forked from intel/cve-bin-tool
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
53 additions
and
53 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,11 +1,11 @@ | ||
| { | ||
| "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", | ||
| "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", | ||
| "bomFormat": "CycloneDX", | ||
| "specVersion": "1.5", | ||
| "serialNumber": "urn:uuidd6f17b21-d3b2-4528-bee5-76e137998772", | ||
| "serialNumber": "urn:uuid:69d45cca-510b-4dcb-87da-1b3b4c988a28", | ||
| "version": 1, | ||
| "metadata": { | ||
| "timestamp": "2023-08-07T01:01:03Z", | ||
| "timestamp": "2023-08-21T01:19:52Z", | ||
| "tools": { | ||
| "components": [ | ||
| { | ||
|
|
@@ -144,7 +144,7 @@ | |
| "type": "library", | ||
| "bom-ref": "5-async-timeout", | ||
| "name": "async-timeout", | ||
| "version": "4.0.2", | ||
| "version": "4.0.3", | ||
| "supplier": { | ||
| "name": "Andrew Svetlov", | ||
| "contact": [ | ||
|
|
@@ -153,7 +153,7 @@ | |
| } | ||
| ] | ||
| }, | ||
| "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:*", | ||
| "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*", | ||
| "description": "Timeout context manager for asyncio programs", | ||
| "licenses": [ | ||
| { | ||
|
|
@@ -165,12 +165,12 @@ | |
| ], | ||
| "externalReferences": [ | ||
| { | ||
| "url": "https://pypi.org/project/async-timeout/4.0.2", | ||
| "url": "https://pypi.org/project/async-timeout/4.0.3", | ||
| "type": "distribution", | ||
| "comment": "Download location for component" | ||
| } | ||
| ], | ||
| "purl": "pkg:pypi/[email protected].2", | ||
| "purl": "pkg:pypi/[email protected].3", | ||
| "properties": [ | ||
| { | ||
| "name": "License Comments", | ||
|
|
@@ -1412,7 +1412,7 @@ | |
| "type": "library", | ||
| "bom-ref": "43-importlib-resources", | ||
| "name": "importlib-resources", | ||
| "version": "6.0.0", | ||
| "version": "6.0.1", | ||
| "supplier": { | ||
| "name": "Barry Warsaw", | ||
| "contact": [ | ||
|
|
@@ -1421,16 +1421,16 @@ | |
| } | ||
| ] | ||
| }, | ||
| "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.0.0:*:*:*:*:*:*:*", | ||
| "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.0.1:*:*:*:*:*:*:*", | ||
| "description": "Read resources from Python packages", | ||
| "externalReferences": [ | ||
| { | ||
| "url": "https://pypi.org/project/importlib-resources/6.0.0", | ||
| "url": "https://pypi.org/project/importlib-resources/6.0.1", | ||
| "type": "distribution", | ||
| "comment": "Download location for component" | ||
| } | ||
| ], | ||
| "purl": "pkg:pypi/[email protected].0" | ||
| "purl": "pkg:pypi/[email protected].1" | ||
| }, | ||
| { | ||
| "type": "library", | ||
|
|
@@ -1491,11 +1491,11 @@ | |
| "type": "library", | ||
| "bom-ref": "46-jsonschema", | ||
| "name": "jsonschema", | ||
| "version": "4.18.6", | ||
| "version": "4.19.0", | ||
| "supplier": { | ||
| "name": "Julian Berman" | ||
| }, | ||
| "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:*", | ||
| "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.19.0:*:*:*:*:*:*:*", | ||
| "description": "An implementation of JSON Schema validation for Python", | ||
| "licenses": [ | ||
| { | ||
|
|
@@ -1507,12 +1507,12 @@ | |
| ], | ||
| "externalReferences": [ | ||
| { | ||
| "url": "https://pypi.org/project/jsonschema/4.18.6", | ||
| "url": "https://pypi.org/project/jsonschema/4.19.0", | ||
| "type": "distribution", | ||
| "comment": "Download location for component" | ||
| } | ||
| ], | ||
| "purl": "pkg:pypi/jsonschema@4.18.6" | ||
| "purl": "pkg:pypi/jsonschema@4.19.0" | ||
| }, | ||
| { | ||
| "type": "library", | ||
|
|
@@ -1623,7 +1623,7 @@ | |
| "type": "library", | ||
| "bom-ref": "51-lib4sbom", | ||
| "name": "lib4sbom", | ||
| "version": "0.4.1", | ||
| "version": "0.4.3", | ||
| "supplier": { | ||
| "name": "Anthony Harrison", | ||
| "contact": [ | ||
|
|
@@ -1632,7 +1632,7 @@ | |
| } | ||
| ] | ||
| }, | ||
| "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:*", | ||
| "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.3:*:*:*:*:*:*:*", | ||
| "description": "Software Bill of Material (SBOM) generator and consumer library", | ||
| "licenses": [ | ||
| { | ||
|
|
@@ -1644,12 +1644,12 @@ | |
| ], | ||
| "externalReferences": [ | ||
| { | ||
| "url": "https://pypi.org/project/lib4sbom/0.4.1", | ||
| "url": "https://pypi.org/project/lib4sbom/0.4.3", | ||
| "type": "distribution", | ||
| "comment": "Download location for component" | ||
| } | ||
| ], | ||
| "purl": "pkg:pypi/[email protected].1" | ||
| "purl": "pkg:pypi/[email protected].3" | ||
| }, | ||
| { | ||
| "type": "library", | ||
|
|
@@ -1762,7 +1762,7 @@ | |
| "type": "library", | ||
| "bom-ref": "55-plotly", | ||
| "name": "plotly", | ||
| "version": "5.15.0", | ||
| "version": "5.16.1", | ||
| "supplier": { | ||
| "name": "Chris P", | ||
| "contact": [ | ||
|
|
@@ -1771,7 +1771,7 @@ | |
| } | ||
| ] | ||
| }, | ||
| "cpe": "cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:*", | ||
| "cpe": "cpe:2.3:a:chris_p:plotly:5.16.1:*:*:*:*:*:*:*", | ||
| "description": "An open-source, interactive data visualization library for Python", | ||
| "licenses": [ | ||
| { | ||
|
|
@@ -1783,18 +1783,18 @@ | |
| ], | ||
| "externalReferences": [ | ||
| { | ||
| "url": "https://pypi.org/project/plotly/5.15.0", | ||
| "url": "https://pypi.org/project/plotly/5.16.1", | ||
| "type": "distribution", | ||
| "comment": "Download location for component" | ||
| } | ||
| ], | ||
| "purl": "pkg:pypi/plotly@5.15.0" | ||
| "purl": "pkg:pypi/plotly@5.16.1" | ||
| }, | ||
| { | ||
| "type": "library", | ||
| "bom-ref": "56-tenacity", | ||
| "name": "tenacity", | ||
| "version": "8.2.2", | ||
| "version": "8.2.3", | ||
| "supplier": { | ||
| "name": "Julien Danjou", | ||
| "contact": [ | ||
|
|
@@ -1803,7 +1803,7 @@ | |
| } | ||
| ] | ||
| }, | ||
| "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:*", | ||
| "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*", | ||
| "description": "Retry code until it succeeds", | ||
| "licenses": [ | ||
| { | ||
|
|
@@ -1815,12 +1815,12 @@ | |
| ], | ||
| "externalReferences": [ | ||
| { | ||
| "url": "https://pypi.org/project/tenacity/8.2.2", | ||
| "url": "https://pypi.org/project/tenacity/8.2.3", | ||
| "type": "distribution", | ||
| "comment": "Download location for component" | ||
| } | ||
| ], | ||
| "purl": "pkg:pypi/[email protected].2", | ||
| "purl": "pkg:pypi/[email protected].3", | ||
| "properties": [ | ||
| { | ||
| "name": "License Comments", | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 | |
| DataLicense: CC0-1.0 | ||
| SPDXID: SPDXRef-DOCUMENT | ||
| DocumentName: Python-cve-bin-tool | ||
| DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4ebe989f-e3b4-43e2-996a-aee6d2303adf | ||
| DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9d0187db-e3ea-4d5a-bb05-67956d3e41d3 | ||
| LicenseListVersion: 3.21 | ||
| Creator: Tool: sbom4python-0.10.0 | ||
| Created: 2023-08-07T00:59:13Z | ||
| Created: 2023-08-21T01:18:02Z | ||
| CreatorComment: <text>This document has been automatically generated.</text> | ||
| ##### | ||
|
|
||
|
|
@@ -70,18 +70,18 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected] | |
|
|
||
| PackageName: async-timeout | ||
| SPDXID: SPDXRef-Package-5-async-timeout | ||
| PackageVersion: 4.0.2 | ||
| PackageVersion: 4.0.3 | ||
| PrimaryPackagePurpose: LIBRARY | ||
| PackageSupplier: Organization: Andrew Svetlov ([email protected]) | ||
| PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.2 | ||
| PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3 | ||
| FilesAnalyzed: false | ||
| PackageLicenseDeclared: NOASSERTION | ||
| PackageLicenseConcluded: Apache-2.0 | ||
| PackageLicenseComments: <text>async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression.</text> | ||
| PackageCopyrightText: NOASSERTION | ||
| PackageSummary: <text>Timeout context manager for asyncio programs</text> | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].2 | ||
| ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:* | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].3 | ||
| ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:* | ||
| ##### | ||
|
|
||
| PackageName: attrs | ||
|
|
@@ -659,17 +659,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.16.2:*:*:*:*:*: | |
|
|
||
| PackageName: importlib-resources | ||
| SPDXID: SPDXRef-Package-43-importlib-resources | ||
| PackageVersion: 6.0.0 | ||
| PackageVersion: 6.0.1 | ||
| PrimaryPackagePurpose: LIBRARY | ||
| PackageSupplier: Person: Barry Warsaw ([email protected]) | ||
| PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.0.0 | ||
| PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.0.1 | ||
| FilesAnalyzed: false | ||
| PackageLicenseDeclared: NOASSERTION | ||
| PackageLicenseConcluded: NOASSERTION | ||
| PackageCopyrightText: NOASSERTION | ||
| PackageSummary: <text>Read resources from Python packages</text> | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].0 | ||
| ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.0.0:*:*:*:*:*:*:* | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].1 | ||
| ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.0.1:*:*:*:*:*:*:* | ||
| ##### | ||
|
|
||
| PackageName: jinja2 | ||
|
|
@@ -703,17 +703,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected] | |
|
|
||
| PackageName: jsonschema | ||
| SPDXID: SPDXRef-Package-46-jsonschema | ||
| PackageVersion: 4.18.6 | ||
| PackageVersion: 4.19.0 | ||
| PrimaryPackagePurpose: LIBRARY | ||
| PackageSupplier: Person: Julian Berman | ||
| PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.6 | ||
| PackageDownloadLocation: https://pypi.org/project/jsonschema/4.19.0 | ||
| FilesAnalyzed: false | ||
| PackageLicenseDeclared: MIT | ||
| PackageLicenseConcluded: MIT | ||
| PackageCopyrightText: NOASSERTION | ||
| PackageSummary: <text>An implementation of JSON Schema validation for Python</text> | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.6 | ||
| ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:* | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.19.0 | ||
| ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.19.0:*:*:*:*:*:*:* | ||
| ##### | ||
|
|
||
| PackageName: jsonschema-specifications | ||
|
|
@@ -778,17 +778,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.1 | |
|
|
||
| PackageName: lib4sbom | ||
| SPDXID: SPDXRef-Package-51-lib4sbom | ||
| PackageVersion: 0.4.1 | ||
| PackageVersion: 0.4.3 | ||
| PrimaryPackagePurpose: LIBRARY | ||
| PackageSupplier: Person: Anthony Harrison ([email protected]) | ||
| PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.1 | ||
| PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.3 | ||
| FilesAnalyzed: false | ||
| PackageLicenseDeclared: Apache-2.0 | ||
| PackageLicenseConcluded: Apache-2.0 | ||
| PackageCopyrightText: NOASSERTION | ||
| PackageSummary: <text>Software Bill of Material (SBOM) generator and consumer library</text> | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].1 | ||
| ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:* | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].3 | ||
| ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.3:*:*:*:*:*:*:* | ||
| ##### | ||
|
|
||
| PackageName: pyyaml | ||
|
|
@@ -840,33 +840,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut | |
|
|
||
| PackageName: plotly | ||
| SPDXID: SPDXRef-Package-55-plotly | ||
| PackageVersion: 5.15.0 | ||
| PackageVersion: 5.16.1 | ||
| PrimaryPackagePurpose: LIBRARY | ||
| PackageSupplier: Person: Chris P ([email protected]) | ||
| PackageDownloadLocation: https://pypi.org/project/plotly/5.15.0 | ||
| PackageDownloadLocation: https://pypi.org/project/plotly/5.16.1 | ||
| FilesAnalyzed: false | ||
| PackageLicenseDeclared: MIT | ||
| PackageLicenseConcluded: MIT | ||
| PackageCopyrightText: NOASSERTION | ||
| PackageSummary: <text>An open-source, interactive data visualization library for Python</text> | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.15.0 | ||
| ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:* | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.16.1 | ||
| ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.16.1:*:*:*:*:*:*:* | ||
| ##### | ||
|
|
||
| PackageName: tenacity | ||
| SPDXID: SPDXRef-Package-56-tenacity | ||
| PackageVersion: 8.2.2 | ||
| PackageVersion: 8.2.3 | ||
| PrimaryPackagePurpose: LIBRARY | ||
| PackageSupplier: Person: Julien Danjou ([email protected]) | ||
| PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.2 | ||
| PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.3 | ||
| FilesAnalyzed: false | ||
| PackageLicenseDeclared: NOASSERTION | ||
| PackageLicenseConcluded: Apache-2.0 | ||
| PackageLicenseComments: <text>tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text> | ||
| PackageCopyrightText: NOASSERTION | ||
| PackageSummary: <text>Retry code until it succeeds</text> | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].2 | ||
| ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:* | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].3 | ||
| ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:* | ||
| ##### | ||
|
|
||
| PackageName: python-gnupg | ||
|
|
||