chore: update SBOM for Python 3.11 (#4517)

Co-authored-by: GitHub <[email protected]>

Author: github-actions[bot]

sbom/cve-bin-tool-py3.11.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:5f8b0ff8-2835-4eef-868a-1d5a08b3d324",
+  "serialNumber": "urn:uuid:d5e538e5-15fc-467b-9af5-fdbadcd9bc9e",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-10-14T00:37:17Z",
+    "timestamp": "2024-10-21T00:38:07Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -340,7 +340,7 @@
       "type": "library",
       "bom-ref": "8-yarl",
       "name": "yarl",
-      "version": "1.15.2",
+      "version": "1.15.5",
       "supplier": {
         "name": "Andrew Svetlov",
         "contact": [
@@ -349,7 +349,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*",
       "description": "Yet another URL library",
       "licenses": [
         {
@@ -367,12 +367,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/yarl/1.15.2/#files",
+          "url": "https://pypi.org/project/yarl/1.15.5/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].2",
+      "purl": "pkg:pypi/[email protected].5",
       "properties": [
         {
           "name": "language",
@@ -1773,7 +1773,7 @@
       "type": "library",
       "bom-ref": "36-cryptography",
       "name": "cryptography",
-      "version": "43.0.1",
+      "version": "43.0.3",
       "supplier": {
         "name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
         "contact": [
@@ -1782,7 +1782,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
       "licenses": [
         {
@@ -1796,12 +1796,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/cryptography/43.0.1/#files",
+          "url": "https://pypi.org/project/cryptography/43.0.3/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].1",
+      "purl": "pkg:pypi/[email protected].3",
       "properties": [
         {
           "name": "language",
@@ -2132,16 +2132,16 @@
       "type": "library",
       "bom-ref": "43-markupsafe",
       "name": "markupsafe",
-      "version": "3.0.1",
+      "version": "3.0.2",
       "description": "Safely add untrusted strings to HTML/XML markup.",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/markupsafe/3.0.1/#files",
+          "url": "https://pypi.org/project/markupsafe/3.0.2/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].1",
+      "purl": "pkg:pypi/[email protected].2",
       "properties": [
         {
           "name": "language",
@@ -3290,7 +3290,7 @@
       "type": "library",
       "bom-ref": "67-setuptools",
       "name": "setuptools",
-      "version": "75.1.0",
+      "version": "75.2.0",
       "supplier": {
         "name": "Python Packaging Authority",
         "contact": [
@@ -3299,16 +3299,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
       "description": "Easily download, build, install, upgrade, and uninstall Python packages",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/setuptools/75.1.0/#files",
+          "url": "https://pypi.org/project/setuptools/75.2.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/setuptools@75.1.0",
+      "purl": "pkg:pypi/setuptools@75.2.0",
       "properties": [
         {
           "name": "language",

sbom/cve-bin-tool-py3.11.spdx

@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-83273c1a-c2a7-4932-bcfd-c8afe2b06d17
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a9a33c0b-ebd3-45ac-a9ec-32d3d43f6e62
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.11.3
-Created: 2024-10-14T00:36:22Z
+Created: 2024-10-21T00:37:27Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -124,18 +124,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*
 
 PackageName: yarl
 SPDXID: SPDXRef-8-yarl
-PackageVersion: 1.15.2
+PackageVersion: 1.15.5
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrew Svetlov ([email protected])
-PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/yarl
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Yet another URL library</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*
 ##### 
 
 PackageName: idna
@@ -599,18 +599,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.
 
 PackageName: cryptography
 SPDXID: SPDXRef-36-cryptography
-PackageVersion: 43.0.1
+PackageVersion: 43.0.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors ([email protected])
-PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.1/#files
+PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/pyca/cryptography
 PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
 PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
@@ -716,17 +716,17 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected]
 
 PackageName: markupsafe
 SPDXID: SPDXRef-43-markupsafe
-PackageVersion: 3.0.1
+PackageVersion: 3.0.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.1/#files
+PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageLicenseComments: <text>markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Safely add untrusted strings to HTML/XML markup.</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].2
 ##### 
 
 PackageName: jsonschema
@@ -1113,17 +1113,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
 
 PackageName: setuptools
 SPDXID: SPDXRef-67-setuptools
-PackageVersion: 75.1.0
+PackageVersion: 75.2.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Python Packaging Authority ([email protected])
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.1.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Easily download, build, install, upgrade, and uninstall Python packages</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: xmlschema