chore: update SBOM for Python 3.9

ffontaine · Mar 20, 2023 · 6739d91 · 6739d91
1 parent 25ebe75
commit 6739d91
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 18 deletions.
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid0bb8a201-c7e9-4c5a-8b69-573fc8a3e1e5",
+  "serialNumber": "urn:uuidb0be1e19-6bba-43ed-9d09-fc50d29067d3",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-03-13T03:17:30Z",
+    "timestamp": "2023-03-20T01:00:31Z",
     "tools": [
       {
         "name": "sbom4python",
@@ -476,7 +476,7 @@
       "type": "library",
       "bom-ref": "17-argcomplete",
       "name": "argcomplete",
-      "version": "2.1.1",
+      "version": "3.0.0",
       "supplier": {
         "name": "Andrey Kislyuk",
         "contact": [
@@ -485,7 +485,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:2.1.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.0:*:*:*:*:*:*:*",
       "description": "Bash tab completion for argparse",
       "licenses": [
         {
@@ -502,7 +502,7 @@
           "comment": "Home page for project"
         }
       ],
-      "purl": "pkg:pypi/argcomplete@2.1.1"
+      "purl": "pkg:pypi/argcomplete@3.0.0"
     },
     {
       "type": "library",
@@ -1186,7 +1186,7 @@
       "type": "library",
       "bom-ref": "40-importlib-metadata",
       "name": "importlib-metadata",
-      "version": "6.0.0",
+      "version": "6.1.0",
       "supplier": {
         "name": "Jason R. Coombs",
         "contact": [
@@ -1195,7 +1195,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:6.0.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:6.1.0:*:*:*:*:*:*:*",
       "description": "Read metadata from Python packages",
       "externalReferences": [
         {
@@ -1204,7 +1204,7 @@
           "comment": "Home page for project"
         }
       ],
-      "purl": "pkg:pypi/importlib-metadata@6.0.0"
+      "purl": "pkg:pypi/importlib-metadata@6.1.0"
     },
     {
       "type": "library",

diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c449c94f-54a4-4e65-a7c9-1f182f0f2082
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-228b4b8e-c633-46d4-834b-7adab13f1802
 LicenseListVersion: 3.20
 Creator: Tool: sbom4python-0.8.0
-Created: 2023-03-13T03:15:54Z
+Created: 2023-03-20T00:59:16Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -246,17 +246,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.21:*:*:*:*:*:*:*
 
 PackageName: argcomplete
 SPDXID: SPDXRef-Package-17-argcomplete
-PackageVersion: 2.1.1
+PackageVersion: 3.0.0
 PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/2.1.1
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.0.0
 FilesAnalyzed: false
 PackageHomePage: https://github.com/kislyuk/argcomplete
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseDeclared: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@2.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:2.1.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: crcmod
@@ -590,17 +590,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
 
 PackageName: importlib-metadata
 SPDXID: SPDXRef-Package-40-importlib-metadata
-PackageVersion: 6.0.0
+PackageVersion: 6.1.0
 PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/importlib-metadata/6.0.0
+PackageDownloadLocation: https://pypi.org/project/importlib-metadata/6.1.0
 FilesAnalyzed: false
 PackageHomePage: https://github.com/python/importlib_metadata
 PackageLicenseConcluded: NOASSERTION
 PackageLicenseDeclared: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: Read metadata from Python packages
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-metadata@6.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:6.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-metadata@6.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:6.1.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: zipp