chore: update SBOM for Python 3.11 (#4824)

github-actions[bot] · web-flow · web-flow · commit 12908023c26e · 2025-02-18T17:46:02.000Z
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:c48b990b-83ad-4c2f-a385-fbfec8347f47",
+  "serialNumber": "urn:uuid:40e44969-b259-4931-9ea1-0af3fe41c424",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-02-10T00:36:03Z",
+    "timestamp": "2025-02-17T00:37:07Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -979,7 +979,7 @@
       "type": "library",
       "bom-ref": "14-cvss",
       "name": "cvss",
-      "version": "3.3",
+      "version": "3.4",
       "supplier": {
         "name": "Stanislav Red Hat Product Security",
         "contact": [
@@ -988,12 +988,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.4:*:*:*:*:*:*:*",
       "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1"
+          "content": "d9950613758e60820f7fac37ca5f35158712f8f2ea4f6629858a60c4984fe4ef"
         }
       ],
       "licenses": [
@@ -1012,7 +1012,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/cvss/3.3/#files",
+          "url": "https://pypi.org/project/cvss/3.4/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -1033,11 +1033,11 @@
           "type": "build-system"
         }
       ],
-      "purl": "pkg:pypi/cvss@3.3",
+      "purl": "pkg:pypi/cvss@3.4",
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-11-01T10:05:52Z"
+          "value": "2025-02-11T17:28:21Z"
         },
         {
           "name": "language",
@@ -4043,7 +4043,7 @@
       "type": "library",
       "bom-ref": "64-narwhals",
       "name": "narwhals",
-      "version": "1.25.2",
+      "version": "1.26.0",
       "supplier": {
         "name": "Marco Gorelli",
         "contact": [
@@ -4052,7 +4052,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.25.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.26.0:*:*:*:*:*:*:*",
       "description": "Extremely lightweight compatibility layer between dataframe libraries",
       "externalReferences": [
         {
@@ -4061,7 +4061,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/narwhals/1.25.2/#files",
+          "url": "https://pypi.org/project/narwhals/1.26.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4078,7 +4078,7 @@
           "type": "issue-tracker"
         }
       ],
-      "purl": "pkg:pypi/narwhals@1.25.2",
+      "purl": "pkg:pypi/narwhals@1.26.0",
       "properties": [
         {
           "name": "release_date",
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-478d2b06-a80d-4eee-bd62-45fd54106b96
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-5f160352-36eb-4d91-b842-36f9c32fd09d
 LicenseListVersion: 3.25
 Creator: Tool: sbom4python-0.12.1
-Created: 2025-02-10T00:35:55Z
+Created: 2025-02-17T00:37:00Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -311,25 +311,25 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
 
 PackageName: cvss
 SPDXID: SPDXRef-14-cvss
-PackageVersion: 3.3
+PackageVersion: 3.4
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
-PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
+PackageDownloadLocation: https://pypi.org/project/cvss/3.4/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/RedHatProductSecurity/cvss
-PackageChecksum: SHA256: cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1
+PackageChecksum: SHA256: d9950613758e60820f7fac37ca5f35158712f8f2ea4f6629858a60c4984fe4ef
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: LGPL-3.0-or-later
 PackageLicenseComments: <text>cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>CVSS2/3/4 library with interactive calculator for Python 2 and Python 3</text>
-ReleaseDate: 2024-11-01T10:05:52Z
+ReleaseDate: 2025-02-11T17:28:21Z
 ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases
 ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss
 ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues
 ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@3.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@3.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.4:*:*:*:*:*:*:*
 ##### 
 
 PackageName: defusedxml
@@ -1331,10 +1331,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.0.0:*:*:*:*:*:*:*
 
 PackageName: narwhals
 SPDXID: SPDXRef-64-narwhals
-PackageVersion: 1.25.2
+PackageVersion: 1.26.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Marco Gorelli (33491632+MarcoGorelli@users.noreply.github.com)
-PackageDownloadLocation: https://pypi.org/project/narwhals/1.25.2/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/1.26.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/narwhals-dev/narwhals
 PackageLicenseDeclared: NOASSERTION
@@ -1345,8 +1345,8 @@ ReleaseDate: 2025-01-28T19:33:47Z
 ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
 ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
 ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.25.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.25.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.26.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.26.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: requests
