chore: update SBOM for Python 3.13 (#5075)

Co-authored-by: GitHub <[email protected]>

Author: github-actions[bot]

sbom/cve-bin-tool-py3.13.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:b2af29b0-234f-4dc8-9f41-043508fbfa70",
+  "serialNumber": "urn:uuid:dd8ab0b5-d81e-4731-abe3-cb7c5d6c20ef",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-05-05T00:42:51Z",
+    "timestamp": "2025-05-12T00:42:32Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -4174,7 +4174,7 @@
       "type": "library",
       "bom-ref": "63-narwhals",
       "name": "narwhals",
-      "version": "1.37.1",
+      "version": "1.38.2",
       "supplier": {
         "name": "Marco Gorelli",
         "contact": [
@@ -4183,12 +4183,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.37.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.38.2:*:*:*:*:*:*:*",
       "description": "Extremely lightweight compatibility layer between dataframe libraries",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "6f358a23b7351897d6efb45496dc0528918ce4ca6c8f9631594885cd873576a7"
+          "content": "a33a182e32f18d794a04e7828a5c401fb26ce9083f609993e7e5064aace641c7"
         }
       ],
       "licenses": [
@@ -4207,7 +4207,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/narwhals/1.37.1/#files",
+          "url": "https://pypi.org/project/narwhals/1.38.2/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4224,11 +4224,11 @@
           "type": "issue-tracker"
         }
       ],
-      "purl": "pkg:pypi/narwhals@1.37.1",
+      "purl": "pkg:pypi/narwhals@1.38.2",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-04-29T13:56:31Z"
+          "value": "2025-05-08T17:02:25Z"
         },
         {
           "name": "language",
@@ -4637,7 +4637,7 @@
       "type": "library",
       "bom-ref": "70-setuptools",
       "name": "setuptools",
-      "version": "80.3.1",
+      "version": "80.4.0",
       "supplier": {
         "name": "Python Packaging Authority",
         "contact": [
@@ -4646,17 +4646,17 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:80.3.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:80.4.0:*:*:*:*:*:*:*",
       "description": "Easily download, build, install, upgrade, and uninstall Python packages",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "ea8e00d7992054c4c592aeb892f6ad51fe1b4d90cc6947cc45c45717c40ec537"
+          "content": "6cdc8cb9a7d590b237dbe4493614a9b75d0559b888047c1f67d49ba50fc3edb2"
         }
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/setuptools/80.3.1/#files",
+          "url": "https://pypi.org/project/setuptools/80.4.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4673,11 +4673,11 @@
           "type": "log"
         }
       ],
-      "purl": "pkg:pypi/setuptools@80.3.1",
+      "purl": "pkg:pypi/setuptools@80.4.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-05-04T18:47:02Z"
+          "value": "2025-05-09T20:42:25Z"
         },
         {
           "name": "language",
@@ -4742,7 +4742,7 @@
       "type": "library",
       "bom-ref": "72-elementpath",
       "name": "elementpath",
-      "version": "5.0.0",
+      "version": "5.0.1",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -4751,25 +4751,31 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:elementpath:5.0.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:elementpath:5.0.1:*:*:*:*:*:*:*",
       "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "334f796578d1d273e99838b6a731d265985ea9ab399e22b74ea1c3a3faa73c83"
+        }
+      ],
       "externalReferences": [
         {
           "url": "https://github.com/sissaschool/elementpath",
           "type": "website",
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/elementpath/5.0.0/#files",
+          "url": "https://pypi.org/project/elementpath/5.0.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].0",
+      "purl": "pkg:pypi/[email protected].1",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-04-13T20:41:21Z"
+          "value": "2025-05-11T16:01:16Z"
         },
         {
           "name": "language",

sbom/cve-bin-tool-py3.13.spdx

@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-62f63aea-cf48-4823-8c09-7b3252ecf413
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a5c4a797-1fcf-49d3-91d2-2df41e833a79
 LicenseListVersion: 3.25
 Creator: Tool: sbom4python-0.12.3
-Created: 2025-05-05T00:42:45Z
+Created: 2025-05-12T00:42:26Z
 CreatorComment: <text>SBOM Type: Build - This document has been automatically generated.</text>
 ##### 
 
@@ -1339,24 +1339,24 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.0.1:*:*:*:*:*:*:*
 
 PackageName: narwhals
 SPDXID: SPDXRef-63-narwhals
-PackageVersion: 1.37.1
+PackageVersion: 1.38.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Marco Gorelli ([email protected])
-PackageDownloadLocation: https://pypi.org/project/narwhals/1.37.1/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/1.38.2/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/narwhals-dev/narwhals
-PackageChecksum: SHA256: 6f358a23b7351897d6efb45496dc0528918ce4ca6c8f9631594885cd873576a7
+PackageChecksum: SHA256: a33a182e32f18d794a04e7828a5c401fb26ce9083f609993e7e5064aace641c7
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: MIT
 PackageLicenseComments: <text>narwhals declares MIT License which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Extremely lightweight compatibility layer between dataframe libraries</text>
-ReleaseDate: 2025-04-29T13:56:31Z
+ReleaseDate: 2025-05-08T17:02:25Z
 ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
 ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
 ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.37.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.37.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@1.38.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:1.38.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: python-gnupg
@@ -1482,22 +1482,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
 
 PackageName: setuptools
 SPDXID: SPDXRef-70-setuptools
-PackageVersion: 80.3.1
+PackageVersion: 80.4.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Python Packaging Authority ([email protected])
-PackageDownloadLocation: https://pypi.org/project/setuptools/80.3.1/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/80.4.0/#files
 FilesAnalyzed: false
-PackageChecksum: SHA256: ea8e00d7992054c4c592aeb892f6ad51fe1b4d90cc6947cc45c45717c40ec537
+PackageChecksum: SHA256: 6cdc8cb9a7d590b237dbe4493614a9b75d0559b888047c1f67d49ba50fc3edb2
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Easily download, build, install, upgrade, and uninstall Python packages</text>
-ReleaseDate: 2025-05-04T18:47:02Z
+ReleaseDate: 2025-05-09T20:42:25Z
 ExternalRef: OTHER vcs https://github.com/pypa/setuptools
 ExternalRef: OTHER documentation https://setuptools.pypa.io/
 ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@80.3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:80.3.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@80.4.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:80.4.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: xmlschema
@@ -1520,19 +1520,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:4.0.1:*:*:*:*
 
 PackageName: elementpath
 SPDXID: SPDXRef-72-elementpath
-PackageVersion: 5.0.0
+PackageVersion: 5.0.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato ([email protected])
-PackageDownloadLocation: https://pypi.org/project/elementpath/5.0.0/#files
+PackageDownloadLocation: https://pypi.org/project/elementpath/5.0.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/sissaschool/elementpath
+PackageChecksum: SHA256: 334f796578d1d273e99838b6a731d265985ea9ab399e22b74ea1c3a3faa73c83
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml</text>
-ReleaseDate: 2025-04-13T20:41:21Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:5.0.0:*:*:*:*:*:*:*
+ReleaseDate: 2025-05-11T16:01:16Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:5.0.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: zstandard