chore: update SBOM for Python 3.10 (#4702)

Co-authored-by: GitHub <noreply@github.com>
intel · Jan 21, 2025 · a756f0d · a756f0d
1 parent 454c842
commit a756f0d
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 17 deletions.
diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:8107b27f-aefb-4968-98d1-b9d0503ea396",
+  "serialNumber": "urn:uuid:59e28f24-e0fd-4ee1-92cd-1feb5b3d59f5",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-01-13T00:37:15Z",
+    "timestamp": "2025-01-20T00:37:46Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -3187,7 +3187,7 @@
       "type": "library",
       "bom-ref": "50-referencing",
       "name": "referencing",
-      "version": "0.35.1",
+      "version": "0.36.1",
       "supplier": {
         "name": "Julian Berman",
         "contact": [
@@ -3196,12 +3196,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:referencing:0.36.1:*:*:*:*:*:*:*",
       "description": "JSON Referencing + Python",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de"
+          "content": "363d9c65f080d0d70bc41c721dce3c7f3e77fc09f269cd5c8813da18069a6794"
         }
       ],
       "externalReferences": [
@@ -3211,7 +3211,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/referencing/0.35.1/#files",
+          "url": "https://pypi.org/project/referencing/0.36.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -3240,11 +3240,11 @@
           "type": "vcs"
         }
       ],
-      "purl": "pkg:pypi/referencing@0.35.1",
+      "purl": "pkg:pypi/referencing@0.36.1",
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-05-01T20:26:02Z"
+          "value": "2025-01-17T02:22:02Z"
         },
         {
           "name": "language",
@@ -5002,7 +5002,8 @@
       "ref": "50-referencing",
       "dependsOn": [
         "7-attrs",
-        "51-rpds-py"
+        "51-rpds-py",
+        "9-typing-extensions"
       ]
     },
     {

diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-b5a63ce0-27fa-49ca-8dc2-a124dfe9797f
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-1afb51e7-7b0f-44d3-b7cb-1a3ae671655e
 LicenseListVersion: 3.25
 Creator: Tool: sbom4python-0.12.1
-Created: 2025-01-13T00:37:08Z
+Created: 2025-01-20T00:37:39Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -1054,26 +1054,26 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
 
 PackageName: referencing
 SPDXID: SPDXRef-50-referencing
-PackageVersion: 0.35.1
+PackageVersion: 0.36.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files
+PackageDownloadLocation: https://pypi.org/project/referencing/0.36.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/python-jsonschema/referencing
-PackageChecksum: SHA256: eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de
+PackageChecksum: SHA256: 363d9c65f080d0d70bc41c721dce3c7f3e77fc09f269cd5c8813da18069a6794
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>JSON Referencing + Python</text>
-ReleaseDate: 2024-05-01T20:26:02Z
+ReleaseDate: 2025-01-17T02:22:02Z
 ExternalRef: OTHER documentation https://referencing.readthedocs.io/
 ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/
 ExternalRef: OTHER other https://github.com/sponsors/Julian
 ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link
 ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/
 ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.35.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.36.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.36.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: rpds-py
@@ -1658,6 +1658,7 @@ Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-7-attrs
 Relationship: SPDXRef-49-jsonschema-specifications DEPENDS_ON SPDXRef-50-referencing
 Relationship: SPDXRef-50-referencing DEPENDS_ON SPDXRef-51-rpds-py
 Relationship: SPDXRef-50-referencing DEPENDS_ON SPDXRef-7-attrs
+Relationship: SPDXRef-50-referencing DEPENDS_ON SPDXRef-9-typing-extensions
 Relationship: SPDXRef-52-lib4sbom DEPENDS_ON SPDXRef-16-defusedxml
 Relationship: SPDXRef-52-lib4sbom DEPENDS_ON SPDXRef-53-pyyaml
 Relationship: SPDXRef-52-lib4sbom DEPENDS_ON SPDXRef-54-semantic-version