chore: update SBOM for Python 3.12

intel · Sep 9, 2024 · 418812c · 418812c
1 parent c252407
commit 418812c
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 59 deletions.
diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:b1f117ed-2d0e-4be8-99ca-e91c6c6428cc",
+  "serialNumber": "urn:uuid:367ddd06-a366-4087-807c-bd9008ef9a74",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-09-02T00:35:23Z",
+    "timestamp": "2024-09-09T00:37:04Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -31,7 +31,7 @@
       "type": "application",
       "bom-ref": "1-cve-bin-tool",
       "name": "cve-bin-tool",
-      "version": "3.4rc1",
+      "version": "3.4",
       "supplier": {
         "name": "Terri Oda",
         "contact": [
@@ -40,7 +40,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*",
       "description": "CVE Binary Checker Tool",
       "licenses": [
         {
@@ -53,12 +53,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cve-bin-tool/3.4rc1",
+          "url": "https://pypi.org/project/cve-bin-tool/3.4",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cve-bin-tool@3.4rc1",
+      "purl": "pkg:pypi/cve-bin-tool@3.4",
       "properties": [
         {
           "name": "language",
@@ -313,7 +313,7 @@
       "type": "library",
       "bom-ref": "8-yarl",
       "name": "yarl",
-      "version": "1.9.7",
+      "version": "1.11.0",
       "supplier": {
         "name": "Andrew Svetlov",
         "contact": [
@@ -322,7 +322,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.7:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.11.0:*:*:*:*:*:*:*",
       "description": "Yet another URL library",
       "licenses": [
         {
@@ -335,12 +335,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/yarl/1.9.7",
+          "url": "https://pypi.org/project/yarl/1.11.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/yarl@1.9.7",
+      "purl": "pkg:pypi/yarl@1.11.0",
       "properties": [
         {
           "name": "language",
@@ -473,7 +473,7 @@
       "type": "library",
       "bom-ref": "12-cvss",
       "name": "cvss",
-      "version": "3.1",
+      "version": "3.2",
       "supplier": {
         "name": "Stanislav Red Hat Product Security",
         "contact": [
@@ -482,14 +482,8 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*",
       "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -501,12 +495,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cvss/3.1",
+          "url": "https://pypi.org/project/cvss/3.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cvss@3.1",
+      "purl": "pkg:pypi/cvss@3.2",
       "properties": [
         {
           "name": "language",
@@ -1531,7 +1525,7 @@
       "type": "library",
       "bom-ref": "35-cryptography",
       "name": "cryptography",
-      "version": "43.0.0",
+      "version": "43.0.1",
       "supplier": {
         "name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
         "contact": [
@@ -1540,7 +1534,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
       "licenses": [
         {
@@ -1549,12 +1543,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cryptography/43.0.0",
+          "url": "https://pypi.org/project/cryptography/43.0.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].0",
+      "purl": "pkg:pypi/[email protected].1",
       "properties": [
         {
           "name": "language",
@@ -1570,7 +1564,7 @@
       "type": "library",
       "bom-ref": "36-cffi",
       "name": "cffi",
-      "version": "1.17.0",
+      "version": "1.17.1",
       "supplier": {
         "name": "Armin Maciej Fijalkowski",
         "contact": [
@@ -1579,7 +1573,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
       "description": "Foreign Function Interface for Python calling C code.",
       "licenses": [
         {
@@ -1592,12 +1586,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cffi/1.17.0",
+          "url": "https://pypi.org/project/cffi/1.17.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].0",
+      "purl": "pkg:pypi/[email protected].1",
       "properties": [
         {
           "name": "language",
@@ -2871,7 +2865,7 @@
       "type": "library",
       "bom-ref": "66-setuptools",
       "name": "setuptools",
-      "version": "74.0.0",
+      "version": "74.1.2",
       "supplier": {
         "name": "Python Packaging Authority",
         "contact": [
@@ -2880,16 +2874,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:74.0.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:74.1.2:*:*:*:*:*:*:*",
       "description": "Easily download, build, install, upgrade, and uninstall Python packages",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/setuptools/74.0.0",
+          "url": "https://pypi.org/project/setuptools/74.1.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/setuptools@74.0.0",
+      "purl": "pkg:pypi/setuptools@74.1.2",
       "properties": [
         {
           "name": "language",

diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,26 +2,26 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-ef020a48-2e0c-4106-8ee5-6ade813bf11c
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-41bf0b8b-5305-4897-bb42-f8931ff3d31a
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.11.1
-Created: 2024-09-02T00:34:08Z
+Created: 2024-09-09T00:36:02Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
 PackageName: cve-bin-tool
 SPDXID: SPDXRef-Package-1-cve-bin-tool
-PackageVersion: 3.4rc1
+PackageVersion: 3.4
 PrimaryPackagePurpose: APPLICATION
 PackageSupplier: Person: Terri Oda ([email protected])
-PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4rc1
+PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4
 FilesAnalyzed: false
 PackageLicenseDeclared: GPL-3.0-or-later
 PackageLicenseConcluded: GPL-3.0-or-later
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>CVE Binary Checker Tool</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4rc1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*
 ##### 
 
 PackageName: aiohttp
@@ -119,17 +119,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:*
 
 PackageName: yarl
 SPDXID: SPDXRef-Package-8-yarl
-PackageVersion: 1.9.7
+PackageVersion: 1.11.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrew Svetlov ([email protected])
-PackageDownloadLocation: https://pypi.org/project/yarl/1.9.7
+PackageDownloadLocation: https://pypi.org/project/yarl/1.11.0
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Yet another URL library</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.9.7
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.7:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.11.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.11.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: idna
@@ -181,19 +181,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
 
 PackageName: cvss
 SPDXID: SPDXRef-Package-12-cvss
-PackageVersion: 3.1
+PackageVersion: 3.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Stanislav Red Hat Product Security ([email protected])
-PackageDownloadLocation: https://pypi.org/project/cvss/3.1
+PackageDownloadLocation: https://pypi.org/project/cvss/3.2
 FilesAnalyzed: false
-PackageChecksum: SHA1: e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: LGPL-3.0-or-later
 PackageLicenseComments: <text>cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>CVSS2/3/4 library with interactive calculator for Python 2 and Python 3</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: defusedxml
@@ -553,32 +552,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.
 
 PackageName: cryptography
 SPDXID: SPDXRef-Package-35-cryptography
-PackageVersion: 43.0.0
+PackageVersion: 43.0.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors ([email protected])
-PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.0
+PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.1
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
 PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
 SPDXID: SPDXRef-Package-36-cffi
-PackageVersion: 1.17.0
+PackageVersion: 1.17.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Armin Maciej Fijalkowski ([email protected])
-PackageDownloadLocation: https://pypi.org/project/cffi/1.17.0
+PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Foreign Function Interface for Python calling C code.</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: pycparser
@@ -1039,17 +1038,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
 
 PackageName: setuptools
 SPDXID: SPDXRef-Package-66-setuptools
-PackageVersion: 74.0.0
+PackageVersion: 74.1.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Python Packaging Authority ([email protected])
-PackageDownloadLocation: https://pypi.org/project/setuptools/74.0.0
+PackageDownloadLocation: https://pypi.org/project/setuptools/74.1.2
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Easily download, build, install, upgrade, and uninstall Python packages</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@74.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:74.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@74.1.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:74.1.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: xmlschema