chore: update SBOM for Python 3.8 (#3947)

Co-authored-by: GitHub <[email protected]>
intel · Mar 19, 2024 · c32e2ef · c32e2ef
1 parent 8100677
commit c32e2ef
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 70 deletions.
diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:e16169b7-f104-4782-8d4e-16d6178d75ef",
+  "serialNumber": "urn:uuid:e6470533-d12d-49eb-8cca-7cd22d1d027c",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-03-11T00:28:18Z",
+    "timestamp": "2024-03-18T00:28:11Z",
     "tools": {
       "components": [
         {
@@ -1718,7 +1718,7 @@
       "type": "library",
       "bom-ref": "41-zipp",
       "name": "zipp",
-      "version": "3.17.0",
+      "version": "3.18.1",
       "supplier": {
         "name": "Jason R . Coombs",
         "contact": [
@@ -1727,16 +1727,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.17.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.18.1:*:*:*:*:*:*:*",
       "description": "Backport of pathlib-compatible object wrapper for zip files",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/zipp/3.17.0",
+          "url": "https://pypi.org/project/zipp/3.18.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/zipp@3.17.0",
+      "purl": "pkg:pypi/zipp@3.18.1",
       "properties": [
         {
           "name": "language",
@@ -1752,7 +1752,7 @@
       "type": "library",
       "bom-ref": "42-importlib-resources",
       "name": "importlib-resources",
-      "version": "6.1.3",
+      "version": "6.3.1",
       "supplier": {
         "name": "Barry Warsaw",
         "contact": [
@@ -1761,16 +1761,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.1.3:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.3.1:*:*:*:*:*:*:*",
       "description": "Read resources from Python packages",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/importlib_resources/6.1.3",
+          "url": "https://pypi.org/project/importlib_resources/6.3.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/importlib-resources@6.1.3",
+      "purl": "pkg:pypi/importlib-resources@6.3.1",
       "properties": [
         {
           "name": "language",
@@ -1926,28 +1926,20 @@
       "type": "library",
       "bom-ref": "47-referencing",
       "name": "referencing",
-      "version": "0.33.0",
+      "version": "0.34.0",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:referencing:0.33.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*",
       "description": "JSON Referencing + Python",
-      "licenses": [
-        {
-          "license": {
-            "id": "MIT",
-            "url": "https://opensource.org/licenses/MIT"
-          }
-        }
-      ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/referencing/0.33.0",
+          "url": "https://pypi.org/project/referencing/0.34.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/referencing@0.33.0",
+      "purl": "pkg:pypi/referencing@0.34.0",
       "properties": [
         {
           "name": "language",
@@ -2164,11 +2156,11 @@
       "type": "library",
       "bom-ref": "53-packageurl-python",
       "name": "packageurl-python",
-      "version": "0.14.0",
+      "version": "0.15.0",
       "supplier": {
         "name": "the purl authors"
       },
-      "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.14.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.0:*:*:*:*:*:*:*",
       "description": "A purl aka. Package URL parser and builder",
       "licenses": [
         {
@@ -2180,12 +2172,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/packageurl-python/0.14.0",
+          "url": "https://pypi.org/project/packageurl-python/0.15.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/packageurl-python@0.14.0",
+      "purl": "pkg:pypi/packageurl-python@0.15.0",
       "properties": [
         {
           "name": "language",
@@ -2235,7 +2227,7 @@
       "type": "library",
       "bom-ref": "55-plotly",
       "name": "plotly",
-      "version": "5.19.0",
+      "version": "5.20.0",
       "supplier": {
         "name": "Chris P",
         "contact": [
@@ -2244,7 +2236,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:chris_p:plotly:5.19.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*",
       "description": "An open-source, interactive data visualization library for Python",
       "licenses": [
         {
@@ -2256,12 +2248,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/plotly/5.19.0",
+          "url": "https://pypi.org/project/plotly/5.20.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/plotly@5.19.0",
+      "purl": "pkg:pypi/plotly@5.20.0",
       "properties": [
         {
           "name": "language",
@@ -2803,7 +2795,7 @@
       "type": "library",
       "bom-ref": "69-xmlschema",
       "name": "xmlschema",
-      "version": "3.0.2",
+      "version": "3.1.0",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -2812,7 +2804,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.0.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.1.0:*:*:*:*:*:*:*",
       "description": "An XML Schema validator and decoder",
       "licenses": [
         {
@@ -2824,12 +2816,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/xmlschema/3.0.2",
+          "url": "https://pypi.org/project/xmlschema/3.1.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/xmlschema@3.0.2",
+      "purl": "pkg:pypi/xmlschema@3.1.0",
       "properties": [
         {
           "name": "language",
@@ -2845,7 +2837,7 @@
       "type": "library",
       "bom-ref": "70-elementpath",
       "name": "elementpath",
-      "version": "4.3.0",
+      "version": "4.4.0",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -2854,7 +2846,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.3.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*:*:*:*:*",
       "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
       "licenses": [
         {
@@ -2866,12 +2858,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/elementpath/4.3.0",
+          "url": "https://pypi.org/project/elementpath/4.4.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/elementpath@4.3.0",
+      "purl": "pkg:pypi/elementpath@4.4.0",
       "properties": [
         {
           "name": "language",

diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-1f257da6-f6cb-4cd8-8527-9c9177029396
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0e4c406a-d6ad-41db-b7f6-a812ca956c7e
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.10.3
-Created: 2024-03-11T00:26:22Z
+Created: 2024-03-18T00:26:18Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -629,32 +629,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:7.0
 
 PackageName: zipp
 SPDXID: SPDXRef-Package-41-zipp
-PackageVersion: 3.17.0
+PackageVersion: 3.18.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Jason R. Coombs ([email protected])
-PackageDownloadLocation: https://pypi.org/project/zipp/3.17.0
+PackageDownloadLocation: https://pypi.org/project/zipp/3.18.1
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Backport of pathlib-compatible object wrapper for zip files</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.17.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.17.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.18.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.18.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: importlib-resources
 SPDXID: SPDXRef-Package-42-importlib-resources
-PackageVersion: 6.1.3
+PackageVersion: 6.3.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Barry Warsaw ([email protected])
-PackageDownloadLocation: https://pypi.org/project/importlib_resources/6.1.3
+PackageDownloadLocation: https://pypi.org/project/importlib_resources/6.3.1
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Read resources from Python packages</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-resources@6.1.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.1.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-resources@6.3.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.3.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jinja2
@@ -717,17 +717,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
 
 PackageName: referencing
 SPDXID: SPDXRef-Package-47-referencing
-PackageVersion: 0.33.0
+PackageVersion: 0.34.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.33.0
+PackageDownloadLocation: https://pypi.org/project/referencing/0.34.0
 FilesAnalyzed: false
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>JSON Referencing + Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.33.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.33.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.34.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: rpds-py
@@ -808,17 +808,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.
 
 PackageName: packageurl-python
 SPDXID: SPDXRef-Package-53-packageurl-python
-PackageVersion: 0.14.0
+PackageVersion: 0.15.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.14.0
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A purl aka. Package URL parser and builder</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.14.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.14.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.15.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: packaging
@@ -838,17 +838,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:*
 
 PackageName: plotly
 SPDXID: SPDXRef-Package-55-plotly
-PackageVersion: 5.19.0
+PackageVersion: 5.20.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Chris P ([email protected])
-PackageDownloadLocation: https://pypi.org/project/plotly/5.19.0
+PackageDownloadLocation: https://pypi.org/project/plotly/5.20.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An open-source, interactive data visualization library for Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.19.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.19.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.20.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: tenacity
@@ -1051,32 +1051,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
 
 PackageName: xmlschema
 SPDXID: SPDXRef-Package-69-xmlschema
-PackageVersion: 3.0.2
+PackageVersion: 3.1.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato ([email protected])
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.0.2
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.1.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An XML Schema validator and decoder</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.0.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.0.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.1.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: elementpath
 SPDXID: SPDXRef-Package-70-elementpath
-PackageVersion: 4.3.0
+PackageVersion: 4.4.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato ([email protected])
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.3.0
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.4.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.4.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: zstandard