diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index d29d21dffa..6f8568d125 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4", - "serialNumber": "urn:uuid9a54c30e-2760-4497-8e49-5aea37a0bf84", + "serialNumber": "urn:uuid8b7b877f-0fc5-4821-b28b-385f345ab2ce", "version": 1, "metadata": { - "timestamp": "2023-01-16T00:27:02Z", + "timestamp": "2023-01-23T00:55:53Z", "tools": [ { "name": "sbom4python", @@ -561,9 +561,9 @@ "type": "library", "bom-ref": "38-cachetools", "name": "cachetools", - "version": "5.2.1", + "version": "5.3.0", "author": "Thomas Kemmer", - "cpe": "cpe:/a:thomas_kemmer:cachetools:5.2.1", + "cpe": "cpe:/a:thomas_kemmer:cachetools:5.3.0", "licenses": [ { "license": { @@ -572,7 +572,7 @@ } } ], - "purl": "pkg:pypi/cachetools@5.2.1" + "purl": "pkg:pypi/cachetools@5.3.0" }, { "type": "library", @@ -604,9 +604,9 @@ "type": "library", "bom-ref": "41-markupsafe", "name": "markupsafe", - "version": "2.1.1", + "version": "2.1.2", "author": "Armin Ronacher", - "cpe": "cpe:/a:armin_ronacher:markupsafe:2.1.1", + "cpe": "cpe:/a:armin_ronacher:markupsafe:2.1.2", "licenses": [ { "license": { @@ -615,7 +615,7 @@ } } ], - "purl": "pkg:pypi/markupsafe@2.1.1" + "purl": "pkg:pypi/markupsafe@2.1.2" }, { "type": "library", @@ -766,9 +766,9 @@ "type": "library", "bom-ref": "51-rich", "name": "rich", - "version": "13.1.0", + "version": "13.2.0", "author": "Will McGugan", - "cpe": "cpe:/a:will_mcgugan:rich:13.1.0", + "cpe": "cpe:/a:will_mcgugan:rich:13.2.0", "licenses": [ { "license": { @@ -777,28 +777,29 @@ } } ], - "purl": "pkg:pypi/rich@13.1.0" + "purl": "pkg:pypi/rich@13.2.0" }, { "type": "library", - "bom-ref": "52-commonmark", - "name": "commonmark", - "version": "0.9.1", - "author": "Bibek Kafle Roland Shoemaker", - "cpe": "cpe:/a:bibek_kafle_roland_shoemaker:commonmark:0.9.1", - "licenses": [ - { - "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause" - } - } - ], - "purl": "pkg:pypi/commonmark@0.9.1" + "bom-ref": "52-markdown-it-py", + "name": "markdown-it-py", + "version": "2.1.0", + "author": "Chris Sewell", + "cpe": "cpe:/a:chris_sewell:markdown-it-py:2.1.0", + "purl": "pkg:pypi/markdown-it-py@2.1.0" + }, + { + "type": "library", + "bom-ref": "53-mdurl", + "name": "mdurl", + "version": "0.1.2", + "author": "Taneli Hukkinen", + "cpe": "cpe:/a:taneli_hukkinen:mdurl:0.1.2", + "purl": "pkg:pypi/mdurl@0.1.2" }, { "type": "library", - "bom-ref": "53-pygments", + "bom-ref": "54-pygments", "name": "pygments", "version": "2.14.0", "author": "Georg Brandl", @@ -815,7 +816,7 @@ }, { "type": "library", - "bom-ref": "54-rpmfile", + "bom-ref": "55-rpmfile", "name": "rpmfile", "version": "1.0.8", "author": "Sean Ross", @@ -832,7 +833,7 @@ }, { "type": "library", - "bom-ref": "55-toml", + "bom-ref": "56-toml", "name": "toml", "version": "0.10.2", "author": "William Pearson", @@ -849,7 +850,7 @@ }, { "type": "library", - "bom-ref": "56-xmlschema", + "bom-ref": "57-xmlschema", "name": "xmlschema", "version": "2.1.1", "author": "Davide Brunato", @@ -866,7 +867,7 @@ }, { "type": "library", - "bom-ref": "57-elementpath", + "bom-ref": "58-elementpath", "name": "elementpath", "version": "3.0.2", "author": "Davide Brunato", @@ -883,7 +884,7 @@ }, { "type": "library", - "bom-ref": "58-zstandard", + "bom-ref": "59-zstandard", "name": "zstandard", "version": "0.19.0", "author": "Gregory Szorc", @@ -908,11 +909,11 @@ "47-pyyaml", "48-requests", "51-rich", - "54-rpmfile", - "55-toml", + "55-rpmfile", + "56-toml", "50-urllib3", - "56-xmlschema", - "58-zstandard" + "57-xmlschema", + "59-zstandard" ] }, { @@ -1089,14 +1090,20 @@ { "ref": "51-rich", "dependsOn": [ - "52-commonmark", - "53-pygments" + "52-markdown-it-py", + "54-pygments" + ] + }, + { + "ref": "52-markdown-it-py", + "dependsOn": [ + "53-mdurl" ] }, { - "ref": "56-xmlschema", + "ref": "57-xmlschema", "dependsOn": [ - "57-elementpath" + "58-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index d9ee0a5e0f..ab9bd54c0f 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.2 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-f73ba499-6d61-4f43-a4bd-553c0acb2ebf +DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-09388f89-79e9-40ad-b3b4-b43df6bb2472 LicenseListVersion: 3.18 Creator: Tool: sbom4python-0.7.0 -Created: 2023-01-16T00:26:00Z +Created: 2023-01-23T00:54:50Z CreatorComment: This document has been automatically generated. ##### @@ -527,15 +527,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.16 PackageName: cachetools SPDXID: SPDXRef-Package-38-cachetools PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageVersion: 5.2.1 +PackageVersion: 5.3.0 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license MIT PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.2.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.2.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.0:*:*:*:*:*:*:* ##### PackageName: monotonic @@ -569,15 +569,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*: PackageName: markupsafe SPDXID: SPDXRef-Package-41-markupsafe PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com) -PackageVersion: 2.1.1 +PackageVersion: 2.1.2 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageLicenseDeclared: BSD-3-Clause PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:markupsafe:2.1.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:markupsafe:2.1.2:*:*:*:*:*:*:* ##### PackageName: jsonschema @@ -709,33 +709,47 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.14:*:*:*:*: PackageName: rich SPDXID: SPDXRef-Package-51-rich PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageVersion: 13.1.0 +PackageVersion: 13.2.0 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license MIT PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.2.0:*:*:*:*:*:*:* ##### -PackageName: commonmark -SPDXID: SPDXRef-Package-52-commonmark -PackageSupplier: Organization: Bibek Kafle Roland Shoemaker (rolandshoemaker@gmail.com) -PackageVersion: 0.9.1 +PackageName: markdown-it-py +SPDXID: SPDXRef-Package-52-markdown-it-py +PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) +PackageVersion: 2.1.0 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false -##### Reported license BSD-3-Clause -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseDeclared: BSD-3-Clause +##### Reported license +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION +PackageCopyrightText: NOASSERTION +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markdown-it-py@2.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:2.1.0:*:*:*:*:*:*:* +##### + +PackageName: mdurl +SPDXID: SPDXRef-Package-53-mdurl +PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) +PackageVersion: 0.1.2 +PackageDownloadLocation: NOASSERTION +FilesAnalyzed: false +##### Reported license +PackageLicenseConcluded: NOASSERTION +PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/commonmark@0.9.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:bibek_kafle_roland_shoemaker:commonmark:0.9.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/mdurl@0.1.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:* ##### PackageName: pygments -SPDXID: SPDXRef-Package-53-pygments +SPDXID: SPDXRef-Package-54-pygments PackageSupplier: Person: Georg Brandl (georg@python.org) PackageVersion: 2.14.0 PackageDownloadLocation: NOASSERTION @@ -749,7 +763,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.14.0:*:*:*:*:* ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-54-rpmfile +SPDXID: SPDXRef-Package-55-rpmfile PackageSupplier: Person: Sean Ross (srossross@gmail.com) PackageVersion: 1.0.8 PackageDownloadLocation: NOASSERTION @@ -763,7 +777,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.0.8:*:*:*:*:*:*:* ##### PackageName: toml -SPDXID: SPDXRef-Package-55-toml +SPDXID: SPDXRef-Package-56-toml PackageSupplier: Person: William Pearson (uiri@xqz.ca) PackageVersion: 0.10.2 PackageDownloadLocation: NOASSERTION @@ -777,7 +791,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: ##### PackageName: xmlschema -SPDXID: SPDXRef-Package-56-xmlschema +SPDXID: SPDXRef-Package-57-xmlschema PackageSupplier: Person: Davide Brunato (brunato@sissa.it) PackageVersion: 2.1.1 PackageDownloadLocation: NOASSERTION @@ -791,7 +805,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.1.1:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-57-elementpath +SPDXID: SPDXRef-Package-58-elementpath PackageSupplier: Person: Davide Brunato (brunato@sissa.it) PackageVersion: 3.0.2 PackageDownloadLocation: NOASSERTION @@ -805,7 +819,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:3.0.2:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-58-zstandard +SPDXID: SPDXRef-Package-59-zstandard PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) PackageVersion: 0.19.0 PackageDownloadLocation: NOASSERTION @@ -831,10 +845,10 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-pyyam Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-requests Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-urllib3 Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-toml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-zstandard +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-toml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-zstandard Relationship: SPDXRef-Package-11-beautifulsoup4 DEPENDS_ON SPDXRef-Package-12-soupsieve Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod @@ -894,8 +908,9 @@ Relationship: SPDXRef-Package-48-requests DEPENDS_ON SPDXRef-Package-10-idna Relationship: SPDXRef-Package-48-requests DEPENDS_ON SPDXRef-Package-49-certifi Relationship: SPDXRef-Package-48-requests DEPENDS_ON SPDXRef-Package-50-urllib3 Relationship: SPDXRef-Package-48-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer -Relationship: SPDXRef-Package-51-rich DEPENDS_ON SPDXRef-Package-52-commonmark -Relationship: SPDXRef-Package-51-rich DEPENDS_ON SPDXRef-Package-53-pygments -Relationship: SPDXRef-Package-56-xmlschema DEPENDS_ON SPDXRef-Package-57-elementpath +Relationship: SPDXRef-Package-51-rich DEPENDS_ON SPDXRef-Package-52-markdown-it-py +Relationship: SPDXRef-Package-51-rich DEPENDS_ON SPDXRef-Package-54-pygments +Relationship: SPDXRef-Package-52-markdown-it-py DEPENDS_ON SPDXRef-Package-53-mdurl +Relationship: SPDXRef-Package-57-xmlschema DEPENDS_ON SPDXRef-Package-58-elementpath Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-10-idna Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-8-multidict