chore: update SBOM for Python 3.11

ffontaine · Mar 6, 2023 · 119b6f1 · 119b6f1
1 parent 04b83fc
commit 119b6f1
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 46 deletions.
diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid7bf4e934-9fcb-43a7-a4b0-34cc27dd34e6",
+  "serialNumber": "urn:uuid70c2c8ba-2bf7-42d0-ac44-f0118dc903d0",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-02-27T06:49:41Z",
+    "timestamp": "2023-03-06T01:01:45Z",
     "tools": [
       {
         "name": "sbom4python",
@@ -235,9 +235,9 @@
       "type": "library",
       "bom-ref": "16-gsutil",
       "name": "gsutil",
-      "version": "5.20",
+      "version": "5.21",
       "author": "Google Inc.",
-      "cpe": "cpe:/a:google_inc.:gsutil:5.20",
+      "cpe": "cpe:/a:google_inc.:gsutil:5.21",
       "licenses": [
         {
           "license": {
@@ -246,15 +246,15 @@
           }
         }
       ],
-      "purl": "pkg:pypi/gsutil@5.20"
+      "purl": "pkg:pypi/gsutil@5.21"
     },
     {
       "type": "library",
       "bom-ref": "17-argcomplete",
       "name": "argcomplete",
-      "version": "2.0.0",
+      "version": "2.0.5",
       "author": "Andrey Kislyuk",
-      "cpe": "cpe:/a:andrey_kislyuk:argcomplete:2.0.0",
+      "cpe": "cpe:/a:andrey_kislyuk:argcomplete:2.0.5",
       "licenses": [
         {
           "license": {
@@ -263,7 +263,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/argcomplete@2.0.0"
+      "purl": "pkg:pypi/argcomplete@2.0.5"
     },
     {
       "type": "library",
@@ -475,10 +475,10 @@
       "type": "library",
       "bom-ref": "32-cryptography",
       "name": "cryptography",
-      "version": "39.0.1",
+      "version": "39.0.2",
       "author": "The Python Cryptographic Authority and individual contributors",
-      "cpe": "cpe:/a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.1",
-      "purl": "pkg:pypi/cryptography@39.0.1"
+      "cpe": "cpe:/a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.2",
+      "purl": "pkg:pypi/cryptography@39.0.2"
     },
     {
       "type": "library",
@@ -544,9 +544,9 @@
       "type": "library",
       "bom-ref": "37-google-auth",
       "name": "google-auth",
-      "version": "2.16.1",
+      "version": "2.16.2",
       "author": "Google Cloud Platform",
-      "cpe": "cpe:/a:google_cloud_platform:google-auth:2.16.1",
+      "cpe": "cpe:/a:google_cloud_platform:google-auth:2.16.2",
       "licenses": [
         {
           "license": {
@@ -555,7 +555,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/google-auth@2.16.1"
+      "purl": "pkg:pypi/google-auth@2.16.2"
     },
     {
       "type": "library",
@@ -681,9 +681,9 @@
       "type": "library",
       "bom-ref": "46-tenacity",
       "name": "tenacity",
-      "version": "8.2.1",
+      "version": "8.2.2",
       "author": "Julien Danjou",
-      "cpe": "cpe:/a:julien_danjou:tenacity:8.2.1",
+      "cpe": "cpe:/a:julien_danjou:tenacity:8.2.2",
       "licenses": [
         {
           "license": {
@@ -692,7 +692,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/tenacity@8.2.1"
+      "purl": "pkg:pypi/tenacity@8.2.2"
     },
     {
       "type": "library",
@@ -766,9 +766,9 @@
       "type": "library",
       "bom-ref": "51-rich",
       "name": "rich",
-      "version": "13.3.1",
+      "version": "13.3.2",
       "author": "Will McGugan",
-      "cpe": "cpe:/a:will_mcgugan:rich:13.3.1",
+      "cpe": "cpe:/a:will_mcgugan:rich:13.3.2",
       "licenses": [
         {
           "license": {
@@ -777,7 +777,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/rich@13.3.1"
+      "purl": "pkg:pypi/rich@13.3.2"
     },
     {
       "type": "library",
@@ -852,9 +852,9 @@
       "type": "library",
       "bom-ref": "57-xmlschema",
       "name": "xmlschema",
-      "version": "2.2.1",
+      "version": "2.2.2",
       "author": "Davide Brunato",
-      "cpe": "cpe:/a:davide_brunato:xmlschema:2.2.1",
+      "cpe": "cpe:/a:davide_brunato:xmlschema:2.2.2",
       "licenses": [
         {
           "license": {
@@ -863,7 +863,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/xmlschema@2.2.1"
+      "purl": "pkg:pypi/xmlschema@2.2.2"
     },
     {
       "type": "library",

diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.2
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-bfca00c7-c10d-4058-ba1d-a9fc7597215b
+DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-176fadba-e0dd-4a4e-80dd-b560fb50b23d
 LicenseListVersion: 3.18
 Creator: Tool: sbom4python-0.7.0
-Created: 2023-02-27T06:48:37Z
+Created: 2023-03-06T01:00:19Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -219,29 +219,29 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:*
 PackageName: gsutil
 SPDXID: SPDXRef-Package-16-gsutil
 PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageVersion: 5.20
+PackageVersion: 5.21
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license Apache 2.0
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseDeclared: Apache-2.0
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.20
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.20:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.21
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.21:*:*:*:*:*:*:*
 ##### 
 
 PackageName: argcomplete
 SPDXID: SPDXRef-Package-17-argcomplete
 PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageVersion: 2.0.0
+PackageVersion: 2.0.5
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license Apache Software License
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseDeclared: Apache-2.0
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@2.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:2.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@2.0.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:2.0.5:*:*:*:*:*:*:*
 ##### 
 
 PackageName: crcmod
@@ -443,15 +443,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.
 PackageName: cryptography
 SPDXID: SPDXRef-Package-32-cryptography
 PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageVersion: 39.0.1
+PackageVersion: 39.0.2
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0
 PackageLicenseConcluded: NOASSERTION
 PackageLicenseDeclared: NOASSERTION
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@39.0.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@39.0.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
@@ -513,15 +513,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
 PackageName: google-auth
 SPDXID: SPDXRef-Package-37-google-auth
 PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageVersion: 2.16.1
+PackageVersion: 2.16.2
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license Apache 2.0
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseDeclared: Apache-2.0
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.16.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.16.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.16.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.16.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cachetools
@@ -639,15 +639,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.13.1:*:*:*:*:*:*:*
 PackageName: tenacity
 SPDXID: SPDXRef-Package-46-tenacity
 PackageSupplier: Person: Julien Danjou (julien@danjou.info)
-PackageVersion: 8.2.1
+PackageVersion: 8.2.2
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license Apache 2.0
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseDeclared: Apache-2.0
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: pyyaml
@@ -709,15 +709,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.14:*:*:*:*:
 PackageName: rich
 SPDXID: SPDXRef-Package-51-rich
 PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageVersion: 13.3.1
+PackageVersion: 13.3.2
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license MIT
 PackageLicenseConcluded: MIT
 PackageLicenseDeclared: MIT
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: markdown-it-py
@@ -793,15 +793,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
 PackageName: xmlschema
 SPDXID: SPDXRef-Package-57-xmlschema
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageVersion: 2.2.1
+PackageVersion: 2.2.2
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license MIT
 PackageLicenseConcluded: MIT
 PackageLicenseDeclared: MIT
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.2.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: elementpath