chore: update SBOM for Python 3.9

Author: web-flow

sbom/cve-bin-tool-py3.9.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:86bfebc8-cd04-4c9a-98d8-90930122e373",
+  "serialNumber": "urn:uuid:62d51421-c5d5-4db5-a60b-f0ced871055c",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-04-15T02:43:08Z",
+    "timestamp": "2024-04-22T00:27:44Z",
     "tools": {
       "components": [
         {
@@ -26,7 +26,7 @@
       "type": "application",
       "bom-ref": "1-cve-bin-tool",
       "name": "cve-bin-tool",
-      "version": "3.3",
+      "version": "3.3.1.dev0",
       "supplier": {
         "name": "Terri Oda",
         "contact": [
@@ -35,14 +35,8 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:*:*:*:*:*",
       "description": "CVE Binary Checker Tool",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "83e30ee0f640bce7a20d4346c85873d359c05d1f"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -53,12 +47,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cve-bin-tool/3.3",
+          "url": "https://pypi.org/project/cve-bin-tool/3.3.1.dev0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected]",
+      "purl": "pkg:pypi/[email protected].1.dev0",
       "properties": [
         {
           "name": "language",
@@ -74,7 +68,7 @@
       "type": "library",
       "bom-ref": "2-aiohttp",
       "name": "aiohttp",
-      "version": "3.9.4",
+      "version": "3.9.5",
       "description": "Async http client/server framework (asyncio)",
       "licenses": [
         {
@@ -86,12 +80,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/aiohttp/3.9.4",
+          "url": "https://pypi.org/project/aiohttp/3.9.5",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].4",
+      "purl": "pkg:pypi/[email protected].5",
       "properties": [
         {
           "name": "language",
@@ -2235,7 +2229,7 @@
       "type": "library",
       "bom-ref": "53-plotly",
       "name": "plotly",
-      "version": "5.20.0",
+      "version": "5.21.0",
       "supplier": {
         "name": "Chris P",
         "contact": [
@@ -2244,14 +2238,8 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:chris_p:plotly:5.21.0:*:*:*:*:*:*:*",
       "description": "An open-source, interactive data visualization library for Python",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "9335a34ca77399a597a72420f73e947217d3d410"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -2262,12 +2250,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/plotly/5.20.0",
+          "url": "https://pypi.org/project/plotly/5.21.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/plotly@5.20.0",
+      "purl": "pkg:pypi/plotly@5.21.0",
       "properties": [
         {
           "name": "language",
@@ -2811,7 +2799,7 @@
       "type": "library",
       "bom-ref": "66-xmlschema",
       "name": "xmlschema",
-      "version": "3.2.1",
+      "version": "3.3.0",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -2820,7 +2808,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.2.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.0:*:*:*:*:*:*:*",
       "description": "An XML Schema validator and decoder",
       "licenses": [
         {
@@ -2832,12 +2820,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/xmlschema/3.2.1",
+          "url": "https://pypi.org/project/xmlschema/3.3.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/xmlschema@3.2.1",
+      "purl": "pkg:pypi/xmlschema@3.3.0",
       "properties": [
         {
           "name": "language",

sbom/cve-bin-tool-py3.9.spdx

@@ -2,42 +2,41 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-07124c73-1f18-4124-ac1c-c53724579633
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9c42dfff-8156-4a69-bdf7-6143efc1f04a
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.10.4
-Created: 2024-04-15T02:41:52Z
+Created: 2024-04-22T00:26:31Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
 PackageName: cve-bin-tool
 SPDXID: SPDXRef-Package-1-cve-bin-tool
-PackageVersion: 3.3
+PackageVersion: 3.3.1.dev0
 PrimaryPackagePurpose: APPLICATION
 PackageSupplier: Person: Terri Oda ([email protected])
-PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3
+PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3.1.dev0
 FilesAnalyzed: false
-PackageChecksum: SHA1: 83e30ee0f640bce7a20d4346c85873d359c05d1f
 PackageLicenseDeclared: GPL-3.0-or-later
 PackageLicenseConcluded: GPL-3.0-or-later
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>CVE Binary Checker Tool</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected]
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].1.dev0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: aiohttp
 SPDXID: SPDXRef-Package-2-aiohttp
-PackageVersion: 3.9.4
+PackageVersion: 3.9.5
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.4
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.5
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Async http client/server framework (asyncio)</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].4
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].5
 ##### 
 
 PackageName: aiosignal
@@ -835,18 +834,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:*
 
 PackageName: plotly
 SPDXID: SPDXRef-Package-53-plotly
-PackageVersion: 5.20.0
+PackageVersion: 5.21.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Chris P ([email protected])
-PackageDownloadLocation: https://pypi.org/project/plotly/5.20.0
+PackageDownloadLocation: https://pypi.org/project/plotly/5.21.0
 FilesAnalyzed: false
-PackageChecksum: SHA1: 9335a34ca77399a597a72420f73e947217d3d410
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An open-source, interactive data visualization library for Python</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.21.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: tenacity
@@ -1042,17 +1040,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
 
 PackageName: xmlschema
 SPDXID: SPDXRef-Package-66-xmlschema
-PackageVersion: 3.2.1
+PackageVersion: 3.3.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato ([email protected])
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.2.1
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An XML Schema validator and decoder</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.2.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: elementpath