chore: update SBOM for Python 3.11 (#4169)

github-actions[bot] · web-flow · web-flow · commit 9d062f256963 · 2024-06-10T10:27:31.000-07:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:bf873e46-4fea-4e8e-b81e-fbfae368b84a",
+  "serialNumber": "urn:uuid:e01caae8-315f-4cee-86eb-da44a110f7a6",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-06-03T00:28:47Z",
+    "timestamp": "2024-06-10T00:29:56Z",
     "tools": {
       "components": [
         {
@@ -1472,7 +1472,7 @@
       "type": "library",
       "bom-ref": "34-cryptography",
       "name": "cryptography",
-      "version": "42.0.7",
+      "version": "42.0.8",
       "supplier": {
         "name": "The Python Cryptographic Authority and individual contributors",
         "contact": [
@@ -1481,7 +1481,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.8:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
       "licenses": [
         {
@@ -1490,12 +1490,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cryptography/42.0.7",
+          "url": "https://pypi.org/project/cryptography/42.0.8",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cryptography@42.0.7",
+      "purl": "pkg:pypi/cryptography@42.0.8",
       "properties": [
         {
           "name": "language",
@@ -2148,7 +2148,7 @@
       "type": "library",
       "bom-ref": "50-packaging",
       "name": "packaging",
-      "version": "24.0",
+      "version": "24.1",
       "supplier": {
         "name": "Donald Stufft",
         "contact": [
@@ -2157,16 +2157,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*",
       "description": "Core utilities for Python packages",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/packaging/24.0",
+          "url": "https://pypi.org/project/packaging/24.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/packaging@24.0",
+      "purl": "pkg:pypi/packaging@24.1",
       "properties": [
         {
           "name": "language",
@@ -2613,6 +2613,12 @@
       },
       "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*",
       "description": "Pygments is a syntax highlighting package written in Python.",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb"
+        }
+      ],
       "licenses": [
         {
           "license": {
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e0caa7eb-0160-4c34-8422-5adb39a170ad
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-be377122-c0be-449b-be0c-46c8f91e0c1d
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.10.4
-Created: 2024-06-03T00:27:26Z
+Created: 2024-06-10T00:28:42Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -541,17 +541,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.
 
 PackageName: cryptography
 SPDXID: SPDXRef-Package-34-cryptography
-PackageVersion: 42.0.7
+PackageVersion: 42.0.8
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.7
+PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.8
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
 PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.7
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.8
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.8:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
@@ -793,17 +793,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1
 
 PackageName: packaging
 SPDXID: SPDXRef-Package-50-packaging
-PackageVersion: 24.0
+PackageVersion: 24.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Donald Stufft (donald@stufft.io)
-PackageDownloadLocation: https://pypi.org/project/packaging/24.0
+PackageDownloadLocation: https://pypi.org/project/packaging/24.1
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Core utilities for Python packages</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: plotly
@@ -969,6 +969,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Georg Brandl (georg@python.org)
 PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0
 FilesAnalyzed: false
+PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb
 PackageLicenseDeclared: BSD-2-Clause
 PackageLicenseConcluded: BSD-2-Clause
 PackageCopyrightText: NOASSERTION
