Skip to content

Commit

Permalink
chore: update SBOM for Python 3.9
Browse files Browse the repository at this point in the history
  • Loading branch information
@web-flow
web-flow authored May 1, 2023
1 parent 07cd461 commit 0dffcdc
Show file tree
Hide file tree
Showing 2 changed files with 100 additions and 107 deletions.
110 changes: 52 additions & 58 deletions sbom/cve-bin-tool-py3.9.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid2e58290a-b8f2-477e-a2d7-da4a11388ac6",
"serialNumber": "urn:uuid5c5499fe-51b0-448b-bd20-9c139850e18e",
"version": 1,
"metadata": {
"timestamp": "2023-04-17T00:32:47Z",
"timestamp": "2023-05-01T00:58:17Z",
"tools": [
{
"name": "sbom4python",
Expand Down Expand Up @@ -309,7 +309,7 @@
"type": "library",
"bom-ref": "9-yarl",
"name": "yarl",
"version": "1.8.2",
"version": "1.9.2",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
Expand All @@ -318,7 +318,7 @@
}
]
},
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.8.2:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
Expand All @@ -335,18 +335,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/yarl/1.8.2",
"url": "https://pypi.org/project/yarl/1.9.2",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/yarl@1.8.2",
"properties": [
{
"name": "License Comments",
"value": "yarl declares Apache 2 which is not currently a valid SPDX License identifier or expression."
}
]
"purl": "pkg:pypi/yarl@1.9.2"
},
{
"type": "library",
Expand Down Expand Up @@ -596,7 +590,7 @@
"type": "library",
"bom-ref": "17-argcomplete",
"name": "argcomplete",
"version": "3.0.5",
"version": "3.0.8",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
Expand All @@ -605,7 +599,7 @@
}
]
},
"cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.5:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.8:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
"licenses": [
{
Expand All @@ -622,12 +616,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/argcomplete/3.0.5",
"url": "https://pypi.org/project/argcomplete/3.0.8",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/argcomplete@3.0.5",
"purl": "pkg:pypi/argcomplete@3.0.8",
"properties": [
{
"name": "License Comments",
Expand Down Expand Up @@ -1021,7 +1015,7 @@
"type": "library",
"bom-ref": "28-pyasn1",
"name": "pyasn1",
"version": "0.4.8",
"version": "0.5.0",
"supplier": {
"name": "Ilya Etingof",
"contact": [
Expand All @@ -1030,41 +1024,35 @@
}
]
},
"cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.4.8:*:*:*:*:*:*:*",
"description": "ASN.1 types and codecs",
"cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.5.0:*:*:*:*:*:*:*",
"description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
"licenses": [
{
"license": {
"id": "BSD-3-Clause",
"url": "https://opensource.org/licenses/BSD-3-Clause"
"id": "BSD-2-Clause",
"url": "https://opensource.org/licenses/BSD-2-Clause"
}
}
],
"externalReferences": [
{
"url": "https://github.com/etingof/pyasn1",
"url": "https://github.com/pyasn1/pyasn1",
"type": "website",
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/pyasn1/0.4.8",
"url": "https://pypi.org/project/pyasn1/0.5.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/pyasn1@0.4.8",
"properties": [
{
"name": "License Comments",
"value": "pyasn1 declares BSD which is not currently a valid SPDX License identifier or expression."
}
]
"purl": "pkg:pypi/pyasn1@0.5.0"
},
{
"type": "library",
"bom-ref": "29-pyasn1-modules",
"name": "pyasn1-modules",
"version": "0.2.8",
"version": "0.3.0",
"supplier": {
"name": "Ilya Etingof",
"contact": [
Expand All @@ -1073,29 +1061,35 @@
}
]
},
"cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.2.8:*:*:*:*:*:*:*",
"description": "A collection of ASN.1-based protocols modules.",
"cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.3.0:*:*:*:*:*:*:*",
"description": "A collection of ASN.1-based protocols modules",
"licenses": [
{
"license": {
"id": "BSD-2-Clause",
"url": "https://opensource.org/licenses/BSD-2-Clause"
"id": "BSD-3-Clause",
"url": "https://opensource.org/licenses/BSD-3-Clause"
}
}
],
"externalReferences": [
{
"url": "https://github.com/etingof/pyasn1-modules",
"url": "https://github.com/pyasn1/pyasn1-modules",
"type": "website",
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/pyasn1-modules/0.2.8",
"url": "https://pypi.org/project/pyasn1-modules/0.3.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/pyasn1-modules@0.2.8"
"purl": "pkg:pypi/pyasn1-modules@0.3.0",
"properties": [
{
"name": "License Comments",
"value": "pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression."
}
]
},
{
"type": "library",
Expand Down Expand Up @@ -1506,7 +1500,7 @@
"type": "library",
"bom-ref": "40-importlib-metadata",
"name": "importlib-metadata",
"version": "6.4.1",
"version": "6.6.0",
"supplier": {
"name": "Jason R. Coombs",
"contact": [
Expand All @@ -1515,7 +1509,7 @@
}
]
},
"cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:6.4.1:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:6.6.0:*:*:*:*:*:*:*",
"description": "Read metadata from Python packages",
"externalReferences": [
{
Expand All @@ -1524,12 +1518,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/importlib-metadata/6.4.1",
"url": "https://pypi.org/project/importlib-metadata/6.6.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/importlib-metadata@6.4.1"
"purl": "pkg:pypi/importlib-metadata@6.6.0"
},
{
"type": "library",
Expand Down Expand Up @@ -1941,7 +1935,7 @@
"type": "library",
"bom-ref": "52-requests",
"name": "requests",
"version": "2.28.2",
"version": "2.29.0",
"supplier": {
"name": "Kenneth Reitz",
"contact": [
Expand All @@ -1950,7 +1944,7 @@
}
]
},
"cpe": "cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:kenneth_reitz:requests:2.29.0:*:*:*:*:*:*:*",
"description": "Python HTTP for Humans.",
"licenses": [
{
Expand All @@ -1967,12 +1961,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/requests/2.28.2",
"url": "https://pypi.org/project/requests/2.29.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/requests@2.28.2",
"purl": "pkg:pypi/requests@2.29.0",
"properties": [
{
"name": "License Comments",
Expand Down Expand Up @@ -2058,7 +2052,7 @@
"type": "library",
"bom-ref": "55-rich",
"name": "rich",
"version": "13.3.4",
"version": "13.3.5",
"supplier": {
"name": "Will McGugan",
"contact": [
Expand All @@ -2067,7 +2061,7 @@
}
]
},
"cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.4:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.5:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"licenses": [
{
Expand All @@ -2084,12 +2078,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/rich/13.3.4",
"url": "https://pypi.org/project/rich/13.3.5",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/rich@13.3.4"
"purl": "pkg:pypi/rich@13.3.5"
},
{
"type": "library",
Expand Down Expand Up @@ -2143,7 +2137,7 @@
"type": "library",
"bom-ref": "58-pygments",
"name": "pygments",
"version": "2.15.0",
"version": "2.15.1",
"supplier": {
"name": "Georg Brandl",
"contact": [
Expand All @@ -2152,7 +2146,7 @@
}
]
},
"cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*",
"description": "Pygments is a syntax highlighting package written in Python.",
"licenses": [
{
Expand All @@ -2164,12 +2158,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/Pygments/2.15.0",
"url": "https://pypi.org/project/Pygments/2.15.1",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/pygments@2.15.0"
"purl": "pkg:pypi/pygments@2.15.1"
},
{
"type": "library",
Expand Down Expand Up @@ -2323,7 +2317,7 @@
"type": "library",
"bom-ref": "63-zstandard",
"name": "zstandard",
"version": "0.20.0",
"version": "0.21.0",
"supplier": {
"name": "Gregory Szorc",
"contact": [
Expand All @@ -2332,7 +2326,7 @@
}
]
},
"cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.20.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
"licenses": [
{
Expand All @@ -2349,12 +2343,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/zstandard/0.20.0",
"url": "https://pypi.org/project/zstandard/0.21.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/zstandard@0.20.0",
"purl": "pkg:pypi/zstandard@0.21.0",
"properties": [
{
"name": "License Comments",
Expand Down
Loading

0 comments on commit 0dffcdc

Please sign in to comment.