From 6d6d3421441c92f618344e927412942cf68deac2 Mon Sep 17 00:00:00 2001 From: GitHub Date: Thu, 4 Jan 2024 20:03:00 +0000 Subject: [PATCH] chore: update SBOM for Python 3.8 --- sbom/cve-bin-tool-py3.8.json | 66 ++++++++++++++++-------------------- sbom/cve-bin-tool-py3.8.spdx | 51 ++++++++++++++-------------- 2 files changed, 55 insertions(+), 62 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index 705b3944d5..2d3047862d 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,15 +2,15 @@ "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5", - "serialNumber": "urn:uuid:1f029f96-8a45-4f02-b564-8c846f2ecd85", + "serialNumber": "urn:uuid:0692a5a1-db5c-47ac-97f9-f93b07c81ee8", "version": 1, "metadata": { - "timestamp": "2023-12-25T00:30:36Z", + "timestamp": "2024-01-04T20:02:58Z", "tools": { "components": [ { "name": "sbom4python", - "version": "0.10.2", + "version": "0.10.3", "type": "application" } ] @@ -248,7 +248,7 @@ "type": "library", "bom-ref": "6-attrs", "name": "attrs", - "version": "23.1.0", + "version": "23.2.0", "supplier": { "name": "Hynek Schlawack", "contact": [ @@ -257,22 +257,16 @@ } ] }, - "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*", "description": "Classes Without Boilerplate", - "hashes": [ - { - "alg": "SHA-1", - "content": "1e2f6f9cac5cc60f0adab051c14adf09ffe39155" - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/attrs/23.1.0", + "url": "https://pypi.org/project/attrs/23.2.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/attrs@23.1.0", + "purl": "pkg:pypi/attrs@23.2.0", "properties": [ { "name": "language", @@ -1354,6 +1348,12 @@ }, "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.3.0:*:*:*:*:*:*:*", "description": "Python wrapper module around the OpenSSL library", + "hashes": [ + { + "alg": "SHA-1", + "content": "5ba8ce10ed7c318e57516a7ec8447cbb5626d3f9" + } + ], "licenses": [ { "license": { @@ -1628,7 +1628,7 @@ "type": "library", "bom-ref": "36-google-auth", "name": "google-auth", - "version": "2.25.2", + "version": "2.26.1", "supplier": { "name": "Google Cloud Platform", "contact": [ @@ -1637,7 +1637,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.25.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.26.1:*:*:*:*:*:*:*", "description": "Google Authentication Library", "licenses": [ { @@ -1649,12 +1649,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/google-auth/2.25.2", + "url": "https://pypi.org/project/google-auth/2.26.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-auth@2.25.2", + "purl": "pkg:pypi/google-auth@2.26.1", "properties": [ { "name": "language", @@ -2018,16 +2018,16 @@ "type": "library", "bom-ref": "45-jsonschema-specifications", "name": "jsonschema-specifications", - "version": "2023.11.2", + "version": "2023.12.1", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*", "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry", "hashes": [ { "alg": "SHA-1", - "content": "a2fec386cdb2ed38041ccbfff0fc3e8a566997a3" + "content": "544e0ff86850af1c6d9e533c4b58b76c59542a76" } ], "licenses": [ @@ -2040,12 +2040,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema-specifications/2023.11.2", + "url": "https://pypi.org/project/jsonschema-specifications/2023.12.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema-specifications@2023.11.2", + "purl": "pkg:pypi/jsonschema-specifications@2023.12.1", "properties": [ { "name": "language", @@ -2104,11 +2104,11 @@ "type": "library", "bom-ref": "47-rpds-py", "name": "rpds-py", - "version": "0.15.2", + "version": "0.16.2", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.15.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.16.2:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", "licenses": [ { @@ -2120,12 +2120,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rpds-py/0.15.2", + "url": "https://pypi.org/project/rpds-py/0.16.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.15.2", + "purl": "pkg:pypi/rpds-py@0.16.2", "properties": [ { "name": "language", @@ -2175,7 +2175,7 @@ "type": "library", "bom-ref": "49-lib4sbom", "name": "lib4sbom", - "version": "0.5.4", + "version": "0.6.1", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -2184,14 +2184,8 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.5.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.6.1:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", - "hashes": [ - { - "alg": "SHA-1", - "content": "3de23e3f3b32c08f9bf8231e2765a06ebb82dc80" - } - ], "licenses": [ { "license": { @@ -2202,12 +2196,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4sbom/0.5.4", + "url": "https://pypi.org/project/lib4sbom/0.6.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.5.4", + "purl": "pkg:pypi/lib4sbom@0.6.1", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index 18bce45ce6..394e2400d4 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-93f8bd80-f232-48eb-96a1-6409b4c37d46 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3a7d6baa-0ca4-467b-ba41-971aef288c74 LicenseListVersion: 3.22 -Creator: Tool: sbom4python-0.10.2 -Created: 2023-12-25T00:28:46Z +Creator: Tool: sbom4python-0.10.3 +Created: 2024-01-04T20:00:56Z CreatorComment: This document has been automatically generated. ##### @@ -90,18 +90,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:* PackageName: attrs SPDXID: SPDXRef-Package-6-attrs -PackageVersion: 23.1.0 +PackageVersion: 23.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) -PackageDownloadLocation: https://pypi.org/project/attrs/23.1.0 +PackageDownloadLocation: https://pypi.org/project/attrs/23.2.0 FilesAnalyzed: false -PackageChecksum: SHA1: 1e2f6f9cac5cc60f0adab051c14adf09ffe39155 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Classes Without Boilerplate -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@23.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@23.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:* ##### PackageName: multidict @@ -481,6 +480,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.3.0 FilesAnalyzed: false +PackageChecksum: SHA1: 5ba8ce10ed7c318e57516a7ec8447cbb5626d3f9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. @@ -573,18 +573,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* PackageName: google-auth SPDXID: SPDXRef-Package-36-google-auth -PackageVersion: 2.25.2 +PackageVersion: 2.26.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.25.2 +PackageDownloadLocation: https://pypi.org/project/google-auth/2.26.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Google Authentication Library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.25.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.25.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.26.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.26.1:*:*:*:*:*:*:* ##### PackageName: cachetools @@ -716,18 +716,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*: PackageName: jsonschema-specifications SPDXID: SPDXRef-Package-45-jsonschema-specifications -PackageVersion: 2023.11.2 +PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.11.2 +PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.12.1 FilesAnalyzed: false -PackageChecksum: SHA1: a2fec386cdb2ed38041ccbfff0fc3e8a566997a3 +PackageChecksum: SHA1: 544e0ff86850af1c6d9e533c4b58b76c59542a76 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.11.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:* ##### PackageName: referencing @@ -748,17 +748,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.32.0:*:*:* PackageName: rpds-py SPDXID: SPDXRef-Package-47-rpds-py -PackageVersion: 0.15.2 +PackageVersion: 0.16.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.15.2 +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.16.2 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.15.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.15.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.16.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.16.2:*:*:*:*:*:*:* ##### PackageName: pkgutil-resolve-name @@ -778,18 +778,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.1 PackageName: lib4sbom SPDXID: SPDXRef-Package-49-lib4sbom -PackageVersion: 0.5.4 +PackageVersion: 0.6.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.5.4 +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.6.1 FilesAnalyzed: false -PackageChecksum: SHA1: 3de23e3f3b32c08f9bf8231e2765a06ebb82dc80 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.5.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.5.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.6.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.6.1:*:*:*:*:*:*:* ##### PackageName: pyyaml