chore: update SBOM for Python 3.11 (#3746)

Co-authored-by: GitHub <[email protected]>

Author: github-actions[bot]

sbom/cve-bin-tool-py3.11.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:9e619634-d181-4e5f-974d-af3607c58aa6",
+  "serialNumber": "urn:uuid:081f5f25-3994-4672-ae62-4e758389455f",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-01-15T00:28:58Z",
+    "timestamp": "2024-01-22T00:28:58Z",
     "tools": {
       "components": [
         {
@@ -364,7 +364,7 @@
       "type": "library",
       "bom-ref": "9-beautifulsoup4",
       "name": "beautifulsoup4",
-      "version": "4.12.2",
+      "version": "4.12.3",
       "supplier": {
         "name": "Leonard Richardson",
         "contact": [
@@ -373,16 +373,24 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*",
       "description": "Screen-scraping library",
+      "licenses": [
+        {
+          "license": {
+            "id": "MIT",
+            "url": "https://opensource.org/licenses/MIT"
+          }
+        }
+      ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/beautifulsoup4/4.12.2",
+          "url": "https://pypi.org/project/beautifulsoup4/4.12.3",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].2",
+      "purl": "pkg:pypi/[email protected].3",
       "properties": [
         {
           "name": "language",
@@ -391,6 +399,10 @@
         {
           "name": "python_version",
           "value": "3.11.7"
+        },
+        {
+          "name": "License Comments",
+          "value": "beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression."
         }
       ]
     },
@@ -728,6 +740,12 @@
       },
       "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*",
       "description": "A python package that provides useful locks",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "06c3f06cab4e135b8d921932019a231c180eb9f4"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -1761,12 +1779,12 @@
       "type": "library",
       "bom-ref": "39-markupsafe",
       "name": "markupsafe",
-      "version": "2.1.3",
+      "version": "2.1.4",
       "description": "Safely add untrusted strings to HTML/XML markup.",
       "hashes": [
         {
           "alg": "SHA-1",
-          "content": "496112e00fcfa54d81d256f1f7e221ad01d033cc"
+          "content": "b7cd6523579ea5a08d89799f2a64ec2c2bc45eca"
         }
       ],
       "licenses": [
@@ -1779,12 +1797,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/MarkupSafe/2.1.3",
+          "url": "https://pypi.org/project/MarkupSafe/2.1.4",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].3",
+      "purl": "pkg:pypi/[email protected].4",
       "properties": [
         {
           "name": "language",
@@ -1800,18 +1818,12 @@
       "type": "library",
       "bom-ref": "40-jsonschema",
       "name": "jsonschema",
-      "version": "4.20.0",
+      "version": "4.21.1",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*",
       "description": "An implementation of JSON Schema validation for Python",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "5ff5999d50420251744bc49e758f3b15ad2f8569"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -1822,12 +1834,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/jsonschema/4.20.0",
+          "url": "https://pypi.org/project/jsonschema/4.21.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/jsonschema@4.20.0",
+      "purl": "pkg:pypi/jsonschema@4.21.1",
       "properties": [
         {
           "name": "language",

sbom/cve-bin-tool-py3.11.spdx

@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8e29b9cc-59f9-452e-96a3-1f339c90fab0
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-31d93225-8277-4292-8efc-ca4823250c60
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.10.3
-Created: 2024-01-15T00:27:23Z
+Created: 2024-01-22T00:27:28Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -136,17 +136,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:*
 
 PackageName: beautifulsoup4
 SPDXID: SPDXRef-Package-9-beautifulsoup4
-PackageVersion: 4.12.2
+PackageVersion: 4.12.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Leonard Richardson ([email protected])
-PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.2
+PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
+PackageLicenseConcluded: MIT
+PackageLicenseComments: <text>beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Screen-scraping library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: soupsieve
@@ -269,6 +270,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Joshua Harlow
 PackageDownloadLocation: https://pypi.org/project/fasteners/0.19
 FilesAnalyzed: false
+PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
@@ -620,33 +622,32 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected]
 
 PackageName: markupsafe
 SPDXID: SPDXRef-Package-39-markupsafe
-PackageVersion: 2.1.3
+PackageVersion: 2.1.4
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.3
+PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.4
 FilesAnalyzed: false
-PackageChecksum: SHA1: 496112e00fcfa54d81d256f1f7e221ad01d033cc
+PackageChecksum: SHA1: b7cd6523579ea5a08d89799f2a64ec2c2bc45eca
 PackageLicenseDeclared: BSD-3-Clause
 PackageLicenseConcluded: BSD-3-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Safely add untrusted strings to HTML/XML markup.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].3
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].4
 ##### 
 
 PackageName: jsonschema
 SPDXID: SPDXRef-Package-40-jsonschema
-PackageVersion: 4.20.0
+PackageVersion: 4.21.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.20.0
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.21.1
 FilesAnalyzed: false
-PackageChecksum: SHA1: 5ff5999d50420251744bc49e758f3b15ad2f8569
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An implementation of JSON Schema validation for Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.21.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jsonschema-specifications