chore: update SBOM for Python 3.9

ffontaine · Mar 6, 2023 · 3908186 · 3908186
1 parent 04b83fc
commit 3908186
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 46 deletions.
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid1a1ec7d8-3537-4325-8bfa-0771127d8828",
+  "serialNumber": "urn:uuid6d8c7e88-68e2-4ecd-a4a6-588651372e1d",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-02-27T06:50:59Z",
+    "timestamp": "2023-03-06T01:00:53Z",
     "tools": [
       {
         "name": "sbom4python",
@@ -235,9 +235,9 @@
       "type": "library",
       "bom-ref": "16-gsutil",
       "name": "gsutil",
-      "version": "5.20",
+      "version": "5.21",
       "author": "Google Inc.",
-      "cpe": "cpe:/a:google_inc.:gsutil:5.20",
+      "cpe": "cpe:/a:google_inc.:gsutil:5.21",
       "licenses": [
         {
           "license": {
@@ -246,15 +246,15 @@
           }
         }
       ],
-      "purl": "pkg:pypi/gsutil@5.20"
+      "purl": "pkg:pypi/gsutil@5.21"
     },
     {
       "type": "library",
       "bom-ref": "17-argcomplete",
       "name": "argcomplete",
-      "version": "2.0.0",
+      "version": "2.0.5",
       "author": "Andrey Kislyuk",
-      "cpe": "cpe:/a:andrey_kislyuk:argcomplete:2.0.0",
+      "cpe": "cpe:/a:andrey_kislyuk:argcomplete:2.0.5",
       "licenses": [
         {
           "license": {
@@ -263,7 +263,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/argcomplete@2.0.0"
+      "purl": "pkg:pypi/argcomplete@2.0.5"
     },
     {
       "type": "library",
@@ -475,10 +475,10 @@
       "type": "library",
       "bom-ref": "32-cryptography",
       "name": "cryptography",
-      "version": "39.0.1",
+      "version": "39.0.2",
       "author": "The Python Cryptographic Authority and individual contributors",
-      "cpe": "cpe:/a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.1",
-      "purl": "pkg:pypi/cryptography@39.0.1"
+      "cpe": "cpe:/a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.2",
+      "purl": "pkg:pypi/cryptography@39.0.2"
     },
     {
       "type": "library",
@@ -544,9 +544,9 @@
       "type": "library",
       "bom-ref": "37-google-auth",
       "name": "google-auth",
-      "version": "2.16.1",
+      "version": "2.16.2",
       "author": "Google Cloud Platform",
-      "cpe": "cpe:/a:google_cloud_platform:google-auth:2.16.1",
+      "cpe": "cpe:/a:google_cloud_platform:google-auth:2.16.2",
       "licenses": [
         {
           "license": {
@@ -555,7 +555,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/google-auth@2.16.1"
+      "purl": "pkg:pypi/google-auth@2.16.2"
     },
     {
       "type": "library",
@@ -699,9 +699,9 @@
       "type": "library",
       "bom-ref": "48-tenacity",
       "name": "tenacity",
-      "version": "8.2.1",
+      "version": "8.2.2",
       "author": "Julien Danjou",
-      "cpe": "cpe:/a:julien_danjou:tenacity:8.2.1",
+      "cpe": "cpe:/a:julien_danjou:tenacity:8.2.2",
       "licenses": [
         {
           "license": {
@@ -710,7 +710,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/tenacity@8.2.1"
+      "purl": "pkg:pypi/tenacity@8.2.2"
     },
     {
       "type": "library",
@@ -784,9 +784,9 @@
       "type": "library",
       "bom-ref": "53-rich",
       "name": "rich",
-      "version": "13.3.1",
+      "version": "13.3.2",
       "author": "Will McGugan",
-      "cpe": "cpe:/a:will_mcgugan:rich:13.3.1",
+      "cpe": "cpe:/a:will_mcgugan:rich:13.3.2",
       "licenses": [
         {
           "license": {
@@ -795,7 +795,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/rich@13.3.1"
+      "purl": "pkg:pypi/rich@13.3.2"
     },
     {
       "type": "library",
@@ -870,9 +870,9 @@
       "type": "library",
       "bom-ref": "59-xmlschema",
       "name": "xmlschema",
-      "version": "2.2.1",
+      "version": "2.2.2",
       "author": "Davide Brunato",
-      "cpe": "cpe:/a:davide_brunato:xmlschema:2.2.1",
+      "cpe": "cpe:/a:davide_brunato:xmlschema:2.2.2",
       "licenses": [
         {
           "license": {
@@ -881,7 +881,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/xmlschema@2.2.1"
+      "purl": "pkg:pypi/xmlschema@2.2.2"
     },
     {
       "type": "library",

diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.2
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-183302b8-c01d-49ed-b4bd-caeb726d8c43
+DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-4770f0ea-a58b-4d94-aad2-9cebda6c0755
 LicenseListVersion: 3.18
 Creator: Tool: sbom4python-0.7.0
-Created: 2023-02-27T06:49:52Z
+Created: 2023-03-06T00:59:45Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -219,29 +219,29 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:*
 PackageName: gsutil
 SPDXID: SPDXRef-Package-16-gsutil
 PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageVersion: 5.20
+PackageVersion: 5.21
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license Apache 2.0
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseDeclared: Apache-2.0
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.20
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.20:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.21
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.21:*:*:*:*:*:*:*
 ##### 
 
 PackageName: argcomplete
 SPDXID: SPDXRef-Package-17-argcomplete
 PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageVersion: 2.0.0
+PackageVersion: 2.0.5
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license Apache Software License
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseDeclared: Apache-2.0
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@2.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:2.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@2.0.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:2.0.5:*:*:*:*:*:*:*
 ##### 
 
 PackageName: crcmod
@@ -443,15 +443,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.
 PackageName: cryptography
 SPDXID: SPDXRef-Package-32-cryptography
 PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageVersion: 39.0.1
+PackageVersion: 39.0.2
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0
 PackageLicenseConcluded: NOASSERTION
 PackageLicenseDeclared: NOASSERTION
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@39.0.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@39.0.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
@@ -513,15 +513,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
 PackageName: google-auth
 SPDXID: SPDXRef-Package-37-google-auth
 PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageVersion: 2.16.1
+PackageVersion: 2.16.2
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license Apache 2.0
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseDeclared: Apache-2.0
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.16.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.16.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.16.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.16.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cachetools
@@ -667,15 +667,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.13.1:*:*:*:*:*:*:*
 PackageName: tenacity
 SPDXID: SPDXRef-Package-48-tenacity
 PackageSupplier: Person: Julien Danjou (julien@danjou.info)
-PackageVersion: 8.2.1
+PackageVersion: 8.2.2
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license Apache 2.0
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseDeclared: Apache-2.0
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: pyyaml
@@ -737,15 +737,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.14:*:*:*:*:
 PackageName: rich
 SPDXID: SPDXRef-Package-53-rich
 PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageVersion: 13.3.1
+PackageVersion: 13.3.2
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license MIT
 PackageLicenseConcluded: MIT
 PackageLicenseDeclared: MIT
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: markdown-it-py
@@ -821,15 +821,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
 PackageName: xmlschema
 SPDXID: SPDXRef-Package-59-xmlschema
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageVersion: 2.2.1
+PackageVersion: 2.2.2
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license MIT
 PackageLicenseConcluded: MIT
 PackageLicenseDeclared: MIT
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.2.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: elementpath