chore: update SBOM for Python 3.9 (#4170)

Co-authored-by: GitHub <[email protected]>

Author: github-actions[bot]

sbom/cve-bin-tool-py3.9.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:6dca212c-a25c-458e-a965-17c2f0a95b2e",
+  "serialNumber": "urn:uuid:00a780e7-3fe1-42cb-841e-b6469f582583",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-06-03T00:29:07Z",
+    "timestamp": "2024-06-10T00:30:03Z",
     "tools": {
       "components": [
         {
@@ -1520,7 +1520,7 @@
       "type": "library",
       "bom-ref": "35-cryptography",
       "name": "cryptography",
-      "version": "42.0.7",
+      "version": "42.0.8",
       "supplier": {
         "name": "The Python Cryptographic Authority and individual contributors",
         "contact": [
@@ -1529,7 +1529,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.8:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
       "licenses": [
         {
@@ -1538,12 +1538,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cryptography/42.0.7",
+          "url": "https://pypi.org/project/cryptography/42.0.8",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].7",
+      "purl": "pkg:pypi/[email protected].8",
       "properties": [
         {
           "name": "language",
@@ -1839,7 +1839,7 @@
       "type": "library",
       "bom-ref": "42-zipp",
       "name": "zipp",
-      "version": "3.19.1",
+      "version": "3.19.2",
       "supplier": {
         "name": "Jason R .",
         "contact": [
@@ -1848,16 +1848,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:jason_r.:zipp:3.19.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:jason_r.:zipp:3.19.2:*:*:*:*:*:*:*",
       "description": "Backport of pathlib-compatible object wrapper for zip files",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/zipp/3.19.1",
+          "url": "https://pypi.org/project/zipp/3.19.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].1",
+      "purl": "pkg:pypi/[email protected].2",
       "properties": [
         {
           "name": "language",
@@ -2270,7 +2270,7 @@
       "type": "library",
       "bom-ref": "53-packaging",
       "name": "packaging",
-      "version": "24.0",
+      "version": "24.1",
       "supplier": {
         "name": "Donald Stufft",
         "contact": [
@@ -2279,16 +2279,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
       "description": "Core utilities for Python packages",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/packaging/24.0",
+          "url": "https://pypi.org/project/packaging/24.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/packaging@24.0",
+      "purl": "pkg:pypi/packaging@24.1",
       "properties": [
         {
           "name": "language",
@@ -2735,6 +2735,12 @@
       },
       "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*",
       "description": "Pygments is a syntax highlighting package written in Python.",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb"
+        }
+      ],
       "licenses": [
         {
           "license": {

sbom/cve-bin-tool-py3.9.spdx

@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a77d888a-d245-4b2d-84fa-fba91a1777cb
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0037a80b-ea5b-420f-83f9-e62860da0a9c
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.10.4
-Created: 2024-06-03T00:27:33Z
+Created: 2024-06-10T00:28:25Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -558,17 +558,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.
 
 PackageName: cryptography
 SPDXID: SPDXRef-Package-35-cryptography
-PackageVersion: 42.0.7
+PackageVersion: 42.0.8
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors ([email protected])
-PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.7
+PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.8
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
 PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].7
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].8
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.8:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
@@ -671,17 +671,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:7.1
 
 PackageName: zipp
 SPDXID: SPDXRef-Package-42-zipp
-PackageVersion: 3.19.1
+PackageVersion: 3.19.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Jason R. ([email protected])
-PackageDownloadLocation: https://pypi.org/project/zipp/3.19.1
+PackageDownloadLocation: https://pypi.org/project/zipp/3.19.2
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Backport of pathlib-compatible object wrapper for zip files</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.19.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.19.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jinja2
@@ -841,17 +841,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1
 
 PackageName: packaging
 SPDXID: SPDXRef-Package-53-packaging
-PackageVersion: 24.0
+PackageVersion: 24.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Donald Stufft ([email protected])
-PackageDownloadLocation: https://pypi.org/project/packaging/24.0
+PackageDownloadLocation: https://pypi.org/project/packaging/24.1
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Core utilities for Python packages</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: plotly
@@ -1017,6 +1017,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Georg Brandl ([email protected])
 PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0
 FilesAnalyzed: false
+PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb
 PackageLicenseDeclared: BSD-2-Clause
 PackageLicenseConcluded: BSD-2-Clause
 PackageCopyrightText: NOASSERTION