chore: update SBOM for Python 3.9

intel · Jan 15, 2024 · 2f06c40 · 2f06c40
1 parent 373bc2a
commit 2f06c40
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 52 deletions.
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:62919f5f-5a0e-45fa-b5a8-fc0e233bcf21",
+  "serialNumber": "urn:uuid:d6700b9e-a9c6-43fc-bb2b-5ba9af2f2d22",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-01-09T17:41:01Z",
+    "timestamp": "2024-01-15T00:31:22Z",
     "tools": {
       "components": [
         {
@@ -1400,6 +1400,12 @@
       },
       "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.7:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "4054596afc6f2b6cfcc54f56c35c34e0e429cb66"
+        }
+      ],
       "licenses": [
         {
           "expression": "Apache-2.0 OR BSD-3-Clause"
@@ -1628,7 +1634,7 @@
       "type": "library",
       "bom-ref": "36-google-auth",
       "name": "google-auth",
-      "version": "2.26.1",
+      "version": "2.26.2",
       "supplier": {
         "name": "Google Cloud Platform",
         "contact": [
@@ -1637,7 +1643,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.26.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.26.2:*:*:*:*:*:*:*",
       "description": "Google Authentication Library",
       "licenses": [
         {
@@ -1649,12 +1655,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/google-auth/2.26.1",
+          "url": "https://pypi.org/project/google-auth/2.26.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/google-auth@2.26.1",
+      "purl": "pkg:pypi/google-auth@2.26.2",
       "properties": [
         {
           "name": "language",
@@ -1848,23 +1854,8 @@
       "type": "library",
       "bom-ref": "41-jinja2",
       "name": "jinja2",
-      "version": "3.1.2",
-      "supplier": {
-        "name": "Armin Ronacher",
-        "contact": [
-          {
-            "email": "armin.ronacher@active-4.com"
-          }
-        ]
-      },
-      "cpe": "cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*:*:*",
+      "version": "3.1.3",
       "description": "A very fast and expressive template engine.",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "b08cd4bc64bb980df86ed2876978ae5735572280"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -1875,12 +1866,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/Jinja2/3.1.2",
+          "url": "https://pypi.org/project/Jinja2/3.1.3",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/jinja2@3.1.2",
+      "purl": "pkg:pypi/jinja2@3.1.3",
       "properties": [
         {
           "name": "language",
@@ -2058,11 +2049,11 @@
       "type": "library",
       "bom-ref": "46-rpds-py",
       "name": "rpds-py",
-      "version": "0.16.2",
+      "version": "0.17.1",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.16.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.17.1:*:*:*:*:*:*:*",
       "description": "Python bindings to Rust's persistent data structures (rpds)",
       "licenses": [
         {
@@ -2074,12 +2065,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/rpds-py/0.16.2",
+          "url": "https://pypi.org/project/rpds-py/0.17.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rpds-py@0.16.2",
+      "purl": "pkg:pypi/rpds-py@0.17.1",
       "properties": [
         {
           "name": "language",
@@ -2243,6 +2234,12 @@
       },
       "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.13.4:*:*:*:*:*:*:*",
       "description": "A purl aka. Package URL parser and builder",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "f7f41b89a941278e8f76c0aad3a9409c6583eda8"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -2775,6 +2772,12 @@
       },
       "cpe": "cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*",
       "description": "Pygments is a syntax highlighting package written in Python.",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "ee30ce132ae252bd72f3a74c86d9314a2214d0b4"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -2896,7 +2899,7 @@
       "type": "library",
       "bom-ref": "65-xmlschema",
       "name": "xmlschema",
-      "version": "3.0.0",
+      "version": "3.0.1",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -2905,7 +2908,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.0.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.0.1:*:*:*:*:*:*:*",
       "description": "An XML Schema validator and decoder",
       "licenses": [
         {
@@ -2917,12 +2920,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/xmlschema/3.0.0",
+          "url": "https://pypi.org/project/xmlschema/3.0.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/xmlschema@3.0.0",
+      "purl": "pkg:pypi/xmlschema@3.0.1",
       "properties": [
         {
           "name": "language",

diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e2cebcb5-2a33-4a7c-919e-c425eee53aa8
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4afe55af-b7c9-4665-8ecf-9c62a1b633ca
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.10.3
-Created: 2024-01-09T17:39:20Z
+Created: 2024-01-15T00:29:16Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -497,6 +497,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
 PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.7
 FilesAnalyzed: false
+PackageChecksum: SHA1: 4054596afc6f2b6cfcc54f56c35c34e0e429cb66
 PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
 PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
 PackageCopyrightText: NOASSERTION
@@ -573,18 +574,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
 
 PackageName: google-auth
 SPDXID: SPDXRef-Package-36-google-auth
-PackageVersion: 2.26.1
+PackageVersion: 2.26.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.26.1
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.26.2
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Google Authentication Library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.26.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.26.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.26.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.26.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cachetools
@@ -653,18 +654,16 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.17.0:*:*:*:*:*:
 
 PackageName: jinja2
 SPDXID: SPDXRef-Package-41-jinja2
-PackageVersion: 3.1.2
+PackageVersion: 3.1.3
 PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com)
-PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.2
+PackageSupplier: NOASSERTION
+PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.3
 FilesAnalyzed: false
-PackageChecksum: SHA1: b08cd4bc64bb980df86ed2876978ae5735572280
 PackageLicenseDeclared: BSD-3-Clause
 PackageLicenseConcluded: BSD-3-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A very fast and expressive template engine.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.1.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.1.3
 ##### 
 
 PackageName: markupsafe
@@ -731,17 +730,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.32.1:*:*:*
 
 PackageName: rpds-py
 SPDXID: SPDXRef-Package-46-rpds-py
-PackageVersion: 0.16.2
+PackageVersion: 0.17.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.16.2
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.17.1
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python bindings to Rust's persistent data structures (rpds)</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.16.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.16.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.17.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.17.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: lib4sbom
@@ -799,6 +798,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: the purl authors
 PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.13.4
 FilesAnalyzed: false
+PackageChecksum: SHA1: f7f41b89a941278e8f76c0aad3a9409c6583eda8
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
@@ -990,6 +990,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Georg Brandl (georg@python.org)
 PackageDownloadLocation: https://pypi.org/project/Pygments/2.17.2
 FilesAnalyzed: false
+PackageChecksum: SHA1: ee30ce132ae252bd72f3a74c86d9314a2214d0b4
 PackageLicenseDeclared: BSD-2-Clause
 PackageLicenseConcluded: BSD-2-Clause
 PackageCopyrightText: NOASSERTION
@@ -1031,17 +1032,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
 
 PackageName: xmlschema
 SPDXID: SPDXRef-Package-65-xmlschema
-PackageVersion: 3.0.0
+PackageVersion: 3.0.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.0.0
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.0.1
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An XML Schema validator and decoder</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.0.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.0.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.0.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: elementpath