From 902ef25c67780ed83ef32b28fa1503504a738932 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 22 Jan 2024 12:40:59 -0800
Subject: [PATCH] chore: update SBOM for Python 3.9 (#3748)

Co-authored-by: GitHub <noreply@github.com>
---
 sbom/cve-bin-tool-py3.9.json | 52 ++++++++++++++++++++++--------------
 sbom/cve-bin-tool-py3.9.spdx | 33 ++++++++++++-----------
 2 files changed, 49 insertions(+), 36 deletions(-)

diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index f3ee821423..0419441087 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:d6700b9e-a9c6-43fc-bb2b-5ba9af2f2d22",
+  "serialNumber": "urn:uuid:54d4b079-3b5b-49e9-ae53-306b733aa60d",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-01-15T00:31:22Z",
+    "timestamp": "2024-01-22T00:29:31Z",
     "tools": {
       "components": [
         {
@@ -416,7 +416,7 @@
       "type": "library",
       "bom-ref": "10-beautifulsoup4",
       "name": "beautifulsoup4",
-      "version": "4.12.2",
+      "version": "4.12.3",
       "supplier": {
         "name": "Leonard Richardson",
         "contact": [
@@ -425,16 +425,24 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*",
       "description": "Screen-scraping library",
+      "licenses": [
+        {
+          "license": {
+            "id": "MIT",
+            "url": "https://opensource.org/licenses/MIT"
+          }
+        }
+      ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/beautifulsoup4/4.12.2",
+          "url": "https://pypi.org/project/beautifulsoup4/4.12.3",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/beautifulsoup4@4.12.2",
+      "purl": "pkg:pypi/beautifulsoup4@4.12.3",
       "properties": [
         {
           "name": "language",
@@ -443,6 +451,10 @@
         {
           "name": "python_version",
           "value": "3.9.18"
+        },
+        {
+          "name": "License Comments",
+          "value": "beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression."
         }
       ]
     },
@@ -780,6 +792,12 @@
       },
       "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*",
       "description": "A python package that provides useful locks",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "06c3f06cab4e135b8d921932019a231c180eb9f4"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -1887,12 +1905,12 @@
       "type": "library",
       "bom-ref": "42-markupsafe",
       "name": "markupsafe",
-      "version": "2.1.3",
+      "version": "2.1.4",
       "description": "Safely add untrusted strings to HTML/XML markup.",
       "hashes": [
         {
           "alg": "SHA-1",
-          "content": "496112e00fcfa54d81d256f1f7e221ad01d033cc"
+          "content": "b7cd6523579ea5a08d89799f2a64ec2c2bc45eca"
         }
       ],
       "licenses": [
@@ -1905,12 +1923,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/MarkupSafe/2.1.3",
+          "url": "https://pypi.org/project/MarkupSafe/2.1.4",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/markupsafe@2.1.3",
+      "purl": "pkg:pypi/markupsafe@2.1.4",
       "properties": [
         {
           "name": "language",
@@ -1926,18 +1944,12 @@
       "type": "library",
       "bom-ref": "43-jsonschema",
       "name": "jsonschema",
-      "version": "4.20.0",
+      "version": "4.21.1",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*",
       "description": "An implementation of JSON Schema validation for Python",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "5ff5999d50420251744bc49e758f3b15ad2f8569"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -1948,12 +1960,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/jsonschema/4.20.0",
+          "url": "https://pypi.org/project/jsonschema/4.21.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/jsonschema@4.20.0",
+      "purl": "pkg:pypi/jsonschema@4.21.1",
       "properties": [
         {
           "name": "language",
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index 0b2c8f1c79..e8be54ceb3 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4afe55af-b7c9-4665-8ecf-9c62a1b633ca
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-5f4d31df-fd73-4951-8e94-ddefa13884ec
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.10.3
-Created: 2024-01-15T00:29:16Z
+Created: 2024-01-22T00:27:48Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -153,17 +153,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:*
 
 PackageName: beautifulsoup4
 SPDXID: SPDXRef-Package-10-beautifulsoup4
-PackageVersion: 4.12.2
+PackageVersion: 4.12.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
-PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.2
+PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
+PackageLicenseConcluded: MIT
+PackageLicenseComments: <text>beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Screen-scraping library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.12.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.12.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: soupsieve
@@ -286,6 +287,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Joshua Harlow
 PackageDownloadLocation: https://pypi.org/project/fasteners/0.19
 FilesAnalyzed: false
+PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
@@ -668,33 +670,32 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.1.3
 
 PackageName: markupsafe
 SPDXID: SPDXRef-Package-42-markupsafe
-PackageVersion: 2.1.3
+PackageVersion: 2.1.4
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.3
+PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.4
 FilesAnalyzed: false
-PackageChecksum: SHA1: 496112e00fcfa54d81d256f1f7e221ad01d033cc
+PackageChecksum: SHA1: b7cd6523579ea5a08d89799f2a64ec2c2bc45eca
 PackageLicenseDeclared: BSD-3-Clause
 PackageLicenseConcluded: BSD-3-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Safely add untrusted strings to HTML/XML markup.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.4
 ##### 
 
 PackageName: jsonschema
 SPDXID: SPDXRef-Package-43-jsonschema
-PackageVersion: 4.20.0
+PackageVersion: 4.21.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.20.0
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.21.1
 FilesAnalyzed: false
-PackageChecksum: SHA1: 5ff5999d50420251744bc49e758f3b15ad2f8569
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An implementation of JSON Schema validation for Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.20.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.21.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jsonschema-specifications