From 1596fbfd44569e20eaaeda3b8f6e5a3ed74e88f9 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 17 Nov 2025 00:41:39 +0000 Subject: [PATCH] chore: update SBOM for Python 3.11 --- sbom/cve-bin-tool-py3.11.json | 48 +++++++++++++++++------------------ sbom/cve-bin-tool-py3.11.spdx | 48 +++++++++++++++++------------------ 2 files changed, 48 insertions(+), 48 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index b5d1f9ff21..8627586d13 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.7", - "serialNumber": "urn:uuid:4a902649-ff6d-4934-be86-2eb8dd79be62", + "serialNumber": "urn:uuid:8dd93082-0fef-4467-a5fb-8e1e2f15d736", "version": 1, "metadata": { - "timestamp": "2025-11-10T00:41:52Z", + "timestamp": "2025-11-17T00:41:37Z", "lifecycles": [ { "phase": "build" @@ -3137,7 +3137,7 @@ "type": "library", "bom-ref": "48-rpds-py", "name": "rpds-py", - "version": "0.28.0", + "version": "0.29.0", "supplier": { "name": "Julian Berman", "contact": [ @@ -3146,12 +3146,12 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.28.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.29.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", "hashes": [ { "alg": "SHA-256", - "content": "7b6013db815417eeb56b2d9d7324e64fcd4fa289caeee6e7a78b2e11fc9b438a" + "content": "4ae4b88c6617e1b9e5038ab3fccd7bac0842fdda2b703117b2aa99bc85379113" } ], "externalReferences": [ @@ -3161,7 +3161,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.28.0/#files", + "url": "https://pypi.org/project/rpds-py/0.29.0/#files", "type": "distribution", "comment": "Download location for component" }, @@ -3190,11 +3190,11 @@ "type": "other" } ], - "purl": "pkg:pypi/rpds-py@0.28.0", + "purl": "pkg:pypi/rpds-py@0.29.0", "properties": [ { "name": "release_date", - "value": "2025-10-22T22:21:15Z" + "value": "2025-11-16T14:47:36Z" }, { "name": "language", @@ -3210,7 +3210,7 @@ "type": "library", "bom-ref": "49-lib4sbom", "name": "lib4sbom", - "version": "0.9.0", + "version": "0.9.1", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -3219,12 +3219,12 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.9.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.9.1:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", "hashes": [ { "alg": "SHA-256", - "content": "78b8584d10fc7fa28fc3c17c0afcb2967f3c2b96974e4bdbb60b3eb3744d01fd" + "content": "f2423d5e06a82f5462b05d0c5b9273d6e3674753ade9f5a0d4abdcf73f799117" } ], "licenses": [ @@ -3243,16 +3243,16 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/lib4sbom/0.9.0/#files", + "url": "https://pypi.org/project/lib4sbom/0.9.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.9.0", + "purl": "pkg:pypi/lib4sbom@0.9.1", "properties": [ { "name": "release_date", - "value": "2025-10-28T09:09:40Z" + "value": "2025-11-13T20:07:13Z" }, { "name": "language", @@ -4128,7 +4128,7 @@ "type": "library", "bom-ref": "64-narwhals", "name": "narwhals", - "version": "2.10.2", + "version": "2.11.0", "supplier": { "name": "Marco Gorelli", "contact": [ @@ -4137,7 +4137,7 @@ } ] }, - "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.10.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.11.0:*:*:*:*:*:*:*", "description": "Extremely lightweight compatibility layer between dataframe libraries", "licenses": [ { @@ -4155,7 +4155,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/narwhals/2.10.2/#files", + "url": "https://pypi.org/project/narwhals/2.11.0/#files", "type": "distribution", "comment": "Download location for component" }, @@ -4172,7 +4172,7 @@ "type": "issue-tracker" } ], - "purl": "pkg:pypi/narwhals@2.10.2", + "purl": "pkg:pypi/narwhals@2.11.0", "properties": [ { "name": "release_date", @@ -4465,7 +4465,7 @@ "type": "library", "bom-ref": "69-certifi", "name": "certifi", - "version": "2025.10.5", + "version": "2025.11.12", "supplier": { "name": "Kenneth Reitz", "contact": [ @@ -4474,12 +4474,12 @@ } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2025.10.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2025.11.12:*:*:*:*:*:*:*", "description": "Python package for providing Mozilla's CA Bundle.", "hashes": [ { "alg": "SHA-256", - "content": "0f212c2744a9bb6de0c56639a6f68afe01ecd92d91f14ae897c4fe7bbeeef0de" + "content": "97de8790030bbd5c2d96b7ec782fc2f7820ef8dba6db909ccf95449f2d062d4b" } ], "licenses": [ @@ -4498,7 +4498,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/certifi/2025.10.5/#files", + "url": "https://pypi.org/project/certifi/2025.11.12/#files", "type": "distribution", "comment": "Download location for component" }, @@ -4507,11 +4507,11 @@ "type": "vcs" } ], - "purl": "pkg:pypi/certifi@2025.10.5", + "purl": "pkg:pypi/certifi@2025.11.12", "properties": [ { "name": "release_date", - "value": "2025-10-05T04:12:14Z" + "value": "2025-11-12T02:54:49Z" }, { "name": "language", diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index 4612ba752d..b4a08c2578 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c21d4eba-37d8-4ed9-b75c-5654f6ff8187 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a8f75dce-fdf1-4811-a783-6b1061787298 LicenseListVersion: 3.26 Creator: Tool: sbom4python-0.12.4 -Created: 2025-11-10T00:41:40Z +Created: 2025-11-17T00:41:26Z CreatorComment: SBOM Type: Build - This document has been automatically generated. ##### @@ -986,44 +986,44 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.37.0:*:*:* PackageName: rpds-py SPDXID: SPDXRef-48-rpds-py -PackageVersion: 0.28.0 +PackageVersion: 0.29.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.28.0/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.29.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageChecksum: SHA256: 7b6013db815417eeb56b2d9d7324e64fcd4fa289caeee6e7a78b2e11fc9b438a +PackageChecksum: SHA256: 4ae4b88c6617e1b9e5038ab3fccd7bac0842fdda2b703117b2aa99bc85379113 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ReleaseDate: 2025-10-22T22:21:15Z +ReleaseDate: 2025-11-16T14:47:36Z ExternalRef: OTHER documentation https://rpds.readthedocs.io/ ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/ ExternalRef: OTHER other https://github.com/sponsors/Julian ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link ExternalRef: OTHER vcs https://github.com/crate-py/rpds ExternalRef: OTHER other https://github.com/orium/rpds -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.28.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.28.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.29.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.29.0:*:*:*:*:*:*:* ##### PackageName: lib4sbom SPDXID: SPDXRef-49-lib4sbom -PackageVersion: 0.9.0 +PackageVersion: 0.9.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.9.0/#files +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.9.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/lib4sbom -PackageChecksum: SHA256: 78b8584d10fc7fa28fc3c17c0afcb2967f3c2b96974e4bdbb60b3eb3744d01fd +PackageChecksum: SHA256: f2423d5e06a82f5462b05d0c5b9273d6e3674753ade9f5a0d4abdcf73f799117 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ReleaseDate: 2025-10-28T09:09:40Z -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.9.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.9.0:*:*:*:*:*:*:* +ReleaseDate: 2025-11-13T20:07:13Z +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.9.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.9.1:*:*:*:*:*:*:* ##### PackageName: pyyaml @@ -1322,10 +1322,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.4.0:*:*:*:*:*:*:* PackageName: narwhals SPDXID: SPDXRef-64-narwhals -PackageVersion: 2.10.2 +PackageVersion: 2.11.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Marco Gorelli (hello_narwhals@proton.me) -PackageDownloadLocation: https://pypi.org/project/narwhals/2.10.2/#files +PackageDownloadLocation: https://pypi.org/project/narwhals/2.11.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/narwhals-dev/narwhals PackageLicenseDeclared: NOASSERTION @@ -1337,8 +1337,8 @@ ReleaseDate: 2025-11-04T17:59:22Z ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/ ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.10.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.10.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.11.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.11.0:*:*:*:*:*:*:* ##### PackageName: python-gnupg @@ -1427,21 +1427,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.5.0:*:*:*:*:*: PackageName: certifi SPDXID: SPDXRef-69-certifi -PackageVersion: 2025.10.5 +PackageVersion: 2025.11.12 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) -PackageDownloadLocation: https://pypi.org/project/certifi/2025.10.5/#files +PackageDownloadLocation: https://pypi.org/project/certifi/2025.11.12/#files FilesAnalyzed: false PackageHomePage: https://github.com/certifi/python-certifi -PackageChecksum: SHA256: 0f212c2744a9bb6de0c56639a6f68afe01ecd92d91f14ae897c4fe7bbeeef0de +PackageChecksum: SHA256: 97de8790030bbd5c2d96b7ec782fc2f7820ef8dba6db909ccf95449f2d062d4b PackageLicenseDeclared: MPL-2.0 PackageLicenseConcluded: MPL-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Python package for providing Mozilla's CA Bundle. -ReleaseDate: 2025-10-05T04:12:14Z +ReleaseDate: 2025-11-12T02:54:49Z ExternalRef: OTHER vcs https://github.com/certifi/python-certifi -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2025.10.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2025.10.5:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2025.11.12 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2025.11.12:*:*:*:*:*:*:* ##### PackageName: rpmfile