chore: update SBOM for Python 3.11 (#3186)

Co-authored-by: GitHub <[email protected]>
intel · Aug 3, 2023 · ae66713 · ae66713
1 parent b83b515
commit ae66713
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 53 deletions.
diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
@@ -1,17 +1,20 @@
 {
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
-  "specVersion": "1.4",
-  "serialNumber": "urn:uuid5a7b63ab-47f5-4de6-9234-8874c30772fe",
+  "specVersion": "1.5",
+  "serialNumber": "urn:uuid9a634d0a-8010-4b1c-8e14-c9ceeea7c1b6",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-07-24T00:29:26Z",
-    "tools": [
-      {
-        "name": "sbom4python",
-        "version": "0.9.2"
-      }
-    ],
+    "timestamp": "2023-07-31T00:28:06Z",
+    "tools": {
+      "components": [
+        {
+          "name": "sbom4python",
+          "version": "0.10.0",
+          "type": "application"
+        }
+      ]
+    },
     "component": {
       "type": "application",
       "bom-ref": "CDXRef-DOCUMENT",
@@ -842,7 +845,7 @@
       "type": "library",
       "bom-ref": "26-pyparsing",
       "name": "pyparsing",
-      "version": "3.1.0",
+      "version": "3.1.1",
       "supplier": {
         "name": "Paul McGuire",
         "contact": [
@@ -851,16 +854,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:*",
       "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/pyparsing/3.1.0",
+          "url": "https://pypi.org/project/pyparsing/3.1.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].0"
+      "purl": "pkg:pypi/[email protected].1"
     },
     {
       "type": "library",
@@ -1524,7 +1527,7 @@
       "type": "library",
       "bom-ref": "47-lib4sbom",
       "name": "lib4sbom",
-      "version": "0.3.1",
+      "version": "0.4.0",
       "supplier": {
         "name": "Anthony Harrison",
         "contact": [
@@ -1533,7 +1536,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:*",
       "description": "Software Bill of Material (SBOM) generator and consumer library",
       "licenses": [
         {
@@ -1545,12 +1548,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/lib4sbom/0.3.1",
+          "url": "https://pypi.org/project/lib4sbom/0.4.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/lib4sbom@0.3.1"
+      "purl": "pkg:pypi/lib4sbom@0.4.0"
     },
     {
       "type": "library",
@@ -1841,7 +1844,7 @@
       "type": "library",
       "bom-ref": "56-rich",
       "name": "rich",
-      "version": "13.4.2",
+      "version": "13.5.0",
       "supplier": {
         "name": "Will McGugan",
         "contact": [
@@ -1850,7 +1853,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:*",
       "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
       "licenses": [
         {
@@ -1862,12 +1865,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/rich/13.4.2",
+          "url": "https://pypi.org/project/rich/13.5.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rich@13.4.2"
+      "purl": "pkg:pypi/rich@13.5.0"
     },
     {
       "type": "library",
@@ -2017,7 +2020,7 @@
       "type": "library",
       "bom-ref": "62-xmlschema",
       "name": "xmlschema",
-      "version": "2.3.1",
+      "version": "2.4.0",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -2026,7 +2029,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.4.0:*:*:*:*:*:*:*",
       "description": "An XML Schema validator and decoder",
       "licenses": [
         {
@@ -2038,18 +2041,18 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/xmlschema/2.3.1",
+          "url": "https://pypi.org/project/xmlschema/2.4.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/xmlschema@2.3.1"
+      "purl": "pkg:pypi/xmlschema@2.4.0"
     },
     {
       "type": "library",
       "bom-ref": "63-elementpath",
       "name": "elementpath",
-      "version": "4.1.4",
+      "version": "4.1.5",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -2058,7 +2061,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*:*:*:*:*",
       "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
       "licenses": [
         {
@@ -2070,12 +2073,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/elementpath/4.1.4",
+          "url": "https://pypi.org/project/elementpath/4.1.5",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].4"
+      "purl": "pkg:pypi/[email protected].5"
     },
     {
       "type": "library",

diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-80457b80-ae28-4fb8-bb66-68f2bcc10bcd
-LicenseListVersion: 3.20
-Creator: Tool: sbom4python-0.9.2
-Created: 2023-07-24T00:28:06Z
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8f980fac-aa44-47cd-aacb-ad66f7e7cfab
+LicenseListVersion: 3.21
+Creator: Tool: sbom4python-0.10.0
+Created: 2023-07-31T00:26:51Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -396,17 +396,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*
 
 PackageName: pyparsing
 SPDXID: SPDXRef-Package-26-pyparsing
-PackageVersion: 3.1.0
+PackageVersion: 3.1.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Paul McGuire ([email protected])
-PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.0
+PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.1
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>pyparsing module - Classes and methods to define and execute parsing grammars</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: oauth2client
@@ -718,17 +718,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.9.2:*:*:*:*:*:
 
 PackageName: lib4sbom
 SPDXID: SPDXRef-Package-47-lib4sbom
-PackageVersion: 0.3.1
+PackageVersion: 0.4.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Anthony Harrison ([email protected])
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.3.1
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.0
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Software Bill of Material (SBOM) generator and consumer library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: pyyaml
@@ -858,17 +858,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*:
 
 PackageName: rich
 SPDXID: SPDXRef-Package-56-rich
-PackageVersion: 13.4.2
+PackageVersion: 13.5.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Will McGugan ([email protected])
-PackageDownloadLocation: https://pypi.org/project/rich/13.4.2
+PackageDownloadLocation: https://pypi.org/project/rich/13.5.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: markdown-it-py
@@ -948,32 +948,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
 
 PackageName: xmlschema
 SPDXID: SPDXRef-Package-62-xmlschema
-PackageVersion: 2.3.1
+PackageVersion: 2.4.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato ([email protected])
-PackageDownloadLocation: https://pypi.org/project/xmlschema/2.3.1
+PackageDownloadLocation: https://pypi.org/project/xmlschema/2.4.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An XML Schema validator and decoder</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.4.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.4.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: elementpath
 SPDXID: SPDXRef-Package-63-elementpath
-PackageVersion: 4.1.4
+PackageVersion: 4.1.5
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato ([email protected])
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.4
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.5
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*:*:*:*:*
 ##### 
 
 PackageName: zstandard