From 301793de14749f07c37ecff35743c3af93d88adf Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 20 Feb 2023 01:51:43 +0000 Subject: [PATCH] chore: update SBOM for Python 3.10 --- sbom/cve-bin-tool-py3.10.json | 64 +++++++++++++++++------------------ sbom/cve-bin-tool-py3.10.spdx | 64 +++++++++++++++++------------------ 2 files changed, 64 insertions(+), 64 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index e4de9c86d6..7c4d84c30b 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4", - "serialNumber": "urn:uuidfff932c0-06ef-485f-b571-b427b750b70e", + "serialNumber": "urn:uuid2c1b22e9-5f8a-494e-8a45-f0ccd1d18a58", "version": 1, "metadata": { - "timestamp": "2023-01-30T00:24:01Z", + "timestamp": "2023-02-20T01:51:41Z", "tools": [ { "name": "sbom4python", @@ -35,7 +35,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.8.3", + "version": "3.8.4", "licenses": [ { "license": { @@ -44,7 +44,7 @@ } } ], - "purl": "pkg:pypi/aiohttp@3.8.3" + "purl": "pkg:pypi/aiohttp@3.8.4" }, { "type": "library", @@ -114,9 +114,9 @@ "type": "library", "bom-ref": "7-charset-normalizer", "name": "charset-normalizer", - "version": "2.1.1", - "author": "Ahmed TAHRI Ousret", - "cpe": "cpe:/a:ahmed_tahri_ousret:charset-normalizer:2.1.1", + "version": "3.0.1", + "author": "Ahmed TAHRI", + "cpe": "cpe:/a:ahmed_tahri:charset-normalizer:3.0.1", "licenses": [ { "license": { @@ -125,7 +125,7 @@ } } ], - "purl": "pkg:pypi/charset-normalizer@2.1.1" + "purl": "pkg:pypi/charset-normalizer@3.0.1" }, { "type": "library", @@ -174,9 +174,9 @@ "type": "library", "bom-ref": "11-beautifulsoup4", "name": "beautifulsoup4", - "version": "4.11.1", + "version": "4.11.2", "author": "Leonard Richardson", - "cpe": "cpe:/a:leonard_richardson:beautifulsoup4:4.11.1", + "cpe": "cpe:/a:leonard_richardson:beautifulsoup4:4.11.2", "licenses": [ { "license": { @@ -185,16 +185,16 @@ } } ], - "purl": "pkg:pypi/beautifulsoup4@4.11.1" + "purl": "pkg:pypi/beautifulsoup4@4.11.2" }, { "type": "library", "bom-ref": "12-soupsieve", "name": "soupsieve", - "version": "2.3.2.post1", + "version": "2.4", "author": "Isaac Muse", - "cpe": "cpe:/a:isaac_muse:soupsieve:2.3.2.post1", - "purl": "pkg:pypi/soupsieve@2.3.2.post1" + "cpe": "cpe:/a:isaac_muse:soupsieve:2.4", + "purl": "pkg:pypi/soupsieve@2.4" }, { "type": "library", @@ -235,9 +235,9 @@ "type": "library", "bom-ref": "16-gsutil", "name": "gsutil", - "version": "5.19", + "version": "5.20", "author": "Google Inc.", - "cpe": "cpe:/a:google_inc.:gsutil:5.19", + "cpe": "cpe:/a:google_inc.:gsutil:5.20", "licenses": [ { "license": { @@ -246,7 +246,7 @@ } } ], - "purl": "pkg:pypi/gsutil@5.19" + "purl": "pkg:pypi/gsutil@5.20" }, { "type": "library", @@ -475,10 +475,10 @@ "type": "library", "bom-ref": "32-cryptography", "name": "cryptography", - "version": "39.0.0", + "version": "39.0.1", "author": "The Python Cryptographic Authority and individual contributors", - "cpe": "cpe:/a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.0", - "purl": "pkg:pypi/cryptography@39.0.0" + "cpe": "cpe:/a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.1", + "purl": "pkg:pypi/cryptography@39.0.1" }, { "type": "library", @@ -544,9 +544,9 @@ "type": "library", "bom-ref": "37-google-auth", "name": "google-auth", - "version": "2.16.0", + "version": "2.16.1", "author": "Google Cloud Platform", - "cpe": "cpe:/a:google_cloud_platform:google-auth:2.16.0", + "cpe": "cpe:/a:google_cloud_platform:google-auth:2.16.1", "licenses": [ { "license": { @@ -555,7 +555,7 @@ } } ], - "purl": "pkg:pypi/google-auth@2.16.0" + "purl": "pkg:pypi/google-auth@2.16.1" }, { "type": "library", @@ -681,9 +681,9 @@ "type": "library", "bom-ref": "46-tenacity", "name": "tenacity", - "version": "8.1.0", + "version": "8.2.1", "author": "Julien Danjou", - "cpe": "cpe:/a:julien_danjou:tenacity:8.1.0", + "cpe": "cpe:/a:julien_danjou:tenacity:8.2.1", "licenses": [ { "license": { @@ -692,7 +692,7 @@ } } ], - "purl": "pkg:pypi/tenacity@8.1.0" + "purl": "pkg:pypi/tenacity@8.2.1" }, { "type": "library", @@ -852,9 +852,9 @@ "type": "library", "bom-ref": "57-xmlschema", "name": "xmlschema", - "version": "2.1.1", + "version": "2.2.1", "author": "Davide Brunato", - "cpe": "cpe:/a:davide_brunato:xmlschema:2.1.1", + "cpe": "cpe:/a:davide_brunato:xmlschema:2.2.1", "licenses": [ { "license": { @@ -863,15 +863,15 @@ } } ], - "purl": "pkg:pypi/xmlschema@2.1.1" + "purl": "pkg:pypi/xmlschema@2.2.1" }, { "type": "library", "bom-ref": "58-elementpath", "name": "elementpath", - "version": "3.0.2", + "version": "4.0.1", "author": "Davide Brunato", - "cpe": "cpe:/a:davide_brunato:elementpath:3.0.2", + "cpe": "cpe:/a:davide_brunato:elementpath:4.0.1", "licenses": [ { "license": { @@ -880,7 +880,7 @@ } } ], - "purl": "pkg:pypi/elementpath@3.0.2" + "purl": "pkg:pypi/elementpath@4.0.1" }, { "type": "library", diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index 84d770fd06..b5afe2f980 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.2 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-4348ce8a-c0db-4e46-a2ad-09ec503018f0 +DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-f0f18804-326c-4b26-bb14-67b1a776b54a LicenseListVersion: 3.18 Creator: Tool: sbom4python-0.7.0 -Created: 2023-01-30T00:22:56Z +Created: 2023-02-20T01:50:14Z CreatorComment: This document has been automatically generated. ##### @@ -26,14 +26,14 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.1.dev0:*:*: PackageName: aiohttp SPDXID: SPDXRef-Package-2-aiohttp PackageSupplier: NOASSERTION -PackageVersion: 3.8.3 +PackageVersion: 3.8.4 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license Apache 2 PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.3 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.4 ##### PackageName: aiosignal @@ -92,16 +92,16 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:22.2.0:*:*:*:*:* PackageName: charset-normalizer SPDXID: SPDXRef-Package-7-charset-normalizer -PackageSupplier: Organization: Ahmed TAHRI Ousret (ahmed.tahri@cloudnursery.dev) -PackageVersion: 2.1.1 +PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) +PackageVersion: 3.0.1 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license MIT PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@2.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri_ousret:charset-normalizer:2.1.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.0.1:*:*:*:*:*:*:* ##### PackageName: multidict @@ -149,29 +149,29 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.4:*:*:*:*:*:*:* PackageName: beautifulsoup4 SPDXID: SPDXRef-Package-11-beautifulsoup4 PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) -PackageVersion: 4.11.1 +PackageVersion: 4.11.2 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license MIT PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.11.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.11.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.11.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.11.2:*:*:*:*:*:*:* ##### PackageName: soupsieve SPDXID: SPDXRef-Package-12-soupsieve PackageSupplier: Person: Isaac Muse (use@gmail.com) -PackageVersion: 2.3.2.post1 +PackageVersion: 2.4 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.3.2.post1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.3.2.post1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.4:*:*:*:*:*:*:* ##### PackageName: cvss @@ -219,15 +219,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:* PackageName: gsutil SPDXID: SPDXRef-Package-16-gsutil PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageVersion: 5.19 +PackageVersion: 5.20 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license Apache 2.0 PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.19 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.19:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.20 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.20:*:*:*:*:*:*:* ##### PackageName: argcomplete @@ -443,15 +443,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23. PackageName: cryptography SPDXID: SPDXRef-Package-32-cryptography PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageVersion: 39.0.0 +PackageVersion: 39.0.1 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@39.0.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@39.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.1:*:*:*:*:*:*:* ##### PackageName: cffi @@ -513,15 +513,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* PackageName: google-auth SPDXID: SPDXRef-Package-37-google-auth PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageVersion: 2.16.0 +PackageVersion: 2.16.1 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license Apache 2.0 PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.16.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.16.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.16.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.16.1:*:*:*:*:*:*:* ##### PackageName: cachetools @@ -639,15 +639,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.13.0:*:*:*:*:*:*:* PackageName: tenacity SPDXID: SPDXRef-Package-46-tenacity PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageVersion: 8.1.0 +PackageVersion: 8.2.1 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license Apache 2.0 PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.1:*:*:*:*:*:*:* ##### PackageName: pyyaml @@ -793,29 +793,29 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: PackageName: xmlschema SPDXID: SPDXRef-Package-57-xmlschema PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageVersion: 2.1.1 +PackageVersion: 2.2.1 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license MIT PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.1.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.2.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.1:*:*:*:*:*:*:* ##### PackageName: elementpath SPDXID: SPDXRef-Package-58-elementpath PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageVersion: 3.0.2 +PackageVersion: 4.0.1 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false ##### Reported license MIT PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@3.0.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:3.0.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.0.1:*:*:*:*:*:*:* ##### PackageName: zstandard