-
Notifications
You must be signed in to change notification settings - Fork 460
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: update SBOM for Python 3.11 (#3186)
Co-authored-by: GitHub <[email protected]>
- Loading branch information
1 parent
b83b515
commit ae66713
Showing
2 changed files
with
56 additions
and
53 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,20 @@ | ||
{ | ||
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", | ||
"bomFormat": "CycloneDX", | ||
"specVersion": "1.4", | ||
"serialNumber": "urn:uuid5a7b63ab-47f5-4de6-9234-8874c30772fe", | ||
"specVersion": "1.5", | ||
"serialNumber": "urn:uuid9a634d0a-8010-4b1c-8e14-c9ceeea7c1b6", | ||
"version": 1, | ||
"metadata": { | ||
"timestamp": "2023-07-24T00:29:26Z", | ||
"tools": [ | ||
{ | ||
"name": "sbom4python", | ||
"version": "0.9.2" | ||
} | ||
], | ||
"timestamp": "2023-07-31T00:28:06Z", | ||
"tools": { | ||
"components": [ | ||
{ | ||
"name": "sbom4python", | ||
"version": "0.10.0", | ||
"type": "application" | ||
} | ||
] | ||
}, | ||
"component": { | ||
"type": "application", | ||
"bom-ref": "CDXRef-DOCUMENT", | ||
|
@@ -842,7 +845,7 @@ | |
"type": "library", | ||
"bom-ref": "26-pyparsing", | ||
"name": "pyparsing", | ||
"version": "3.1.0", | ||
"version": "3.1.1", | ||
"supplier": { | ||
"name": "Paul McGuire", | ||
"contact": [ | ||
|
@@ -851,16 +854,16 @@ | |
} | ||
] | ||
}, | ||
"cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:*", | ||
"cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:*", | ||
"description": "pyparsing module - Classes and methods to define and execute parsing grammars", | ||
"externalReferences": [ | ||
{ | ||
"url": "https://pypi.org/project/pyparsing/3.1.0", | ||
"url": "https://pypi.org/project/pyparsing/3.1.1", | ||
"type": "distribution", | ||
"comment": "Download location for component" | ||
} | ||
], | ||
"purl": "pkg:pypi/[email protected].0" | ||
"purl": "pkg:pypi/[email protected].1" | ||
}, | ||
{ | ||
"type": "library", | ||
|
@@ -1524,7 +1527,7 @@ | |
"type": "library", | ||
"bom-ref": "47-lib4sbom", | ||
"name": "lib4sbom", | ||
"version": "0.3.1", | ||
"version": "0.4.0", | ||
"supplier": { | ||
"name": "Anthony Harrison", | ||
"contact": [ | ||
|
@@ -1533,7 +1536,7 @@ | |
} | ||
] | ||
}, | ||
"cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:*", | ||
"cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:*", | ||
"description": "Software Bill of Material (SBOM) generator and consumer library", | ||
"licenses": [ | ||
{ | ||
|
@@ -1545,12 +1548,12 @@ | |
], | ||
"externalReferences": [ | ||
{ | ||
"url": "https://pypi.org/project/lib4sbom/0.3.1", | ||
"url": "https://pypi.org/project/lib4sbom/0.4.0", | ||
"type": "distribution", | ||
"comment": "Download location for component" | ||
} | ||
], | ||
"purl": "pkg:pypi/lib4sbom@0.3.1" | ||
"purl": "pkg:pypi/lib4sbom@0.4.0" | ||
}, | ||
{ | ||
"type": "library", | ||
|
@@ -1841,7 +1844,7 @@ | |
"type": "library", | ||
"bom-ref": "56-rich", | ||
"name": "rich", | ||
"version": "13.4.2", | ||
"version": "13.5.0", | ||
"supplier": { | ||
"name": "Will McGugan", | ||
"contact": [ | ||
|
@@ -1850,7 +1853,7 @@ | |
} | ||
] | ||
}, | ||
"cpe": "cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:*", | ||
"cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:*", | ||
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", | ||
"licenses": [ | ||
{ | ||
|
@@ -1862,12 +1865,12 @@ | |
], | ||
"externalReferences": [ | ||
{ | ||
"url": "https://pypi.org/project/rich/13.4.2", | ||
"url": "https://pypi.org/project/rich/13.5.0", | ||
"type": "distribution", | ||
"comment": "Download location for component" | ||
} | ||
], | ||
"purl": "pkg:pypi/rich@13.4.2" | ||
"purl": "pkg:pypi/rich@13.5.0" | ||
}, | ||
{ | ||
"type": "library", | ||
|
@@ -2017,7 +2020,7 @@ | |
"type": "library", | ||
"bom-ref": "62-xmlschema", | ||
"name": "xmlschema", | ||
"version": "2.3.1", | ||
"version": "2.4.0", | ||
"supplier": { | ||
"name": "Davide Brunato", | ||
"contact": [ | ||
|
@@ -2026,7 +2029,7 @@ | |
} | ||
] | ||
}, | ||
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:*", | ||
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.4.0:*:*:*:*:*:*:*", | ||
"description": "An XML Schema validator and decoder", | ||
"licenses": [ | ||
{ | ||
|
@@ -2038,18 +2041,18 @@ | |
], | ||
"externalReferences": [ | ||
{ | ||
"url": "https://pypi.org/project/xmlschema/2.3.1", | ||
"url": "https://pypi.org/project/xmlschema/2.4.0", | ||
"type": "distribution", | ||
"comment": "Download location for component" | ||
} | ||
], | ||
"purl": "pkg:pypi/xmlschema@2.3.1" | ||
"purl": "pkg:pypi/xmlschema@2.4.0" | ||
}, | ||
{ | ||
"type": "library", | ||
"bom-ref": "63-elementpath", | ||
"name": "elementpath", | ||
"version": "4.1.4", | ||
"version": "4.1.5", | ||
"supplier": { | ||
"name": "Davide Brunato", | ||
"contact": [ | ||
|
@@ -2058,7 +2061,7 @@ | |
} | ||
] | ||
}, | ||
"cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:*", | ||
"cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*:*:*:*:*", | ||
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", | ||
"licenses": [ | ||
{ | ||
|
@@ -2070,12 +2073,12 @@ | |
], | ||
"externalReferences": [ | ||
{ | ||
"url": "https://pypi.org/project/elementpath/4.1.4", | ||
"url": "https://pypi.org/project/elementpath/4.1.5", | ||
"type": "distribution", | ||
"comment": "Download location for component" | ||
} | ||
], | ||
"purl": "pkg:pypi/[email protected].4" | ||
"purl": "pkg:pypi/[email protected].5" | ||
}, | ||
{ | ||
"type": "library", | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 | |
DataLicense: CC0-1.0 | ||
SPDXID: SPDXRef-DOCUMENT | ||
DocumentName: Python-cve-bin-tool | ||
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-80457b80-ae28-4fb8-bb66-68f2bcc10bcd | ||
LicenseListVersion: 3.20 | ||
Creator: Tool: sbom4python-0.9.2 | ||
Created: 2023-07-24T00:28:06Z | ||
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8f980fac-aa44-47cd-aacb-ad66f7e7cfab | ||
LicenseListVersion: 3.21 | ||
Creator: Tool: sbom4python-0.10.0 | ||
Created: 2023-07-31T00:26:51Z | ||
CreatorComment: <text>This document has been automatically generated.</text> | ||
##### | ||
|
||
|
@@ -396,17 +396,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* | |
|
||
PackageName: pyparsing | ||
SPDXID: SPDXRef-Package-26-pyparsing | ||
PackageVersion: 3.1.0 | ||
PackageVersion: 3.1.1 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Paul McGuire ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.0 | ||
PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.1 | ||
FilesAnalyzed: false | ||
PackageLicenseDeclared: NOASSERTION | ||
PackageLicenseConcluded: NOASSERTION | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: <text>pyparsing module - Classes and methods to define and execute parsing grammars</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].0 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:* | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].1 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: oauth2client | ||
|
@@ -718,17 +718,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.9.2:*:*:*:*:*: | |
|
||
PackageName: lib4sbom | ||
SPDXID: SPDXRef-Package-47-lib4sbom | ||
PackageVersion: 0.3.1 | ||
PackageVersion: 0.4.0 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Anthony Harrison ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.3.1 | ||
PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.0 | ||
FilesAnalyzed: false | ||
PackageLicenseDeclared: Apache-2.0 | ||
PackageLicenseConcluded: Apache-2.0 | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: <text>Software Bill of Material (SBOM) generator and consumer library</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.3.1 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:* | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.0 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: pyyaml | ||
|
@@ -858,17 +858,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*: | |
|
||
PackageName: rich | ||
SPDXID: SPDXRef-Package-56-rich | ||
PackageVersion: 13.4.2 | ||
PackageVersion: 13.5.0 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Will McGugan ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/rich/13.4.2 | ||
PackageDownloadLocation: https://pypi.org/project/rich/13.5.0 | ||
FilesAnalyzed: false | ||
PackageLicenseDeclared: MIT | ||
PackageLicenseConcluded: MIT | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: <text>Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.4.2 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:* | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.5.0 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: markdown-it-py | ||
|
@@ -948,32 +948,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: | |
|
||
PackageName: xmlschema | ||
SPDXID: SPDXRef-Package-62-xmlschema | ||
PackageVersion: 2.3.1 | ||
PackageVersion: 2.4.0 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Davide Brunato ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/xmlschema/2.3.1 | ||
PackageDownloadLocation: https://pypi.org/project/xmlschema/2.4.0 | ||
FilesAnalyzed: false | ||
PackageLicenseDeclared: MIT | ||
PackageLicenseConcluded: MIT | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: <text>An XML Schema validator and decoder</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.3.1 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:* | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.4.0 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.4.0:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: elementpath | ||
SPDXID: SPDXRef-Package-63-elementpath | ||
PackageVersion: 4.1.4 | ||
PackageVersion: 4.1.5 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Davide Brunato ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.4 | ||
PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.5 | ||
FilesAnalyzed: false | ||
PackageLicenseDeclared: MIT | ||
PackageLicenseConcluded: MIT | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: <text>XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].4 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:* | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].5 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: zstandard | ||
|