Skip to content

Commit

Permalink
chore: update SBOM for Python 3.9 (#4550)
Browse files Browse the repository at this point in the history 
Co-authored-by: GitHub <[email protected]>
  • Loading branch information
@github-actions @web-flow
github-actions[bot] and web-flow authored Nov 4, 2024
1 parent ab886a5 commit 5c42868
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 59 deletions.
76 changes: 44 additions & 32 deletions sbom/cve-bin-tool-py3.9.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:fad70535-a2c6-4cf6-84b8-75bf196560b4",
"serialNumber": "urn:uuid:cf0e1889-1a11-4eb0-90b5-58e1bd7cf8fb",
"version": 1,
"metadata": {
"timestamp": "2024-10-28T00:40:22Z",
"timestamp": "2024-11-04T00:39:04Z",
"lifecycles": [
{
"phase": "build"
Expand Down Expand Up @@ -329,6 +329,12 @@
},
"cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
"hashes": [
{
"alg": "SHA-1",
"content": "6771a04893780166e4b7826b63599f43ac30d00a"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/attrs/24.2.0/#files",
Expand Down Expand Up @@ -434,7 +440,7 @@
"type": "library",
"bom-ref": "10-yarl",
"name": "yarl",
"version": "1.16.0",
"version": "1.17.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
Expand All @@ -443,7 +449,7 @@
}
]
},
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
Expand All @@ -461,12 +467,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/yarl/1.16.0/#files",
"url": "https://pypi.org/project/yarl/1.17.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/yarl@1.16.0",
"purl": "pkg:pypi/yarl@1.17.1",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -655,7 +661,7 @@
"type": "library",
"bom-ref": "15-cvss",
"name": "cvss",
"version": "3.2",
"version": "3.3",
"supplier": {
"name": "Stanislav Red Hat Product Security",
"contact": [
Expand All @@ -664,7 +670,7 @@
}
]
},
"cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
"licenses": [
{
Expand All @@ -682,12 +688,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/cvss/3.2/#files",
"url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/cvss@3.2",
"purl": "pkg:pypi/cvss@3.3",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -2202,6 +2208,12 @@
},
"cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*",
"description": "Read metadata from Python packages",
"hashes": [
{
"alg": "SHA-1",
"content": "b34810b1e0665580a91ea19b6317a1890ecd42c1"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/importlib-metadata/8.5.0/#files",
Expand Down Expand Up @@ -2461,7 +2473,7 @@
"type": "library",
"bom-ref": "51-rpds-py",
"name": "rpds-py",
"version": "0.20.0",
"version": "0.20.1",
"supplier": {
"name": "Julian Berman",
"contact": [
Expand All @@ -2470,14 +2482,8 @@
}
]
},
"cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"hashes": [
{
"alg": "SHA-1",
"content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d"
}
],
"licenses": [
{
"license": {
Expand All @@ -2494,12 +2500,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/rpds-py/0.20.0/#files",
"url": "https://pypi.org/project/rpds-py/0.20.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].0",
"purl": "pkg:pypi/[email protected].1",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -2820,7 +2826,7 @@
"type": "library",
"bom-ref": "58-rich",
"name": "rich",
"version": "13.9.3",
"version": "13.9.4",
"supplier": {
"name": "Will McGugan",
"contact": [
Expand All @@ -2829,7 +2835,7 @@
}
]
},
"cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"licenses": [
{
Expand All @@ -2847,12 +2853,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/rich/13.9.3/#files",
"url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].3",
"purl": "pkg:pypi/[email protected].4",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -3035,6 +3041,12 @@
},
"cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
"hashes": [
{
"alg": "SHA-1",
"content": "85442b8032cb7bae72866dfd7782234a98dd2fb7"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/packaging/24.1/#files",
Expand Down Expand Up @@ -3446,7 +3458,7 @@
"type": "library",
"bom-ref": "71-setuptools",
"name": "setuptools",
"version": "75.2.0",
"version": "75.3.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
Expand All @@ -3455,16 +3467,16 @@
}
]
},
"cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
"url": "https://pypi.org/project/setuptools/75.2.0/#files",
"url": "https://pypi.org/project/setuptools/75.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/setuptools@75.2.0",
"purl": "pkg:pypi/setuptools@75.3.0",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -3538,7 +3550,7 @@
"type": "library",
"bom-ref": "73-xmlschema",
"name": "xmlschema",
"version": "3.4.2",
"version": "3.4.3",
"supplier": {
"name": "Davide Brunato",
"contact": [
Expand All @@ -3547,7 +3559,7 @@
}
]
},
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
Expand All @@ -3565,12 +3577,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/xmlschema/3.4.2/#files",
"url": "https://pypi.org/project/xmlschema/3.4.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].2",
"purl": "pkg:pypi/[email protected].3",
"properties": [
{
"name": "language",
Expand Down
Loading

0 comments on commit 5c42868

Please sign in to comment.