chore: update SBOM for Python 3.9 (#4564)

Co-authored-by: GitHub <[email protected]>
intel · Nov 12, 2024 · 58235be · 58235be
1 parent 505bcf0
commit 58235be
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 46 deletions.
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:cf0e1889-1a11-4eb0-90b5-58e1bd7cf8fb",
+  "serialNumber": "urn:uuid:b533a6a5-37a1-49d0-ac98-ad45000656d8",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-11-04T00:39:04Z",
+    "timestamp": "2024-11-11T00:38:15Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -417,6 +417,12 @@
       },
       "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
       "description": "Backported and Experimental Type Hints for Python 3.8+",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3"
+        }
+      ],
       "externalReferences": [
         {
           "url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
@@ -633,6 +639,12 @@
       },
       "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
       "description": "A modern CSS selector implementation for Beautiful Soup.",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
+        }
+      ],
       "externalReferences": [
         {
           "url": "https://github.com/facelessuser/soupsieve",
@@ -2237,7 +2249,7 @@
       "type": "library",
       "bom-ref": "45-zipp",
       "name": "zipp",
-      "version": "3.20.2",
+      "version": "3.21.0",
       "supplier": {
         "name": "Jason R .",
         "contact": [
@@ -2246,16 +2258,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
       "description": "Backport of pathlib-compatible object wrapper for zip files",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/zipp/3.20.2/#files",
+          "url": "https://pypi.org/project/zipp/3.21.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/zipp@3.20.2",
+      "purl": "pkg:pypi/zipp@3.21.0",
       "properties": [
         {
           "name": "language",
@@ -2308,6 +2320,12 @@
       "name": "markupsafe",
       "version": "3.0.2",
       "description": "Safely add untrusted strings to HTML/XML markup.",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c"
+        }
+      ],
       "externalReferences": [
         {
           "url": "https://pypi.org/project/markupsafe/3.0.2/#files",
@@ -2473,7 +2491,7 @@
       "type": "library",
       "bom-ref": "51-rpds-py",
       "name": "rpds-py",
-      "version": "0.20.1",
+      "version": "0.21.0",
       "supplier": {
         "name": "Julian Berman",
         "contact": [
@@ -2482,30 +2500,21 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*",
       "description": "Python bindings to Rust's persistent data structures (rpds)",
-      "licenses": [
-        {
-          "license": {
-            "id": "MIT",
-            "url": "https://opensource.org/licenses/MIT",
-            "acknowledgement": "concluded"
-          }
-        }
-      ],
       "externalReferences": [
         {
           "url": "https://github.com/crate-py/rpds",
           "type": "website",
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/rpds-py/0.20.1/#files",
+          "url": "https://pypi.org/project/rpds-py/0.21.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rpds-py@0.20.1",
+      "purl": "pkg:pypi/rpds-py@0.21.0",
       "properties": [
         {
           "name": "language",
@@ -2837,6 +2846,12 @@
       },
       "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*",
       "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -3030,7 +3045,7 @@
       "type": "library",
       "bom-ref": "62-packaging",
       "name": "packaging",
-      "version": "24.1",
+      "version": "24.2",
       "supplier": {
         "name": "Donald Stufft",
         "contact": [
@@ -3039,22 +3054,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
       "description": "Core utilities for Python packages",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7"
-        }
-      ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/packaging/24.1/#files",
+          "url": "https://pypi.org/project/packaging/24.2/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/packaging@24.1",
+      "purl": "pkg:pypi/packaging@24.2",
       "properties": [
         {
           "name": "language",

diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9f3d8833-874a-4b8d-97a0-34ac23a6561e
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9649f957-449f-4148-b2c1-9a5ec28d0ff8
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.11.3
-Created: 2024-11-04T00:38:06Z
+Created: 2024-11-11T00:37:24Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -149,6 +149,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Guido van Jukka ukasz Michael ([email protected])
 PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files
 FilesAnalyzed: false
+PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
@@ -229,6 +230,7 @@ PackageSupplier: Person: Isaac Muse ([email protected])
 PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/facelessuser/soupsieve
+PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
@@ -752,17 +754,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:
 
 PackageName: zipp
 SPDXID: SPDXRef-45-zipp
-PackageVersion: 3.20.2
+PackageVersion: 3.21.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Jason R. ([email protected])
-PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files
+PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Backport of pathlib-compatible object wrapper for zip files</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jinja2
@@ -787,6 +789,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: NOASSERTION
 PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
 FilesAnalyzed: false
+PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageLicenseComments: <text>markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.</text>
@@ -847,18 +850,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*
 
 PackageName: rpds-py
 SPDXID: SPDXRef-51-rpds-py
-PackageVersion: 0.20.1
+PackageVersion: 0.21.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman ([email protected])
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/crate-py/rpds
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python bindings to Rust's persistent data structures (rpds)</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: lib4sbom
@@ -969,6 +972,7 @@ PackageSupplier: Person: Will McGugan ([email protected])
 PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/Textualize/rich
+PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
@@ -1030,18 +1034,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*
 
 PackageName: packaging
 SPDXID: SPDXRef-62-packaging
-PackageVersion: 24.1
+PackageVersion: 24.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Donald Stufft ([email protected])
-PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files
+PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
 FilesAnalyzed: false
-PackageChecksum: SHA1: 85442b8032cb7bae72866dfd7782234a98dd2fb7
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Core utilities for Python packages</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: plotly