Skip to content

Commit

Permalink
chore: update SBOM for Python 3.11 (#4560)
Browse files Browse the repository at this point in the history 
Co-authored-by: GitHub <noreply@github.com>
  • Loading branch information
@github-actions @web-flow
github-actions[bot] and web-flow authored Nov 12, 2024
1 parent f5b1609 commit 505bcf0
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 46 deletions.
61 changes: 32 additions & 29 deletions sbom/cve-bin-tool-py3.11.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:d41bd464-c594-4908-998a-aa31f02d37f2",
"serialNumber": "urn:uuid:427b46ae-e987-4f40-8517-9a8d3fcec56e",
"version": 1,
"metadata": {
"timestamp": "2024-11-04T00:39:27Z",
"timestamp": "2024-11-11T00:37:40Z",
"lifecycles": [
{
"phase": "build"
Expand Down Expand Up @@ -541,6 +541,12 @@
},
"cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
"hashes": [
{
"alg": "SHA-1",
"content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
}
],
"externalReferences": [
{
"url": "https://github.com/facelessuser/soupsieve",
Expand Down Expand Up @@ -2142,6 +2148,12 @@
"name": "markupsafe",
"version": "3.0.2",
"description": "Safely add untrusted strings to HTML/XML markup.",
"hashes": [
{
"alg": "SHA-1",
"content": "28ace20b140d15c083e1cbc163ee6b7778ba098c"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/markupsafe/3.0.2/#files",
Expand Down Expand Up @@ -2307,7 +2319,7 @@
"type": "library",
"bom-ref": "47-rpds-py",
"name": "rpds-py",
"version": "0.20.1",
"version": "0.21.0",
"supplier": {
"name": "Julian Berman",
"contact": [
Expand All @@ -2316,30 +2328,21 @@
}
]
},
"cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"licenses": [
{
"license": {
"id": "MIT",
"url": "https://opensource.org/licenses/MIT",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
"url": "https://github.com/crate-py/rpds",
"type": "website",
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/rpds-py/0.20.1/#files",
"url": "https://pypi.org/project/rpds-py/0.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/rpds-py@0.20.1",
"purl": "pkg:pypi/rpds-py@0.21.0",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -2671,6 +2674,12 @@
},
"cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"hashes": [
{
"alg": "SHA-1",
"content": "43d3b04725ab9731727fb1126e35980c62f32377"
}
],
"licenses": [
{
"license": {
Expand Down Expand Up @@ -2864,7 +2873,7 @@
"type": "library",
"bom-ref": "58-packaging",
"name": "packaging",
"version": "24.1",
"version": "24.2",
"supplier": {
"name": "Donald Stufft",
"contact": [
Expand All @@ -2873,22 +2882,16 @@
}
]
},
"cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
"hashes": [
{
"alg": "SHA-1",
"content": "85442b8032cb7bae72866dfd7782234a98dd2fb7"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/packaging/24.1/#files",
"url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/packaging@24.1",
"purl": "pkg:pypi/packaging@24.2",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -3422,7 +3425,7 @@
"type": "library",
"bom-ref": "70-zipp",
"name": "zipp",
"version": "3.20.2",
"version": "3.21.0",
"supplier": {
"name": "Jason R .",
"contact": [
Expand All @@ -3431,16 +3434,16 @@
}
]
},
"cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
"description": "Backport of pathlib-compatible object wrapper for zip files",
"externalReferences": [
{
"url": "https://pypi.org/project/zipp/3.20.2/#files",
"url": "https://pypi.org/project/zipp/3.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/zipp@3.20.2",
"purl": "pkg:pypi/zipp@3.21.0",
"properties": [
{
"name": "language",
Expand Down
36 changes: 19 additions & 17 deletions sbom/cve-bin-tool-py3.11.spdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-42a5440d-e497-4f5a-8c23-5f4cbc506669
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-efe4b143-b05c-44c4-852e-b6b21a68340f
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
Created: 2024-11-04T00:38:31Z
Created: 2024-11-11T00:37:01Z
CreatorComment: <text>This document has been automatically generated.</text>
#####

Expand Down Expand Up @@ -196,6 +196,7 @@ PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -723,6 +724,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
FilesAnalyzed: false
PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageLicenseComments: <text>markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.</text>
Expand Down Expand Up @@ -783,18 +785,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*

PackageName: rpds-py
SPDXID: SPDXRef-47-rpds-py
PackageVersion: 0.20.1
PackageVersion: 0.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files
PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Python bindings to Rust's persistent data structures (rpds)</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*
#####

PackageName: lib4sbom
Expand Down Expand Up @@ -905,6 +907,7 @@ PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -966,18 +969,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*

PackageName: packaging
SPDXID: SPDXRef-58-packaging
PackageVersion: 24.1
PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files
PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Core utilities for Python packages</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####

PackageName: plotly
Expand Down Expand Up @@ -1161,17 +1163,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*

PackageName: zipp
SPDXID: SPDXRef-70-zipp
PackageVersion: 3.20.2
PackageVersion: 3.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files
PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Backport of pathlib-compatible object wrapper for zip files</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
#####

PackageName: zstandard
Expand Down

0 comments on commit 505bcf0

Please sign in to comment.