chore: update SBOM for Python 3.13 (#4827)

Co-authored-by: GitHub <[email protected]>

Author: github-actions[bot]

sbom/cve-bin-tool-py3.13.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:badc83f2-b709-4799-b94d-c68eac0a072c",
+  "serialNumber": "urn:uuid:90aaba4a-af7b-439b-91f7-8e0b4aa66ad8",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-02-10T00:37:07Z",
+    "timestamp": "2025-02-17T00:38:42Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -979,7 +979,7 @@
       "type": "library",
       "bom-ref": "14-cvss",
       "name": "cvss",
-      "version": "3.3",
+      "version": "3.4",
       "supplier": {
         "name": "Stanislav Red Hat Product Security",
         "contact": [
@@ -988,12 +988,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.4:*:*:*:*:*:*:*",
       "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1"
+          "content": "d9950613758e60820f7fac37ca5f35158712f8f2ea4f6629858a60c4984fe4ef"
         }
       ],
       "licenses": [
@@ -1012,7 +1012,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/cvss/3.3/#files",
+          "url": "https://pypi.org/project/cvss/3.4/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -1033,11 +1033,11 @@
           "type": "build-system"
         }
       ],
-      "purl": "pkg:pypi/cvss@3.3",
+      "purl": "pkg:pypi/cvss@3.4",
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-11-01T10:05:52Z"
+          "value": "2025-02-11T17:28:21Z"
         },
         {
           "name": "language",
@@ -2189,7 +2189,7 @@
       "type": "library",
       "bom-ref": "34-cryptography",
       "name": "cryptography",
-      "version": "44.0.0",
+      "version": "44.0.1",
       "supplier": {
         "name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
         "contact": [
@@ -2198,12 +2198,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.1:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "84111ad4ff3f6253820e6d3e58be2cc2a00adb29335d4cacb5ab4d4d34f2a123"
+          "content": "bf688f615c29bfe9dfc44312ca470989279f0e94bb9f631f85e3459af8efc009"
         }
       ],
       "licenses": [
@@ -2218,7 +2218,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/cryptography/44.0.0/#files",
+          "url": "https://pypi.org/project/cryptography/44.0.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -2239,11 +2239,11 @@
           "type": "log"
         }
       ],
-      "purl": "pkg:pypi/[email protected].0",
+      "purl": "pkg:pypi/[email protected].1",
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-11-27T18:05:55Z"
+          "value": "2025-02-11T15:49:32Z"
         },
         {
           "name": "language",
@@ -4043,7 +4043,7 @@
       "type": "library",
       "bom-ref": "64-narwhals",
       "name": "narwhals",
-      "version": "1.25.2",
+      "version": "1.26.0",
       "supplier": {
         "name": "Marco Gorelli",
         "contact": [
@@ -4052,7 +4052,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.25.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.26.0:*:*:*:*:*:*:*",
       "description": "Extremely lightweight compatibility layer between dataframe libraries",
       "externalReferences": [
         {
@@ -4061,7 +4061,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/narwhals/1.25.2/#files",
+          "url": "https://pypi.org/project/narwhals/1.26.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4078,7 +4078,7 @@
           "type": "issue-tracker"
         }
       ],
-      "purl": "pkg:pypi/narwhals@1.25.2",
+      "purl": "pkg:pypi/narwhals@1.26.0",
       "properties": [
         {
           "name": "release_date",

sbom/cve-bin-tool-py3.13.spdx

@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7ba144d1-425e-4294-8edd-31726688e5d6
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7ed3e28d-0790-40c6-b9ec-d99e500ef3ac
 LicenseListVersion: 3.25
 Creator: Tool: sbom4python-0.12.1
-Created: 2025-02-10T00:37:00Z
+Created: 2025-02-17T00:38:35Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -311,25 +311,25 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
 
 PackageName: cvss
 SPDXID: SPDXRef-14-cvss
-PackageVersion: 3.3
+PackageVersion: 3.4
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Stanislav Red Hat Product Security ([email protected])
-PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
+PackageDownloadLocation: https://pypi.org/project/cvss/3.4/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/RedHatProductSecurity/cvss
-PackageChecksum: SHA256: cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1
+PackageChecksum: SHA256: d9950613758e60820f7fac37ca5f35158712f8f2ea4f6629858a60c4984fe4ef
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: LGPL-3.0-or-later
 PackageLicenseComments: <text>cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>CVSS2/3/4 library with interactive calculator for Python 2 and Python 3</text>
-ReleaseDate: 2024-11-01T10:05:52Z
+ReleaseDate: 2025-02-11T17:28:21Z
 ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases
 ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss
 ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues
 ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@3.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@3.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.4:*:*:*:*:*:*:*
 ##### 
 
 PackageName: defusedxml
@@ -699,24 +699,24 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:25.
 
 PackageName: cryptography
 SPDXID: SPDXRef-34-cryptography
-PackageVersion: 44.0.0
+PackageVersion: 44.0.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors ([email protected])
-PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files
+PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/pyca/cryptography
-PackageChecksum: SHA256: 84111ad4ff3f6253820e6d3e58be2cc2a00adb29335d4cacb5ab4d4d34f2a123
+PackageChecksum: SHA256: bf688f615c29bfe9dfc44312ca470989279f0e94bb9f631f85e3459af8efc009
 PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
 PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text>
-ReleaseDate: 2024-11-27T18:05:55Z
+ReleaseDate: 2025-02-11T15:49:32Z
 ExternalRef: OTHER documentation https://cryptography.io/
 ExternalRef: OTHER vcs https://github.com/pyca/cryptography/
 ExternalRef: OTHER issue-tracker https://github.com/pyca/cryptography/issues
 ExternalRef: OTHER log https://cryptography.io/en/latest/changelog/
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
@@ -1331,10 +1331,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.0.0:*:*:*:*:*:*:*
 
 PackageName: narwhals
 SPDXID: SPDXRef-64-narwhals
-PackageVersion: 1.25.2
+PackageVersion: 1.26.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Marco Gorelli ([email protected])
-PackageDownloadLocation: https://pypi.org/project/narwhals/1.25.2/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/1.26.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/narwhals-dev/narwhals
 PackageLicenseDeclared: NOASSERTION
@@ -1345,8 +1345,8 @@ ReleaseDate: 2025-01-28T19:33:47Z
 ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
 ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
 ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.25.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.25.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.26.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.26.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: requests