chore: update SBOM for Python 3.12 (#5086)

Co-authored-by: GitHub <[email protected]>

Author: github-actions[bot]

sbom/cve-bin-tool-py3.12.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:c8ad823f-1c6e-40ea-b11e-91a2d6bc3db0",
+  "serialNumber": "urn:uuid:375c7931-f1b3-4d44-b69e-b28ee4185320",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-05-12T00:42:32Z",
+    "timestamp": "2025-05-19T00:44:32Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -3335,7 +3335,7 @@
       "type": "library",
       "bom-ref": "50-rpds-py",
       "name": "rpds-py",
-      "version": "0.24.0",
+      "version": "0.25.0",
       "supplier": {
         "name": "Julian Berman",
         "contact": [
@@ -3344,12 +3344,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.24.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.25.0:*:*:*:*:*:*:*",
       "description": "Python bindings to Rust's persistent data structures (rpds)",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "006f4342fe729a368c6df36578d7a348c7c716be1da0a1a0f86e3021f8e98724"
+          "content": "c146a24a8f0dc4a7846fb4640b88b3a68986585b8ce8397af15e66b7c5817439"
         }
       ],
       "licenses": [
@@ -3368,7 +3368,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/rpds-py/0.24.0/#files",
+          "url": "https://pypi.org/project/rpds-py/0.25.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -3397,11 +3397,11 @@
           "type": "other"
         }
       ],
-      "purl": "pkg:pypi/rpds-py@0.24.0",
+      "purl": "pkg:pypi/rpds-py@0.25.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-03-26T14:52:41Z"
+          "value": "2025-05-15T13:38:11Z"
         },
         {
           "name": "language",
@@ -4109,7 +4109,7 @@
       "type": "library",
       "bom-ref": "62-plotly",
       "name": "plotly",
-      "version": "6.0.1",
+      "version": "6.1.0",
       "supplier": {
         "name": "Chris P",
         "contact": [
@@ -4118,12 +4118,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:chris_p:plotly:6.0.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:chris_p:plotly:6.1.0:*:*:*:*:*:*:*",
       "description": "An open-source interactive data visualization library for Python",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4714db20fea57a435692c548a4eb4fae454f7daddf15f8d8ba7e1045681d7768"
+          "content": "a29d3ed523c9d7960095693af1ee52689830df0f9c6bae3e5e92c20c4f5684c3"
         }
       ],
       "externalReferences": [
@@ -4133,7 +4133,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/plotly/6.0.1/#files",
+          "url": "https://pypi.org/project/plotly/6.1.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4146,15 +4146,15 @@
           "type": "vcs"
         },
         {
-          "url": "https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md",
+          "url": "https://github.com/plotly/plotly.py/blob/main/CHANGELOG.md",
           "type": "log"
         }
       ],
-      "purl": "pkg:pypi/plotly@6.0.1",
+      "purl": "pkg:pypi/plotly@6.1.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-03-17T15:02:18Z"
+          "value": "2025-05-15T16:04:30Z"
         },
         {
           "name": "language",
@@ -4174,7 +4174,7 @@
       "type": "library",
       "bom-ref": "63-narwhals",
       "name": "narwhals",
-      "version": "1.38.2",
+      "version": "1.39.1",
       "supplier": {
         "name": "Marco Gorelli",
         "contact": [
@@ -4183,12 +4183,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.38.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.39.1:*:*:*:*:*:*:*",
       "description": "Extremely lightweight compatibility layer between dataframe libraries",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "a33a182e32f18d794a04e7828a5c401fb26ce9083f609993e7e5064aace641c7"
+          "content": "68d0f29c760f1a9419ada537f35f21ff202b0be1419e6d22135a0352c6d96deb"
         }
       ],
       "licenses": [
@@ -4207,7 +4207,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/narwhals/1.38.2/#files",
+          "url": "https://pypi.org/project/narwhals/1.39.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4224,11 +4224,11 @@
           "type": "issue-tracker"
         }
       ],
-      "purl": "pkg:pypi/narwhals@1.38.2",
+      "purl": "pkg:pypi/narwhals@1.39.1",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-05-08T17:02:25Z"
+          "value": "2025-05-15T17:45:07Z"
         },
         {
           "name": "language",
@@ -4637,7 +4637,7 @@
       "type": "library",
       "bom-ref": "70-setuptools",
       "name": "setuptools",
-      "version": "80.4.0",
+      "version": "80.7.1",
       "supplier": {
         "name": "Python Packaging Authority",
         "contact": [
@@ -4646,17 +4646,11 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:80.4.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:80.7.1:*:*:*:*:*:*:*",
       "description": "Easily download, build, install, upgrade, and uninstall Python packages",
-      "hashes": [
-        {
-          "alg": "SHA-256",
-          "content": "6cdc8cb9a7d590b237dbe4493614a9b75d0559b888047c1f67d49ba50fc3edb2"
-        }
-      ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/setuptools/80.4.0/#files",
+          "url": "https://pypi.org/project/setuptools/80.7.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4673,11 +4667,11 @@
           "type": "log"
         }
       ],
-      "purl": "pkg:pypi/setuptools@80.4.0",
+      "purl": "pkg:pypi/setuptools@80.7.1",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-05-09T20:42:25Z"
+          "value": "2024-07-24T21:57:45Z"
         },
         {
           "name": "language",

sbom/cve-bin-tool-py3.12.spdx

@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0cd5b59c-16bd-45cc-b896-dbfc4a2479c1
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a8082802-8577-4ddc-9116-43cc8776ba73
 LicenseListVersion: 3.25
 Creator: Tool: sbom4python-0.12.3
-Created: 2025-05-12T00:42:26Z
+Created: 2025-05-19T00:44:21Z
 CreatorComment: <text>SBOM Type: Build - This document has been automatically generated.</text>
 ##### 
 
@@ -1058,26 +1058,26 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.36.2:*:*:*
 
 PackageName: rpds-py
 SPDXID: SPDXRef-50-rpds-py
-PackageVersion: 0.24.0
+PackageVersion: 0.25.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman ([email protected])
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.24.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.25.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA256: 006f4342fe729a368c6df36578d7a348c7c716be1da0a1a0f86e3021f8e98724
+PackageChecksum: SHA256: c146a24a8f0dc4a7846fb4640b88b3a68986585b8ce8397af15e66b7c5817439
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python bindings to Rust's persistent data structures (rpds)</text>
-ReleaseDate: 2025-03-26T14:52:41Z
+ReleaseDate: 2025-05-15T13:38:11Z
 ExternalRef: OTHER documentation https://rpds.readthedocs.io/
 ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/
 ExternalRef: OTHER other https://github.com/sponsors/Julian
 ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link
 ExternalRef: OTHER vcs https://github.com/crate-py/rpds
 ExternalRef: OTHER other https://github.com/orium/rpds
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.24.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.24.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.25.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.25.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: lib4sbom
@@ -1296,13 +1296,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:25.0:*:*:*:*:*
 
 PackageName: plotly
 SPDXID: SPDXRef-62-plotly
-PackageVersion: 6.0.1
+PackageVersion: 6.1.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Chris P ([email protected])
-PackageDownloadLocation: https://pypi.org/project/plotly/6.0.1/#files
+PackageDownloadLocation: https://pypi.org/project/plotly/6.1.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://plotly.com/python/
-PackageChecksum: SHA256: 4714db20fea57a435692c548a4eb4fae454f7daddf15f8d8ba7e1045681d7768
+PackageChecksum: SHA256: a29d3ed523c9d7960095693af1ee52689830df0f9c6bae3e5e92c20c4f5684c3
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageLicenseComments: <text>plotly declares MIT License
@@ -1329,34 +1329,34 @@ THE SOFTWARE.
  which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An open-source interactive data visualization library for Python</text>
-ReleaseDate: 2025-03-17T15:02:18Z
+ReleaseDate: 2025-05-15T16:04:30Z
 ExternalRef: OTHER documentation https://plotly.com/python/
 ExternalRef: OTHER vcs https://github.com/plotly/plotly.py
-ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@6.0.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.0.1:*:*:*:*:*:*:*
+ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/main/CHANGELOG.md
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@6.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.1.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: narwhals
 SPDXID: SPDXRef-63-narwhals
-PackageVersion: 1.38.2
+PackageVersion: 1.39.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Marco Gorelli ([email protected])
-PackageDownloadLocation: https://pypi.org/project/narwhals/1.38.2/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/1.39.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/narwhals-dev/narwhals
-PackageChecksum: SHA256: a33a182e32f18d794a04e7828a5c401fb26ce9083f609993e7e5064aace641c7
+PackageChecksum: SHA256: 68d0f29c760f1a9419ada537f35f21ff202b0be1419e6d22135a0352c6d96deb
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: MIT
 PackageLicenseComments: <text>narwhals declares MIT License which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Extremely lightweight compatibility layer between dataframe libraries</text>
-ReleaseDate: 2025-05-08T17:02:25Z
+ReleaseDate: 2025-05-15T17:45:07Z
 ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
 ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
 ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.38.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.38.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.39.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.39.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: python-gnupg
@@ -1482,22 +1482,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
 
 PackageName: setuptools
 SPDXID: SPDXRef-70-setuptools
-PackageVersion: 80.4.0
+PackageVersion: 80.7.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Python Packaging Authority ([email protected])
-PackageDownloadLocation: https://pypi.org/project/setuptools/80.4.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/80.7.1/#files
 FilesAnalyzed: false
-PackageChecksum: SHA256: 6cdc8cb9a7d590b237dbe4493614a9b75d0559b888047c1f67d49ba50fc3edb2
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Easily download, build, install, upgrade, and uninstall Python packages</text>
-ReleaseDate: 2025-05-09T20:42:25Z
+ReleaseDate: 2024-07-24T21:57:45Z
 ExternalRef: OTHER vcs https://github.com/pypa/setuptools
 ExternalRef: OTHER documentation https://setuptools.pypa.io/
 ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@80.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:80.4.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@80.7.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:80.7.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: xmlschema