chore: update SBOM for Python 3.9 (#5357)

github-actions[bot] · web-flow · web-flow · commit 25081bd70b0e · 2025-09-22T10:09:31.000-07:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:e95d818a-d226-4cdc-ab2e-458ba245d4a8",
+  "serialNumber": "urn:uuid:b727b64a-8125-43ab-a84c-ed40382e46ce",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-09-15T00:43:01Z",
+    "timestamp": "2025-09-22T00:46:07Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -2084,7 +2084,7 @@
       "type": "library",
       "bom-ref": "31-pyparsing",
       "name": "pyparsing",
-      "version": "3.2.4",
+      "version": "3.2.5",
       "supplier": {
         "name": "Paul McGuire",
         "contact": [
@@ -2093,31 +2093,25 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.5:*:*:*:*:*:*:*",
       "description": "pyparsing - Classes and methods to define and execute parsing grammars",
-      "hashes": [
-        {
-          "alg": "SHA-256",
-          "content": "91d0fcde680d42cd031daf3a6ba20da3107e08a75de50da58360e7d94ab24d36"
-        }
-      ],
       "externalReferences": [
         {
           "url": "https://github.com/pyparsing/pyparsing/",
           "type": "website",
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/pyparsing/3.2.4/#files",
+          "url": "https://pypi.org/project/pyparsing/3.2.5/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/pyparsing@3.2.4",
+      "purl": "pkg:pypi/pyparsing@3.2.5",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-09-13T05:47:17Z"
+          "value": "2022-02-03T00:00:29Z"
         },
         {
           "name": "language",
@@ -4921,6 +4915,12 @@
       },
       "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.25.0:*:*:*:*:*:*:*",
       "description": "Zstandard bindings for Python",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "e59fdc271772f6686e01e1b3b74537259800f57e24280be3f29c8a0deb1904dd"
+        }
+      ],
       "externalReferences": [
         {
           "url": "https://github.com/indygreg/python-zstandard",
@@ -4941,7 +4941,7 @@
       "properties": [
         {
           "name": "release_date",
-          "value": "2020-11-01T01:40:20Z"
+          "value": "2025-09-14T22:15:56Z"
         },
         {
           "name": "language",
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-45d14278-61cf-4c14-adc0-9b6abd9673f6
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-06511fdd-5d66-4e9d-aae8-faf2852fbca2
 LicenseListVersion: 3.26
 Creator: Tool: sbom4python-0.12.4
-Created: 2025-09-15T00:42:49Z
+Created: 2025-09-22T00:45:35Z
 CreatorComment: <text>SBOM Type: Build - This document has been automatically generated.</text>
 ##### 
 
@@ -419,13 +419,12 @@ PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
 PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install
 FilesAnalyzed: false
 PackageHomePage: https://cloud.google.com/storage/docs/gsutil
-PackageChecksum: SHA256: b6970ea6c0950c854ce2e33c591e177a6f4a657f2824a1b54eaefa2dff2576bb
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A command line tool for interacting with cloud storage services.</text>
-ReleaseDate: 2025-06-25T08:28:10Z
+ReleaseDate: 2022-11-02T17:34:01Z
 ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.35
 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.35:*:*:*:*:*:*:*
 ##### 
@@ -575,13 +574,12 @@ PackageSupplier: Person: Google (googleapis-publisher@google.com)
 PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/Google/google-reauth-python
-PackageChecksum: SHA256: cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Google Reauth Library</text>
-ReleaseDate: 2020-12-01T17:35:45Z
+ReleaseDate: 2018-07-11T20:58:55Z
 ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-reauth@0.1.1
 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
 ##### 
@@ -643,20 +641,19 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*
 
 PackageName: pyparsing
 SPDXID: SPDXRef-31-pyparsing
-PackageVersion: 3.2.4
+PackageVersion: 3.2.5
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.4/#files
+PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.5/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/pyparsing/pyparsing/
-PackageChecksum: SHA256: 91d0fcde680d42cd031daf3a6ba20da3107e08a75de50da58360e7d94ab24d36
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>pyparsing - Classes and methods to define and execute parsing grammars</text>
-ReleaseDate: 2025-09-13T05:47:17Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.2.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.4:*:*:*:*:*:*:*
+ReleaseDate: 2022-02-03T00:00:29Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.2.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.5:*:*:*:*:*:*:*
 ##### 
 
 PackageName: oauth2client
@@ -1600,11 +1597,12 @@ PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
 PackageDownloadLocation: https://pypi.org/project/zstandard/0.25.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/indygreg/python-zstandard
+PackageChecksum: SHA256: e59fdc271772f6686e01e1b3b74537259800f57e24280be3f29c8a0deb1904dd
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Zstandard bindings for Python</text>
-ReleaseDate: 2020-11-01T01:40:20Z
+ReleaseDate: 2025-09-14T22:15:56Z
 ExternalRef: OTHER documentation https://python-zstandard.readthedocs.io/en/latest/
 ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.25.0
 ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.25.0:*:*:*:*:*:*:*
