Skip to content

Commit

Permalink
chore: update SBOM for Python 3.11 (#4337)
Browse files Browse the repository at this point in the history 
Co-authored-by: GitHub <[email protected]>
  • Loading branch information
@github-actions @web-flow
github-actions[bot] and web-flow authored Aug 12, 2024
1 parent 0a83ab3 commit 7bdd2ca
Show file tree
Hide file tree
Showing 2 changed files with 125 additions and 81 deletions.
119 changes: 74 additions & 45 deletions sbom/cve-bin-tool-py3.11.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:ce44f268-ce23-443b-95c9-c3bffd9fe217",
"serialNumber": "urn:uuid:14e467ca-a313-4558-bdb0-c00a572295aa",
"version": 1,
"metadata": {
"timestamp": "2024-08-05T00:35:43Z",
"timestamp": "2024-08-12T00:35:13Z",
"lifecycles": [
{
"phase": "build"
Expand All @@ -15,7 +15,7 @@
"components": [
{
"name": "sbom4python",
"version": "0.11.0",
"version": "0.11.1",
"type": "application"
}
]
Expand Down Expand Up @@ -74,7 +74,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
"version": "3.10.1",
"version": "3.10.3",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
Expand All @@ -87,12 +87,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/aiohttp/3.10.1",
"url": "https://pypi.org/project/aiohttp/3.10.3",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].1",
"purl": "pkg:pypi/[email protected].3",
"properties": [
{
"name": "language",
Expand All @@ -108,7 +108,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
"version": "2.3.4",
"version": "2.3.5",
"supplier": {
"name": "J. Nick Koston",
"contact": [
Expand All @@ -117,25 +117,31 @@
}
]
},
"cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.4:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.5:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
"hashes": [
{
"alg": "SHA-1",
"content": "01595bbda3380154cc4e72702a1f82502a15940a"
}
],
"licenses": [
{
"license": {
"id": "PSF-2.0",
"id": "Python-2.0",
"url": "https://opensource.org/licenses/Python-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/aiohappyeyeballs/2.3.4",
"url": "https://pypi.org/project/aiohappyeyeballs/2.3.5",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].4",
"purl": "pkg:pypi/[email protected].5",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -224,7 +230,7 @@
"type": "library",
"bom-ref": "6-attrs",
"name": "attrs",
"version": "24.1.0",
"version": "24.2.0",
"supplier": {
"name": "Hynek Schlawack",
"contact": [
Expand All @@ -233,16 +239,16 @@
}
]
},
"cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.1.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
"externalReferences": [
{
"url": "https://pypi.org/project/attrs/24.1.0",
"url": "https://pypi.org/project/attrs/24.2.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/attrs@24.1.0",
"purl": "pkg:pypi/attrs@24.2.0",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -712,7 +718,7 @@
"type": "library",
"bom-ref": "17-argcomplete",
"name": "argcomplete",
"version": "3.4.0",
"version": "3.5.0",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
Expand All @@ -721,7 +727,7 @@
}
]
},
"cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.4.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.0:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
"licenses": [
{
Expand All @@ -734,12 +740,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/argcomplete/3.4.0",
"url": "https://pypi.org/project/argcomplete/3.5.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/argcomplete@3.4.0",
"purl": "pkg:pypi/argcomplete@3.5.0",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -1576,7 +1582,7 @@
"type": "library",
"bom-ref": "36-cffi",
"name": "cffi",
"version": "1.16.0",
"version": "1.17.0",
"supplier": {
"name": "Armin Maciej Fijalkowski",
"contact": [
Expand All @@ -1585,14 +1591,8 @@
}
]
},
"cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.0:*:*:*:*:*:*:*",
"description": "Foreign Function Interface for Python calling C code.",
"hashes": [
{
"alg": "SHA-1",
"content": "ba44abd69cf6f0f1cc90db34cd067275dc10fc71"
}
],
"licenses": [
{
"license": {
Expand All @@ -1604,12 +1604,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/cffi/1.16.0",
"url": "https://pypi.org/project/cffi/1.17.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/cffi@1.16.0",
"purl": "pkg:pypi/cffi@1.17.0",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -1997,11 +1997,11 @@
"type": "library",
"bom-ref": "46-rpds-py",
"name": "rpds-py",
"version": "0.19.1",
"version": "0.20.0",
"supplier": {
"name": "Julian Berman"
},
"cpe": "cpe:2.3:a:julian_berman:rpds-py:0.19.1:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"licenses": [
{
Expand All @@ -2014,12 +2014,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/rpds-py/0.19.1",
"url": "https://pypi.org/project/rpds-py/0.20.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/rpds-py@0.19.1",
"purl": "pkg:pypi/rpds-py@0.20.0",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -2078,7 +2078,7 @@
"type": "library",
"bom-ref": "48-pyyaml",
"name": "pyyaml",
"version": "6.0.1",
"version": "6.0.2",
"supplier": {
"name": "Kirill Simonov",
"contact": [
Expand All @@ -2087,14 +2087,8 @@
}
]
},
"cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*",
"description": "YAML parser and emitter for Python",
"hashes": [
{
"alg": "SHA-1",
"content": "c42fa3bff1eabdb64763bb1526d9ea1ccb708479"
}
],
"licenses": [
{
"license": {
Expand All @@ -2106,12 +2100,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/pyyaml/6.0.1",
"url": "https://pypi.org/project/pyyaml/6.0.2",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].1",
"purl": "pkg:pypi/[email protected].2",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -3001,7 +2995,41 @@
},
{
"type": "library",
"bom-ref": "69-zstandard",
"bom-ref": "69-zipp",
"name": "zipp",
"version": "3.20.0",
"supplier": {
"name": "Jason R .",
"contact": [
{
"email": "[email protected]"
}
]
},
"cpe": "cpe:2.3:a:jason_r.:zipp:3.20.0:*:*:*:*:*:*:*",
"description": "Backport of pathlib-compatible object wrapper for zip files",
"externalReferences": [
{
"url": "https://pypi.org/project/zipp/3.20.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected]",
"properties": [
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
"value": "3.11.9"
}
]
},
{
"type": "library",
"bom-ref": "70-zstandard",
"name": "zstandard",
"version": "0.23.0",
"supplier": {
Expand Down Expand Up @@ -3075,7 +3103,8 @@
"66-setuptools",
"64-urllib3",
"67-xmlschema",
"69-zstandard"
"69-zipp",
"70-zstandard"
]
},
{
Expand Down
Loading

0 comments on commit 7bdd2ca

Please sign in to comment.