chore: update SBOM for Python 3.9

Author: web-flow

sbom/cve-bin-tool-py3.9.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.7",
-  "serialNumber": "urn:uuid:d190d704-123d-4c29-92f1-59ac8bf44db5",
+  "serialNumber": "urn:uuid:7bf8bca8-2d53-45ec-a71e-22609c7476b9",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-11-10T00:41:52Z",
+    "timestamp": "2025-11-24T00:43:25Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -3401,7 +3401,7 @@
       "type": "library",
       "bom-ref": "52-lib4sbom",
       "name": "lib4sbom",
-      "version": "0.9.0",
+      "version": "0.9.1",
       "supplier": {
         "name": "Anthony Harrison",
         "contact": [
@@ -3410,12 +3410,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.9.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.9.1:*:*:*:*:*:*:*",
       "description": "Software Bill of Material (SBOM) generator and consumer library",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "78b8584d10fc7fa28fc3c17c0afcb2967f3c2b96974e4bdbb60b3eb3744d01fd"
+          "content": "f2423d5e06a82f5462b05d0c5b9273d6e3674753ade9f5a0d4abdcf73f799117"
         }
       ],
       "licenses": [
@@ -3434,16 +3434,16 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/lib4sbom/0.9.0/#files",
+          "url": "https://pypi.org/project/lib4sbom/0.9.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/lib4sbom@0.9.0",
+      "purl": "pkg:pypi/lib4sbom@0.9.1",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-10-28T09:09:40Z"
+          "value": "2025-11-13T20:07:13Z"
         },
         {
           "name": "language",
@@ -4254,7 +4254,7 @@
       "type": "library",
       "bom-ref": "66-plotly",
       "name": "plotly",
-      "version": "6.4.0",
+      "version": "6.5.0",
       "supplier": {
         "name": "Chris P",
         "contact": [
@@ -4263,12 +4263,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:chris_p:plotly:6.4.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:chris_p:plotly:6.5.0:*:*:*:*:*:*:*",
       "description": "An open-source interactive data visualization library for Python",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "a1062eafbdc657976c2eedd276c90e184ccd6c21282a5e9ee8f20efca9c9a4c5"
+          "content": "5ac851e100367735250206788a2b1325412aa4a4917a4fe3e6f0bc5aa6f3d90a"
         }
       ],
       "externalReferences": [
@@ -4278,7 +4278,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/plotly/6.4.0/#files",
+          "url": "https://pypi.org/project/plotly/6.5.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4295,11 +4295,11 @@
           "type": "log"
         }
       ],
-      "purl": "pkg:pypi/plotly@6.4.0",
+      "purl": "pkg:pypi/plotly@6.5.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-11-04T17:59:22Z"
+          "value": "2025-11-17T18:39:20Z"
         },
         {
           "name": "language",
@@ -4319,7 +4319,7 @@
       "type": "library",
       "bom-ref": "67-narwhals",
       "name": "narwhals",
-      "version": "2.10.2",
+      "version": "2.12.0",
       "supplier": {
         "name": "Marco Gorelli",
         "contact": [
@@ -4328,7 +4328,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.10.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.12.0:*:*:*:*:*:*:*",
       "description": "Extremely lightweight compatibility layer between dataframe libraries",
       "licenses": [
         {
@@ -4346,7 +4346,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/narwhals/2.10.2/#files",
+          "url": "https://pypi.org/project/narwhals/2.12.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4363,11 +4363,11 @@
           "type": "issue-tracker"
         }
       ],
-      "purl": "pkg:pypi/narwhals@2.10.2",
+      "purl": "pkg:pypi/narwhals@2.12.0",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-11-04T17:59:22Z"
+          "value": "2025-11-17T18:39:20Z"
         },
         {
           "name": "language",
@@ -4656,7 +4656,7 @@
       "type": "library",
       "bom-ref": "72-certifi",
       "name": "certifi",
-      "version": "2025.10.5",
+      "version": "2025.11.12",
       "supplier": {
         "name": "Kenneth Reitz",
         "contact": [
@@ -4665,12 +4665,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2025.10.5:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2025.11.12:*:*:*:*:*:*:*",
       "description": "Python package for providing Mozilla's CA Bundle.",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "0f212c2744a9bb6de0c56639a6f68afe01ecd92d91f14ae897c4fe7bbeeef0de"
+          "content": "97de8790030bbd5c2d96b7ec782fc2f7820ef8dba6db909ccf95449f2d062d4b"
         }
       ],
       "licenses": [
@@ -4689,7 +4689,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/certifi/2025.10.5/#files",
+          "url": "https://pypi.org/project/certifi/2025.11.12/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -4698,11 +4698,11 @@
           "type": "vcs"
         }
       ],
-      "purl": "pkg:pypi/certifi@2025.10.5",
+      "purl": "pkg:pypi/certifi@2025.11.12",
       "properties": [
         {
           "name": "release_date",
-          "value": "2025-10-05T04:12:14Z"
+          "value": "2025-11-12T02:54:49Z"
         },
         {
           "name": "language",

sbom/cve-bin-tool-py3.9.spdx

@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-57009a0b-d4a9-4bf8-9a82-3341168a260c
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-b5de8e1b-b5b1-4d95-9165-d5ec3d0cfd10
 LicenseListVersion: 3.26
 Creator: Tool: sbom4python-0.12.4
-Created: 2025-11-10T00:41:40Z
+Created: 2025-11-24T00:43:15Z
 CreatorComment: <text>SBOM Type: Build - This document has been automatically generated.</text>
 ##### 
 
@@ -1071,20 +1071,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.27.1:*:*:*:*:*
 
 PackageName: lib4sbom
 SPDXID: SPDXRef-52-lib4sbom
-PackageVersion: 0.9.0
+PackageVersion: 0.9.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.9.0/#files
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.9.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/anthonyharrison/lib4sbom
-PackageChecksum: SHA256: 78b8584d10fc7fa28fc3c17c0afcb2967f3c2b96974e4bdbb60b3eb3744d01fd
+PackageChecksum: SHA256: f2423d5e06a82f5462b05d0c5b9273d6e3674753ade9f5a0d4abdcf73f799117
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Software Bill of Material (SBOM) generator and consumer library</text>
-ReleaseDate: 2025-10-28T09:09:40Z
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.9.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.9.0:*:*:*:*:*:*:*
+ReleaseDate: 2025-11-13T20:07:13Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.9.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.9.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: pyyaml
@@ -1340,13 +1340,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:25.0:*:*:*:*:*
 
 PackageName: plotly
 SPDXID: SPDXRef-66-plotly
-PackageVersion: 6.4.0
+PackageVersion: 6.5.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/6.4.0/#files
+PackageDownloadLocation: https://pypi.org/project/plotly/6.5.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://plotly.com/python/
-PackageChecksum: SHA256: a1062eafbdc657976c2eedd276c90e184ccd6c21282a5e9ee8f20efca9c9a4c5
+PackageChecksum: SHA256: 5ac851e100367735250206788a2b1325412aa4a4917a4fe3e6f0bc5aa6f3d90a
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageLicenseComments: <text>plotly declares MIT License
@@ -1373,33 +1373,33 @@ THE SOFTWARE.
  which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An open-source interactive data visualization library for Python</text>
-ReleaseDate: 2025-11-04T17:59:22Z
+ReleaseDate: 2025-11-17T18:39:20Z
 ExternalRef: OTHER documentation https://plotly.com/python/
 ExternalRef: OTHER vcs https://github.com/plotly/plotly.py
 ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/main/CHANGELOG.md
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@6.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.4.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@6.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.5.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: narwhals
 SPDXID: SPDXRef-67-narwhals
-PackageVersion: 2.10.2
+PackageVersion: 2.12.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Marco Gorelli (hello_narwhals@proton.me)
-PackageDownloadLocation: https://pypi.org/project/narwhals/2.10.2/#files
+PackageDownloadLocation: https://pypi.org/project/narwhals/2.12.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/narwhals-dev/narwhals
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: MIT
 PackageLicenseComments: <text>narwhals declares MIT License which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Extremely lightweight compatibility layer between dataframe libraries</text>
-ReleaseDate: 2025-11-04T17:59:22Z
+ReleaseDate: 2025-11-17T18:39:20Z
 ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
 ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
 ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.10.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.10.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.12.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.12.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: python-gnupg
@@ -1488,21 +1488,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.5.0:*:*:*:*:*:
 
 PackageName: certifi
 SPDXID: SPDXRef-72-certifi
-PackageVersion: 2025.10.5
+PackageVersion: 2025.11.12
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2025.10.5/#files
+PackageDownloadLocation: https://pypi.org/project/certifi/2025.11.12/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/certifi/python-certifi
-PackageChecksum: SHA256: 0f212c2744a9bb6de0c56639a6f68afe01ecd92d91f14ae897c4fe7bbeeef0de
+PackageChecksum: SHA256: 97de8790030bbd5c2d96b7ec782fc2f7820ef8dba6db909ccf95449f2d062d4b
 PackageLicenseDeclared: MPL-2.0
 PackageLicenseConcluded: MPL-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python package for providing Mozilla's CA Bundle.</text>
-ReleaseDate: 2025-10-05T04:12:14Z
+ReleaseDate: 2025-11-12T02:54:49Z
 ExternalRef: OTHER vcs https://github.com/certifi/python-certifi
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2025.10.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2025.10.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2025.11.12
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2025.11.12:*:*:*:*:*:*:*
 ##### 
 
 PackageName: rpmfile