From 5eb0edd07b92cd5de1670ffc90f408ccf4e482a5 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 7 Aug 2023 01:14:29 +0000 Subject: [PATCH] chore: update SBOM for Python 3.10 --- sbom/cve-bin-tool-py3.10.json | 52 +++++++++++++++++------------------ sbom/cve-bin-tool-py3.10.spdx | 52 +++++++++++++++++------------------ 2 files changed, 52 insertions(+), 52 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index c5be4b3ca1..c01318d5e9 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5", - "serialNumber": "urn:uuid73b51cbf-2d71-4b00-aca6-b31391cbe10d", + "serialNumber": "urn:uuide3e05b88-20fe-4fb4-a70a-7a988a30a646", "version": 1, "metadata": { - "timestamp": "2023-07-31T00:28:17Z", + "timestamp": "2023-08-07T01:14:28Z", "tools": { "components": [ { @@ -1053,7 +1053,7 @@ "type": "library", "bom-ref": "32-cryptography", "name": "cryptography", - "version": "41.0.2", + "version": "41.0.3", "supplier": { "name": "The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1062,7 +1062,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1073,12 +1073,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cryptography/41.0.2", + "url": "https://pypi.org/project/cryptography/41.0.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@41.0.2" + "purl": "pkg:pypi/cryptography@41.0.3" }, { "type": "library", @@ -1419,11 +1419,11 @@ "type": "library", "bom-ref": "43-jsonschema", "name": "jsonschema", - "version": "4.18.4", + "version": "4.18.6", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", "licenses": [ { @@ -1435,12 +1435,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema/4.18.4", + "url": "https://pypi.org/project/jsonschema/4.18.6", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema@4.18.4" + "purl": "pkg:pypi/jsonschema@4.18.6" }, { "type": "library", @@ -1473,11 +1473,11 @@ "type": "library", "bom-ref": "45-referencing", "name": "referencing", - "version": "0.30.0", + "version": "0.30.2", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:referencing:0.30.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:*", "description": "JSON Referencing + Python", "licenses": [ { @@ -1489,12 +1489,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/referencing/0.30.0", + "url": "https://pypi.org/project/referencing/0.30.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/referencing@0.30.0" + "purl": "pkg:pypi/referencing@0.30.2" }, { "type": "library", @@ -1527,7 +1527,7 @@ "type": "library", "bom-ref": "47-lib4sbom", "name": "lib4sbom", - "version": "0.4.0", + "version": "0.4.1", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -1536,7 +1536,7 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", "licenses": [ { @@ -1548,12 +1548,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4sbom/0.4.0", + "url": "https://pypi.org/project/lib4sbom/0.4.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.4.0" + "purl": "pkg:pypi/lib4sbom@0.4.1" }, { "type": "library", @@ -1844,7 +1844,7 @@ "type": "library", "bom-ref": "56-rich", "name": "rich", - "version": "13.5.0", + "version": "13.5.2", "supplier": { "name": "Will McGugan", "contact": [ @@ -1853,7 +1853,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -1865,12 +1865,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rich/13.5.0", + "url": "https://pypi.org/project/rich/13.5.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.5.0" + "purl": "pkg:pypi/rich@13.5.2" }, { "type": "library", @@ -1924,7 +1924,7 @@ "type": "library", "bom-ref": "59-pygments", "name": "pygments", - "version": "2.15.1", + "version": "2.16.1", "supplier": { "name": "Georg Brandl", "contact": [ @@ -1933,7 +1933,7 @@ } ] }, - "cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:*", "description": "Pygments is a syntax highlighting package written in Python.", "licenses": [ { @@ -1945,12 +1945,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.15.1", + "url": "https://pypi.org/project/Pygments/2.16.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pygments@2.15.1" + "purl": "pkg:pypi/pygments@2.16.1" }, { "type": "library", diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index bc8078b12f..c5385189c3 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-01fca005-4c52-48a2-88cc-157ddb47cb6d +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-d5127a7d-b857-4821-a5d3-57951445c898 LicenseListVersion: 3.21 Creator: Tool: sbom4python-0.10.0 -Created: 2023-07-31T00:27:01Z +Created: 2023-08-07T01:12:54Z CreatorComment: This document has been automatically generated. ##### @@ -490,17 +490,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23. PackageName: cryptography SPDXID: SPDXRef-Package-32-cryptography -PackageVersion: 41.0.2 +PackageVersion: 41.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.2 +PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.3 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:* ##### PackageName: cffi @@ -658,17 +658,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3 PackageName: jsonschema SPDXID: SPDXRef-Package-43-jsonschema -PackageVersion: 4.18.4 +PackageVersion: 4.18.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.4 +PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.6 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.6 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:* ##### PackageName: jsonschema-specifications @@ -688,17 +688,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification PackageName: referencing SPDXID: SPDXRef-Package-45-referencing -PackageVersion: 0.30.0 +PackageVersion: 0.30.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/referencing/0.30.0 +PackageDownloadLocation: https://pypi.org/project/referencing/0.30.2 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.30.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.30.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:* ##### PackageName: rpds-py @@ -718,17 +718,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.9.2:*:*:*:*:*: PackageName: lib4sbom SPDXID: SPDXRef-Package-47-lib4sbom -PackageVersion: 0.4.0 +PackageVersion: 0.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.0 +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.1 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:* ##### PackageName: pyyaml @@ -858,17 +858,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*: PackageName: rich SPDXID: SPDXRef-Package-56-rich -PackageVersion: 13.5.0 +PackageVersion: 13.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.5.0 +PackageDownloadLocation: https://pypi.org/project/rich/13.5.2 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.5.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -903,17 +903,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: PackageName: pygments SPDXID: SPDXRef-Package-59-pygments -PackageVersion: 2.15.1 +PackageVersion: 2.16.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.15.1 +PackageDownloadLocation: https://pypi.org/project/Pygments/2.16.1 FilesAnalyzed: false PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.15.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.16.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:* ##### PackageName: rpmfile