From a71a289c0eb8bffb394bb9754d3c4b4c852f2914 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 23 May 2023 14:35:02 -0700
Subject: [PATCH] chore: update SBOM for Python 3.10 (#3024)

Co-authored-by: GitHub <noreply@github.com>
---
 sbom/cve-bin-tool-py3.10.json | 36 +++++++++++++++++------------------
 sbom/cve-bin-tool-py3.10.spdx | 36 +++++++++++++++++------------------
 2 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index bbf3f328cb..65eb3838c2 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuida3d53afb-2d70-4c03-9ecf-07b223bcbea4",
+  "serialNumber": "urn:uuidd5330715-93f3-4862-a632-a32a97c64c94",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-05-15T00:31:35Z",
+    "timestamp": "2023-05-22T00:27:52Z",
     "tools": [
       {
         "name": "sbom4python",
@@ -23,7 +23,7 @@
       "type": "application",
       "bom-ref": "1-cve-bin-tool",
       "name": "cve-bin-tool",
-      "version": "3.2.1rc0",
+      "version": "3.2.1",
       "supplier": {
         "name": "Terri Oda",
         "contact": [
@@ -32,7 +32,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.2.1rc0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.2.1:*:*:*:*:*:*:*",
       "description": "CVE Binary Checker Tool",
       "licenses": [
         {
@@ -49,12 +49,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/cve-bin-tool/3.2.1rc0",
+          "url": "https://pypi.org/project/cve-bin-tool/3.2.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cve-bin-tool@3.2.1rc0"
+      "purl": "pkg:pypi/cve-bin-tool@3.2.1"
     },
     {
       "type": "library",
@@ -547,7 +547,7 @@
       "type": "library",
       "bom-ref": "16-gsutil",
       "name": "gsutil",
-      "version": "5.23",
+      "version": "5.24",
       "supplier": {
         "name": "Google Inc.",
         "contact": [
@@ -556,7 +556,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_inc.:gsutil:5.23:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_inc.:gsutil:5.24:*:*:*:*:*:*:*",
       "description": "A command line tool for interacting with cloud storage services.",
       "licenses": [
         {
@@ -573,12 +573,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/gsutil/5.23",
+          "url": "https://pypi.org/project/gsutil/5.24",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/gsutil@5.23",
+      "purl": "pkg:pypi/gsutil@5.24",
       "properties": [
         {
           "name": "License Comments",
@@ -1377,7 +1377,7 @@
       "type": "library",
       "bom-ref": "37-google-auth",
       "name": "google-auth",
-      "version": "2.18.0",
+      "version": "2.18.1",
       "supplier": {
         "name": "Google Cloud Platform",
         "contact": [
@@ -1386,7 +1386,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.18.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.18.1:*:*:*:*:*:*:*",
       "description": "Google Authentication Library",
       "licenses": [
         {
@@ -1403,12 +1403,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/google-auth/2.18.0",
+          "url": "https://pypi.org/project/google-auth/2.18.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/google-auth@2.18.0",
+      "purl": "pkg:pypi/google-auth@2.18.1",
       "properties": [
         {
           "name": "License Comments",
@@ -2185,7 +2185,7 @@
       "type": "library",
       "bom-ref": "59-xmlschema",
       "name": "xmlschema",
-      "version": "2.2.3",
+      "version": "2.3.0",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -2194,7 +2194,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.2.3:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.3.0:*:*:*:*:*:*:*",
       "description": "An XML Schema validator and decoder",
       "licenses": [
         {
@@ -2211,12 +2211,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/xmlschema/2.2.3",
+          "url": "https://pypi.org/project/xmlschema/2.3.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/xmlschema@2.2.3"
+      "purl": "pkg:pypi/xmlschema@2.3.0"
     },
     {
       "type": "library",
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index 7d14d155a2..25eb1b48ae 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,27 +2,27 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-ed06be93-71a5-4810-ad58-f1451132b770
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-5af86c52-6745-4b5c-b59e-cc5edf5a1ee1
 LicenseListVersion: 3.20
 Creator: Tool: sbom4python-0.9.1
-Created: 2023-05-15T00:30:22Z
+Created: 2023-05-22T00:26:22Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
 PackageName: cve-bin-tool
 SPDXID: SPDXRef-Package-1-cve-bin-tool
-PackageVersion: 3.2.1rc0
+PackageVersion: 3.2.1
 PrimaryPackagePurpose: APPLICATION
 PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
-PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.2.1rc0
+PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.2.1
 FilesAnalyzed: false
 PackageHomePage: https://github.com/intel/cve-bin-tool
 PackageLicenseDeclared: GPL-3.0-or-later
 PackageLicenseConcluded: GPL-3.0-or-later
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>CVE Binary Checker Tool</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.2.1rc0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.1rc0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: aiohttp
@@ -252,10 +252,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:*
 
 PackageName: gsutil
 SPDXID: SPDXRef-Package-16-gsutil
-PackageVersion: 5.23
+PackageVersion: 5.24
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.23
+PackageDownloadLocation: https://pypi.org/project/gsutil/5.24
 FilesAnalyzed: false
 PackageHomePage: https://cloud.google.com/storage/docs/gsutil
 PackageLicenseDeclared: NOASSERTION
@@ -263,8 +263,8 @@ PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A command line tool for interacting with cloud storage services.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.23
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.23:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.24
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.24:*:*:*:*:*:*:*
 ##### 
 
 PackageName: argcomplete
@@ -599,10 +599,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
 
 PackageName: google-auth
 SPDXID: SPDXRef-Package-37-google-auth
-PackageVersion: 2.18.0
+PackageVersion: 2.18.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.18.0
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.18.1
 FilesAnalyzed: false
 PackageHomePage: https://github.com/googleapis/google-auth-library-python
 PackageLicenseDeclared: NOASSERTION
@@ -610,8 +610,8 @@ PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Google Authentication Library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.18.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.18.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.18.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.18.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cachetools
@@ -953,18 +953,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
 
 PackageName: xmlschema
 SPDXID: SPDXRef-Package-59-xmlschema
-PackageVersion: 2.2.3
+PackageVersion: 2.3.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/2.2.3
+PackageDownloadLocation: https://pypi.org/project/xmlschema/2.3.0
 FilesAnalyzed: false
 PackageHomePage: https://github.com/sissaschool/xmlschema
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An XML Schema validator and decoder</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.2.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.3.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: elementpath