chore: update SBOM for Python 3.8

terriko · Jul 17, 2023 · bafe3d3 · bafe3d3
1 parent 72a65e4
commit bafe3d3
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 42 deletions.
diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid2594a2d8-1a8e-49ce-8155-b6f102ba7513",
+  "serialNumber": "urn:uuidba25a12c-48d4-43ed-8c64-06869fc34d6d",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-07-10T00:39:47Z",
+    "timestamp": "2023-07-17T02:05:43Z",
     "tools": [
       {
         "name": "sbom4python",
@@ -112,7 +112,7 @@
       "type": "library",
       "bom-ref": "4-frozenlist",
       "name": "frozenlist",
-      "version": "1.3.3",
+      "version": "1.4.0",
       "description": "A list-like structure which implements collections.abc.MutableSequence",
       "licenses": [
         {
@@ -124,12 +124,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/frozenlist/1.3.3",
+          "url": "https://pypi.org/project/frozenlist/1.4.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/frozenlist@1.3.3",
+      "purl": "pkg:pypi/frozenlist@1.4.0",
       "properties": [
         {
           "name": "License Comments",
@@ -1050,7 +1050,7 @@
       "type": "library",
       "bom-ref": "32-cryptography",
       "name": "cryptography",
-      "version": "41.0.1",
+      "version": "41.0.2",
       "supplier": {
         "name": "The Python Cryptographic Authority and individual contributors",
         "contact": [
@@ -1059,7 +1059,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.2:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
       "licenses": [
         {
@@ -1070,12 +1070,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cryptography/41.0.1",
+          "url": "https://pypi.org/project/cryptography/41.0.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].1"
+      "purl": "pkg:pypi/[email protected].2"
     },
     {
       "type": "library",
@@ -1221,7 +1221,7 @@
       "type": "library",
       "bom-ref": "37-google-auth",
       "name": "google-auth",
-      "version": "2.21.0",
+      "version": "2.22.0",
       "supplier": {
         "name": "Google Cloud Platform",
         "contact": [
@@ -1230,7 +1230,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.21.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.22.0:*:*:*:*:*:*:*",
       "description": "Google Authentication Library",
       "licenses": [
         {
@@ -1242,12 +1242,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/google-auth/2.21.0",
+          "url": "https://pypi.org/project/google-auth/2.22.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/google-auth@2.21.0",
+      "purl": "pkg:pypi/google-auth@2.22.0",
       "properties": [
         {
           "name": "License Comments",
@@ -1385,7 +1385,7 @@
       "type": "library",
       "bom-ref": "42-zipp",
       "name": "zipp",
-      "version": "3.16.0",
+      "version": "3.16.2",
       "supplier": {
         "name": "Jason R. Coombs",
         "contact": [
@@ -1394,16 +1394,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.16.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.16.2:*:*:*:*:*:*:*",
       "description": "Backport of pathlib-compatible object wrapper for zip files",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/zipp/3.16.0",
+          "url": "https://pypi.org/project/zipp/3.16.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].0"
+      "purl": "pkg:pypi/[email protected].2"
     },
     {
       "type": "library",
@@ -1488,11 +1488,11 @@
       "type": "library",
       "bom-ref": "46-jsonschema",
       "name": "jsonschema",
-      "version": "4.18.0",
+      "version": "4.18.3",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.3:*:*:*:*:*:*:*",
       "description": "An implementation of JSON Schema validation for Python",
       "licenses": [
         {
@@ -1504,12 +1504,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/jsonschema/4.18.0",
+          "url": "https://pypi.org/project/jsonschema/4.18.3",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].0"
+      "purl": "pkg:pypi/[email protected].3"
     },
     {
       "type": "library",

diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-ad7dbeb4-29be-41b7-9df6-a373cb966694
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c9f85295-b090-4db0-b815-c6e36d164d42
 LicenseListVersion: 3.20
 Creator: Tool: sbom4python-0.9.2
-Created: 2023-07-10T00:38:13Z
+Created: 2023-07-17T02:04:09Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -55,17 +55,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected]
 
 PackageName: frozenlist
 SPDXID: SPDXRef-Package-4-frozenlist
-PackageVersion: 1.3.3
+PackageVersion: 1.4.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/frozenlist/1.3.3
+PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.0
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A list-like structure which implements collections.abc.MutableSequence</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.3.3
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.4.0
 ##### 
 
 PackageName: async-timeout
@@ -490,17 +490,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.
 
 PackageName: cryptography
 SPDXID: SPDXRef-Package-32-cryptography
-PackageVersion: 41.0.1
+PackageVersion: 41.0.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors ([email protected])
-PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.1
+PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.2
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
 PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
@@ -567,18 +567,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
 
 PackageName: google-auth
 SPDXID: SPDXRef-Package-37-google-auth
-PackageVersion: 2.21.0
+PackageVersion: 2.22.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Google Cloud Platform ([email protected])
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.21.0
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.22.0
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Google Authentication Library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.21.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.22.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.22.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cachetools
@@ -644,17 +644,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:6.8
 
 PackageName: zipp
 SPDXID: SPDXRef-Package-42-zipp
-PackageVersion: 3.16.0
+PackageVersion: 3.16.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Jason R. Coombs ([email protected])
-PackageDownloadLocation: https://pypi.org/project/zipp/3.16.0
+PackageDownloadLocation: https://pypi.org/project/zipp/3.16.2
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Backport of pathlib-compatible object wrapper for zip files</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.16.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.16.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: importlib-resources
@@ -703,17 +703,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected]
 
 PackageName: jsonschema
 SPDXID: SPDXRef-Package-46-jsonschema
-PackageVersion: 4.18.0
+PackageVersion: 4.18.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.0
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.3
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An implementation of JSON Schema validation for Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jsonschema-specifications