chore: update SBOM for Python 3.11 (#4657)

Co-authored-by: GitHub <noreply@github.com>
intel · Dec 30, 2024 · 5b40882 · 5b40882
1 parent 0ec313b
commit 5b40882
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 33 deletions.
diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:a38c0f26-3329-4a36-b47f-86043635ea87",
+  "serialNumber": "urn:uuid:053da26e-15af-4ea5-8b89-191aeab8f5f6",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-12-23T00:36:40Z",
+    "timestamp": "2024-12-30T00:36:12Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -246,6 +246,12 @@
       "name": "aiosignal",
       "version": "1.3.2",
       "description": "aiosignal: a list of registered asynchronous callbacks",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "45cde58e409a301715980c2b01d0c28bdde3770d8290b5eb2173759d9acb31a5"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -295,7 +301,7 @@
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-11-30T18:43:39Z"
+          "value": "2024-12-13T17:10:38Z"
         },
         {
           "name": "language",
@@ -4166,21 +4172,21 @@
       "type": "library",
       "bom-ref": "66-charset-normalizer",
       "name": "charset-normalizer",
-      "version": "3.4.0",
+      "version": "3.4.1",
       "supplier": {
-        "name": "Ahmed TAHRI",
+        "name": "Ahmed R .",
         "contact": [
           {
             "email": "tahri.ahmed@proton.me"
           }
         ]
       },
-      "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.1:*:*:*:*:*:*:*",
       "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6"
+          "content": "91b36a978b5ae0ee86c394f5a54d6ef44db1de0815eb43de826d41d21e4af3de"
         }
       ],
       "licenses": [
@@ -4194,29 +4200,32 @@
       ],
       "externalReferences": [
         {
-          "url": "https://github.com/Ousret/charset_normalizer",
-          "type": "website",
-          "comment": "Home page for project"
-        },
-        {
-          "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files",
+          "url": "https://pypi.org/project/charset-normalizer/3.4.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
         {
-          "url": "https://github.com/Ousret/charset_normalizer/issues",
-          "type": "issue-tracker"
+          "url": "https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md",
+          "type": "log"
         },
         {
-          "url": "https://charset-normalizer.readthedocs.io/en/latest",
+          "url": "https://charset-normalizer.readthedocs.io/",
           "type": "documentation"
+        },
+        {
+          "url": "https://github.com/jawah/charset_normalizer",
+          "type": "vcs"
+        },
+        {
+          "url": "https://github.com/jawah/charset_normalizer/issues",
+          "type": "issue-tracker"
         }
       ],
-      "purl": "pkg:pypi/charset-normalizer@3.4.0",
+      "purl": "pkg:pypi/charset-normalizer@3.4.1",
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-10-09T07:38:02Z"
+          "value": "2024-12-24T18:09:43Z"
         },
         {
           "name": "language",
@@ -4243,6 +4252,12 @@
       },
       "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.3.0:*:*:*:*:*:*:*",
       "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "1cee9ad369867bfdbbb48b7dd50374c0967a0bb7710050facf0dd6911440e3df"
+        }
+      ],
       "externalReferences": [
         {
           "url": "https://pypi.org/project/urllib3/2.3.0/#files",
@@ -4270,7 +4285,7 @@
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-10-09T07:38:02Z"
+          "value": "2024-12-22T07:47:28Z"
         },
         {
           "name": "language",

diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-2f404bdb-9b4a-4f4b-a450-73854b6c2f3e
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0e2bfc62-db1d-4c47-98ca-65dee468d63b
 LicenseListVersion: 3.25
 Creator: Tool: sbom4python-0.12.1
-Created: 2024-12-23T00:36:31Z
+Created: 2024-12-30T00:36:05Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -82,12 +82,13 @@ PackageSupplier: NOASSERTION
 PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.2/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/aiosignal
+PackageChecksum: SHA256: 45cde58e409a301715980c2b01d0c28bdde3770d8290b5eb2173759d9acb31a5
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>aiosignal: a list of registered asynchronous callbacks</text>
-ReleaseDate: 2024-11-30T18:43:39Z
+ReleaseDate: 2024-12-13T17:10:38Z
 ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby
 ExternalRef: OTHER build-system https://github.com/aio-libs/aiosignal/actions
 ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal
@@ -1370,22 +1371,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:
 
 PackageName: charset-normalizer
 SPDXID: SPDXRef-66-charset-normalizer
-PackageVersion: 3.4.0
+PackageVersion: 3.4.1
 PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me)
-PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files
+PackageSupplier: Organization: Ahmed R. (tahri.ahmed@proton.me)
+PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.1/#files
 FilesAnalyzed: false
-PackageHomePage: https://github.com/Ousret/charset_normalizer
-PackageChecksum: SHA256: 4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6
+PackageChecksum: SHA256: 91b36a978b5ae0ee86c394f5a54d6ef44db1de0815eb43de826d41d21e4af3de
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.</text>
-ReleaseDate: 2024-10-09T07:38:02Z
-ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues
-ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-24T18:09:43Z
+ExternalRef: OTHER log https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md
+ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/
+ExternalRef: OTHER vcs https://github.com/jawah/charset_normalizer
+ExternalRef: OTHER issue-tracker https://github.com/jawah/charset_normalizer/issues
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.4.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: urllib3
@@ -1395,11 +1397,12 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
 PackageDownloadLocation: https://pypi.org/project/urllib3/2.3.0/#files
 FilesAnalyzed: false
+PackageChecksum: SHA256: 1cee9ad369867bfdbbb48b7dd50374c0967a0bb7710050facf0dd6911440e3df
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>HTTP library with thread-safe connection pooling, file post, and more.</text>
-ReleaseDate: 2024-10-09T07:38:02Z
+ReleaseDate: 2024-12-22T07:47:28Z
 ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst
 ExternalRef: OTHER documentation https://urllib3.readthedocs.io
 ExternalRef: OTHER vcs https://github.com/urllib3/urllib3