chore: update SBOM for Python 3.10 (#5248)

github-actions[bot] · web-flow · web-flow · commit 9bcc0827adcf · 2025-07-31T16:37:10.000-07:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:eebba0b9-a1b2-47ff-ae81-9e6564f69747",
+  "serialNumber": "urn:uuid:cf6cc3f0-8d12-499b-97c9-44266344ceeb",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-07-21T00:54:52Z",
+    "timestamp": "2025-07-28T00:57:27Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -3824,7 +3824,7 @@
       "type": "library",
       "bom-ref": "58-rich",
       "name": "rich",
-      "version": "14.0.0",
+      "version": "14.1.0",
       "supplier": {
         "name": "Will McGugan",
         "contact": [
@@ -3833,12 +3833,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:will_mcgugan:rich:14.0.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:will_mcgugan:rich:14.1.0:*:*:*:*:*:*:*",
       "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "1c9491e1951aac09caffd42f448ee3d04e58923ffe14993f6e83068dc395d7e0"
+          "content": "536f5f1785986d6dbdea3c75205c473f970777b4a0d6c6dd1b696aa05a3fa04f"
         }
       ],
       "licenses": [
@@ -3857,7 +3857,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/rich/14.0.0/#files",
+          "url": "https://pypi.org/project/rich/14.1.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -3866,11 +3866,11 @@
           "type": "documentation"
         }
       ],
-      "purl": "pkg:pypi/rich@14.0.0",
+      "purl": "pkg:pypi/rich@14.1.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-03-30T14:15:12Z"
+          "value": "2025-07-25T07:32:56Z"
         },
         {
           "name": "language",
@@ -4215,7 +4215,7 @@
       "type": "library",
       "bom-ref": "64-narwhals",
       "name": "narwhals",
-      "version": "1.47.1",
+      "version": "1.48.1",
       "supplier": {
         "name": "Marco Gorelli",
         "contact": [
@@ -4224,7 +4224,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.47.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.48.1:*:*:*:*:*:*:*",
       "description": "Extremely lightweight compatibility layer between dataframe libraries",
       "licenses": [
         {
@@ -4242,7 +4242,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/narwhals/1.47.1/#files",
+          "url": "https://pypi.org/project/narwhals/1.48.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4259,7 +4259,7 @@
           "type": "issue-tracker"
         }
       ],
-      "purl": "pkg:pypi/narwhals@1.47.1",
+      "purl": "pkg:pypi/narwhals@1.48.1",
       "properties": [
         {
           "name": "release_date",
@@ -5150,8 +5150,7 @@
       "ref": "58-rich",
       "dependsOn": [
         "59-markdown-it-py",
-        "61-pygments",
-        "6-typing-extensions"
+        "61-pygments"
       ]
     },
     {
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3ab1ab7d-c7dd-4044-b30d-2d5f93f21216
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c36ae76e-814c-4678-86bf-d2ca7200a00e
 LicenseListVersion: 3.26
 Creator: Tool: sbom4python-0.12.4
-Created: 2025-07-21T00:54:46Z
+Created: 2025-07-28T00:56:36Z
 CreatorComment: <text>SBOM Type: Build - This document has been automatically generated.</text>
 ##### 
 
@@ -867,13 +867,12 @@ PackageSupplier: Person: Craig Citro (craigcitro@google.com)
 PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files
 FilesAnalyzed: false
 PackageHomePage: http://github.com/google/apitools
-PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>client libraries for humans</text>
-ReleaseDate: 2021-05-05T22:12:58Z
+ReleaseDate: 2023-12-12T17:40:13Z
 ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-apitools@0.5.32
 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
 ##### 
@@ -1216,21 +1215,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1
 
 PackageName: rich
 SPDXID: SPDXRef-58-rich
-PackageVersion: 14.0.0
+PackageVersion: 14.1.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/14.0.0/#files
+PackageDownloadLocation: https://pypi.org/project/rich/14.1.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/Textualize/rich
-PackageChecksum: SHA256: 1c9491e1951aac09caffd42f448ee3d04e58923ffe14993f6e83068dc395d7e0
+PackageChecksum: SHA256: 536f5f1785986d6dbdea3c75205c473f970777b4a0d6c6dd1b696aa05a3fa04f
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal</text>
-ReleaseDate: 2025-03-30T14:15:12Z
+ReleaseDate: 2025-07-25T07:32:56Z
 ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@14.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:14.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@14.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:14.1.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: markdown-it-py
@@ -1359,10 +1358,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.2.0:*:*:*:*:*:*:*
 
 PackageName: narwhals
 SPDXID: SPDXRef-64-narwhals
-PackageVersion: 1.47.1
+PackageVersion: 1.48.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Marco Gorelli (hello_narwhals@proton.me)
-PackageDownloadLocation: https://pypi.org/project/narwhals/1.47.1/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/1.48.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/narwhals-dev/narwhals
 PackageLicenseDeclared: NOASSERTION
@@ -1374,8 +1373,8 @@ ReleaseDate: 2025-06-26T16:20:40Z
 ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
 ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
 ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.47.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.47.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.48.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.48.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: python-gnupg
@@ -1680,7 +1679,6 @@ Relationship: SPDXRef-55-lib4vex DEPENDS_ON SPDXRef-57-packageurl-python
 Relationship: SPDXRef-56-csaf-tool DEPENDS_ON SPDXRef-57-packageurl-python
 Relationship: SPDXRef-56-csaf-tool DEPENDS_ON SPDXRef-58-rich
 Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-59-markdown-it-py
-Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-6-typing-extensions
 Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-61-pygments
 Relationship: SPDXRef-59-markdown-it-py DEPENDS_ON SPDXRef-60-mdurl
 Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-62-packaging
