chore: update SBOM for Python 3.9 (#5245)

github-actions[bot] · web-flow · web-flow · commit 4ce96123fd67 · 2025-07-31T16:15:21.000-07:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:65f2c42d-f25e-4958-94d3-85a093a151b1",
+  "serialNumber": "urn:uuid:ffb3a190-8265-4621-bc3e-dd215e726b80",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-07-21T00:55:09Z",
+    "timestamp": "2025-07-28T00:57:10Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -3933,7 +3933,7 @@
       "type": "library",
       "bom-ref": "60-rich",
       "name": "rich",
-      "version": "14.0.0",
+      "version": "14.1.0",
       "supplier": {
         "name": "Will McGugan",
         "contact": [
@@ -3942,12 +3942,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:will_mcgugan:rich:14.0.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:will_mcgugan:rich:14.1.0:*:*:*:*:*:*:*",
       "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "1c9491e1951aac09caffd42f448ee3d04e58923ffe14993f6e83068dc395d7e0"
+          "content": "536f5f1785986d6dbdea3c75205c473f970777b4a0d6c6dd1b696aa05a3fa04f"
         }
       ],
       "licenses": [
@@ -3966,7 +3966,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/rich/14.0.0/#files",
+          "url": "https://pypi.org/project/rich/14.1.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -3975,11 +3975,11 @@
           "type": "documentation"
         }
       ],
-      "purl": "pkg:pypi/rich@14.0.0",
+      "purl": "pkg:pypi/rich@14.1.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-03-30T14:15:12Z"
+          "value": "2025-07-25T07:32:56Z"
         },
         {
           "name": "language",
@@ -4324,7 +4324,7 @@
       "type": "library",
       "bom-ref": "66-narwhals",
       "name": "narwhals",
-      "version": "1.47.1",
+      "version": "1.48.1",
       "supplier": {
         "name": "Marco Gorelli",
         "contact": [
@@ -4333,7 +4333,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.47.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.48.1:*:*:*:*:*:*:*",
       "description": "Extremely lightweight compatibility layer between dataframe libraries",
       "licenses": [
         {
@@ -4351,7 +4351,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/narwhals/1.47.1/#files",
+          "url": "https://pypi.org/project/narwhals/1.48.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4368,7 +4368,7 @@
           "type": "issue-tracker"
         }
       ],
-      "purl": "pkg:pypi/narwhals@1.47.1",
+      "purl": "pkg:pypi/narwhals@1.48.1",
       "properties": [
         {
           "name": "release_date",
@@ -5212,8 +5212,7 @@
       "ref": "60-rich",
       "dependsOn": [
         "61-markdown-it-py",
-        "63-pygments",
-        "6-typing-extensions"
+        "63-pygments"
       ]
     },
     {
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-884e312b-e5de-47e0-b600-1663af54aead
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fa29f6d4-6cf8-4604-84f1-ac36679edc65
 LicenseListVersion: 3.26
 Creator: Tool: sbom4python-0.12.4
-Created: 2025-07-21T00:54:46Z
+Created: 2025-07-28T00:56:36Z
 CreatorComment: <text>SBOM Type: Build - This document has been automatically generated.</text>
 ##### 
 
@@ -867,13 +867,12 @@ PackageSupplier: Person: Craig Citro (craigcitro@google.com)
 PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files
 FilesAnalyzed: false
 PackageHomePage: http://github.com/google/apitools
-PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>client libraries for humans</text>
-ReleaseDate: 2021-05-05T22:12:58Z
+ReleaseDate: 2023-12-12T17:40:13Z
 ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-apitools@0.5.32
 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
 ##### 
@@ -1223,12 +1222,11 @@ PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
 PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/anthonyharrison/csaf
-PackageChecksum: SHA256: 7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>CSAF generator and analyser</text>
-ReleaseDate: 2024-06-12T20:10:06Z
+ReleaseDate: 2024-08-29T20:36:52Z
 ExternalRef: PACKAGE-MANAGER purl pkg:pypi/csaf-tool@0.3.2
 ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:*
 ##### 
@@ -1253,21 +1251,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1
 
 PackageName: rich
 SPDXID: SPDXRef-60-rich
-PackageVersion: 14.0.0
+PackageVersion: 14.1.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/14.0.0/#files
+PackageDownloadLocation: https://pypi.org/project/rich/14.1.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/Textualize/rich
-PackageChecksum: SHA256: 1c9491e1951aac09caffd42f448ee3d04e58923ffe14993f6e83068dc395d7e0
+PackageChecksum: SHA256: 536f5f1785986d6dbdea3c75205c473f970777b4a0d6c6dd1b696aa05a3fa04f
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal</text>
-ReleaseDate: 2025-03-30T14:15:12Z
+ReleaseDate: 2025-07-25T07:32:56Z
 ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@14.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:14.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@14.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:14.1.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: markdown-it-py
@@ -1396,10 +1394,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.2.0:*:*:*:*:*:*:*
 
 PackageName: narwhals
 SPDXID: SPDXRef-66-narwhals
-PackageVersion: 1.47.1
+PackageVersion: 1.48.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Marco Gorelli (hello_narwhals@proton.me)
-PackageDownloadLocation: https://pypi.org/project/narwhals/1.47.1/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/1.48.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/narwhals-dev/narwhals
 PackageLicenseDeclared: NOASSERTION
@@ -1411,8 +1409,8 @@ ReleaseDate: 2025-06-26T16:20:40Z
 ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
 ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
 ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.47.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.47.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.48.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.48.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: python-gnupg
@@ -1699,7 +1697,6 @@ Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-58-csaf-tool
 Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-59-packageurl-python
 Relationship: SPDXRef-58-csaf-tool DEPENDS_ON SPDXRef-59-packageurl-python
 Relationship: SPDXRef-58-csaf-tool DEPENDS_ON SPDXRef-60-rich
-Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-6-typing-extensions
 Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-61-markdown-it-py
 Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-63-pygments
 Relationship: SPDXRef-61-markdown-it-py DEPENDS_ON SPDXRef-62-mdurl
