chore: update SBOM for Python 3.12

intel · Mar 18, 2024 · e8ea39a · e8ea39a
1 parent 46deb12
commit e8ea39a
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 54 deletions.
diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:c8083159-b1db-4f5a-ad4c-83cbd650dd44",
+  "serialNumber": "urn:uuid:d6742e01-bf88-4caa-8f8b-b26631534de5",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-03-11T00:28:00Z",
+    "timestamp": "2024-03-18T00:28:13Z",
     "tools": {
       "components": [
         {
@@ -1778,28 +1778,20 @@
       "type": "library",
       "bom-ref": "43-referencing",
       "name": "referencing",
-      "version": "0.33.0",
+      "version": "0.34.0",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:referencing:0.33.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*",
       "description": "JSON Referencing + Python",
-      "licenses": [
-        {
-          "license": {
-            "id": "MIT",
-            "url": "https://opensource.org/licenses/MIT"
-          }
-        }
-      ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/referencing/0.33.0",
+          "url": "https://pypi.org/project/referencing/0.34.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/referencing@0.33.0",
+      "purl": "pkg:pypi/referencing@0.34.0",
       "properties": [
         {
           "name": "language",
@@ -1982,11 +1974,11 @@
       "type": "library",
       "bom-ref": "48-packageurl-python",
       "name": "packageurl-python",
-      "version": "0.14.0",
+      "version": "0.15.0",
       "supplier": {
         "name": "the purl authors"
       },
-      "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.14.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.0:*:*:*:*:*:*:*",
       "description": "A purl aka. Package URL parser and builder",
       "licenses": [
         {
@@ -1998,12 +1990,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/packageurl-python/0.14.0",
+          "url": "https://pypi.org/project/packageurl-python/0.15.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/packageurl-python@0.14.0",
+      "purl": "pkg:pypi/packageurl-python@0.15.0",
       "properties": [
         {
           "name": "language",
@@ -2053,7 +2045,7 @@
       "type": "library",
       "bom-ref": "50-plotly",
       "name": "plotly",
-      "version": "5.19.0",
+      "version": "5.20.0",
       "supplier": {
         "name": "Chris P",
         "contact": [
@@ -2062,7 +2054,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:chris_p:plotly:5.19.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*",
       "description": "An open-source, interactive data visualization library for Python",
       "licenses": [
         {
@@ -2074,12 +2066,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/plotly/5.19.0",
+          "url": "https://pypi.org/project/plotly/5.20.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/plotly@5.19.0",
+      "purl": "pkg:pypi/plotly@5.20.0",
       "properties": [
         {
           "name": "language",
@@ -2545,7 +2537,7 @@
       "type": "library",
       "bom-ref": "62-xmlschema",
       "name": "xmlschema",
-      "version": "3.0.2",
+      "version": "3.1.0",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -2554,7 +2546,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.0.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.1.0:*:*:*:*:*:*:*",
       "description": "An XML Schema validator and decoder",
       "licenses": [
         {
@@ -2566,12 +2558,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/xmlschema/3.0.2",
+          "url": "https://pypi.org/project/xmlschema/3.1.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/xmlschema@3.0.2",
+      "purl": "pkg:pypi/xmlschema@3.1.0",
       "properties": [
         {
           "name": "language",
@@ -2587,7 +2579,7 @@
       "type": "library",
       "bom-ref": "63-elementpath",
       "name": "elementpath",
-      "version": "4.3.0",
+      "version": "4.4.0",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -2596,7 +2588,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.3.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*:*:*:*:*",
       "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
       "licenses": [
         {
@@ -2608,12 +2600,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/elementpath/4.3.0",
+          "url": "https://pypi.org/project/elementpath/4.4.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/elementpath@4.3.0",
+      "purl": "pkg:pypi/elementpath@4.4.0",
       "properties": [
         {
           "name": "language",

diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-d772a27a-9054-4dc4-892b-cc78f6dfb8bd
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c793249f-eefd-4410-9bef-aae22d313531
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.10.3
-Created: 2024-03-11T00:26:19Z
+Created: 2024-03-18T00:26:33Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -656,17 +656,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
 
 PackageName: referencing
 SPDXID: SPDXRef-Package-43-referencing
-PackageVersion: 0.33.0
+PackageVersion: 0.34.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.33.0
+PackageDownloadLocation: https://pypi.org/project/referencing/0.34.0
 FilesAnalyzed: false
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>JSON Referencing + Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.33.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.33.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.34.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: rpds-py
@@ -732,17 +732,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.
 
 PackageName: packageurl-python
 SPDXID: SPDXRef-Package-48-packageurl-python
-PackageVersion: 0.14.0
+PackageVersion: 0.15.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.14.0
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A purl aka. Package URL parser and builder</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.14.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.14.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.15.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: packaging
@@ -762,17 +762,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:*
 
 PackageName: plotly
 SPDXID: SPDXRef-Package-50-plotly
-PackageVersion: 5.19.0
+PackageVersion: 5.20.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Chris P ([email protected])
-PackageDownloadLocation: https://pypi.org/project/plotly/5.19.0
+PackageDownloadLocation: https://pypi.org/project/plotly/5.20.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An open-source, interactive data visualization library for Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.19.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.19.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.20.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.20.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: tenacity
@@ -945,32 +945,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*
 
 PackageName: xmlschema
 SPDXID: SPDXRef-Package-62-xmlschema
-PackageVersion: 3.0.2
+PackageVersion: 3.1.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato ([email protected])
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.0.2
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.1.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An XML Schema validator and decoder</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.0.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.0.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.1.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: elementpath
 SPDXID: SPDXRef-Package-63-elementpath
-PackageVersion: 4.3.0
+PackageVersion: 4.4.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato ([email protected])
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.3.0
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.4.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.4.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: zstandard