chore: update SBOM for Python 3.9 (#4516)

Co-authored-by: GitHub <[email protected]>

Author: github-actions[bot]

sbom/cve-bin-tool-py3.9.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:830ada42-625f-4aab-a5fe-a0a3581e1e5b",
+  "serialNumber": "urn:uuid:446914dd-c18a-4e5a-8c75-a21664d12eb9",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-10-14T00:40:11Z",
+    "timestamp": "2024-10-21T00:38:06Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -432,7 +432,7 @@
       "type": "library",
       "bom-ref": "10-yarl",
       "name": "yarl",
-      "version": "1.15.2",
+      "version": "1.15.5",
       "supplier": {
         "name": "Andrew Svetlov",
         "contact": [
@@ -441,7 +441,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*",
       "description": "Yet another URL library",
       "licenses": [
         {
@@ -459,12 +459,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/yarl/1.15.2/#files",
+          "url": "https://pypi.org/project/yarl/1.15.5/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].2",
+      "purl": "pkg:pypi/[email protected].5",
       "properties": [
         {
           "name": "language",
@@ -1865,7 +1865,7 @@
       "type": "library",
       "bom-ref": "38-cryptography",
       "name": "cryptography",
-      "version": "43.0.1",
+      "version": "43.0.3",
       "supplier": {
         "name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
         "contact": [
@@ -1874,7 +1874,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
       "licenses": [
         {
@@ -1888,12 +1888,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/cryptography/43.0.1/#files",
+          "url": "https://pypi.org/project/cryptography/43.0.3/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].1",
+      "purl": "pkg:pypi/[email protected].3",
       "properties": [
         {
           "name": "language",
@@ -2292,16 +2292,16 @@
       "type": "library",
       "bom-ref": "47-markupsafe",
       "name": "markupsafe",
-      "version": "3.0.1",
+      "version": "3.0.2",
       "description": "Safely add untrusted strings to HTML/XML markup.",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/markupsafe/3.0.1/#files",
+          "url": "https://pypi.org/project/markupsafe/3.0.2/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].1",
+      "purl": "pkg:pypi/[email protected].2",
       "properties": [
         {
           "name": "language",
@@ -3450,7 +3450,7 @@
       "type": "library",
       "bom-ref": "71-setuptools",
       "name": "setuptools",
-      "version": "75.1.0",
+      "version": "75.2.0",
       "supplier": {
         "name": "Python Packaging Authority",
         "contact": [
@@ -3459,16 +3459,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
       "description": "Easily download, build, install, upgrade, and uninstall Python packages",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/setuptools/75.1.0/#files",
+          "url": "https://pypi.org/project/setuptools/75.2.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/setuptools@75.1.0",
+      "purl": "pkg:pypi/setuptools@75.2.0",
       "properties": [
         {
           "name": "language",

sbom/cve-bin-tool-py3.9.spdx

@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e4486aea-13eb-4981-be76-1677436a925a
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fb473dd3-9d06-4045-8446-8b94d55b0135
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.11.3
-Created: 2024-10-14T00:39:13Z
+Created: 2024-10-21T00:37:14Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -157,18 +157,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
 
 PackageName: yarl
 SPDXID: SPDXRef-10-yarl
-PackageVersion: 1.15.2
+PackageVersion: 1.15.5
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrew Svetlov ([email protected])
-PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/yarl
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Yet another URL library</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*
 ##### 
 
 PackageName: idna
@@ -632,18 +632,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.
 
 PackageName: cryptography
 SPDXID: SPDXRef-38-cryptography
-PackageVersion: 43.0.1
+PackageVersion: 43.0.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors ([email protected])
-PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.1/#files
+PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/pyca/cryptography
 PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
 PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
@@ -779,17 +779,17 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected]
 
 PackageName: markupsafe
 SPDXID: SPDXRef-47-markupsafe
-PackageVersion: 3.0.1
+PackageVersion: 3.0.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.1/#files
+PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageLicenseComments: <text>markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Safely add untrusted strings to HTML/XML markup.</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].2
 ##### 
 
 PackageName: jsonschema
@@ -1176,17 +1176,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
 
 PackageName: setuptools
 SPDXID: SPDXRef-71-setuptools
-PackageVersion: 75.1.0
+PackageVersion: 75.2.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Python Packaging Authority ([email protected])
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.1.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Easily download, build, install, upgrade, and uninstall Python packages</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: toml