From b8325fea93367fce70d17c5f96ce686f77ea2cc6 Mon Sep 17 00:00:00 2001
From: GitHub <noreply@github.com>
Date: Mon, 18 Sep 2023 00:47:45 +0000
Subject: [PATCH] chore: update SBOM for Python 3.11

---
 sbom/cve-bin-tool-py3.11.json | 45 +++++++++++++++++------------------
 sbom/cve-bin-tool-py3.11.spdx | 45 +++++++++++++++++------------------
 2 files changed, 44 insertions(+), 46 deletions(-)

diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
index 677d607b3d..51de526ecf 100644
--- a/sbom/cve-bin-tool-py3.11.json
+++ b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:c33c137e-c925-410a-9ddd-e50a468eca64",
+  "serialNumber": "urn:uuid:489a6727-abc0-4097-afb5-ff4b6e1042a2",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-09-11T00:25:23Z",
+    "timestamp": "2023-09-18T00:47:43Z",
     "tools": {
       "components": [
         {
@@ -532,7 +532,7 @@
       "type": "library",
       "bom-ref": "17-argcomplete",
       "name": "argcomplete",
-      "version": "3.1.1",
+      "version": "3.1.2",
       "supplier": {
         "name": "Andrey Kislyuk",
         "contact": [
@@ -541,7 +541,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.2:*:*:*:*:*:*:*",
       "description": "Bash tab completion for argparse",
       "licenses": [
         {
@@ -553,12 +553,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/argcomplete/3.1.1",
+          "url": "https://pypi.org/project/argcomplete/3.1.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/argcomplete@3.1.1",
+      "purl": "pkg:pypi/argcomplete@3.1.2",
       "properties": [
         {
           "name": "License Comments",
@@ -1224,7 +1224,7 @@
       "type": "library",
       "bom-ref": "37-google-auth",
       "name": "google-auth",
-      "version": "2.22.0",
+      "version": "2.23.0",
       "supplier": {
         "name": "Google Cloud Platform",
         "contact": [
@@ -1233,7 +1233,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.22.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.23.0:*:*:*:*:*:*:*",
       "description": "Google Authentication Library",
       "licenses": [
         {
@@ -1245,12 +1245,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/google-auth/2.22.0",
+          "url": "https://pypi.org/project/google-auth/2.23.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/google-auth@2.22.0",
+      "purl": "pkg:pypi/google-auth@2.23.0",
       "properties": [
         {
           "name": "License Comments",
@@ -1500,11 +1500,11 @@
       "type": "library",
       "bom-ref": "46-rpds-py",
       "name": "rpds-py",
-      "version": "0.10.2",
+      "version": "0.10.3",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.10.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.10.3:*:*:*:*:*:*:*",
       "description": "Python bindings to Rust's persistent data structures (rpds)",
       "licenses": [
         {
@@ -1516,12 +1516,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/rpds-py/0.10.2",
+          "url": "https://pypi.org/project/rpds-py/0.10.3",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rpds-py@0.10.2"
+      "purl": "pkg:pypi/rpds-py@0.10.3"
     },
     {
       "type": "library",
@@ -1666,7 +1666,7 @@
       "type": "library",
       "bom-ref": "51-plotly",
       "name": "plotly",
-      "version": "5.16.1",
+      "version": "5.17.0",
       "supplier": {
         "name": "Chris P",
         "contact": [
@@ -1675,7 +1675,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:chris_p:plotly:5.16.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:chris_p:plotly:5.17.0:*:*:*:*:*:*:*",
       "description": "An open-source, interactive data visualization library for Python",
       "licenses": [
         {
@@ -1687,12 +1687,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/plotly/5.16.1",
+          "url": "https://pypi.org/project/plotly/5.17.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/plotly@5.16.1"
+      "purl": "pkg:pypi/plotly@5.17.0"
     },
     {
       "type": "library",
@@ -1844,7 +1844,7 @@
       "type": "library",
       "bom-ref": "56-rich",
       "name": "rich",
-      "version": "13.5.2",
+      "version": "13.5.3",
       "supplier": {
         "name": "Will McGugan",
         "contact": [
@@ -1853,7 +1853,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.3:*:*:*:*:*:*:*",
       "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
       "licenses": [
         {
@@ -1865,12 +1865,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/rich/13.5.2",
+          "url": "https://pypi.org/project/rich/13.5.3",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rich@13.5.2"
+      "purl": "pkg:pypi/rich@13.5.3"
     },
     {
       "type": "library",
@@ -2285,7 +2285,6 @@
         "38-cachetools",
         "29-pyasn1-modules",
         "30-rsa",
-        "24-six",
         "39-urllib3"
       ]
     },
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
index 91406a0acd..242f5ef549 100644
--- a/sbom/cve-bin-tool-py3.11.spdx
+++ b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-56ab34bf-ab07-4c3b-8748-f05971ef5275
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-af6f4ddd-cad8-447b-866a-6f84ac610155
 LicenseListVersion: 3.21
 Creator: Tool: sbom4python-0.10.0
-Created: 2023-09-11T00:24:05Z
+Created: 2023-09-18T00:46:10Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -256,18 +256,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:*
 
 PackageName: argcomplete
 SPDXID: SPDXRef-Package-17-argcomplete
-PackageVersion: 3.1.1
+PackageVersion: 3.1.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.1
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.2
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Bash tab completion for argparse</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.1.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: crcmod
@@ -567,18 +567,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
 
 PackageName: google-auth
 SPDXID: SPDXRef-Package-37-google-auth
-PackageVersion: 2.22.0
+PackageVersion: 2.23.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.22.0
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.23.0
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Google Authentication Library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.22.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.22.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.23.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.23.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cachetools
@@ -703,17 +703,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*
 
 PackageName: rpds-py
 SPDXID: SPDXRef-Package-46-rpds-py
-PackageVersion: 0.10.2
+PackageVersion: 0.10.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.10.2
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.10.3
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python bindings to Rust's persistent data structures (rpds)</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.10.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.10.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.10.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.10.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: lib4sbom
@@ -780,17 +780,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut
 
 PackageName: plotly
 SPDXID: SPDXRef-Package-51-plotly
-PackageVersion: 5.16.1
+PackageVersion: 5.17.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/5.16.1
+PackageDownloadLocation: https://pypi.org/project/plotly/5.17.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An open-source, interactive data visualization library for Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.16.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.16.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.17.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: tenacity
@@ -858,17 +858,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*:
 
 PackageName: rich
 SPDXID: SPDXRef-Package-56-rich
-PackageVersion: 13.5.2
+PackageVersion: 13.5.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.5.2
+PackageDownloadLocation: https://pypi.org/project/rich/13.5.3
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.5.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.5.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: markdown-it-py
@@ -1059,7 +1059,6 @@ Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-19-f
 Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-24-six
 Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-25-httplib2
 Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-27-oauth2client
-Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-24-six
 Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-29-pyasn1-modules
 Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-30-rsa
 Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-38-cachetools