chore: update SBOM for Python 3.11 (#4551)

Co-authored-by: GitHub <[email protected]>
intel · Nov 4, 2024 · ab886a5 · ab886a5
1 parent 439e3c3
commit ab886a5
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 59 deletions.
diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:0f266371-5f01-4b1f-a630-b4a42e8ab4c2",
+  "serialNumber": "urn:uuid:d41bd464-c594-4908-998a-aa31f02d37f2",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-10-28T00:37:40Z",
+    "timestamp": "2024-11-04T00:39:27Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -271,6 +271,12 @@
       },
       "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
       "description": "Classes Without Boilerplate",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+        }
+      ],
       "externalReferences": [
         {
           "url": "https://pypi.org/project/attrs/24.2.0/#files",
@@ -342,7 +348,7 @@
       "type": "library",
       "bom-ref": "8-yarl",
       "name": "yarl",
-      "version": "1.16.0",
+      "version": "1.17.1",
       "supplier": {
         "name": "Andrew Svetlov",
         "contact": [
@@ -351,7 +357,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*",
       "description": "Yet another URL library",
       "licenses": [
         {
@@ -369,12 +375,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/yarl/1.16.0/#files",
+          "url": "https://pypi.org/project/yarl/1.17.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/yarl@1.16.0",
+      "purl": "pkg:pypi/yarl@1.17.1",
       "properties": [
         {
           "name": "language",
@@ -563,7 +569,7 @@
       "type": "library",
       "bom-ref": "13-cvss",
       "name": "cvss",
-      "version": "3.2",
+      "version": "3.3",
       "supplier": {
         "name": "Stanislav Red Hat Product Security",
         "contact": [
@@ -572,7 +578,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
       "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
       "licenses": [
         {
@@ -590,12 +596,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/cvss/3.2/#files",
+          "url": "https://pypi.org/project/cvss/3.3/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cvss@3.2",
+      "purl": "pkg:pypi/cvss@3.3",
       "properties": [
         {
           "name": "language",
@@ -2301,7 +2307,7 @@
       "type": "library",
       "bom-ref": "47-rpds-py",
       "name": "rpds-py",
-      "version": "0.20.0",
+      "version": "0.20.1",
       "supplier": {
         "name": "Julian Berman",
         "contact": [
@@ -2310,14 +2316,8 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*",
       "description": "Python bindings to Rust's persistent data structures (rpds)",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "fac4daa73aacf2df7b4341d51f0c24f5f80aa03d"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -2334,12 +2334,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/rpds-py/0.20.0/#files",
+          "url": "https://pypi.org/project/rpds-py/0.20.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].0",
+      "purl": "pkg:pypi/[email protected].1",
       "properties": [
         {
           "name": "language",
@@ -2660,7 +2660,7 @@
       "type": "library",
       "bom-ref": "54-rich",
       "name": "rich",
-      "version": "13.9.3",
+      "version": "13.9.4",
       "supplier": {
         "name": "Will McGugan",
         "contact": [
@@ -2669,7 +2669,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*",
       "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
       "licenses": [
         {
@@ -2687,12 +2687,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/rich/13.9.3/#files",
+          "url": "https://pypi.org/project/rich/13.9.4/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].3",
+      "purl": "pkg:pypi/[email protected].4",
       "properties": [
         {
           "name": "language",
@@ -2875,6 +2875,12 @@
       },
       "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
       "description": "Core utilities for Python packages",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "85442b8032cb7bae72866dfd7782234a98dd2fb7"
+        }
+      ],
       "externalReferences": [
         {
           "url": "https://pypi.org/project/packaging/24.1/#files",
@@ -3286,7 +3292,7 @@
       "type": "library",
       "bom-ref": "67-setuptools",
       "name": "setuptools",
-      "version": "75.2.0",
+      "version": "75.3.0",
       "supplier": {
         "name": "Python Packaging Authority",
         "contact": [
@@ -3295,16 +3301,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
       "description": "Easily download, build, install, upgrade, and uninstall Python packages",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/setuptools/75.2.0/#files",
+          "url": "https://pypi.org/project/setuptools/75.3.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/setuptools@75.2.0",
+      "purl": "pkg:pypi/setuptools@75.3.0",
       "properties": [
         {
           "name": "language",
@@ -3320,7 +3326,7 @@
       "type": "library",
       "bom-ref": "68-xmlschema",
       "name": "xmlschema",
-      "version": "3.4.2",
+      "version": "3.4.3",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -3329,7 +3335,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
       "description": "An XML Schema validator and decoder",
       "licenses": [
         {
@@ -3347,12 +3353,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/xmlschema/3.4.2/#files",
+          "url": "https://pypi.org/project/xmlschema/3.4.3/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].2",
+      "purl": "pkg:pypi/[email protected].3",
       "properties": [
         {
           "name": "language",