chore: update SBOM for Python 3.9

ffontaine · Aug 21, 2023 · 0a24bf0 · 0a24bf0
1 parent 6b0f36e
commit 0a24bf0
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 28 deletions.
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:b6888fef-f1b9-4033-95ca-a3f3c0050340",
+  "serialNumber": "urn:uuid:83c63282-7180-4ae3-85a1-7369aede211b",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-08-14T00:46:59Z",
+    "timestamp": "2023-08-21T00:46:37Z",
     "tools": {
       "components": [
         {
@@ -1575,7 +1575,7 @@
       "type": "library",
       "bom-ref": "49-lib4sbom",
       "name": "lib4sbom",
-      "version": "0.4.2",
+      "version": "0.4.3",
       "supplier": {
         "name": "Anthony Harrison",
         "contact": [
@@ -1584,7 +1584,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.3:*:*:*:*:*:*:*",
       "description": "Software Bill of Material (SBOM) generator and consumer library",
       "licenses": [
         {
@@ -1596,12 +1596,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/lib4sbom/0.4.2",
+          "url": "https://pypi.org/project/lib4sbom/0.4.3",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/lib4sbom@0.4.2"
+      "purl": "pkg:pypi/lib4sbom@0.4.3"
     },
     {
       "type": "library",
@@ -1714,7 +1714,7 @@
       "type": "library",
       "bom-ref": "53-plotly",
       "name": "plotly",
-      "version": "5.16.0",
+      "version": "5.16.1",
       "supplier": {
         "name": "Chris P",
         "contact": [
@@ -1723,7 +1723,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:chris_p:plotly:5.16.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:chris_p:plotly:5.16.1:*:*:*:*:*:*:*",
       "description": "An open-source, interactive data visualization library for Python",
       "licenses": [
         {
@@ -1735,18 +1735,18 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/plotly/5.16.0",
+          "url": "https://pypi.org/project/plotly/5.16.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/plotly@5.16.0"
+      "purl": "pkg:pypi/plotly@5.16.1"
     },
     {
       "type": "library",
       "bom-ref": "54-tenacity",
       "name": "tenacity",
-      "version": "8.2.2",
+      "version": "8.2.3",
       "supplier": {
         "name": "Julien Danjou",
         "contact": [
@@ -1755,7 +1755,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*",
       "description": "Retry code until it succeeds",
       "licenses": [
         {
@@ -1767,12 +1767,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/tenacity/8.2.2",
+          "url": "https://pypi.org/project/tenacity/8.2.3",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/tenacity@8.2.2",
+      "purl": "pkg:pypi/tenacity@8.2.3",
       "properties": [
         {
           "name": "License Comments",

diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-aeb624a0-fc0b-48d0-86a9-62e1762bb1c1
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7be1530e-add1-4632-af56-4e1e5fabae37
 LicenseListVersion: 3.21
 Creator: Tool: sbom4python-0.10.0
-Created: 2023-08-14T00:45:27Z
+Created: 2023-08-21T00:44:52Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -748,17 +748,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.9.2:*:*:*:*:*:
 
 PackageName: lib4sbom
 SPDXID: SPDXRef-Package-49-lib4sbom
-PackageVersion: 0.4.2
+PackageVersion: 0.4.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.2
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.3
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Software Bill of Material (SBOM) generator and consumer library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: pyyaml
@@ -810,33 +810,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut
 
 PackageName: plotly
 SPDXID: SPDXRef-Package-53-plotly
-PackageVersion: 5.16.0
+PackageVersion: 5.16.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/5.16.0
+PackageDownloadLocation: https://pypi.org/project/plotly/5.16.1
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An open-source, interactive data visualization library for Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.16.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.16.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.16.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.16.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: tenacity
 SPDXID: SPDXRef-Package-54-tenacity
-PackageVersion: 8.2.2
+PackageVersion: 8.2.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julien Danjou (julien@danjou.info)
-PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.2
+PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.3
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Retry code until it succeeds</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: python-gnupg