From 30791f77d65fc8911ebe51da295da5a818d89670 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 17 Nov 2025 00:42:49 +0000 Subject: [PATCH] chore: update SBOM for Python 3.10 --- sbom/cve-bin-tool-py3.10.json | 48 +++++++++++++++++------------------ sbom/cve-bin-tool-py3.10.spdx | 48 +++++++++++++++++------------------ 2 files changed, 48 insertions(+), 48 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index 9358ecfc9b..58277399bf 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.7", - "serialNumber": "urn:uuid:3afa9eb1-4948-472a-bffc-204138519a06", + "serialNumber": "urn:uuid:0595a1e4-2ef0-4dc2-841a-966f4551abd7", "version": 1, "metadata": { - "timestamp": "2025-11-10T00:43:04Z", + "timestamp": "2025-11-17T00:42:47Z", "lifecycles": [ { "phase": "build" @@ -3219,7 +3219,7 @@ "type": "library", "bom-ref": "49-rpds-py", "name": "rpds-py", - "version": "0.28.0", + "version": "0.29.0", "supplier": { "name": "Julian Berman", "contact": [ @@ -3228,12 +3228,12 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.28.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.29.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", "hashes": [ { "alg": "SHA-256", - "content": "7b6013db815417eeb56b2d9d7324e64fcd4fa289caeee6e7a78b2e11fc9b438a" + "content": "4ae4b88c6617e1b9e5038ab3fccd7bac0842fdda2b703117b2aa99bc85379113" } ], "externalReferences": [ @@ -3243,7 +3243,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.28.0/#files", + "url": "https://pypi.org/project/rpds-py/0.29.0/#files", "type": "distribution", "comment": "Download location for component" }, @@ -3272,11 +3272,11 @@ "type": "other" } ], - "purl": "pkg:pypi/rpds-py@0.28.0", + "purl": "pkg:pypi/rpds-py@0.29.0", "properties": [ { "name": "release_date", - "value": "2025-10-22T22:21:15Z" + "value": "2025-11-16T14:47:36Z" }, { "name": "language", @@ -3292,7 +3292,7 @@ "type": "library", "bom-ref": "50-lib4sbom", "name": "lib4sbom", - "version": "0.9.0", + "version": "0.9.1", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -3301,12 +3301,12 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.9.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.9.1:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", "hashes": [ { "alg": "SHA-256", - "content": "78b8584d10fc7fa28fc3c17c0afcb2967f3c2b96974e4bdbb60b3eb3744d01fd" + "content": "f2423d5e06a82f5462b05d0c5b9273d6e3674753ade9f5a0d4abdcf73f799117" } ], "licenses": [ @@ -3325,16 +3325,16 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/lib4sbom/0.9.0/#files", + "url": "https://pypi.org/project/lib4sbom/0.9.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.9.0", + "purl": "pkg:pypi/lib4sbom@0.9.1", "properties": [ { "name": "release_date", - "value": "2025-10-28T09:09:40Z" + "value": "2025-11-13T20:07:13Z" }, { "name": "language", @@ -4210,7 +4210,7 @@ "type": "library", "bom-ref": "65-narwhals", "name": "narwhals", - "version": "2.10.2", + "version": "2.11.0", "supplier": { "name": "Marco Gorelli", "contact": [ @@ -4219,7 +4219,7 @@ } ] }, - "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.10.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.11.0:*:*:*:*:*:*:*", "description": "Extremely lightweight compatibility layer between dataframe libraries", "licenses": [ { @@ -4237,7 +4237,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/narwhals/2.10.2/#files", + "url": "https://pypi.org/project/narwhals/2.11.0/#files", "type": "distribution", "comment": "Download location for component" }, @@ -4254,7 +4254,7 @@ "type": "issue-tracker" } ], - "purl": "pkg:pypi/narwhals@2.10.2", + "purl": "pkg:pypi/narwhals@2.11.0", "properties": [ { "name": "release_date", @@ -4547,7 +4547,7 @@ "type": "library", "bom-ref": "70-certifi", "name": "certifi", - "version": "2025.10.5", + "version": "2025.11.12", "supplier": { "name": "Kenneth Reitz", "contact": [ @@ -4556,12 +4556,12 @@ } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2025.10.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2025.11.12:*:*:*:*:*:*:*", "description": "Python package for providing Mozilla's CA Bundle.", "hashes": [ { "alg": "SHA-256", - "content": "0f212c2744a9bb6de0c56639a6f68afe01ecd92d91f14ae897c4fe7bbeeef0de" + "content": "97de8790030bbd5c2d96b7ec782fc2f7820ef8dba6db909ccf95449f2d062d4b" } ], "licenses": [ @@ -4580,7 +4580,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/certifi/2025.10.5/#files", + "url": "https://pypi.org/project/certifi/2025.11.12/#files", "type": "distribution", "comment": "Download location for component" }, @@ -4589,11 +4589,11 @@ "type": "vcs" } ], - "purl": "pkg:pypi/certifi@2025.10.5", + "purl": "pkg:pypi/certifi@2025.11.12", "properties": [ { "name": "release_date", - "value": "2025-10-05T04:12:14Z" + "value": "2025-11-12T02:54:49Z" }, { "name": "language", diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index 38e6169d37..b2d238f354 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c37a6b38-02c7-4b17-a90d-c51629ac5075 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3cf9e13c-a1da-4f19-9ebd-5cb8dcc5e4c7 LicenseListVersion: 3.26 Creator: Tool: sbom4python-0.12.4 -Created: 2025-11-10T00:42:54Z +Created: 2025-11-17T00:42:37Z CreatorComment: SBOM Type: Build - This document has been automatically generated. ##### @@ -1010,44 +1010,44 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.37.0:*:*:* PackageName: rpds-py SPDXID: SPDXRef-49-rpds-py -PackageVersion: 0.28.0 +PackageVersion: 0.29.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.28.0/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.29.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageChecksum: SHA256: 7b6013db815417eeb56b2d9d7324e64fcd4fa289caeee6e7a78b2e11fc9b438a +PackageChecksum: SHA256: 4ae4b88c6617e1b9e5038ab3fccd7bac0842fdda2b703117b2aa99bc85379113 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ReleaseDate: 2025-10-22T22:21:15Z +ReleaseDate: 2025-11-16T14:47:36Z ExternalRef: OTHER documentation https://rpds.readthedocs.io/ ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/ ExternalRef: OTHER other https://github.com/sponsors/Julian ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link ExternalRef: OTHER vcs https://github.com/crate-py/rpds ExternalRef: OTHER other https://github.com/orium/rpds -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.28.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.28.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.29.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.29.0:*:*:*:*:*:*:* ##### PackageName: lib4sbom SPDXID: SPDXRef-50-lib4sbom -PackageVersion: 0.9.0 +PackageVersion: 0.9.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.9.0/#files +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.9.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/lib4sbom -PackageChecksum: SHA256: 78b8584d10fc7fa28fc3c17c0afcb2967f3c2b96974e4bdbb60b3eb3744d01fd +PackageChecksum: SHA256: f2423d5e06a82f5462b05d0c5b9273d6e3674753ade9f5a0d4abdcf73f799117 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ReleaseDate: 2025-10-28T09:09:40Z -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.9.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.9.0:*:*:*:*:*:*:* +ReleaseDate: 2025-11-13T20:07:13Z +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.9.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.9.1:*:*:*:*:*:*:* ##### PackageName: pyyaml @@ -1346,10 +1346,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.4.0:*:*:*:*:*:*:* PackageName: narwhals SPDXID: SPDXRef-65-narwhals -PackageVersion: 2.10.2 +PackageVersion: 2.11.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Marco Gorelli (hello_narwhals@proton.me) -PackageDownloadLocation: https://pypi.org/project/narwhals/2.10.2/#files +PackageDownloadLocation: https://pypi.org/project/narwhals/2.11.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/narwhals-dev/narwhals PackageLicenseDeclared: NOASSERTION @@ -1361,8 +1361,8 @@ ReleaseDate: 2025-11-04T17:59:22Z ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/ ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.10.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.10.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.11.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.11.0:*:*:*:*:*:*:* ##### PackageName: python-gnupg @@ -1451,21 +1451,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.5.0:*:*:*:*:*: PackageName: certifi SPDXID: SPDXRef-70-certifi -PackageVersion: 2025.10.5 +PackageVersion: 2025.11.12 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) -PackageDownloadLocation: https://pypi.org/project/certifi/2025.10.5/#files +PackageDownloadLocation: https://pypi.org/project/certifi/2025.11.12/#files FilesAnalyzed: false PackageHomePage: https://github.com/certifi/python-certifi -PackageChecksum: SHA256: 0f212c2744a9bb6de0c56639a6f68afe01ecd92d91f14ae897c4fe7bbeeef0de +PackageChecksum: SHA256: 97de8790030bbd5c2d96b7ec782fc2f7820ef8dba6db909ccf95449f2d062d4b PackageLicenseDeclared: MPL-2.0 PackageLicenseConcluded: MPL-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Python package for providing Mozilla's CA Bundle. -ReleaseDate: 2025-10-05T04:12:14Z +ReleaseDate: 2025-11-12T02:54:49Z ExternalRef: OTHER vcs https://github.com/certifi/python-certifi -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2025.10.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2025.10.5:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2025.11.12 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2025.11.12:*:*:*:*:*:*:* ##### PackageName: rpmfile