chore: update SBOM for Python 3.9

ffontaine · Jan 23, 2023 · 76dc3de · 76dc3de
1 parent 5791601
commit 76dc3de
Show file tree

Hide file tree

Showing 2 changed files with 94 additions and 72 deletions.
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid9a54c30e-2760-4497-8e49-5aea37a0bf84",
+  "serialNumber": "urn:uuid8b7b877f-0fc5-4821-b28b-385f345ab2ce",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-16T00:27:02Z",
+    "timestamp": "2023-01-23T00:55:53Z",
     "tools": [
       {
         "name": "sbom4python",
@@ -561,9 +561,9 @@
       "type": "library",
       "bom-ref": "38-cachetools",
       "name": "cachetools",
-      "version": "5.2.1",
+      "version": "5.3.0",
       "author": "Thomas Kemmer",
-      "cpe": "cpe:/a:thomas_kemmer:cachetools:5.2.1",
+      "cpe": "cpe:/a:thomas_kemmer:cachetools:5.3.0",
       "licenses": [
         {
           "license": {
@@ -572,7 +572,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/cachetools@5.2.1"
+      "purl": "pkg:pypi/cachetools@5.3.0"
     },
     {
       "type": "library",
@@ -604,9 +604,9 @@
       "type": "library",
       "bom-ref": "41-markupsafe",
       "name": "markupsafe",
-      "version": "2.1.1",
+      "version": "2.1.2",
       "author": "Armin Ronacher",
-      "cpe": "cpe:/a:armin_ronacher:markupsafe:2.1.1",
+      "cpe": "cpe:/a:armin_ronacher:markupsafe:2.1.2",
       "licenses": [
         {
           "license": {
@@ -615,7 +615,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/markupsafe@2.1.1"
+      "purl": "pkg:pypi/markupsafe@2.1.2"
     },
     {
       "type": "library",
@@ -766,9 +766,9 @@
       "type": "library",
       "bom-ref": "51-rich",
       "name": "rich",
-      "version": "13.1.0",
+      "version": "13.2.0",
       "author": "Will McGugan",
-      "cpe": "cpe:/a:will_mcgugan:rich:13.1.0",
+      "cpe": "cpe:/a:will_mcgugan:rich:13.2.0",
       "licenses": [
         {
           "license": {
@@ -777,28 +777,29 @@
           }
         }
       ],
-      "purl": "pkg:pypi/rich@13.1.0"
+      "purl": "pkg:pypi/rich@13.2.0"
     },
     {
       "type": "library",
-      "bom-ref": "52-commonmark",
-      "name": "commonmark",
-      "version": "0.9.1",
-      "author": "Bibek Kafle Roland Shoemaker",
-      "cpe": "cpe:/a:bibek_kafle_roland_shoemaker:commonmark:0.9.1",
-      "licenses": [
-        {
-          "license": {
-            "id": "BSD-3-Clause",
-            "url": "https://opensource.org/licenses/BSD-3-Clause"
-          }
-        }
-      ],
-      "purl": "pkg:pypi/commonmark@0.9.1"
+      "bom-ref": "52-markdown-it-py",
+      "name": "markdown-it-py",
+      "version": "2.1.0",
+      "author": "Chris Sewell",
+      "cpe": "cpe:/a:chris_sewell:markdown-it-py:2.1.0",
+      "purl": "pkg:pypi/markdown-it-py@2.1.0"
+    },
+    {
+      "type": "library",
+      "bom-ref": "53-mdurl",
+      "name": "mdurl",
+      "version": "0.1.2",
+      "author": "Taneli Hukkinen",
+      "cpe": "cpe:/a:taneli_hukkinen:mdurl:0.1.2",
+      "purl": "pkg:pypi/mdurl@0.1.2"
     },
     {
       "type": "library",
-      "bom-ref": "53-pygments",
+      "bom-ref": "54-pygments",
       "name": "pygments",
       "version": "2.14.0",
       "author": "Georg Brandl",
@@ -815,7 +816,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "54-rpmfile",
+      "bom-ref": "55-rpmfile",
       "name": "rpmfile",
       "version": "1.0.8",
       "author": "Sean Ross",
@@ -832,7 +833,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "55-toml",
+      "bom-ref": "56-toml",
       "name": "toml",
       "version": "0.10.2",
       "author": "William Pearson",
@@ -849,7 +850,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "56-xmlschema",
+      "bom-ref": "57-xmlschema",
       "name": "xmlschema",
       "version": "2.1.1",
       "author": "Davide Brunato",
@@ -866,7 +867,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "57-elementpath",
+      "bom-ref": "58-elementpath",
       "name": "elementpath",
       "version": "3.0.2",
       "author": "Davide Brunato",
@@ -883,7 +884,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "58-zstandard",
+      "bom-ref": "59-zstandard",
       "name": "zstandard",
       "version": "0.19.0",
       "author": "Gregory Szorc",
@@ -908,11 +909,11 @@
         "47-pyyaml",
         "48-requests",
         "51-rich",
-        "54-rpmfile",
-        "55-toml",
+        "55-rpmfile",
+        "56-toml",
         "50-urllib3",
-        "56-xmlschema",
-        "58-zstandard"
+        "57-xmlschema",
+        "59-zstandard"
       ]
     },
     {
@@ -1089,14 +1090,20 @@
     {
       "ref": "51-rich",
       "dependsOn": [
-        "52-commonmark",
-        "53-pygments"
+        "52-markdown-it-py",
+        "54-pygments"
+      ]
+    },
+    {
+      "ref": "52-markdown-it-py",
+      "dependsOn": [
+        "53-mdurl"
       ]
     },
     {
-      "ref": "56-xmlschema",
+      "ref": "57-xmlschema",
       "dependsOn": [
-        "57-elementpath"
+        "58-elementpath"
       ]
     }
   ]

diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.2
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-f73ba499-6d61-4f43-a4bd-553c0acb2ebf
+DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-09388f89-79e9-40ad-b3b4-b43df6bb2472
 LicenseListVersion: 3.18
 Creator: Tool: sbom4python-0.7.0
-Created: 2023-01-16T00:26:00Z
+Created: 2023-01-23T00:54:50Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -527,15 +527,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.16
 PackageName: cachetools
 SPDXID: SPDXRef-Package-38-cachetools
 PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageVersion: 5.2.1
+PackageVersion: 5.3.0
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license MIT
 PackageLicenseConcluded: MIT
 PackageLicenseDeclared: MIT
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.2.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.2.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: monotonic
@@ -569,15 +569,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*:
 PackageName: markupsafe
 SPDXID: SPDXRef-Package-41-markupsafe
 PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)
-PackageVersion: 2.1.1
+PackageVersion: 2.1.2
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license BSD-3-Clause
 PackageLicenseConcluded: BSD-3-Clause
 PackageLicenseDeclared: BSD-3-Clause
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:markupsafe:2.1.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:markupsafe:2.1.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jsonschema
@@ -709,33 +709,47 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.14:*:*:*:*:
 PackageName: rich
 SPDXID: SPDXRef-Package-51-rich
 PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageVersion: 13.1.0
+PackageVersion: 13.2.0
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license MIT
 PackageLicenseConcluded: MIT
 PackageLicenseDeclared: MIT
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.2.0:*:*:*:*:*:*:*
 ##### 
 
-PackageName: commonmark
-SPDXID: SPDXRef-Package-52-commonmark
-PackageSupplier: Organization: Bibek Kafle Roland Shoemaker (rolandshoemaker@gmail.com)
-PackageVersion: 0.9.1
+PackageName: markdown-it-py
+SPDXID: SPDXRef-Package-52-markdown-it-py
+PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
+PackageVersion: 2.1.0
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
-##### Reported license BSD-3-Clause
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseDeclared: BSD-3-Clause
+##### Reported license 
+PackageLicenseConcluded: NOASSERTION
+PackageLicenseDeclared: NOASSERTION
+PackageCopyrightText: NOASSERTION
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markdown-it-py@2.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:2.1.0:*:*:*:*:*:*:*
+##### 
+
+PackageName: mdurl
+SPDXID: SPDXRef-Package-53-mdurl
+PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
+PackageVersion: 0.1.2
+PackageDownloadLocation: NOASSERTION
+FilesAnalyzed: false
+##### Reported license 
+PackageLicenseConcluded: NOASSERTION
+PackageLicenseDeclared: NOASSERTION
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/commonmark@0.9.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:bibek_kafle_roland_shoemaker:commonmark:0.9.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/mdurl@0.1.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: pygments
-SPDXID: SPDXRef-Package-53-pygments
+SPDXID: SPDXRef-Package-54-pygments
 PackageSupplier: Person: Georg Brandl (georg@python.org)
 PackageVersion: 2.14.0
 PackageDownloadLocation: NOASSERTION
@@ -749,7 +763,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.14.0:*:*:*:*:*
 ##### 
 
 PackageName: rpmfile
-SPDXID: SPDXRef-Package-54-rpmfile
+SPDXID: SPDXRef-Package-55-rpmfile
 PackageSupplier: Person: Sean Ross (srossross@gmail.com)
 PackageVersion: 1.0.8
 PackageDownloadLocation: NOASSERTION
@@ -763,7 +777,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.0.8:*:*:*:*:*:*:*
 ##### 
 
 PackageName: toml
-SPDXID: SPDXRef-Package-55-toml
+SPDXID: SPDXRef-Package-56-toml
 PackageSupplier: Person: William Pearson (uiri@xqz.ca)
 PackageVersion: 0.10.2
 PackageDownloadLocation: NOASSERTION
@@ -777,7 +791,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
 ##### 
 
 PackageName: xmlschema
-SPDXID: SPDXRef-Package-56-xmlschema
+SPDXID: SPDXRef-Package-57-xmlschema
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
 PackageVersion: 2.1.1
 PackageDownloadLocation: NOASSERTION
@@ -791,7 +805,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.1.1:*:*:*:*
 ##### 
 
 PackageName: elementpath
-SPDXID: SPDXRef-Package-57-elementpath
+SPDXID: SPDXRef-Package-58-elementpath
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
 PackageVersion: 3.0.2
 PackageDownloadLocation: NOASSERTION
@@ -805,7 +819,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:3.0.2:*:*:*
 ##### 
 
 PackageName: zstandard
-SPDXID: SPDXRef-Package-58-zstandard
+SPDXID: SPDXRef-Package-59-zstandard
 PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
 PackageVersion: 0.19.0
 PackageDownloadLocation: NOASSERTION
@@ -831,10 +845,10 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-pyyam
 Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-requests
 Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-urllib3
 Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-rich
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-rpmfile
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-toml
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-xmlschema
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-zstandard
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-rpmfile
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-toml
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-xmlschema
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-zstandard
 Relationship: SPDXRef-Package-11-beautifulsoup4 DEPENDS_ON SPDXRef-Package-12-soupsieve
 Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete
 Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod
@@ -894,8 +908,9 @@ Relationship: SPDXRef-Package-48-requests DEPENDS_ON SPDXRef-Package-10-idna
 Relationship: SPDXRef-Package-48-requests DEPENDS_ON SPDXRef-Package-49-certifi
 Relationship: SPDXRef-Package-48-requests DEPENDS_ON SPDXRef-Package-50-urllib3
 Relationship: SPDXRef-Package-48-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer
-Relationship: SPDXRef-Package-51-rich DEPENDS_ON SPDXRef-Package-52-commonmark
-Relationship: SPDXRef-Package-51-rich DEPENDS_ON SPDXRef-Package-53-pygments
-Relationship: SPDXRef-Package-56-xmlschema DEPENDS_ON SPDXRef-Package-57-elementpath
+Relationship: SPDXRef-Package-51-rich DEPENDS_ON SPDXRef-Package-52-markdown-it-py
+Relationship: SPDXRef-Package-51-rich DEPENDS_ON SPDXRef-Package-54-pygments
+Relationship: SPDXRef-Package-52-markdown-it-py DEPENDS_ON SPDXRef-Package-53-mdurl
+Relationship: SPDXRef-Package-57-xmlschema DEPENDS_ON SPDXRef-Package-58-elementpath
 Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-10-idna
 Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-8-multidict