chore: update SBOM for Python 3.13 (#5362)

github-actions[bot] · web-flow · web-flow · commit 259bf9bfae3a · 2025-10-02T11:57:12.000-07:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.13.json b/sbom/cve-bin-tool-py3.13.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:8e073784-8a9b-46fe-8a88-6ddf94534847",
+  "serialNumber": "urn:uuid:fb20c3d5-da0d-4c39-a74c-4949c29c5bb4",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-09-22T00:45:57Z",
+    "timestamp": "2025-09-29T00:37:57Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -876,7 +876,7 @@
       "type": "library",
       "bom-ref": "12-beautifulsoup4",
       "name": "beautifulsoup4",
-      "version": "4.13.5",
+      "version": "4.14.0",
       "supplier": {
         "name": "Leonard Richardson",
         "contact": [
@@ -885,12 +885,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13.5:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.14.0:*:*:*:*:*:*:*",
       "description": "Screen-scraping library",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "642085eaa22233aceadff9c69651bc51e8bf3f874fb6d7104ece2beb24b47c4a"
+          "content": "aee96fbccdf2d2a8d1288b2afa51fc76bb60823b7881a50fb1ed5f711d1a7d73"
         }
       ],
       "licenses": [
@@ -909,7 +909,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/beautifulsoup4/4.13.5/#files",
+          "url": "https://pypi.org/project/beautifulsoup4/4.14.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -918,11 +918,11 @@
           "type": "other"
         }
       ],
-      "purl": "pkg:pypi/beautifulsoup4@4.13.5",
+      "purl": "pkg:pypi/beautifulsoup4@4.14.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-08-24T14:06:14Z"
+          "value": "2025-09-27T17:22:16Z"
         },
         {
           "name": "language",
@@ -2013,6 +2013,12 @@
       },
       "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.5:*:*:*:*:*:*:*",
       "description": "pyparsing - Classes and methods to define and execute parsing grammars",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "e38a4f02064cf41fe6593d328d0512495ad1f3d8a91c4f73fc401b3079a59a5e"
+        }
+      ],
       "externalReferences": [
         {
           "url": "https://github.com/pyparsing/pyparsing/",
@@ -2029,7 +2035,7 @@
       "properties": [
         {
           "name": "release_date",
-          "value": "2022-02-03T00:00:29Z"
+          "value": "2025-09-21T04:11:04Z"
         },
         {
           "name": "language",
@@ -2679,7 +2685,7 @@
       "type": "library",
       "bom-ref": "41-google-apitools",
       "name": "google-apitools",
-      "version": "0.5.32",
+      "version": "0.5.35",
       "supplier": {
         "name": "Craig Citro",
         "contact": [
@@ -2688,12 +2694,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.35:*:*:*:*:*:*:*",
       "description": "client libraries for humans",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688"
+          "content": "0f6f67fbe6f228f4777ae7e9d00e01476f7b8a48dca3a4353a1c32369437bbd0"
         }
       ],
       "licenses": [
@@ -2712,16 +2718,16 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/google-apitools/0.5.32/#files",
+          "url": "https://pypi.org/project/google-apitools/0.5.35/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/google-apitools@0.5.32",
+      "purl": "pkg:pypi/google-apitools@0.5.35",
       "properties": [
         {
           "name": "release_date",
-          "value": "2021-05-05T22:12:58Z"
+          "value": "2025-09-24T20:22:49Z"
         },
         {
           "name": "language",
@@ -2871,17 +2877,17 @@
       "type": "library",
       "bom-ref": "44-markupsafe",
       "name": "markupsafe",
-      "version": "3.0.2",
+      "version": "3.0.3",
       "description": "Safely add untrusted strings to HTML/XML markup.",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8"
+          "content": "2f981d352f04553a7171b8e44369f2af4055f888dfb147d55e42d29e29e74559"
         }
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/markupsafe/3.0.2/#files",
+          "url": "https://pypi.org/project/markupsafe/3.0.3/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -2894,7 +2900,7 @@
           "type": "documentation"
         },
         {
-          "url": "https://markupsafe.palletsprojects.com/changes/",
+          "url": "https://markupsafe.palletsprojects.com/page/changes/",
           "type": "log"
         },
         {
@@ -2906,11 +2912,11 @@
           "type": "chat"
         }
       ],
-      "purl": "pkg:pypi/markupsafe@3.0.2",
+      "purl": "pkg:pypi/markupsafe@3.0.3",
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-10-18T15:20:51Z"
+          "value": "2025-09-27T18:36:05Z"
         },
         {
           "name": "language",
@@ -2919,10 +2925,6 @@
         {
           "name": "python_version",
           "value": "3.13.7"
-        },
-        {
-          "name": "License Comments",
-          "value": "markupsafe declares Copyright 2010 Pallets\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n1.  Redistributions of source code must retain the above copyright\n    notice, this list of conditions and the following disclaimer.\n\n2.  Redistributions in binary form must reproduce the above copyright\n    notice, this list of conditions and the following disclaimer in the\n    documentation and/or other materials provided with the distribution.\n\n3.  Neither the name of the copyright holder nor the names of its\n    contributors may be used to endorse or promote products derived from\n    this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A\nPARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nHOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED\nTO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR\nPROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\nLIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\nNEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n which is not currently a valid SPDX License identifier or expression."
         }
       ]
     },
@@ -3276,7 +3278,7 @@
       "type": "library",
       "bom-ref": "50-pyyaml",
       "name": "pyyaml",
-      "version": "6.0.2",
+      "version": "6.0.3",
       "supplier": {
         "name": "Kirill Simonov",
         "contact": [
@@ -3285,12 +3287,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.3:*:*:*:*:*:*:*",
       "description": "YAML parser and emitter for Python",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"
+          "content": "214ed4befebe12df36bcc8bc2b64b396ca31be9304b8f59e25c11cf94a4c033b"
         }
       ],
       "licenses": [
@@ -3334,11 +3336,11 @@
           "type": "vcs"
         }
       ],
-      "purl": "pkg:pypi/pyyaml@6.0.2",
+      "purl": "pkg:pypi/pyyaml@6.0.3",
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-08-06T20:31:40Z"
+          "value": "2025-09-25T21:31:46Z"
         },
         {
           "name": "language",
diff --git a/sbom/cve-bin-tool-py3.13.spdx b/sbom/cve-bin-tool-py3.13.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-df626266-91c9-4f36-a228-57b53bea7e86
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-afe29016-65a3-45f3-9fee-8779a2dff759
 LicenseListVersion: 3.26
 Creator: Tool: sbom4python-0.12.4
-Created: 2025-09-22T00:45:34Z
+Created: 2025-09-29T00:37:37Z
 CreatorComment: <text>SBOM Type: Build - This document has been automatically generated.</text>
 ##### 
 
@@ -271,22 +271,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*
 
 PackageName: beautifulsoup4
 SPDXID: SPDXRef-12-beautifulsoup4
-PackageVersion: 4.13.5
+PackageVersion: 4.14.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
-PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.13.5/#files
+PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.14.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/
-PackageChecksum: SHA256: 642085eaa22233aceadff9c69651bc51e8bf3f874fb6d7104ece2beb24b47c4a
+PackageChecksum: SHA256: aee96fbccdf2d2a8d1288b2afa51fc76bb60823b7881a50fb1ed5f711d1a7d73
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: MIT
 PackageLicenseComments: <text>beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Screen-scraping library</text>
-ReleaseDate: 2025-08-24T14:06:14Z
+ReleaseDate: 2025-09-27T17:22:16Z
 ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.13.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.14.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.14.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: soupsieve
@@ -625,11 +625,12 @@ PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
 PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.5/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/pyparsing/pyparsing/
+PackageChecksum: SHA256: e38a4f02064cf41fe6593d328d0512495ad1f3d8a91c4f73fc401b3079a59a5e
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>pyparsing - Classes and methods to define and execute parsing grammars</text>
-ReleaseDate: 2022-02-03T00:00:29Z
+ReleaseDate: 2025-09-21T04:11:04Z
 ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.2.5
 ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.5:*:*:*:*:*:*:*
 ##### 
@@ -834,21 +835,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-http
 
 PackageName: google-apitools
 SPDXID: SPDXRef-41-google-apitools
-PackageVersion: 0.5.32
+PackageVersion: 0.5.35
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Craig Citro (craigcitro@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files
+PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.35/#files
 FilesAnalyzed: false
 PackageHomePage: http://github.com/google/apitools
-PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688
+PackageChecksum: SHA256: 0f6f67fbe6f228f4777ae7e9d00e01476f7b8a48dca3a4353a1c32369437bbd0
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>client libraries for humans</text>
-ReleaseDate: 2021-05-05T22:12:58Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-apitools@0.5.32
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
+ReleaseDate: 2025-09-24T20:22:49Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-apitools@0.5.35
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.35:*:*:*:*:*:*:*
 ##### 
 
 PackageName: monotonic
@@ -894,52 +895,23 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.1.6
 
 PackageName: markupsafe
 SPDXID: SPDXRef-44-markupsafe
-PackageVersion: 3.0.2
+PackageVersion: 3.0.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
+PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.3/#files
 FilesAnalyzed: false
-PackageChecksum: SHA256: 7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8
+PackageChecksum: SHA256: 2f981d352f04553a7171b8e44369f2af4055f888dfb147d55e42d29e29e74559
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
-PackageLicenseComments: <text>markupsafe declares Copyright 2010 Pallets
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-1.  Redistributions of source code must retain the above copyright
-    notice, this list of conditions and the following disclaimer.
-
-2.  Redistributions in binary form must reproduce the above copyright
-    notice, this list of conditions and the following disclaimer in the
-    documentation and/or other materials provided with the distribution.
-
-3.  Neither the name of the copyright holder nor the names of its
-    contributors may be used to endorse or promote products derived from
-    this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Safely add untrusted strings to HTML/XML markup.</text>
-ReleaseDate: 2024-10-18T15:20:51Z
+ReleaseDate: 2025-09-27T18:36:05Z
 ExternalRef: OTHER other https://palletsprojects.com/donate
 ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/
-ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/
+ExternalRef: OTHER log https://markupsafe.palletsprojects.com/page/changes/
 ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/
 ExternalRef: OTHER chat https://discord.gg/pallets
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@3.0.2
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@3.0.3
 ##### 
 
 PackageName: jsonschema
@@ -1057,25 +1029,25 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.8:*:*:*:
 
 PackageName: pyyaml
 SPDXID: SPDXRef-50-pyyaml
-PackageVersion: 6.0.2
+PackageVersion: 6.0.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
 PackageDownloadLocation: https://pypi.org/project/PyYAML/
 FilesAnalyzed: false
 PackageHomePage: https://pyyaml.org/
-PackageChecksum: SHA256: 0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086
+PackageChecksum: SHA256: 214ed4befebe12df36bcc8bc2b64b396ca31be9304b8f59e25c11cf94a4c033b
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>YAML parser and emitter for Python</text>
-ReleaseDate: 2024-08-06T20:31:40Z
+ReleaseDate: 2025-09-25T21:31:46Z
 ExternalRef: OTHER issue-tracker https://github.com/yaml/pyyaml/issues
 ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions
 ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation
 ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core
 ExternalRef: OTHER vcs https://github.com/yaml/pyyaml
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: semantic-version
