chore: update SBOM for Python 3.9

intel · Sep 25, 2023 · 836c834 · 836c834
1 parent abaa757
commit 836c834
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 60 deletions.
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:52e01901-79ba-4bfb-aa2a-b6a7faa08162",
+  "serialNumber": "urn:uuid:916f79d7-1b5a-41c5-81c0-a4bc57200645",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-09-18T00:29:56Z",
+    "timestamp": "2023-09-25T03:21:35Z",
     "tools": {
       "components": [
         {
@@ -494,7 +494,7 @@
       "type": "library",
       "bom-ref": "16-gsutil",
       "name": "gsutil",
-      "version": "5.25",
+      "version": "5.26",
       "supplier": {
         "name": "Google Inc.",
         "contact": [
@@ -503,7 +503,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_inc.:gsutil:5.26:*:*:*:*:*:*:*",
       "description": "A command line tool for interacting with cloud storage services.",
       "licenses": [
         {
@@ -515,12 +515,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/gsutil/5.25",
+          "url": "https://pypi.org/project/gsutil/5.26",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/gsutil@5.25",
+      "purl": "pkg:pypi/gsutil@5.26",
       "properties": [
         {
           "name": "License Comments",
@@ -602,11 +602,11 @@
       "type": "library",
       "bom-ref": "19-fasteners",
       "name": "fasteners",
-      "version": "0.18",
+      "version": "0.19",
       "supplier": {
         "name": "Joshua Harlow"
       },
-      "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*",
       "description": "A python package that provides useful locks",
       "licenses": [
         {
@@ -618,18 +618,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/fasteners/0.18",
+          "url": "https://pypi.org/project/fasteners/0.19",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/fasteners@0.18",
-      "properties": [
-        {
-          "name": "License Comments",
-          "value": "fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression."
-        }
-      ]
+      "purl": "pkg:pypi/fasteners@0.19"
     },
     {
       "type": "library",
@@ -1053,7 +1047,7 @@
       "type": "library",
       "bom-ref": "32-cryptography",
       "name": "cryptography",
-      "version": "41.0.3",
+      "version": "41.0.4",
       "supplier": {
         "name": "The Python Cryptographic Authority and individual contributors",
         "contact": [
@@ -1062,7 +1056,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.4:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
       "licenses": [
         {
@@ -1073,12 +1067,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cryptography/41.0.3",
+          "url": "https://pypi.org/project/cryptography/41.0.4",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cryptography@41.0.3"
+      "purl": "pkg:pypi/cryptography@41.0.4"
     },
     {
       "type": "library",
@@ -1388,7 +1382,7 @@
       "type": "library",
       "bom-ref": "42-zipp",
       "name": "zipp",
-      "version": "3.16.2",
+      "version": "3.17.0",
       "supplier": {
         "name": "Jason R. Coombs",
         "contact": [
@@ -1397,16 +1391,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.16.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.17.0:*:*:*:*:*:*:*",
       "description": "Backport of pathlib-compatible object wrapper for zip files",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/zipp/3.16.2",
+          "url": "https://pypi.org/project/zipp/3.17.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/zipp@3.16.2"
+      "purl": "pkg:pypi/zipp@3.17.0"
     },
     {
       "type": "library",
@@ -1467,11 +1461,11 @@
       "type": "library",
       "bom-ref": "45-jsonschema",
       "name": "jsonschema",
-      "version": "4.19.0",
+      "version": "4.19.1",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.19.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.19.1:*:*:*:*:*:*:*",
       "description": "An implementation of JSON Schema validation for Python",
       "licenses": [
         {
@@ -1483,12 +1477,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/jsonschema/4.19.0",
+          "url": "https://pypi.org/project/jsonschema/4.19.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/jsonschema@4.19.0"
+      "purl": "pkg:pypi/jsonschema@4.19.1"
     },
     {
       "type": "library",
@@ -2068,7 +2062,7 @@
       "type": "library",
       "bom-ref": "64-xmlschema",
       "name": "xmlschema",
-      "version": "2.4.0",
+      "version": "2.5.0",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -2077,7 +2071,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.4.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.5.0:*:*:*:*:*:*:*",
       "description": "An XML Schema validator and decoder",
       "licenses": [
         {
@@ -2089,12 +2083,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/xmlschema/2.4.0",
+          "url": "https://pypi.org/project/xmlschema/2.5.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/xmlschema@2.4.0"
+      "purl": "pkg:pypi/xmlschema@2.5.0"
     },
     {
       "type": "library",

diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-37b0d9ac-5fe9-4a93-82ad-173a7432005b
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-5aeedb01-09a0-4c13-a6f2-5da985865d1e
 LicenseListVersion: 3.21
 Creator: Tool: sbom4python-0.10.0
-Created: 2023-09-18T00:28:32Z
+Created: 2023-09-25T03:20:15Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -240,18 +240,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:*
 
 PackageName: gsutil
 SPDXID: SPDXRef-Package-16-gsutil
-PackageVersion: 5.25
+PackageVersion: 5.26
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.25
+PackageDownloadLocation: https://pypi.org/project/gsutil/5.26
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A command line tool for interacting with cloud storage services.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.25
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.26
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.26:*:*:*:*:*:*:*
 ##### 
 
 PackageName: argcomplete
@@ -287,18 +287,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
 
 PackageName: fasteners
 SPDXID: SPDXRef-Package-19-fasteners
-PackageVersion: 0.18
+PackageVersion: 0.19
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Joshua Harlow
-PackageDownloadLocation: https://pypi.org/project/fasteners/0.18
+PackageDownloadLocation: https://pypi.org/project/fasteners/0.19
 FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
+PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: <text>fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A python package that provides useful locks</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.18
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.19
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*
 ##### 
 
 PackageName: gcs-oauth2-boto-plugin
@@ -490,17 +489,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.
 
 PackageName: cryptography
 SPDXID: SPDXRef-Package-32-cryptography
-PackageVersion: 41.0.3
+PackageVersion: 41.0.4
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.3
+PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.4
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
 PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.4:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
@@ -644,17 +643,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:6.8
 
 PackageName: zipp
 SPDXID: SPDXRef-Package-42-zipp
-PackageVersion: 3.16.2
+PackageVersion: 3.17.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.16.2
+PackageDownloadLocation: https://pypi.org/project/zipp/3.17.0
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Backport of pathlib-compatible object wrapper for zip files</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.16.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.16.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.17.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jinja2
@@ -688,17 +687,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3
 
 PackageName: jsonschema
 SPDXID: SPDXRef-Package-45-jsonschema
-PackageVersion: 4.19.0
+PackageVersion: 4.19.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.19.0
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.19.1
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An implementation of JSON Schema validation for Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.19.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.19.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.19.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.19.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jsonschema-specifications
@@ -978,17 +977,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
 
 PackageName: xmlschema
 SPDXID: SPDXRef-Package-64-xmlschema
-PackageVersion: 2.4.0
+PackageVersion: 2.5.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/2.4.0
+PackageDownloadLocation: https://pypi.org/project/xmlschema/2.5.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An XML Schema validator and decoder</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.4.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.5.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: elementpath