chore: update SBOM for Python 3.10

terriko · Feb 13, 2023 · 10f7165 · 10f7165
1 parent 1dddf63
commit 10f7165
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 52 deletions.
diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuidfff932c0-06ef-485f-b571-b427b750b70e",
+  "serialNumber": "urn:uuid6b848112-fe53-4268-a7ec-497af1949e5e",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-30T00:24:01Z",
+    "timestamp": "2023-02-13T01:50:02Z",
     "tools": [
       {
         "name": "sbom4python",
@@ -35,7 +35,7 @@
       "type": "library",
       "bom-ref": "2-aiohttp",
       "name": "aiohttp",
-      "version": "3.8.3",
+      "version": "3.8.4",
       "licenses": [
         {
           "license": {
@@ -44,7 +44,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/aiohttp@3.8.3"
+      "purl": "pkg:pypi/aiohttp@3.8.4"
     },
     {
       "type": "library",
@@ -114,9 +114,9 @@
       "type": "library",
       "bom-ref": "7-charset-normalizer",
       "name": "charset-normalizer",
-      "version": "2.1.1",
-      "author": "Ahmed TAHRI Ousret",
-      "cpe": "cpe:/a:ahmed_tahri_ousret:charset-normalizer:2.1.1",
+      "version": "3.0.1",
+      "author": "Ahmed TAHRI",
+      "cpe": "cpe:/a:ahmed_tahri:charset-normalizer:3.0.1",
       "licenses": [
         {
           "license": {
@@ -125,7 +125,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/charset-normalizer@2.1.1"
+      "purl": "pkg:pypi/charset-normalizer@3.0.1"
     },
     {
       "type": "library",
@@ -174,9 +174,9 @@
       "type": "library",
       "bom-ref": "11-beautifulsoup4",
       "name": "beautifulsoup4",
-      "version": "4.11.1",
+      "version": "4.11.2",
       "author": "Leonard Richardson",
-      "cpe": "cpe:/a:leonard_richardson:beautifulsoup4:4.11.1",
+      "cpe": "cpe:/a:leonard_richardson:beautifulsoup4:4.11.2",
       "licenses": [
         {
           "license": {
@@ -185,7 +185,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/beautifulsoup4@4.11.1"
+      "purl": "pkg:pypi/beautifulsoup4@4.11.2"
     },
     {
       "type": "library",
@@ -235,9 +235,9 @@
       "type": "library",
       "bom-ref": "16-gsutil",
       "name": "gsutil",
-      "version": "5.19",
+      "version": "5.20",
       "author": "Google Inc.",
-      "cpe": "cpe:/a:google_inc.:gsutil:5.19",
+      "cpe": "cpe:/a:google_inc.:gsutil:5.20",
       "licenses": [
         {
           "license": {
@@ -246,7 +246,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/gsutil@5.19"
+      "purl": "pkg:pypi/gsutil@5.20"
     },
     {
       "type": "library",
@@ -475,10 +475,10 @@
       "type": "library",
       "bom-ref": "32-cryptography",
       "name": "cryptography",
-      "version": "39.0.0",
+      "version": "39.0.1",
       "author": "The Python Cryptographic Authority and individual contributors",
-      "cpe": "cpe:/a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.0",
-      "purl": "pkg:pypi/cryptography@39.0.0"
+      "cpe": "cpe:/a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.1",
+      "purl": "pkg:pypi/cryptography@39.0.1"
     },
     {
       "type": "library",
@@ -681,9 +681,9 @@
       "type": "library",
       "bom-ref": "46-tenacity",
       "name": "tenacity",
-      "version": "8.1.0",
+      "version": "8.2.1",
       "author": "Julien Danjou",
-      "cpe": "cpe:/a:julien_danjou:tenacity:8.1.0",
+      "cpe": "cpe:/a:julien_danjou:tenacity:8.2.1",
       "licenses": [
         {
           "license": {
@@ -692,7 +692,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/tenacity@8.1.0"
+      "purl": "pkg:pypi/tenacity@8.2.1"
     },
     {
       "type": "library",
@@ -852,9 +852,9 @@
       "type": "library",
       "bom-ref": "57-xmlschema",
       "name": "xmlschema",
-      "version": "2.1.1",
+      "version": "2.2.1",
       "author": "Davide Brunato",
-      "cpe": "cpe:/a:davide_brunato:xmlschema:2.1.1",
+      "cpe": "cpe:/a:davide_brunato:xmlschema:2.2.1",
       "licenses": [
         {
           "license": {
@@ -863,15 +863,15 @@
           }
         }
       ],
-      "purl": "pkg:pypi/xmlschema@2.1.1"
+      "purl": "pkg:pypi/xmlschema@2.2.1"
     },
     {
       "type": "library",
       "bom-ref": "58-elementpath",
       "name": "elementpath",
-      "version": "3.0.2",
+      "version": "4.0.1",
       "author": "Davide Brunato",
-      "cpe": "cpe:/a:davide_brunato:elementpath:3.0.2",
+      "cpe": "cpe:/a:davide_brunato:elementpath:4.0.1",
       "licenses": [
         {
           "license": {
@@ -880,7 +880,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/elementpath@3.0.2"
+      "purl": "pkg:pypi/elementpath@4.0.1"
     },
     {
       "type": "library",

diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.2
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-4348ce8a-c0db-4e46-a2ad-09ec503018f0
+DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-14a7dc12-f9b5-49fd-b230-2f7e14384aca
 LicenseListVersion: 3.18
 Creator: Tool: sbom4python-0.7.0
-Created: 2023-01-30T00:22:56Z
+Created: 2023-02-13T01:48:58Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -26,14 +26,14 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.1.dev0:*:*:
 PackageName: aiohttp
 SPDXID: SPDXRef-Package-2-aiohttp
 PackageSupplier: NOASSERTION
-PackageVersion: 3.8.3
+PackageVersion: 3.8.4
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license Apache 2
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseDeclared: Apache-2.0
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.3
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.4
 ##### 
 
 PackageName: aiosignal
@@ -92,16 +92,16 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:22.2.0:*:*:*:*:*
 
 PackageName: charset-normalizer
 SPDXID: SPDXRef-Package-7-charset-normalizer
-PackageSupplier: Organization: Ahmed TAHRI Ousret (ahmed.tahri@cloudnursery.dev)
-PackageVersion: 2.1.1
+PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev)
+PackageVersion: 3.0.1
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license MIT
 PackageLicenseConcluded: MIT
 PackageLicenseDeclared: MIT
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@2.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri_ousret:charset-normalizer:2.1.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.0.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.0.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: multidict
@@ -149,15 +149,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.4:*:*:*:*:*:*:*
 PackageName: beautifulsoup4
 SPDXID: SPDXRef-Package-11-beautifulsoup4
 PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
-PackageVersion: 4.11.1
+PackageVersion: 4.11.2
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license MIT
 PackageLicenseConcluded: MIT
 PackageLicenseDeclared: MIT
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.11.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.11.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.11.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.11.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: soupsieve
@@ -219,15 +219,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:*
 PackageName: gsutil
 SPDXID: SPDXRef-Package-16-gsutil
 PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageVersion: 5.19
+PackageVersion: 5.20
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license Apache 2.0
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseDeclared: Apache-2.0
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.19
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.19:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.20
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.20:*:*:*:*:*:*:*
 ##### 
 
 PackageName: argcomplete
@@ -443,15 +443,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.
 PackageName: cryptography
 SPDXID: SPDXRef-Package-32-cryptography
 PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageVersion: 39.0.0
+PackageVersion: 39.0.1
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0
 PackageLicenseConcluded: NOASSERTION
 PackageLicenseDeclared: NOASSERTION
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@39.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@39.0.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
@@ -639,15 +639,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.13.0:*:*:*:*:*:*:*
 PackageName: tenacity
 SPDXID: SPDXRef-Package-46-tenacity
 PackageSupplier: Person: Julien Danjou (julien@danjou.info)
-PackageVersion: 8.1.0
+PackageVersion: 8.2.1
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license Apache 2.0
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseDeclared: Apache-2.0
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: pyyaml
@@ -793,29 +793,29 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
 PackageName: xmlschema
 SPDXID: SPDXRef-Package-57-xmlschema
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageVersion: 2.1.1
+PackageVersion: 2.2.1
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license MIT
 PackageLicenseConcluded: MIT
 PackageLicenseDeclared: MIT
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.1.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: elementpath
 SPDXID: SPDXRef-Package-58-elementpath
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageVersion: 3.0.2
+PackageVersion: 4.0.1
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license MIT
 PackageLicenseConcluded: MIT
 PackageLicenseDeclared: MIT
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@3.0.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:3.0.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.0.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.0.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: zstandard