Skip to content

Commit

Permalink
chore: update SBOM for Python 3.11 (#4717)
Browse files Browse the repository at this point in the history 
Co-authored-by: GitHub <[email protected]>
  • Loading branch information
@github-actions @web-flow
github-actions[bot] and web-flow authored Feb 5, 2025
1 parent 919714f commit 6eee104
Show file tree
Hide file tree
Showing 2 changed files with 116 additions and 123 deletions.
134 changes: 63 additions & 71 deletions sbom/cve-bin-tool-py3.11.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:885f3a82-ae54-4f86-8648-534e88d262bf",
"serialNumber": "urn:uuid:a87ad4e8-6fda-4f66-b0d5-185a98726c29",
"version": 1,
"metadata": {
"timestamp": "2025-01-20T00:37:48Z",
"timestamp": "2025-02-03T00:35:26Z",
"lifecycles": [
{
"phase": "build"
Expand Down Expand Up @@ -402,7 +402,7 @@
"type": "library",
"bom-ref": "6-attrs",
"name": "attrs",
"version": "24.3.0",
"version": "25.1.0",
"supplier": {
"name": "Hynek Schlawack",
"contact": [
Expand All @@ -411,17 +411,17 @@
}
]
},
"cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.3.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:hynek_schlawack:attrs:25.1.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
"hashes": [
{
"alg": "SHA-256",
"content": "ac96cd038792094f438ad1f6ff80837353805ac950cd2aa0e0625ef19850c308"
"content": "c75a69e28a550a7e93789579c22aa26b0f5b83b75dc4e08fe092980051e1090a"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/attrs/24.3.0/#files",
"url": "https://pypi.org/project/attrs/25.1.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
Expand All @@ -446,11 +446,11 @@
"type": "other"
}
],
"purl": "pkg:pypi/attrs@24.3.0",
"purl": "pkg:pypi/attrs@25.1.0",
"properties": [
{
"name": "release_date",
"value": "2024-12-16T06:59:26Z"
"value": "2025-01-25T11:30:10Z"
},
{
"name": "language",
Expand Down Expand Up @@ -873,7 +873,7 @@
"type": "library",
"bom-ref": "12-beautifulsoup4",
"name": "beautifulsoup4",
"version": "4.12.3",
"version": "4.13.0",
"supplier": {
"name": "Leonard Richardson",
"contact": [
Expand All @@ -882,14 +882,8 @@
}
]
},
"cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13.0:*:*:*:*:*:*:*",
"description": "Screen-scraping library",
"hashes": [
{
"alg": "SHA-256",
"content": "b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed"
}
],
"licenses": [
{
"license": {
Expand All @@ -906,7 +900,7 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files",
"url": "https://pypi.org/project/beautifulsoup4/4.13.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
Expand All @@ -915,11 +909,11 @@
"type": "other"
}
],
"purl": "pkg:pypi/beautifulsoup4@4.12.3",
"purl": "pkg:pypi/beautifulsoup4@4.13.0",
"properties": [
{
"name": "release_date",
"value": "2024-01-17T16:53:12Z"
"value": "2024-09-15T18:07:37Z"
},
{
"name": "language",
Expand Down Expand Up @@ -2520,7 +2514,7 @@
"type": "library",
"bom-ref": "39-cachetools",
"name": "cachetools",
"version": "5.5.0",
"version": "5.5.1",
"supplier": {
"name": "Thomas Kemmer",
"contact": [
Expand All @@ -2529,12 +2523,12 @@
}
]
},
"cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.1:*:*:*:*:*:*:*",
"description": "Extensible memoizing collections and decorators",
"hashes": [
{
"alg": "SHA-256",
"content": "02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292"
"content": "b76651fdc3b24ead3c648bbdeeb940c1b04d365b38b4af66788f9ec4a81d42bb"
}
],
"licenses": [
Expand All @@ -2553,16 +2547,16 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/cachetools/5.5.0/#files",
"url": "https://pypi.org/project/cachetools/5.5.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].0",
"purl": "pkg:pypi/[email protected].1",
"properties": [
{
"name": "release_date",
"value": "2024-08-18T20:28:43Z"
"value": "2025-01-21T21:27:54Z"
},
{
"name": "language",
Expand Down Expand Up @@ -3109,7 +3103,7 @@
"type": "library",
"bom-ref": "49-referencing",
"name": "referencing",
"version": "0.36.1",
"version": "0.36.2",
"supplier": {
"name": "Julian Berman",
"contact": [
Expand All @@ -3118,12 +3112,12 @@
}
]
},
"cpe": "cpe:2.3:a:julian_berman:referencing:0.36.1:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:julian_berman:referencing:0.36.2:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
"hashes": [
{
"alg": "SHA-256",
"content": "363d9c65f080d0d70bc41c721dce3c7f3e77fc09f269cd5c8813da18069a6794"
"content": "e8699adbbf8b5c7de96d8ffa0eb5c158b3beafce084968e2ea8bb08c6794dcd0"
}
],
"externalReferences": [
Expand All @@ -3133,7 +3127,7 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/referencing/0.36.1/#files",
"url": "https://pypi.org/project/referencing/0.36.2/#files",
"type": "distribution",
"comment": "Download location for component"
},
Expand Down Expand Up @@ -3162,11 +3156,11 @@
"type": "vcs"
}
],
"purl": "pkg:pypi/[email protected].1",
"purl": "pkg:pypi/[email protected].2",
"properties": [
{
"name": "release_date",
"value": "2025-01-17T02:22:02Z"
"value": "2025-01-25T08:48:14Z"
},
{
"name": "language",
Expand Down Expand Up @@ -3978,7 +3972,7 @@
"type": "library",
"bom-ref": "63-plotly",
"name": "plotly",
"version": "5.24.1",
"version": "6.0.0",
"supplier": {
"name": "Chris P",
"contact": [
Expand All @@ -3987,12 +3981,12 @@
}
]
},
"cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:chris_p:plotly:6.0.0:*:*:*:*:*:*:*",
"description": "An open-source, interactive data visualization library for Python",
"hashes": [
{
"alg": "SHA-256",
"content": "f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089"
"content": "f708871c3a9349a68791ff943a5781b1ec04de7769ea69068adcd9202e57653a"
}
],
"licenses": [
Expand All @@ -4011,7 +4005,7 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/plotly/5.24.1/#files",
"url": "https://pypi.org/project/plotly/6.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
Expand All @@ -4028,11 +4022,11 @@
"type": "log"
}
],
"purl": "pkg:pypi/plotly@5.24.1",
"purl": "pkg:pypi/plotly@6.0.0",
"properties": [
{
"name": "release_date",
"value": "2024-09-12T15:36:24Z"
"value": "2025-01-28T19:33:47Z"
},
{
"name": "language",
Expand All @@ -4046,51 +4040,48 @@
},
{
"type": "library",
"bom-ref": "64-tenacity",
"name": "tenacity",
"version": "9.0.0",
"bom-ref": "64-narwhals",
"name": "narwhals",
"version": "1.24.2",
"supplier": {
"name": "Julien Danjou",
"name": "Marco Gorelli",
"contact": [
{
"email": "[email protected]"
"email": "[email protected]"
}
]
},
"cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*",
"description": "Retry code until it succeeds",
"hashes": [
{
"alg": "SHA-256",
"content": "93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539"
}
],
"licenses": [
{
"license": {
"id": "Apache-2.0",
"url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.24.2:*:*:*:*:*:*:*",
"description": "Extremely lightweight compatibility layer between dataframe libraries",
"externalReferences": [
{
"url": "https://github.com/jd/tenacity",
"url": "https://github.com/narwhals-dev/narwhals",
"type": "website",
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/tenacity/9.0.0/#files",
"url": "https://pypi.org/project/narwhals/1.24.2/#files",
"type": "distribution",
"comment": "Download location for component"
},
{
"url": "https://narwhals-dev.github.io/narwhals/",
"type": "documentation"
},
{
"url": "https://github.com/narwhals-dev/narwhals",
"type": "vcs"
},
{
"url": "https://github.com/narwhals-dev/narwhals/issues",
"type": "issue-tracker"
}
],
"purl": "pkg:pypi/[email protected]",
"purl": "pkg:pypi/[email protected]",
"properties": [
{
"name": "release_date",
"value": "2024-07-29T12:12:25Z"
"value": "2025-01-28T19:33:47Z"
},
{
"name": "language",
Expand Down Expand Up @@ -4301,7 +4292,7 @@
"type": "library",
"bom-ref": "68-certifi",
"name": "certifi",
"version": "2024.12.14",
"version": "2025.1.31",
"supplier": {
"name": "Kenneth Reitz",
"contact": [
Expand All @@ -4310,12 +4301,12 @@
}
]
},
"cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:kenneth_reitz:certifi:2025.1.31:*:*:*:*:*:*:*",
"description": "Python package for providing Mozilla's CA Bundle.",
"hashes": [
{
"alg": "SHA-256",
"content": "1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56"
"content": "ca78db4565a652026a4db2bcdf68f2fb589ea80d0be70e03929ed730746b84fe"
}
],
"licenses": [
Expand All @@ -4334,7 +4325,7 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/certifi/2024.12.14/#files",
"url": "https://pypi.org/project/certifi/2025.1.31/#files",
"type": "distribution",
"comment": "Download location for component"
},
Expand All @@ -4343,11 +4334,11 @@
"type": "vcs"
}
],
"purl": "pkg:pypi/certifi@2024.12.14",
"purl": "pkg:pypi/certifi@2025.1.31",
"properties": [
{
"name": "release_date",
"value": "2024-12-14T13:52:36Z"
"value": "2025-01-31T02:16:45Z"
},
{
"name": "language",
Expand Down Expand Up @@ -4720,7 +4711,8 @@
{
"ref": "12-beautifulsoup4",
"dependsOn": [
"13-soupsieve"
"13-soupsieve",
"8-typing-extensions"
]
},
{
Expand Down Expand Up @@ -4908,7 +4900,7 @@
{
"ref": "63-plotly",
"dependsOn": [
"64-tenacity",
"64-narwhals",
"62-packaging"
]
},
Expand Down
Loading

0 comments on commit 6eee104

Please sign in to comment.