      "version": "1.17.0",
       "supplier": {
         "name": "Armin Maciej Fijalkowski",
         "contact": [
@@ -1634,14 +1640,8 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.0:*:*:*:*:*:*:*",
       "description": "Foreign Function Interface for Python calling C code.",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "ba44abd69cf6f0f1cc90db34cd067275dc10fc71"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -1653,12 +1653,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cffi/1.16.0",
+          "url": "https://pypi.org/project/cffi/1.17.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cffi@1.16.0",
+      "purl": "pkg:pypi/cffi@1.17.0",
       "properties": [
         {
           "name": "language",
@@ -1904,7 +1904,7 @@
       "type": "library",
       "bom-ref": "43-zipp",
       "name": "zipp",
-      "version": "3.19.2",
+      "version": "3.20.0",
       "supplier": {
         "name": "Jason R .",
         "contact": [
@@ -1913,16 +1913,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:jason_r.:zipp:3.19.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.0:*:*:*:*:*:*:*",
       "description": "Backport of pathlib-compatible object wrapper for zip files",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/zipp/3.19.2",
+          "url": "https://pypi.org/project/zipp/3.20.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/zipp@3.19.2",
+      "purl": "pkg:pypi/zipp@3.20.0",
       "properties": [
         {
           "name": "language",
@@ -2114,11 +2114,11 @@
       "type": "library",
       "bom-ref": "49-rpds-py",
       "name": "rpds-py",
-      "version": "0.19.1",
+      "version": "0.20.0",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.19.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
       "description": "Python bindings to Rust's persistent data structures (rpds)",
       "licenses": [
         {
@@ -2131,12 +2131,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/rpds-py/0.19.1",
+          "url": "https://pypi.org/project/rpds-py/0.20.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rpds-py@0.19.1",
+      "purl": "pkg:pypi/rpds-py@0.20.0",
       "properties": [
         {
           "name": "language",
@@ -2195,7 +2195,7 @@
       "type": "library",
       "bom-ref": "51-pyyaml",
       "name": "pyyaml",
-      "version": "6.0.1",
+      "version": "6.0.2",
       "supplier": {
         "name": "Kirill Simonov",
         "contact": [
@@ -2204,14 +2204,8 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*",
       "description": "YAML parser and emitter for Python",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "c42fa3bff1eabdb64763bb1526d9ea1ccb708479"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -2223,12 +2217,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/pyyaml/6.0.1",
+          "url": "https://pypi.org/project/pyyaml/6.0.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].1",
+      "purl": "pkg:pypi/[email protected].2",
       "properties": [
         {
           "name": "language",
@@ -3243,6 +3237,7 @@
         "70-toml",
         "67-urllib3",
         "71-xmlschema",
+        "43-zipp",
         "73-zstandard"
       ]
     },