chore: update SBOM for Python 3.9

Author: web-flow

sbom/cve-bin-tool-py3.9.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:0fa43716-8c8f-48a5-9055-05a17bd14ee1",
+  "serialNumber": "urn:uuid:fa996397-5c8b-43a4-acc5-438711dddcb5",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-10-13T00:40:50Z",
+    "timestamp": "2025-10-20T00:42:12Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -79,12 +79,12 @@
       "type": "library",
       "bom-ref": "2-aiohttp",
       "name": "aiohttp",
-      "version": "3.13.0",
+      "version": "3.13.1",
       "description": "Async http client/server framework (asyncio)",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "ca69ec38adf5cadcc21d0b25e2144f6a25b7db7bea7e730bac25075bc305eff0"
+          "content": "2349a6b642020bf20116a8a5c83bae8ba071acf1461c7cbe45fc7fafd552e7e2"
         }
       ],
       "licenses": [
@@ -100,7 +100,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/aiohttp/3.13.0/#files",
+          "url": "https://pypi.org/project/aiohttp/3.13.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -137,11 +137,11 @@
           "type": "vcs"
         }
       ],
-      "purl": "pkg:pypi/[email protected].0",
+      "purl": "pkg:pypi/[email protected].1",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-10-06T19:54:40Z"
+          "value": "2025-10-17T13:58:56Z"
         },
         {
           "name": "language",
@@ -894,6 +894,12 @@
       },
       "cpe": "cpe:2.3:a:kim_davies:idna:3.11:*:*:*:*:*:*:*",
       "description": "Internationalized Domain Names in Applications (IDNA)",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "771a87f49d9defaf64091e6e6fe9c18d4833f140bd19464795bc32d966ca37ea"
+        }
+      ],
       "externalReferences": [
         {
           "url": "https://pypi.org/project/idna/3.11/#files",
@@ -917,7 +923,7 @@
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-10-06T14:08:42Z"
+          "value": "2025-10-12T14:55:18Z"
         },
         {
           "name": "language",
@@ -3646,7 +3652,7 @@
       "type": "library",
       "bom-ref": "56-xmlschema",
       "name": "xmlschema",
-      "version": "4.1.0",
+      "version": "4.2.0",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -3655,12 +3661,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:4.1.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:4.2.0:*:*:*:*:*:*:*",
       "description": "An XML Schema validator and decoder",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "eabf610f398a58700bc4ac94380ad9ce558297a3f9ca8b7722ed3f7888eb4498"
+          "content": "82d24a50eea5e7f2d603312813848cd66fddf8fa2b6730839c6aa3d66312e3b6"
         }
       ],
       "externalReferences": [
@@ -3670,16 +3676,16 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/xmlschema/4.1.0/#files",
+          "url": "https://pypi.org/project/xmlschema/4.2.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/xmlschema@4.1.0",
+      "purl": "pkg:pypi/xmlschema@4.2.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-06-05T21:17:35Z"
+          "value": "2025-10-14T09:19:28Z"
         },
         {
           "name": "language",
@@ -4304,7 +4310,7 @@
       "type": "library",
       "bom-ref": "67-narwhals",
       "name": "narwhals",
-      "version": "2.7.0",
+      "version": "2.8.0",
       "supplier": {
         "name": "Marco Gorelli",
         "contact": [
@@ -4313,8 +4319,14 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.7.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.8.0:*:*:*:*:*:*:*",
       "description": "Extremely lightweight compatibility layer between dataframe libraries",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "6304856676ba4a79fd34148bda63aed8060dd6edb1227edf3659ce5e091de73c"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -4331,7 +4343,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/narwhals/2.7.0/#files",
+          "url": "https://pypi.org/project/narwhals/2.8.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4348,11 +4360,11 @@
           "type": "issue-tracker"
         }
       ],
-      "purl": "pkg:pypi/narwhals@2.7.0",
+      "purl": "pkg:pypi/narwhals@2.8.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-10-02T16:10:22Z"
+          "value": "2025-10-13T08:44:25Z"
         },
         {
           "name": "language",
@@ -4512,7 +4524,7 @@
       "type": "library",
       "bom-ref": "70-charset-normalizer",
       "name": "charset-normalizer",
-      "version": "3.4.3",
+      "version": "3.4.4",
       "supplier": {
         "name": "Ahmed R .",
         "contact": [
@@ -4521,12 +4533,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.3:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.4:*:*:*:*:*:*:*",
       "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "fb7f67a1bfa6e40b438170ebdc8158b78dc465a5a67b6dde178a46987b244a72"
+          "content": "e824f1492727fa856dd6eda4f7cee25f8518a12f3c4a56a74e8095695089cf6d"
         }
       ],
       "licenses": [
@@ -4540,7 +4552,7 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/charset-normalizer/3.4.3/#files",
+          "url": "https://pypi.org/project/charset-normalizer/3.4.4/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4561,11 +4573,11 @@
           "type": "issue-tracker"
         }
       ],
-      "purl": "pkg:pypi/[email protected].3",
+      "purl": "pkg:pypi/[email protected].4",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-08-09T07:55:36Z"
+          "value": "2025-10-14T04:40:11Z"
         },
         {
           "name": "language",

sbom/cve-bin-tool-py3.9.spdx

@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-389e7e0c-72a5-4fd1-81e1-a7100edeee49
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-6f3240c3-2796-4fa6-b32e-a2ca8c00d5be
 LicenseListVersion: 3.26
 Creator: Tool: sbom4python-0.12.4
-Created: 2025-10-13T00:40:32Z
+Created: 2025-10-20T00:41:59Z
 CreatorComment: <text>SBOM Type: Build - This document has been automatically generated.</text>
 ##### 
 
@@ -27,18 +27,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4.1:*:*:*:*:*
 
 PackageName: aiohttp
 SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.13.0
+PackageVersion: 3.13.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.13.0/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.13.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageChecksum: SHA256: ca69ec38adf5cadcc21d0b25e2144f6a25b7db7bea7e730bac25075bc305eff0
+PackageChecksum: SHA256: 2349a6b642020bf20116a8a5c83bae8ba071acf1461c7cbe45fc7fafd552e7e2
 PackageLicenseDeclared: Apache-2.0 AND MIT
 PackageLicenseConcluded: Apache-2.0 AND MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Async http client/server framework (asyncio)</text>
-ReleaseDate: 2025-10-06T19:54:40Z
+ReleaseDate: 2025-10-17T13:58:56Z
 ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
 ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
 ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI
@@ -47,7 +47,7 @@ ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html
 ExternalRef: OTHER other https://docs.aiohttp.org
 ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues
 ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].1
 ##### 
 
 PackageName: aiohappyeyeballs
@@ -278,11 +278,12 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Kim Davies ([email protected])
 PackageDownloadLocation: https://pypi.org/project/idna/3.11/#files
 FilesAnalyzed: false
+PackageChecksum: SHA256: 771a87f49d9defaf64091e6e6fe9c18d4833f140bd19464795bc32d966ca37ea
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Internationalized Domain Names in Applications (IDNA)</text>
-ReleaseDate: 2025-10-06T14:08:42Z
+ReleaseDate: 2025-10-12T14:55:18Z
 ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst
 ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues
 ExternalRef: OTHER vcs https://github.com/kjd/idna
@@ -1148,20 +1149,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:michal_horejsek:fastjsonschema:2.21.2:
 
 PackageName: xmlschema
 SPDXID: SPDXRef-56-xmlschema
-PackageVersion: 4.1.0
+PackageVersion: 4.2.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato ([email protected])
-PackageDownloadLocation: https://pypi.org/project/xmlschema/4.1.0/#files
+PackageDownloadLocation: https://pypi.org/project/xmlschema/4.2.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/sissaschool/xmlschema
-PackageChecksum: SHA256: eabf610f398a58700bc4ac94380ad9ce558297a3f9ca8b7722ed3f7888eb4498
+PackageChecksum: SHA256: 82d24a50eea5e7f2d603312813848cd66fddf8fa2b6730839c6aa3d66312e3b6
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An XML Schema validator and decoder</text>
-ReleaseDate: 2025-06-05T21:17:35Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@4.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:4.1.0:*:*:*:*:*:*:*
+ReleaseDate: 2025-10-14T09:19:28Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@4.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:4.2.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: elementpath
@@ -1381,23 +1382,24 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.3.1:*:*:*:*:*:*:*
 
 PackageName: narwhals
 SPDXID: SPDXRef-67-narwhals
-PackageVersion: 2.7.0
+PackageVersion: 2.8.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Marco Gorelli ([email protected])
-PackageDownloadLocation: https://pypi.org/project/narwhals/2.7.0/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/2.8.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/narwhals-dev/narwhals
+PackageChecksum: SHA256: 6304856676ba4a79fd34148bda63aed8060dd6edb1227edf3659ce5e091de73c
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: MIT
 PackageLicenseComments: <text>narwhals declares MIT License which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Extremely lightweight compatibility layer between dataframe libraries</text>
-ReleaseDate: 2025-10-02T16:10:22Z
+ReleaseDate: 2025-10-13T08:44:25Z
 ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
 ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
 ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.7.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.7.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.8.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.8.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: python-gnupg
@@ -1444,23 +1446,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.5:*:*:*:*:
 
 PackageName: charset-normalizer
 SPDXID: SPDXRef-70-charset-normalizer
-PackageVersion: 3.4.3
+PackageVersion: 3.4.4
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Ahmed R. ([email protected])
-PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.3/#files
+PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.4/#files
 FilesAnalyzed: false
-PackageChecksum: SHA256: fb7f67a1bfa6e40b438170ebdc8158b78dc465a5a67b6dde178a46987b244a72
+PackageChecksum: SHA256: e824f1492727fa856dd6eda4f7cee25f8518a12f3c4a56a74e8095695089cf6d
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.</text>
-ReleaseDate: 2025-08-09T07:55:36Z
+ReleaseDate: 2025-10-14T04:40:11Z
 ExternalRef: OTHER log https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md
 ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/
 ExternalRef: OTHER vcs https://github.com/jawah/charset_normalizer
 ExternalRef: OTHER issue-tracker https://github.com/jawah/charset_normalizer/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.4:*:*:*:*:*:*:*
 ##### 
 
 PackageName: urllib3