From 13f02692de2a9ad981ffccc124a2b3a190ac8411 Mon Sep 17 00:00:00 2001 From: GitHub Date: Thu, 4 Jan 2024 20:03:02 +0000 Subject: [PATCH] chore: update SBOM for Python 3.9 --- sbom/cve-bin-tool-py3.9.json | 66 ++++++++++++++++-------------------- sbom/cve-bin-tool-py3.9.spdx | 51 ++++++++++++++-------------- 2 files changed, 55 insertions(+), 62 deletions(-) diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index aeb8dcf3e1..636f70f11a 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,15 +2,15 @@ "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5", - "serialNumber": "urn:uuid:90dd997d-aca1-428d-8ef9-39962e37a532", + "serialNumber": "urn:uuid:6553fae0-504e-42c5-826d-dd969a8e3e77", "version": 1, "metadata": { - "timestamp": "2023-12-25T00:30:12Z", + "timestamp": "2024-01-04T20:03:01Z", "tools": { "components": [ { "name": "sbom4python", - "version": "0.10.2", + "version": "0.10.3", "type": "application" } ] @@ -248,7 +248,7 @@ "type": "library", "bom-ref": "6-attrs", "name": "attrs", - "version": "23.1.0", + "version": "23.2.0", "supplier": { "name": "Hynek Schlawack", "contact": [ @@ -257,22 +257,16 @@ } ] }, - "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*", "description": "Classes Without Boilerplate", - "hashes": [ - { - "alg": "SHA-1", - "content": "1e2f6f9cac5cc60f0adab051c14adf09ffe39155" - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/attrs/23.1.0", + "url": "https://pypi.org/project/attrs/23.2.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/attrs@23.1.0", + "purl": "pkg:pypi/attrs@23.2.0", "properties": [ { "name": "language", @@ -1354,6 +1348,12 @@ }, "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.3.0:*:*:*:*:*:*:*", "description": "Python wrapper module around the OpenSSL library", + "hashes": [ + { + "alg": "SHA-1", + "content": "5ba8ce10ed7c318e57516a7ec8447cbb5626d3f9" + } + ], "licenses": [ { "license": { @@ -1628,7 +1628,7 @@ "type": "library", "bom-ref": "36-google-auth", "name": "google-auth", - "version": "2.25.2", + "version": "2.26.1", "supplier": { "name": "Google Cloud Platform", "contact": [ @@ -1637,7 +1637,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.25.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.26.1:*:*:*:*:*:*:*", "description": "Google Authentication Library", "licenses": [ { @@ -1649,12 +1649,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/google-auth/2.25.2", + "url": "https://pypi.org/project/google-auth/2.26.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-auth@2.25.2", + "purl": "pkg:pypi/google-auth@2.26.1", "properties": [ { "name": "language", @@ -1978,16 +1978,16 @@ "type": "library", "bom-ref": "44-jsonschema-specifications", "name": "jsonschema-specifications", - "version": "2023.11.2", + "version": "2023.12.1", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*", "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry", "hashes": [ { "alg": "SHA-1", - "content": "a2fec386cdb2ed38041ccbfff0fc3e8a566997a3" + "content": "544e0ff86850af1c6d9e533c4b58b76c59542a76" } ], "licenses": [ @@ -2000,12 +2000,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema-specifications/2023.11.2", + "url": "https://pypi.org/project/jsonschema-specifications/2023.12.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema-specifications@2023.11.2", + "purl": "pkg:pypi/jsonschema-specifications@2023.12.1", "properties": [ { "name": "language", @@ -2064,11 +2064,11 @@ "type": "library", "bom-ref": "46-rpds-py", "name": "rpds-py", - "version": "0.15.2", + "version": "0.16.2", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.15.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.16.2:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", "licenses": [ { @@ -2080,12 +2080,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rpds-py/0.15.2", + "url": "https://pypi.org/project/rpds-py/0.16.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.15.2", + "purl": "pkg:pypi/rpds-py@0.16.2", "properties": [ { "name": "language", @@ -2101,7 +2101,7 @@ "type": "library", "bom-ref": "47-lib4sbom", "name": "lib4sbom", - "version": "0.5.4", + "version": "0.6.1", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -2110,14 +2110,8 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.5.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.6.1:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", - "hashes": [ - { - "alg": "SHA-1", - "content": "3de23e3f3b32c08f9bf8231e2765a06ebb82dc80" - } - ], "licenses": [ { "license": { @@ -2128,12 +2122,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4sbom/0.5.4", + "url": "https://pypi.org/project/lib4sbom/0.6.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.5.4", + "purl": "pkg:pypi/lib4sbom@0.6.1", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index d6da6bfc00..6bd2d171ce 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7bfe4ec0-78d6-4778-aaa1-1a6ed11aac0d +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e11e4bca-29cf-4352-8278-5f74b9ab1ee2 LicenseListVersion: 3.22 -Creator: Tool: sbom4python-0.10.2 -Created: 2023-12-25T00:28:32Z +Creator: Tool: sbom4python-0.10.3 +Created: 2024-01-04T20:01:00Z CreatorComment: This document has been automatically generated. ##### @@ -90,18 +90,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:* PackageName: attrs SPDXID: SPDXRef-Package-6-attrs -PackageVersion: 23.1.0 +PackageVersion: 23.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) -PackageDownloadLocation: https://pypi.org/project/attrs/23.1.0 +PackageDownloadLocation: https://pypi.org/project/attrs/23.2.0 FilesAnalyzed: false -PackageChecksum: SHA1: 1e2f6f9cac5cc60f0adab051c14adf09ffe39155 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Classes Without Boilerplate -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@23.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@23.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:* ##### PackageName: multidict @@ -481,6 +480,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.3.0 FilesAnalyzed: false +PackageChecksum: SHA1: 5ba8ce10ed7c318e57516a7ec8447cbb5626d3f9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. @@ -573,18 +573,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* PackageName: google-auth SPDXID: SPDXRef-Package-36-google-auth -PackageVersion: 2.25.2 +PackageVersion: 2.26.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.25.2 +PackageDownloadLocation: https://pypi.org/project/google-auth/2.26.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Google Authentication Library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.25.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.25.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.26.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.26.1:*:*:*:*:*:*:* ##### PackageName: cachetools @@ -700,18 +700,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*: PackageName: jsonschema-specifications SPDXID: SPDXRef-Package-44-jsonschema-specifications -PackageVersion: 2023.11.2 +PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.11.2 +PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.12.1 FilesAnalyzed: false -PackageChecksum: SHA1: a2fec386cdb2ed38041ccbfff0fc3e8a566997a3 +PackageChecksum: SHA1: 544e0ff86850af1c6d9e533c4b58b76c59542a76 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.11.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:* ##### PackageName: referencing @@ -732,33 +732,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.32.0:*:*:* PackageName: rpds-py SPDXID: SPDXRef-Package-46-rpds-py -PackageVersion: 0.15.2 +PackageVersion: 0.16.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.15.2 +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.16.2 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.15.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.15.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.16.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.16.2:*:*:*:*:*:*:* ##### PackageName: lib4sbom SPDXID: SPDXRef-Package-47-lib4sbom -PackageVersion: 0.5.4 +PackageVersion: 0.6.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.5.4 +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.6.1 FilesAnalyzed: false -PackageChecksum: SHA1: 3de23e3f3b32c08f9bf8231e2765a06ebb82dc80 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.5.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.5.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.6.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.6.1:*:*:*:*:*:*:* ##### PackageName: pyyaml