chore: update SBOM for Python 3.9

ffontaine · Mar 27, 2023 · 8203a31 · 8203a31
1 parent 7c9a67d
commit 8203a31
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 53 deletions.
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid2babf721-0a60-4159-91d4-35bf56434a06",
+  "serialNumber": "urn:uuide3087900-9f6b-4959-8178-b51b4ae067b3",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-03-20T00:29:48Z",
+    "timestamp": "2023-03-27T00:54:24Z",
     "tools": [
       {
         "name": "sbom4python",
@@ -301,7 +301,7 @@
       "type": "library",
       "bom-ref": "11-beautifulsoup4",
       "name": "beautifulsoup4",
-      "version": "4.11.2",
+      "version": "4.12.0",
       "supplier": {
         "name": "Leonard Richardson",
         "contact": [
@@ -310,7 +310,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.11.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.0:*:*:*:*:*:*:*",
       "description": "Screen-scraping library",
       "licenses": [
         {
@@ -327,7 +327,7 @@
           "comment": "Home page for project"
         }
       ],
-      "purl": "pkg:pypi/beautifulsoup4@4.11.2"
+      "purl": "pkg:pypi/beautifulsoup4@4.12.0"
     },
     {
       "type": "library",
@@ -476,7 +476,7 @@
       "type": "library",
       "bom-ref": "17-argcomplete",
       "name": "argcomplete",
-      "version": "3.0.0",
+      "version": "3.0.5",
       "supplier": {
         "name": "Andrey Kislyuk",
         "contact": [
@@ -485,7 +485,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.5:*:*:*:*:*:*:*",
       "description": "Bash tab completion for argparse",
       "licenses": [
         {
@@ -502,7 +502,7 @@
           "comment": "Home page for project"
         }
       ],
-      "purl": "pkg:pypi/argcomplete@3.0.0"
+      "purl": "pkg:pypi/argcomplete@3.0.5"
     },
     {
       "type": "library",
@@ -901,7 +901,7 @@
       "type": "library",
       "bom-ref": "31-pyopenssl",
       "name": "pyopenssl",
-      "version": "23.0.0",
+      "version": "23.1.0",
       "supplier": {
         "name": "The pyOpenSSL developers",
         "contact": [
@@ -910,7 +910,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.0.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.1.0:*:*:*:*:*:*:*",
       "description": "Python wrapper module around the OpenSSL library",
       "licenses": [
         {
@@ -927,13 +927,13 @@
           "comment": "Home page for project"
         }
       ],
-      "purl": "pkg:pypi/pyopenssl@23.0.0"
+      "purl": "pkg:pypi/pyopenssl@23.1.0"
     },
     {
       "type": "library",
       "bom-ref": "32-cryptography",
       "name": "cryptography",
-      "version": "39.0.2",
+      "version": "40.0.1",
       "supplier": {
         "name": "The Python Cryptographic Authority and individual contributors",
         "contact": [
@@ -942,7 +942,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:40.0.1:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
       "licenses": [
         {
@@ -958,7 +958,7 @@
           "comment": "Home page for project"
         }
       ],
-      "purl": "pkg:pypi/cryptography@39.0.2"
+      "purl": "pkg:pypi/cryptography@40.0.1"
     },
     {
       "type": "library",
@@ -1091,7 +1091,7 @@
       "type": "library",
       "bom-ref": "37-google-auth",
       "name": "google-auth",
-      "version": "2.16.2",
+      "version": "2.16.3",
       "supplier": {
         "name": "Google Cloud Platform",
         "contact": [
@@ -1100,7 +1100,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.16.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.16.3:*:*:*:*:*:*:*",
       "description": "Google Authentication Library",
       "licenses": [
         {
@@ -1117,7 +1117,7 @@
           "comment": "Home page for project"
         }
       ],
-      "purl": "pkg:pypi/google-auth@2.16.2"
+      "purl": "pkg:pypi/google-auth@2.16.3"
     },
     {
       "type": "library",
@@ -1671,7 +1671,7 @@
       "type": "library",
       "bom-ref": "57-rpmfile",
       "name": "rpmfile",
-      "version": "1.0.8",
+      "version": "1.1.1",
       "supplier": {
         "name": "Sean Ross",
         "contact": [
@@ -1680,7 +1680,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:sean_ross:rpmfile:1.0.8:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:*",
       "description": "Read rpm archive files",
       "licenses": [
         {
@@ -1697,7 +1697,7 @@
           "comment": "Home page for project"
         }
       ],
-      "purl": "pkg:pypi/rpmfile@1.0.8"
+      "purl": "pkg:pypi/rpmfile@1.1.1"
     },
     {
       "type": "library",
@@ -1767,7 +1767,7 @@
       "type": "library",
       "bom-ref": "60-elementpath",
       "name": "elementpath",
-      "version": "4.0.1",
+      "version": "4.1.0",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -1776,7 +1776,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.0.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.0:*:*:*:*:*:*:*",
       "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
       "licenses": [
         {
@@ -1793,7 +1793,7 @@
           "comment": "Home page for project"
         }
       ],
-      "purl": "pkg:pypi/elementpath@4.0.1"
+      "purl": "pkg:pypi/elementpath@4.1.0"
     },
     {
       "type": "library",

diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-832bc5f4-f43b-4339-b9b1-f09dcccac1cb
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-6e337958-8fec-4121-89ae-617709b87bbb
 LicenseListVersion: 3.20
 Creator: Tool: sbom4python-0.8.0
-Created: 2023-03-20T00:28:21Z
+Created: 2023-03-27T00:53:14Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -157,17 +157,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.4:*:*:*:*:*:*:*
 
 PackageName: beautifulsoup4
 SPDXID: SPDXRef-Package-11-beautifulsoup4
-PackageVersion: 4.11.2
+PackageVersion: 4.12.0
 PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
-PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.11.2
+PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.0
 FilesAnalyzed: false
 PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/
 PackageLicenseConcluded: MIT
 PackageLicenseDeclared: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: Screen-scraping library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.11.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.11.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.12.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: soupsieve
@@ -246,17 +246,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.21:*:*:*:*:*:*:*
 
 PackageName: argcomplete
 SPDXID: SPDXRef-Package-17-argcomplete
-PackageVersion: 3.0.0
+PackageVersion: 3.0.5
 PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.0.0
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.0.5
 FilesAnalyzed: false
 PackageHomePage: https://github.com/kislyuk/argcomplete
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseDeclared: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.0.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.5:*:*:*:*:*:*:*
 ##### 
 
 PackageName: crcmod
@@ -455,32 +455,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*
 
 PackageName: pyopenssl
 SPDXID: SPDXRef-Package-31-pyopenssl
-PackageVersion: 23.0.0
+PackageVersion: 23.1.0
 PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.0.0
+PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.1.0
 FilesAnalyzed: false
 PackageHomePage: https://pyopenssl.org/
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseDeclared: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: Python wrapper module around the OpenSSL library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.1.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cryptography
 SPDXID: SPDXRef-Package-32-cryptography
-PackageVersion: 39.0.2
+PackageVersion: 40.0.1
 PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/39.0.2
+PackageDownloadLocation: https://pypi.org/project/cryptography/40.0.1
 FilesAnalyzed: false
 PackageHomePage: https://github.com/pyca/cryptography
 PackageLicenseConcluded: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0
 PackageLicenseDeclared: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@39.0.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@40.0.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:40.0.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
@@ -545,17 +545,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
 
 PackageName: google-auth
 SPDXID: SPDXRef-Package-37-google-auth
-PackageVersion: 2.16.2
+PackageVersion: 2.16.3
 PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.16.2
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.16.3
 FilesAnalyzed: false
 PackageHomePage: https://github.com/googleapis/google-auth-library-python
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseDeclared: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.16.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.16.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.16.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.16.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cachetools
@@ -842,17 +842,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.14.0:*:*:*:*:*
 
 PackageName: rpmfile
 SPDXID: SPDXRef-Package-57-rpmfile
-PackageVersion: 1.0.8
+PackageVersion: 1.1.1
 PackageSupplier: Person: Sean Ross (srossross@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rpmfile/1.0.8
+PackageDownloadLocation: https://pypi.org/project/rpmfile/1.1.1
 FilesAnalyzed: false
 PackageHomePage: https://github.com/srossross/rpmfile
 PackageLicenseConcluded: MIT
 PackageLicenseDeclared: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: Read rpm archive files
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@1.0.8
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.0.8:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@1.1.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: toml
@@ -887,17 +887,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.2:*:*:*:*
 
 PackageName: elementpath
 SPDXID: SPDXRef-Package-60-elementpath
-PackageVersion: 4.0.1
+PackageVersion: 4.1.0
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.0.1
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.0
 FilesAnalyzed: false
 PackageHomePage: https://github.com/sissaschool/elementpath
 PackageLicenseConcluded: MIT
 PackageLicenseDeclared: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.0.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.0.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: zstandard