From 3ceeeb0e9c4e6ff6512e2f1f3cc0e70c59ab62fc Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 7 Aug 2023 01:01:04 +0000 Subject: [PATCH] chore: update SBOM for Python 3.8 --- sbom/cve-bin-tool-py3.8.json | 52 ++++++++++++++++++------------------ sbom/cve-bin-tool-py3.8.spdx | 52 ++++++++++++++++++------------------ 2 files changed, 52 insertions(+), 52 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index 7bc8f425b6..5085398b8f 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5", - "serialNumber": "urn:uuidb0b9a9ed-5af2-4fc7-b352-6af31df7b6ae", + "serialNumber": "urn:uuidd6f17b21-d3b2-4528-bee5-76e137998772", "version": 1, "metadata": { - "timestamp": "2023-07-31T00:30:17Z", + "timestamp": "2023-08-07T01:01:03Z", "tools": { "components": [ { @@ -1053,7 +1053,7 @@ "type": "library", "bom-ref": "32-cryptography", "name": "cryptography", - "version": "41.0.2", + "version": "41.0.3", "supplier": { "name": "The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1062,7 +1062,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1073,12 +1073,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cryptography/41.0.2", + "url": "https://pypi.org/project/cryptography/41.0.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@41.0.2" + "purl": "pkg:pypi/cryptography@41.0.3" }, { "type": "library", @@ -1491,11 +1491,11 @@ "type": "library", "bom-ref": "46-jsonschema", "name": "jsonschema", - "version": "4.18.4", + "version": "4.18.6", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", "licenses": [ { @@ -1507,12 +1507,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema/4.18.4", + "url": "https://pypi.org/project/jsonschema/4.18.6", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema@4.18.4" + "purl": "pkg:pypi/jsonschema@4.18.6" }, { "type": "library", @@ -1545,11 +1545,11 @@ "type": "library", "bom-ref": "48-referencing", "name": "referencing", - "version": "0.30.0", + "version": "0.30.2", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:referencing:0.30.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:*", "description": "JSON Referencing + Python", "licenses": [ { @@ -1561,12 +1561,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/referencing/0.30.0", + "url": "https://pypi.org/project/referencing/0.30.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/referencing@0.30.0" + "purl": "pkg:pypi/referencing@0.30.2" }, { "type": "library", @@ -1623,7 +1623,7 @@ "type": "library", "bom-ref": "51-lib4sbom", "name": "lib4sbom", - "version": "0.4.0", + "version": "0.4.1", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -1632,7 +1632,7 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", "licenses": [ { @@ -1644,12 +1644,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4sbom/0.4.0", + "url": "https://pypi.org/project/lib4sbom/0.4.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.4.0" + "purl": "pkg:pypi/lib4sbom@0.4.1" }, { "type": "library", @@ -1940,7 +1940,7 @@ "type": "library", "bom-ref": "60-rich", "name": "rich", - "version": "13.5.0", + "version": "13.5.2", "supplier": { "name": "Will McGugan", "contact": [ @@ -1949,7 +1949,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -1961,12 +1961,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rich/13.5.0", + "url": "https://pypi.org/project/rich/13.5.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.5.0" + "purl": "pkg:pypi/rich@13.5.2" }, { "type": "library", @@ -2020,7 +2020,7 @@ "type": "library", "bom-ref": "63-pygments", "name": "pygments", - "version": "2.15.1", + "version": "2.16.1", "supplier": { "name": "Georg Brandl", "contact": [ @@ -2029,7 +2029,7 @@ } ] }, - "cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:*", "description": "Pygments is a syntax highlighting package written in Python.", "licenses": [ { @@ -2041,12 +2041,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.15.1", + "url": "https://pypi.org/project/Pygments/2.16.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pygments@2.15.1" + "purl": "pkg:pypi/pygments@2.16.1" }, { "type": "library", diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index 1b34939698..fcf4e43cdb 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-936fd797-5b9a-4dc0-aa03-d245a01f264a +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4ebe989f-e3b4-43e2-996a-aee6d2303adf LicenseListVersion: 3.21 Creator: Tool: sbom4python-0.10.0 -Created: 2023-07-31T00:28:01Z +Created: 2023-08-07T00:59:13Z CreatorComment: This document has been automatically generated. ##### @@ -490,17 +490,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23. PackageName: cryptography SPDXID: SPDXRef-Package-32-cryptography -PackageVersion: 41.0.2 +PackageVersion: 41.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.2 +PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.3 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:* ##### PackageName: cffi @@ -703,17 +703,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3 PackageName: jsonschema SPDXID: SPDXRef-Package-46-jsonschema -PackageVersion: 4.18.4 +PackageVersion: 4.18.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.4 +PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.6 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.6 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:* ##### PackageName: jsonschema-specifications @@ -733,17 +733,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification PackageName: referencing SPDXID: SPDXRef-Package-48-referencing -PackageVersion: 0.30.0 +PackageVersion: 0.30.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/referencing/0.30.0 +PackageDownloadLocation: https://pypi.org/project/referencing/0.30.2 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.30.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.30.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:* ##### PackageName: rpds-py @@ -778,17 +778,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.1 PackageName: lib4sbom SPDXID: SPDXRef-Package-51-lib4sbom -PackageVersion: 0.4.0 +PackageVersion: 0.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.0 +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.1 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:* ##### PackageName: pyyaml @@ -918,17 +918,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*: PackageName: rich SPDXID: SPDXRef-Package-60-rich -PackageVersion: 13.5.0 +PackageVersion: 13.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.5.0 +PackageDownloadLocation: https://pypi.org/project/rich/13.5.2 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.5.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -963,17 +963,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: PackageName: pygments SPDXID: SPDXRef-Package-63-pygments -PackageVersion: 2.15.1 +PackageVersion: 2.16.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.15.1 +PackageDownloadLocation: https://pypi.org/project/Pygments/2.16.1 FilesAnalyzed: false PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.15.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.16.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:* ##### PackageName: typing-extensions