From 9cd6bdc77a61ddbed4e0f44ddc8ec116f477147a Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 1 Jul 2024 00:32:37 +0000 Subject: [PATCH] chore: update SBOM for Python 3.9 --- sbom/cve-bin-tool-py3.9.json | 26 ++++++++++++++++---------- sbom/cve-bin-tool-py3.9.spdx | 21 +++++++++++---------- 2 files changed, 27 insertions(+), 20 deletions(-) diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index e33432a541..20cd6643f4 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:b64a8515-10ab-45eb-9a0f-f50a8cda2ddd", + "serialNumber": "urn:uuid:315f2a51-50c8-4ce3-85a6-4d80347c618d", "version": 1, "metadata": { - "timestamp": "2024-06-24T00:29:14Z", + "timestamp": "2024-07-01T00:32:36Z", "tools": { "components": [ { @@ -1793,7 +1793,7 @@ "type": "library", "bom-ref": "41-importlib-metadata", "name": "importlib-metadata", - "version": "7.2.1", + "version": "8.0.0", "supplier": { "name": "Jason R .", "contact": [ @@ -1802,16 +1802,16 @@ } ] }, - "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:7.2.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*", "description": "Read metadata from Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/importlib_metadata/7.2.1", + "url": "https://pypi.org/project/importlib_metadata/8.0.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/importlib-metadata@7.2.1", + "purl": "pkg:pypi/importlib-metadata@8.0.0", "properties": [ { "name": "language", @@ -2600,7 +2600,7 @@ "type": "library", "bom-ref": "61-tenacity", "name": "tenacity", - "version": "8.4.1", + "version": "8.4.2", "supplier": { "name": "Julien Danjou", "contact": [ @@ -2609,7 +2609,7 @@ } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.4.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.4.2:*:*:*:*:*:*:*", "description": "Retry code until it succeeds", "licenses": [ { @@ -2621,12 +2621,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/tenacity/8.4.1", + "url": "https://pypi.org/project/tenacity/8.4.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/tenacity@8.4.1", + "purl": "pkg:pypi/tenacity@8.4.2", "properties": [ { "name": "language", @@ -3011,6 +3011,12 @@ }, "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", + "hashes": [ + { + "alg": "SHA-1", + "content": "004fca18366974c34193176bd3a356f711330ca0" + } + ], "licenses": [ { "license": { diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index 25e7defb6c..b6f03ad5c0 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0285a098-d27d-4a0a-95c6-622e42111687 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-66a1e2ed-d350-4ec2-a045-9233ae2258a5 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.10.4 -Created: 2024-06-24T00:28:19Z +Created: 2024-07-01T00:31:42Z CreatorComment: This document has been automatically generated. ##### @@ -654,17 +654,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* PackageName: importlib-metadata SPDXID: SPDXRef-Package-41-importlib-metadata -PackageVersion: 7.2.1 +PackageVersion: 8.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/importlib_metadata/7.2.1 +PackageDownloadLocation: https://pypi.org/project/importlib_metadata/8.0.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Read metadata from Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@7.2.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:7.2.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:* ##### PackageName: zipp @@ -964,18 +964,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:* PackageName: tenacity SPDXID: SPDXRef-Package-61-tenacity -PackageVersion: 8.4.1 +PackageVersion: 8.4.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageDownloadLocation: https://pypi.org/project/tenacity/8.4.1 +PackageDownloadLocation: https://pypi.org/project/tenacity/8.4.2 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.4.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.4.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.4.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.4.2:*:*:*:*:*:*:* ##### PackageName: python-gnupg @@ -1111,6 +1111,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) PackageDownloadLocation: https://pypi.org/project/elementpath/4.4.0 FilesAnalyzed: false +PackageChecksum: SHA1: 004fca18366974c34193176bd3a356f711330ca0 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION