chore: update SBOM for Python 3.13 (#5247)

github-actions[bot] · web-flow · web-flow · commit b95b3a87a732 · 2025-07-31T16:38:34.000-07:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.13.json b/sbom/cve-bin-tool-py3.13.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:fb74c625-c429-4f5b-b30c-43cc78902dea",
+  "serialNumber": "urn:uuid:36ba5917-da55-4614-9e16-f2896e66508b",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-07-21T00:55:19Z",
+    "timestamp": "2025-07-28T00:57:13Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -3742,7 +3742,7 @@
       "type": "library",
       "bom-ref": "57-rich",
       "name": "rich",
-      "version": "14.0.0",
+      "version": "14.1.0",
       "supplier": {
         "name": "Will McGugan",
         "contact": [
@@ -3751,12 +3751,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:will_mcgugan:rich:14.0.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:will_mcgugan:rich:14.1.0:*:*:*:*:*:*:*",
       "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "1c9491e1951aac09caffd42f448ee3d04e58923ffe14993f6e83068dc395d7e0"
+          "content": "536f5f1785986d6dbdea3c75205c473f970777b4a0d6c6dd1b696aa05a3fa04f"
         }
       ],
       "licenses": [
@@ -3775,7 +3775,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/rich/14.0.0/#files",
+          "url": "https://pypi.org/project/rich/14.1.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -3784,11 +3784,11 @@
           "type": "documentation"
         }
       ],
-      "purl": "pkg:pypi/rich@14.0.0",
+      "purl": "pkg:pypi/rich@14.1.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-03-30T14:15:12Z"
+          "value": "2025-07-25T07:32:56Z"
         },
         {
           "name": "language",
@@ -4133,7 +4133,7 @@
       "type": "library",
       "bom-ref": "63-narwhals",
       "name": "narwhals",
-      "version": "1.47.1",
+      "version": "1.48.1",
       "supplier": {
         "name": "Marco Gorelli",
         "contact": [
@@ -4142,7 +4142,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.47.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.48.1:*:*:*:*:*:*:*",
       "description": "Extremely lightweight compatibility layer between dataframe libraries",
       "licenses": [
         {
@@ -4160,7 +4160,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/narwhals/1.47.1/#files",
+          "url": "https://pypi.org/project/narwhals/1.48.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4177,7 +4177,7 @@
           "type": "issue-tracker"
         }
       ],
-      "purl": "pkg:pypi/narwhals@1.47.1",
+      "purl": "pkg:pypi/narwhals@1.48.1",
       "properties": [
         {
           "name": "release_date",
@@ -5008,8 +5008,7 @@
       "ref": "57-rich",
       "dependsOn": [
         "58-markdown-it-py",
-        "60-pygments",
-        "6-typing-extensions"
+        "60-pygments"
       ]
     },
     {
diff --git a/sbom/cve-bin-tool-py3.13.spdx b/sbom/cve-bin-tool-py3.13.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-058c5540-1d06-4078-a6ba-7ff62dbe14bf
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-26da68f2-4b83-478c-a3a4-9cf7dc97e92e
 LicenseListVersion: 3.26
 Creator: Tool: sbom4python-0.12.4
-Created: 2025-07-21T00:54:46Z
+Created: 2025-07-28T00:56:36Z
 CreatorComment: <text>SBOM Type: Build - This document has been automatically generated.</text>
 ##### 
 
@@ -843,13 +843,12 @@ PackageSupplier: Person: Craig Citro (craigcitro@google.com)
 PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files
 FilesAnalyzed: false
 PackageHomePage: http://github.com/google/apitools
-PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>client libraries for humans</text>
-ReleaseDate: 2021-05-05T22:12:58Z
+ReleaseDate: 2023-12-12T17:40:13Z
 ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-apitools@0.5.32
 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
 ##### 
@@ -1192,21 +1191,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1
 
 PackageName: rich
 SPDXID: SPDXRef-57-rich
-PackageVersion: 14.0.0
+PackageVersion: 14.1.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/14.0.0/#files
+PackageDownloadLocation: https://pypi.org/project/rich/14.1.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/Textualize/rich
-PackageChecksum: SHA256: 1c9491e1951aac09caffd42f448ee3d04e58923ffe14993f6e83068dc395d7e0
+PackageChecksum: SHA256: 536f5f1785986d6dbdea3c75205c473f970777b4a0d6c6dd1b696aa05a3fa04f
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal</text>
-ReleaseDate: 2025-03-30T14:15:12Z
+ReleaseDate: 2025-07-25T07:32:56Z
 ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@14.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:14.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@14.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:14.1.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: markdown-it-py
@@ -1335,10 +1334,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.2.0:*:*:*:*:*:*:*
 
 PackageName: narwhals
 SPDXID: SPDXRef-63-narwhals
-PackageVersion: 1.47.1
+PackageVersion: 1.48.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Marco Gorelli (hello_narwhals@proton.me)
-PackageDownloadLocation: https://pypi.org/project/narwhals/1.47.1/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/1.48.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/narwhals-dev/narwhals
 PackageLicenseDeclared: NOASSERTION
@@ -1350,8 +1349,8 @@ ReleaseDate: 2025-06-26T16:20:40Z
 ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
 ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
 ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.47.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.47.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.48.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.48.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: python-gnupg
@@ -1636,7 +1635,6 @@ Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-56-packageurl-python
 Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-56-packageurl-python
 Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-57-rich
 Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-58-markdown-it-py
-Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-6-typing-extensions
 Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-60-pygments
 Relationship: SPDXRef-58-markdown-it-py DEPENDS_ON SPDXRef-59-mdurl
 Relationship: SPDXRef-62-plotly DEPENDS_ON SPDXRef-61-packaging
