Skip to content

Commit

Permalink
chore: update SBOM for Python 3.9 (#4388)
Browse files Browse the repository at this point in the history 
Co-authored-by: GitHub <[email protected]>
  • Loading branch information
@github-actions @web-flow
github-actions[bot] and web-flow authored Aug 26, 2024
1 parent 671285e commit 04b6633
Show file tree
Hide file tree
Showing 2 changed files with 86 additions and 72 deletions.
94 changes: 53 additions & 41 deletions sbom/cve-bin-tool-py3.9.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:a7c4e360-1ac7-4f5a-b5f9-e86512a3016c",
"serialNumber": "urn:uuid:d9b39d3b-6c3f-40c2-92f5-0cb2db8e77c6",
"version": 1,
"metadata": {
"timestamp": "2024-08-19T00:37:24Z",
"timestamp": "2024-08-26T00:36:59Z",
"lifecycles": [
{
"phase": "build"
Expand All @@ -31,7 +31,7 @@
"type": "application",
"bom-ref": "1-cve-bin-tool",
"name": "cve-bin-tool",
"version": "3.3.1.dev0",
"version": "3.4rc0",
"supplier": {
"name": "Terri Oda",
"contact": [
Expand All @@ -40,7 +40,7 @@
}
]
},
"cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc0:*:*:*:*:*:*:*",
"description": "CVE Binary Checker Tool",
"licenses": [
{
Expand All @@ -53,12 +53,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/cve-bin-tool/3.3.1.dev0",
"url": "https://pypi.org/project/cve-bin-tool/3.4rc0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/cve-bin-tool@3.3.1.dev0",
"purl": "pkg:pypi/cve-bin-tool@3.4rc0",
"properties": [
{
"name": "language",
Expand All @@ -74,7 +74,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
"version": "3.10.4",
"version": "3.10.5",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
Expand All @@ -87,12 +87,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/aiohttp/3.10.4",
"url": "https://pypi.org/project/aiohttp/3.10.5",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].4",
"purl": "pkg:pypi/[email protected].5",
"properties": [
{
"name": "language",
Expand All @@ -108,7 +108,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
"version": "2.3.7",
"version": "2.4.0",
"supplier": {
"name": "J. Nick Koston",
"contact": [
Expand All @@ -117,7 +117,7 @@
}
]
},
"cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.7:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.0:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
"licenses": [
{
Expand All @@ -130,12 +130,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/aiohappyeyeballs/2.3.7",
"url": "https://pypi.org/project/aiohappyeyeballs/2.4.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/aiohappyeyeballs@2.3.7",
"purl": "pkg:pypi/aiohappyeyeballs@2.4.0",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -405,7 +405,7 @@
"type": "library",
"bom-ref": "10-idna",
"name": "idna",
"version": "3.7",
"version": "3.8",
"supplier": {
"name": "Kim Davies",
"contact": [
Expand All @@ -414,22 +414,16 @@
}
]
},
"cpe": "cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:kim_davies:idna:3.8:*:*:*:*:*:*:*",
"description": "Internationalized Domain Names in Applications (IDNA)",
"hashes": [
{
"alg": "SHA-1",
"content": "1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/idna/3.7",
"url": "https://pypi.org/project/idna/3.8",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/idna@3.7",
"purl": "pkg:pypi/idna@3.8",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -896,6 +890,12 @@
},
"cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*",
"description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.",
"hashes": [
{
"alg": "SHA-1",
"content": "7dfa0149811e5617fe1428f692a18ab8b8c31ddb"
}
],
"licenses": [
{
"license": {
Expand Down Expand Up @@ -1350,7 +1350,7 @@
"type": "library",
"bom-ref": "31-pyparsing",
"name": "pyparsing",
"version": "3.1.2",
"version": "3.1.4",
"supplier": {
"name": "Paul McGuire",
"contact": [
Expand All @@ -1359,22 +1359,16 @@
}
]
},
"cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:*:*:*",
"description": "pyparsing module - Classes and methods to define and execute parsing grammars",
"hashes": [
{
"alg": "SHA-1",
"content": "7d4bda2743ebc04f68d2594bc4fffc70cd65848f"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/pyparsing/3.1.2",
"url": "https://pypi.org/project/pyparsing/3.1.4",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].2",
"purl": "pkg:pypi/[email protected].4",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -1858,7 +1852,7 @@
"type": "library",
"bom-ref": "42-importlib-metadata",
"name": "importlib-metadata",
"version": "8.2.0",
"version": "8.4.0",
"supplier": {
"name": "Jason R .",
"contact": [
Expand All @@ -1867,16 +1861,16 @@
}
]
},
"cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.2.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.4.0:*:*:*:*:*:*:*",
"description": "Read metadata from Python packages",
"externalReferences": [
{
"url": "https://pypi.org/project/importlib-metadata/8.2.0",
"url": "https://pypi.org/project/importlib-metadata/8.4.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/importlib-metadata@8.2.0",
"purl": "pkg:pypi/importlib-metadata@8.4.0",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -1928,6 +1922,12 @@
"name": "jinja2",
"version": "3.1.4",
"description": "A very fast and expressive template engine.",
"hashes": [
{
"alg": "SHA-1",
"content": "dd4a8b5466d8790540c181590b14db4d4d889d57"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/jinja2/3.1.4",
Expand Down Expand Up @@ -2677,6 +2677,12 @@
},
"cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*",
"description": "Retry code until it succeeds",
"hashes": [
{
"alg": "SHA-1",
"content": "a662bbb487cd6d34541824589f8e8c7a1f7791bb"
}
],
"licenses": [
{
"license": {
Expand Down Expand Up @@ -2982,7 +2988,7 @@
"type": "library",
"bom-ref": "69-setuptools",
"name": "setuptools",
"version": "72.2.0",
"version": "73.0.1",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
Expand All @@ -2991,16 +2997,16 @@
}
]
},
"cpe": "cpe:2.3:a:python_packaging_authority:setuptools:72.2.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:python_packaging_authority:setuptools:73.0.1:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
"url": "https://pypi.org/project/setuptools/72.2.0",
"url": "https://pypi.org/project/setuptools/73.0.1",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/setuptools@72.2.0",
"purl": "pkg:pypi/setuptools@73.0.1",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -3076,6 +3082,12 @@
},
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.2:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"hashes": [
{
"alg": "SHA-1",
"content": "90a7233292cfe5d877110fe369869996a3a25928"
}
],
"licenses": [
{
"license": {
Expand Down
Loading

0 comments on commit 04b6633

Please sign in to comment.