chore: update SBOM for Python 3.11 (#3204)

Co-authored-by: GitHub <noreply@github.com>
intel · Aug 7, 2023 · 74911a0 · 74911a0
1 parent c3b9022
commit 74911a0
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 52 deletions.
diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid9a634d0a-8010-4b1c-8e14-c9ceeea7c1b6",
+  "serialNumber": "urn:uuid9beac7a0-cf82-4180-94e1-d60f73a8bc3d",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-07-31T00:28:06Z",
+    "timestamp": "2023-08-07T01:13:58Z",
     "tools": {
       "components": [
         {
@@ -1053,7 +1053,7 @@
       "type": "library",
       "bom-ref": "32-cryptography",
       "name": "cryptography",
-      "version": "41.0.2",
+      "version": "41.0.3",
       "supplier": {
         "name": "The Python Cryptographic Authority and individual contributors",
         "contact": [
@@ -1062,7 +1062,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
       "licenses": [
         {
@@ -1073,12 +1073,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cryptography/41.0.2",
+          "url": "https://pypi.org/project/cryptography/41.0.3",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cryptography@41.0.2"
+      "purl": "pkg:pypi/cryptography@41.0.3"
     },
     {
       "type": "library",
@@ -1419,11 +1419,11 @@
       "type": "library",
       "bom-ref": "43-jsonschema",
       "name": "jsonschema",
-      "version": "4.18.4",
+      "version": "4.18.6",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:*",
       "description": "An implementation of JSON Schema validation for Python",
       "licenses": [
         {
@@ -1435,12 +1435,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/jsonschema/4.18.4",
+          "url": "https://pypi.org/project/jsonschema/4.18.6",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/jsonschema@4.18.4"
+      "purl": "pkg:pypi/jsonschema@4.18.6"
     },
     {
       "type": "library",
@@ -1473,11 +1473,11 @@
       "type": "library",
       "bom-ref": "45-referencing",
       "name": "referencing",
-      "version": "0.30.0",
+      "version": "0.30.2",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:referencing:0.30.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:*",
       "description": "JSON Referencing + Python",
       "licenses": [
         {
@@ -1489,12 +1489,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/referencing/0.30.0",
+          "url": "https://pypi.org/project/referencing/0.30.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/referencing@0.30.0"
+      "purl": "pkg:pypi/referencing@0.30.2"
     },
     {
       "type": "library",
@@ -1527,7 +1527,7 @@
       "type": "library",
       "bom-ref": "47-lib4sbom",
       "name": "lib4sbom",
-      "version": "0.4.0",
+      "version": "0.4.1",
       "supplier": {
         "name": "Anthony Harrison",
         "contact": [
@@ -1536,7 +1536,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:*",
       "description": "Software Bill of Material (SBOM) generator and consumer library",
       "licenses": [
         {
@@ -1548,12 +1548,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/lib4sbom/0.4.0",
+          "url": "https://pypi.org/project/lib4sbom/0.4.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/lib4sbom@0.4.0"
+      "purl": "pkg:pypi/lib4sbom@0.4.1"
     },
     {
       "type": "library",
@@ -1844,7 +1844,7 @@
       "type": "library",
       "bom-ref": "56-rich",
       "name": "rich",
-      "version": "13.5.0",
+      "version": "13.5.2",
       "supplier": {
         "name": "Will McGugan",
         "contact": [
@@ -1853,7 +1853,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:*",
       "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
       "licenses": [
         {
@@ -1865,12 +1865,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/rich/13.5.0",
+          "url": "https://pypi.org/project/rich/13.5.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rich@13.5.0"
+      "purl": "pkg:pypi/rich@13.5.2"
     },
     {
       "type": "library",
@@ -1924,7 +1924,7 @@
       "type": "library",
       "bom-ref": "59-pygments",
       "name": "pygments",
-      "version": "2.15.1",
+      "version": "2.16.1",
       "supplier": {
         "name": "Georg Brandl",
         "contact": [
@@ -1933,7 +1933,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:*",
       "description": "Pygments is a syntax highlighting package written in Python.",
       "licenses": [
         {
@@ -1945,12 +1945,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/Pygments/2.15.1",
+          "url": "https://pypi.org/project/Pygments/2.16.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/pygments@2.15.1"
+      "purl": "pkg:pypi/pygments@2.16.1"
     },
     {
       "type": "library",

diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8f980fac-aa44-47cd-aacb-ad66f7e7cfab
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-902a60d6-fdd8-465f-b9d3-cb3ea5f99805
 LicenseListVersion: 3.21
 Creator: Tool: sbom4python-0.10.0
-Created: 2023-07-31T00:26:51Z
+Created: 2023-08-07T01:12:26Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -490,17 +490,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.
 
 PackageName: cryptography
 SPDXID: SPDXRef-Package-32-cryptography
-PackageVersion: 41.0.2
+PackageVersion: 41.0.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.2
+PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.3
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
 PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
@@ -658,17 +658,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3
 
 PackageName: jsonschema
 SPDXID: SPDXRef-Package-43-jsonschema
-PackageVersion: 4.18.4
+PackageVersion: 4.18.6
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.4
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.6
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An implementation of JSON Schema validation for Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jsonschema-specifications
@@ -688,17 +688,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
 
 PackageName: referencing
 SPDXID: SPDXRef-Package-45-referencing
-PackageVersion: 0.30.0
+PackageVersion: 0.30.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.30.0
+PackageDownloadLocation: https://pypi.org/project/referencing/0.30.2
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>JSON Referencing + Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.30.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.30.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: rpds-py
@@ -718,17 +718,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.9.2:*:*:*:*:*:
 
 PackageName: lib4sbom
 SPDXID: SPDXRef-Package-47-lib4sbom
-PackageVersion: 0.4.0
+PackageVersion: 0.4.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.0
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.1
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Software Bill of Material (SBOM) generator and consumer library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: pyyaml
@@ -858,17 +858,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*:
 
 PackageName: rich
 SPDXID: SPDXRef-Package-56-rich
-PackageVersion: 13.5.0
+PackageVersion: 13.5.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.5.0
+PackageDownloadLocation: https://pypi.org/project/rich/13.5.2
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.5.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: markdown-it-py
@@ -903,17 +903,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:
 
 PackageName: pygments
 SPDXID: SPDXRef-Package-59-pygments
-PackageVersion: 2.15.1
+PackageVersion: 2.16.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Georg Brandl (georg@python.org)
-PackageDownloadLocation: https://pypi.org/project/Pygments/2.15.1
+PackageDownloadLocation: https://pypi.org/project/Pygments/2.16.1
 FilesAnalyzed: false
 PackageLicenseDeclared: BSD-2-Clause
 PackageLicenseConcluded: BSD-2-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Pygments is a syntax highlighting package written in Python.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.15.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.16.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: rpmfile