From 3908186281d848b5927e45e5bebccd37bdeb16ba Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 6 Mar 2023 01:00:54 +0000 Subject: [PATCH] chore: update SBOM for Python 3.9 --- sbom/cve-bin-tool-py3.9.json | 46 ++++++++++++++++++------------------ sbom/cve-bin-tool-py3.9.spdx | 46 ++++++++++++++++++------------------ 2 files changed, 46 insertions(+), 46 deletions(-) diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index 4df0a18b26..db09a8936e 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4", - "serialNumber": "urn:uuid1a1ec7d8-3537-4325-8bfa-0771127d8828", + "serialNumber": "urn:uuid6d8c7e88-68e2-4ecd-a4a6-588651372e1d", "version": 1, "metadata": { - "timestamp": "2023-02-27T06:50:59Z", + "timestamp": "2023-03-06T01:00:53Z", "tools": [ { "name": "sbom4python", @@ -235,9 +235,9 @@ "type": "library", "bom-ref": "16-gsutil", "name": "gsutil", - "version": "5.20", + "version": "5.21", "author": "Google Inc.", - "cpe": "cpe:/a:google_inc.:gsutil:5.20", + "cpe": "cpe:/a:google_inc.:gsutil:5.21", "licenses": [ { "license": { @@ -246,15 +246,15 @@ } } ], - "purl": "pkg:pypi/gsutil@5.20" + "purl": "pkg:pypi/gsutil@5.21" }, { "type": "library", "bom-ref": "17-argcomplete", "name": "argcomplete", - "version": "2.0.0", + "version": "2.0.5", "author": "Andrey Kislyuk", - "cpe": "cpe:/a:andrey_kislyuk:argcomplete:2.0.0", + "cpe": "cpe:/a:andrey_kislyuk:argcomplete:2.0.5", "licenses": [ { "license": { @@ -263,7 +263,7 @@ } } ], - "purl": "pkg:pypi/argcomplete@2.0.0" + "purl": "pkg:pypi/argcomplete@2.0.5" }, { "type": "library", @@ -475,10 +475,10 @@ "type": "library", "bom-ref": "32-cryptography", "name": "cryptography", - "version": "39.0.1", + "version": "39.0.2", "author": "The Python Cryptographic Authority and individual contributors", - "cpe": "cpe:/a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.1", - "purl": "pkg:pypi/cryptography@39.0.1" + "cpe": "cpe:/a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.2", + "purl": "pkg:pypi/cryptography@39.0.2" }, { "type": "library", @@ -544,9 +544,9 @@ "type": "library", "bom-ref": "37-google-auth", "name": "google-auth", - "version": "2.16.1", + "version": "2.16.2", "author": "Google Cloud Platform", - "cpe": "cpe:/a:google_cloud_platform:google-auth:2.16.1", + "cpe": "cpe:/a:google_cloud_platform:google-auth:2.16.2", "licenses": [ { "license": { @@ -555,7 +555,7 @@ } } ], - "purl": "pkg:pypi/google-auth@2.16.1" + "purl": "pkg:pypi/google-auth@2.16.2" }, { "type": "library", @@ -699,9 +699,9 @@ "type": "library", "bom-ref": "48-tenacity", "name": "tenacity", - "version": "8.2.1", + "version": "8.2.2", "author": "Julien Danjou", - "cpe": "cpe:/a:julien_danjou:tenacity:8.2.1", + "cpe": "cpe:/a:julien_danjou:tenacity:8.2.2", "licenses": [ { "license": { @@ -710,7 +710,7 @@ } } ], - "purl": "pkg:pypi/tenacity@8.2.1" + "purl": "pkg:pypi/tenacity@8.2.2" }, { "type": "library", @@ -784,9 +784,9 @@ "type": "library", "bom-ref": "53-rich", "name": "rich", - "version": "13.3.1", + "version": "13.3.2", "author": "Will McGugan", - "cpe": "cpe:/a:will_mcgugan:rich:13.3.1", + "cpe": "cpe:/a:will_mcgugan:rich:13.3.2", "licenses": [ { "license": { @@ -795,7 +795,7 @@ } } ], - "purl": "pkg:pypi/rich@13.3.1" + "purl": "pkg:pypi/rich@13.3.2" }, { "type": "library", @@ -870,9 +870,9 @@ "type": "library", "bom-ref": "59-xmlschema", "name": "xmlschema", - "version": "2.2.1", + "version": "2.2.2", "author": "Davide Brunato", - "cpe": "cpe:/a:davide_brunato:xmlschema:2.2.1", + "cpe": "cpe:/a:davide_brunato:xmlschema:2.2.2", "licenses": [ { "license": { @@ -881,7 +881,7 @@ } } ], - "purl": "pkg:pypi/xmlschema@2.2.1" + "purl": "pkg:pypi/xmlschema@2.2.2" }, { "type": "library", diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index fadc42f2d4..58a3f11e67 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.2 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-183302b8-c01d-49ed-b4bd-caeb726d8c43 +DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-4770f0ea-a58b-4d94-aad2-9cebda6c0755 LicenseListVersion: 3.18 Creator: Tool: sbom4python-0.7.0 -Created: 2023-02-27T06:49:52Z +Created: 2023-03-06T00:59:45Z CreatorComment: This document has been automatically generated. ##### @@ -219,29 +219,29 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:* PackageName: gsutil SPDXID: SPDXRef-Package-16-gsutil PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageVersion: 5.20 +PackageVersion: 5.21 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license Apache 2.0 PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.20 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.20:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.21 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.21:*:*:*:*:*:*:* ##### PackageName: argcomplete SPDXID: SPDXRef-Package-17-argcomplete PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageVersion: 2.0.0 +PackageVersion: 2.0.5 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license Apache Software License PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@2.0.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:2.0.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@2.0.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:2.0.5:*:*:*:*:*:*:* ##### PackageName: crcmod @@ -443,15 +443,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23. PackageName: cryptography SPDXID: SPDXRef-Package-32-cryptography PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageVersion: 39.0.1 +PackageVersion: 39.0.2 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@39.0.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@39.0.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.2:*:*:*:*:*:*:* ##### PackageName: cffi @@ -513,15 +513,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* PackageName: google-auth SPDXID: SPDXRef-Package-37-google-auth PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageVersion: 2.16.1 +PackageVersion: 2.16.2 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license Apache 2.0 PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.16.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.16.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.16.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.16.2:*:*:*:*:*:*:* ##### PackageName: cachetools @@ -667,15 +667,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.13.1:*:*:*:*:*:*:* PackageName: tenacity SPDXID: SPDXRef-Package-48-tenacity PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageVersion: 8.2.1 +PackageVersion: 8.2.2 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license Apache 2.0 PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:* ##### PackageName: pyyaml @@ -737,15 +737,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.14:*:*:*:*: PackageName: rich SPDXID: SPDXRef-Package-53-rich PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageVersion: 13.3.1 +PackageVersion: 13.3.2 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license MIT PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.2:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -821,15 +821,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: PackageName: xmlschema SPDXID: SPDXRef-Package-59-xmlschema PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageVersion: 2.2.1 +PackageVersion: 2.2.2 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license MIT PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.2.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.2.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.2:*:*:*:*:*:*:* ##### PackageName: elementpath