chore: update SBOM for Python 3.10

intel · Mar 18, 2024 · dfd70c8 · dfd70c8
1 parent 46deb12
commit dfd70c8
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 54 deletions.
diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:f5f5b960-1365-43a3-b25b-b20164739eed",
+  "serialNumber": "urn:uuid:a850efaa-f94c-4756-a68c-7040461dd1f2",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-03-11T00:27:54Z",
+    "timestamp": "2024-03-18T00:27:27Z",
     "tools": {
       "components": [
         {
@@ -1824,28 +1824,20 @@
       "type": "library",
       "bom-ref": "44-referencing",
       "name": "referencing",
-      "version": "0.33.0",
+      "version": "0.34.0",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:referencing:0.33.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*",
       "description": "JSON Referencing + Python",
-      "licenses": [
-        {
-          "license": {
-            "id": "MIT",
-            "url": "https://opensource.org/licenses/MIT"
-          }
-        }
-      ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/referencing/0.33.0",
+          "url": "https://pypi.org/project/referencing/0.34.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/referencing@0.33.0",
+      "purl": "pkg:pypi/referencing@0.34.0",
       "properties": [
         {
           "name": "language",
@@ -2028,11 +2020,11 @@
       "type": "library",
       "bom-ref": "49-packageurl-python",
       "name": "packageurl-python",
-      "version": "0.14.0",
+      "version": "0.15.0",
       "supplier": {
         "name": "the purl authors"
       },
-      "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.14.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.0:*:*:*:*:*:*:*",
       "description": "A purl aka. Package URL parser and builder",
       "licenses": [
         {
@@ -2044,12 +2036,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/packageurl-python/0.14.0",
+          "url": "https://pypi.org/project/packageurl-python/0.15.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/packageurl-python@0.14.0",
+      "purl": "pkg:pypi/packageurl-python@0.15.0",
       "properties": [
         {
           "name": "language",
@@ -2099,7 +2091,7 @@
       "type": "library",
       "bom-ref": "51-plotly",
       "name": "plotly",
-      "version": "5.19.0",
+      "version": "5.20.0",
       "supplier": {
         "name": "Chris P",
         "contact": [
@@ -2108,7 +2100,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:chris_p:plotly:5.19.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*",
       "description": "An open-source, interactive data visualization library for Python",
       "licenses": [
         {
@@ -2120,12 +2112,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/plotly/5.19.0",
+          "url": "https://pypi.org/project/plotly/5.20.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/plotly@5.19.0",
+      "purl": "pkg:pypi/plotly@5.20.0",
       "properties": [
         {
           "name": "language",
@@ -2633,7 +2625,7 @@
       "type": "library",
       "bom-ref": "64-xmlschema",
       "name": "xmlschema",
-      "version": "3.0.2",
+      "version": "3.1.0",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -2642,7 +2634,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.0.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.1.0:*:*:*:*:*:*:*",
       "description": "An XML Schema validator and decoder",
       "licenses": [
         {
@@ -2654,12 +2646,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/xmlschema/3.0.2",
+          "url": "https://pypi.org/project/xmlschema/3.1.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/xmlschema@3.0.2",
+      "purl": "pkg:pypi/xmlschema@3.1.0",
       "properties": [
         {
           "name": "language",
@@ -2675,7 +2667,7 @@
       "type": "library",
       "bom-ref": "65-elementpath",
       "name": "elementpath",
-      "version": "4.3.0",
+      "version": "4.4.0",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -2684,7 +2676,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.3.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*:*:*:*:*",
       "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
       "licenses": [
         {
@@ -2696,12 +2688,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/elementpath/4.3.0",
+          "url": "https://pypi.org/project/elementpath/4.4.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/elementpath@4.3.0",
+      "purl": "pkg:pypi/elementpath@4.4.0",
       "properties": [
         {
           "name": "language",

diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-303dc6c3-9dd0-4daa-9f8d-9ce6b33b4fa8
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a873fb7c-bf1e-4dcc-ac24-c2ea5a569735
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.10.3
-Created: 2024-03-11T00:26:09Z
+Created: 2024-03-18T00:25:56Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -672,17 +672,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
 
 PackageName: referencing
 SPDXID: SPDXRef-Package-44-referencing
-PackageVersion: 0.33.0
+PackageVersion: 0.34.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.33.0
+PackageDownloadLocation: https://pypi.org/project/referencing/0.34.0
 FilesAnalyzed: false
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>JSON Referencing + Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.33.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.33.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.34.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: rpds-py
@@ -748,17 +748,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.
 
 PackageName: packageurl-python
 SPDXID: SPDXRef-Package-49-packageurl-python
-PackageVersion: 0.14.0
+PackageVersion: 0.15.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.14.0
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A purl aka. Package URL parser and builder</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.14.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.14.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.15.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: packaging
@@ -778,17 +778,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:*
 
 PackageName: plotly
 SPDXID: SPDXRef-Package-51-plotly
-PackageVersion: 5.19.0
+PackageVersion: 5.20.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/5.19.0
+PackageDownloadLocation: https://pypi.org/project/plotly/5.20.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An open-source, interactive data visualization library for Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.19.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.19.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.20.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: tenacity
@@ -976,32 +976,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
 
 PackageName: xmlschema
 SPDXID: SPDXRef-Package-64-xmlschema
-PackageVersion: 3.0.2
+PackageVersion: 3.1.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.0.2
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.1.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An XML Schema validator and decoder</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.0.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.0.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.1.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: elementpath
 SPDXID: SPDXRef-Package-65-elementpath
-PackageVersion: 4.3.0
+PackageVersion: 4.4.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.3.0
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.4.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.4.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: zstandard