chore: update SBOM for Python 3.9 (#5336)

Co-authored-by: GitHub <[email protected]>

Author: github-actions[bot]

sbom/cve-bin-tool-py3.9.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:c0992a50-1617-4b71-80cc-1ca45e216492",
+  "serialNumber": "urn:uuid:e95d818a-d226-4cdc-ab2e-458ba245d4a8",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-09-08T00:42:26Z",
+    "timestamp": "2025-09-15T00:43:01Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -2084,7 +2084,7 @@
       "type": "library",
       "bom-ref": "31-pyparsing",
       "name": "pyparsing",
-      "version": "3.2.3",
+      "version": "3.2.4",
       "supplier": {
         "name": "Paul McGuire",
         "contact": [
@@ -2093,21 +2093,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.3:*:*:*:*:*:*:*",
-      "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
+      "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.4:*:*:*:*:*:*:*",
+      "description": "pyparsing - Classes and methods to define and execute parsing grammars",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "a749938e02d6fd0b59b356ca504a24982314bb090c383e3cf201c95ef7e2bfcf"
-        }
-      ],
-      "licenses": [
-        {
-          "license": {
-            "id": "MIT",
-            "url": "https://opensource.org/license/mit/",
-            "acknowledgement": "concluded"
-          }
+          "content": "91d0fcde680d42cd031daf3a6ba20da3107e08a75de50da58360e7d94ab24d36"
         }
       ],
       "externalReferences": [
@@ -2117,16 +2108,16 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/pyparsing/3.2.3/#files",
+          "url": "https://pypi.org/project/pyparsing/3.2.4/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].3",
+      "purl": "pkg:pypi/[email protected].4",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-03-25T05:01:24Z"
+          "value": "2025-09-13T05:47:17Z"
         },
         {
           "name": "language",
@@ -2135,10 +2126,6 @@
         {
           "name": "python_version",
           "value": "3.9.23"
-        },
-        {
-          "name": "License Comments",
-          "value": "pyparsing declares MIT License which is not currently a valid SPDX License identifier or expression."
         }
       ]
     },
@@ -2419,55 +2406,28 @@
       "type": "library",
       "bom-ref": "36-cffi",
       "name": "cffi",
-      "version": "1.17.1",
+      "version": "2.0.0",
       "supplier": {
-        "name": "Armin Maciej Fijalkowski",
-        "contact": [
-          {
-            "email": "[email protected]"
-          }
-        ]
+        "name": "Armin Maciej Fijalkowski"
       },
-      "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:2.0.0:*:*:*:*:*:*:*",
       "description": "Foreign Function Interface for Python calling C code.",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"
-        }
-      ],
-      "licenses": [
-        {
-          "license": {
-            "id": "MIT",
-            "url": "https://opensource.org/license/mit/",
-            "acknowledgement": "concluded"
-          }
+          "content": "0cf2d91ecc3fcc0625c2c530fe004f82c110405f101548512cce44322fa8ac44"
         }
       ],
       "externalReferences": [
         {
-          "url": "http://cffi.readthedocs.org",
-          "type": "website",
-          "comment": "Home page for project"
-        },
-        {
-          "url": "https://pypi.org/project/cffi/1.17.1/#files",
+          "url": "https://pypi.org/project/cffi/2.0.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
         {
-          "url": "http://cffi.readthedocs.org/",
+          "url": "https://cffi.readthedocs.io/",
           "type": "documentation"
         },
-        {
-          "url": "https://github.com/python-cffi/cffi",
-          "type": "vcs"
-        },
-        {
-          "url": "https://github.com/python-cffi/cffi/issues",
-          "type": "issue-tracker"
-        },
         {
           "url": "https://cffi.readthedocs.io/en/latest/whatsnew.html",
           "type": "log"
@@ -2479,13 +2439,21 @@
         {
           "url": "https://groups.google.com/forum/#!forum/python-cffi",
           "type": "other"
+        },
+        {
+          "url": "https://github.com/python-cffi/cffi",
+          "type": "vcs"
+        },
+        {
+          "url": "https://github.com/python-cffi/cffi/issues",
+          "type": "issue-tracker"
         }
       ],
-      "purl": "pkg:pypi/cffi@1.17.1",
+      "purl": "pkg:pypi/cffi@2.0.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-09-04T20:43:30Z"
+          "value": "2025-09-08T23:22:08Z"
         },
         {
           "name": "language",
@@ -2501,7 +2469,7 @@
       "type": "library",
       "bom-ref": "37-pycparser",
       "name": "pycparser",
-      "version": "2.22",
+      "version": "2.23",
       "supplier": {
         "name": "Eli Bendersky",
         "contact": [
@@ -2510,12 +2478,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.23:*:*:*:*:*:*:*",
       "description": "C parser in Python",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"
+          "content": "e5c6e8d3fbad53479cab09ac03729e0a9faf2bee3db8208a550daf5af81a5934"
         }
       ],
       "licenses": [
@@ -2534,16 +2502,16 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/pycparser/2.22/#files",
+          "url": "https://pypi.org/project/pycparser/2.23/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/pycparser@2.22",
+      "purl": "pkg:pypi/pycparser@2.23",
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-03-30T13:22:20Z"
+          "value": "2025-09-09T13:23:46Z"
         },
         {
           "name": "language",
@@ -3232,7 +3200,7 @@
       "type": "library",
       "bom-ref": "49-jsonschema-specifications",
       "name": "jsonschema-specifications",
-      "version": "2025.4.1",
+      "version": "2025.9.1",
       "supplier": {
         "name": "Julian Berman",
         "contact": [
@@ -3241,12 +3209,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2025.4.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2025.9.1:*:*:*:*:*:*:*",
       "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4653bffbd6584f7de83a67e0d620ef16900b390ddc7939d56684d6c81e33f1af"
+          "content": "98802fee3a11ee76ecaca44429fda8a41bff98b00a0f2838151b113f210cc6fe"
         }
       ],
       "externalReferences": [
@@ -3256,7 +3224,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/jsonschema-specifications/2025.4.1/#files",
+          "url": "https://pypi.org/project/jsonschema-specifications/2025.9.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -3281,11 +3249,11 @@
           "type": "vcs"
         }
       ],
-      "purl": "pkg:pypi/jsonschema-specifications@2025.4.1",
+      "purl": "pkg:pypi/jsonschema-specifications@2025.9.1",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-04-23T12:34:05Z"
+          "value": "2025-09-08T01:34:57Z"
         },
         {
           "name": "language",
@@ -4365,7 +4333,7 @@
       "type": "library",
       "bom-ref": "67-narwhals",
       "name": "narwhals",
-      "version": "2.3.0",
+      "version": "2.5.0",
       "supplier": {
         "name": "Marco Gorelli",
         "contact": [
@@ -4374,12 +4342,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.3.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.5.0:*:*:*:*:*:*:*",
       "description": "Extremely lightweight compatibility layer between dataframe libraries",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "5507b1a9a9c2b1c55a627fdf6cf722fef2e23498bd14362a332c8848a311c321"
+          "content": "7e213f9ca7db3f8bf6f7eff35eaee6a1cf80902997e1b78d49b7755775d8f423"
         }
       ],
       "licenses": [
@@ -4398,7 +4366,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/narwhals/2.3.0/#files",
+          "url": "https://pypi.org/project/narwhals/2.5.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4415,11 +4383,11 @@
           "type": "issue-tracker"
         }
       ],
-      "purl": "pkg:pypi/narwhals@2.3.0",
+      "purl": "pkg:pypi/narwhals@2.5.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-09-01T08:29:25Z"
+          "value": "2025-09-12T10:04:22Z"
         },
         {
           "name": "language",
@@ -4942,7 +4910,7 @@
       "type": "library",
       "bom-ref": "76-zstandard",
       "name": "zstandard",
-      "version": "0.24.0",
+      "version": "0.25.0",
       "supplier": {
         "name": "Gregory Szorc",
         "contact": [
@@ -4951,31 +4919,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.24.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.25.0:*:*:*:*:*:*:*",
       "description": "Zstandard bindings for Python",
-      "hashes": [
-        {
-          "alg": "SHA-256",
-          "content": "af1394c2c5febc44e0bbf0fc6428263fa928b50d1b1982ce1d870dc793a8e5f4"
-        }
-      ],
-      "licenses": [
-        {
-          "license": {
-            "id": "BSD-3-Clause",
-            "url": "https://opensource.org/licenses/BSD-3-Clause",
-            "acknowledgement": "concluded"
-          }
-        }
-      ],
       "externalReferences": [
         {
           "url": "https://github.com/indygreg/python-zstandard",
           "type": "website",
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/zstandard/0.24.0/#files",
+          "url": "https://pypi.org/project/zstandard/0.25.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4984,11 +4937,11 @@
           "type": "documentation"
         }
       ],
-      "purl": "pkg:pypi/zstandard@0.24.0",
+      "purl": "pkg:pypi/zstandard@0.25.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-08-17T18:21:12Z"
+          "value": "2020-11-01T01:40:20Z"
         },
         {
           "name": "language",
@@ -4997,10 +4950,6 @@
         {
           "name": "python_version",
           "value": "3.9.23"
-        },
-        {
-          "name": "License Comments",
-          "value": "zstandard declares BSD which is not currently a valid SPDX License identifier or expression."
         }
       ]
     }