From 533d779453073af627b4ed62990b3c98a56f1719 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 18 Mar 2024 00:28:13 +0000 Subject: [PATCH] chore: update SBOM for Python 3.8 --- sbom/cve-bin-tool-py3.8.json | 68 ++++++++++++++++-------------------- sbom/cve-bin-tool-py3.8.spdx | 64 ++++++++++++++++----------------- 2 files changed, 62 insertions(+), 70 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index a5160361e6..c0b0476506 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5", - "serialNumber": "urn:uuid:e16169b7-f104-4782-8d4e-16d6178d75ef", + "serialNumber": "urn:uuid:e6470533-d12d-49eb-8cca-7cd22d1d027c", "version": 1, "metadata": { - "timestamp": "2024-03-11T00:28:18Z", + "timestamp": "2024-03-18T00:28:11Z", "tools": { "components": [ { @@ -1718,7 +1718,7 @@ "type": "library", "bom-ref": "41-zipp", "name": "zipp", - "version": "3.17.0", + "version": "3.18.1", "supplier": { "name": "Jason R . Coombs", "contact": [ @@ -1727,16 +1727,16 @@ } ] }, - "cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.17.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.18.1:*:*:*:*:*:*:*", "description": "Backport of pathlib-compatible object wrapper for zip files", "externalReferences": [ { - "url": "https://pypi.org/project/zipp/3.17.0", + "url": "https://pypi.org/project/zipp/3.18.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/zipp@3.17.0", + "purl": "pkg:pypi/zipp@3.18.1", "properties": [ { "name": "language", @@ -1752,7 +1752,7 @@ "type": "library", "bom-ref": "42-importlib-resources", "name": "importlib-resources", - "version": "6.1.3", + "version": "6.3.1", "supplier": { "name": "Barry Warsaw", "contact": [ @@ -1761,16 +1761,16 @@ } ] }, - "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.1.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.3.1:*:*:*:*:*:*:*", "description": "Read resources from Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/importlib_resources/6.1.3", + "url": "https://pypi.org/project/importlib_resources/6.3.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/importlib-resources@6.1.3", + "purl": "pkg:pypi/importlib-resources@6.3.1", "properties": [ { "name": "language", @@ -1926,28 +1926,20 @@ "type": "library", "bom-ref": "47-referencing", "name": "referencing", - "version": "0.33.0", + "version": "0.34.0", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:referencing:0.33.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*", "description": "JSON Referencing + Python", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" - } - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/referencing/0.33.0", + "url": "https://pypi.org/project/referencing/0.34.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/referencing@0.33.0", + "purl": "pkg:pypi/referencing@0.34.0", "properties": [ { "name": "language", @@ -2164,11 +2156,11 @@ "type": "library", "bom-ref": "53-packageurl-python", "name": "packageurl-python", - "version": "0.14.0", + "version": "0.15.0", "supplier": { "name": "the purl authors" }, - "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.14.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.0:*:*:*:*:*:*:*", "description": "A purl aka. Package URL parser and builder", "licenses": [ { @@ -2180,12 +2172,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/packageurl-python/0.14.0", + "url": "https://pypi.org/project/packageurl-python/0.15.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packageurl-python@0.14.0", + "purl": "pkg:pypi/packageurl-python@0.15.0", "properties": [ { "name": "language", @@ -2235,7 +2227,7 @@ "type": "library", "bom-ref": "55-plotly", "name": "plotly", - "version": "5.19.0", + "version": "5.20.0", "supplier": { "name": "Chris P", "contact": [ @@ -2244,7 +2236,7 @@ } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.19.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*", "description": "An open-source, interactive data visualization library for Python", "licenses": [ { @@ -2256,12 +2248,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/plotly/5.19.0", + "url": "https://pypi.org/project/plotly/5.20.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/plotly@5.19.0", + "purl": "pkg:pypi/plotly@5.20.0", "properties": [ { "name": "language", @@ -2803,7 +2795,7 @@ "type": "library", "bom-ref": "69-xmlschema", "name": "xmlschema", - "version": "3.0.2", + "version": "3.1.0", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2812,7 +2804,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.0.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.1.0:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -2824,12 +2816,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/xmlschema/3.0.2", + "url": "https://pypi.org/project/xmlschema/3.1.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.0.2", + "purl": "pkg:pypi/xmlschema@3.1.0", "properties": [ { "name": "language", @@ -2845,7 +2837,7 @@ "type": "library", "bom-ref": "70-elementpath", "name": "elementpath", - "version": "4.3.0", + "version": "4.4.0", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2854,7 +2846,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", "licenses": [ { @@ -2866,12 +2858,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/elementpath/4.3.0", + "url": "https://pypi.org/project/elementpath/4.4.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/elementpath@4.3.0", + "purl": "pkg:pypi/elementpath@4.4.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index c592f9da32..20e7c675a4 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-1f257da6-f6cb-4cd8-8527-9c9177029396 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0e4c406a-d6ad-41db-b7f6-a812ca956c7e LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.10.3 -Created: 2024-03-11T00:26:22Z +Created: 2024-03-18T00:26:18Z CreatorComment: This document has been automatically generated. ##### @@ -629,32 +629,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:7.0 PackageName: zipp SPDXID: SPDXRef-Package-41-zipp -PackageVersion: 3.17.0 +PackageVersion: 3.18.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.17.0 +PackageDownloadLocation: https://pypi.org/project/zipp/3.18.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.17.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.17.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.18.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.18.1:*:*:*:*:*:*:* ##### PackageName: importlib-resources SPDXID: SPDXRef-Package-42-importlib-resources -PackageVersion: 6.1.3 +PackageVersion: 6.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Barry Warsaw (barry@python.org) -PackageDownloadLocation: https://pypi.org/project/importlib_resources/6.1.3 +PackageDownloadLocation: https://pypi.org/project/importlib_resources/6.3.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Read resources from Python packages -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-resources@6.1.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.1.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-resources@6.3.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.3.1:*:*:*:*:*:*:* ##### PackageName: jinja2 @@ -717,17 +717,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification PackageName: referencing SPDXID: SPDXRef-Package-47-referencing -PackageVersion: 0.33.0 +PackageVersion: 0.34.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/referencing/0.33.0 +PackageDownloadLocation: https://pypi.org/project/referencing/0.34.0 FilesAnalyzed: false -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.33.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.33.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.34.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:* ##### PackageName: rpds-py @@ -808,17 +808,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. PackageName: packageurl-python SPDXID: SPDXRef-Package-53-packageurl-python -PackageVersion: 0.14.0 +PackageVersion: 0.15.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors -PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.14.0 +PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A purl aka. Package URL parser and builder -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.14.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.14.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.15.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.0:*:*:*:*:*:*:* ##### PackageName: packaging @@ -838,17 +838,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:* PackageName: plotly SPDXID: SPDXRef-Package-55-plotly -PackageVersion: 5.19.0 +PackageVersion: 5.20.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) -PackageDownloadLocation: https://pypi.org/project/plotly/5.19.0 +PackageDownloadLocation: https://pypi.org/project/plotly/5.20.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.19.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.19.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.20.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:* ##### PackageName: tenacity @@ -1051,32 +1051,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: PackageName: xmlschema SPDXID: SPDXRef-Package-69-xmlschema -PackageVersion: 3.0.2 +PackageVersion: 3.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.0.2 +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.1.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.0.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.0.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.1.0:*:*:*:*:*:*:* ##### PackageName: elementpath SPDXID: SPDXRef-Package-70-elementpath -PackageVersion: 4.3.0 +PackageVersion: 4.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/elementpath/4.3.0 +PackageDownloadLocation: https://pypi.org/project/elementpath/4.4.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.4.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*:*:*:*:* ##### PackageName: zstandard