From 393181dffce029ea5d4d16cde3581d81358f22b6 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 17 Jun 2024 00:29:54 +0000 Subject: [PATCH] chore: update SBOM for Python 3.11 --- sbom/cve-bin-tool-py3.11.json | 40 ++++++++++++----------------------- sbom/cve-bin-tool-py3.11.spdx | 30 ++++++++++++-------------- 2 files changed, 28 insertions(+), 42 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index e0850858e2..2f6e84bf0e 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:e01caae8-315f-4cee-86eb-da44a110f7a6", + "serialNumber": "urn:uuid:3658abd9-6823-4e3c-ac3d-3494bd9e79a7", "version": 1, "metadata": { - "timestamp": "2024-06-10T00:29:56Z", + "timestamp": "2024-06-17T00:29:53Z", "tools": { "components": [ { @@ -610,7 +610,7 @@ "type": "library", "bom-ref": "15-gsutil", "name": "gsutil", - "version": "5.29", + "version": "5.30", "supplier": { "name": "Google Inc .", "contact": [ @@ -619,7 +619,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.29:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.30:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -631,12 +631,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gsutil/5.29", + "url": "https://pypi.org/project/gsutil/5.30", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.29", + "purl": "pkg:pypi/gsutil@5.30", "properties": [ { "name": "language", @@ -652,7 +652,7 @@ "type": "library", "bom-ref": "16-argcomplete", "name": "argcomplete", - "version": "3.3.0", + "version": "3.4.0", "supplier": { "name": "Andrey Kislyuk", "contact": [ @@ -661,14 +661,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.4.0:*:*:*:*:*:*:*", "description": "Bash tab completion for argparse", - "hashes": [ - { - "alg": "SHA-1", - "content": "c7cc834df1fddcf94bd35b740fef7c7ab8e9c350" - } - ], "licenses": [ { "license": { @@ -679,12 +673,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/argcomplete/3.3.0", + "url": "https://pypi.org/project/argcomplete/3.4.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/argcomplete@3.3.0", + "purl": "pkg:pypi/argcomplete@3.4.0", "properties": [ { "name": "language", @@ -2105,18 +2099,12 @@ "type": "library", "bom-ref": "49-packageurl-python", "name": "packageurl-python", - "version": "0.15.0", + "version": "0.15.1", "supplier": { "name": "the purl authors" }, - "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.1:*:*:*:*:*:*:*", "description": "A purl aka. Package URL parser and builder", - "hashes": [ - { - "alg": "SHA-1", - "content": "a46d42493bbb7ae1a227be7bbd6b180a149ad3b1" - } - ], "licenses": [ { "license": { @@ -2127,12 +2115,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/packageurl-python/0.15.0", + "url": "https://pypi.org/project/packageurl-python/0.15.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/packageurl-python@0.15.0", + "purl": "pkg:pypi/packageurl-python@0.15.1", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index b566ca00e2..d3ab26d2b9 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-be377122-c0be-449b-be0c-46c8f91e0c1d +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8b15b17c-175a-47f3-a368-d98a6b7def6f LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.10.4 -Created: 2024-06-10T00:28:42Z +Created: 2024-06-17T00:28:32Z CreatorComment: This document has been automatically generated. ##### @@ -233,35 +233,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: PackageName: gsutil SPDXID: SPDXRef-Package-15-gsutil -PackageVersion: 5.29 +PackageVersion: 5.30 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.29 +PackageDownloadLocation: https://pypi.org/project/gsutil/5.30 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.29 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.29:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.30 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.30:*:*:*:*:*:*:* ##### PackageName: argcomplete SPDXID: SPDXRef-Package-16-argcomplete -PackageVersion: 3.3.0 +PackageVersion: 3.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageDownloadLocation: https://pypi.org/project/argcomplete/3.3.0 +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.4.0 FilesAnalyzed: false -PackageChecksum: SHA1: c7cc834df1fddcf94bd35b740fef7c7ab8e9c350 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.4.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.4.0:*:*:*:*:*:*:* ##### PackageName: crcmod @@ -777,18 +776,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. PackageName: packageurl-python SPDXID: SPDXRef-Package-49-packageurl-python -PackageVersion: 0.15.0 +PackageVersion: 0.15.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors -PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.0 +PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.1 FilesAnalyzed: false -PackageChecksum: SHA1: a46d42493bbb7ae1a227be7bbd6b180a149ad3b1 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A purl aka. Package URL parser and builder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.1:*:*:*:*:*:*:* ##### PackageName: packaging