Skip to content

Commit

Permalink
chore: update SBOM for Python 3.11
Browse files Browse the repository at this point in the history
  • Loading branch information
web-flow authored and github-actions[bot] committed Oct 21, 2024
1 parent 2b15bc5 commit 66f71d4
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 34 deletions.
34 changes: 17 additions & 17 deletions sbom/cve-bin-tool-py3.11.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:5f8b0ff8-2835-4eef-868a-1d5a08b3d324",
"serialNumber": "urn:uuid:d5e538e5-15fc-467b-9af5-fdbadcd9bc9e",
"version": 1,
"metadata": {
"timestamp": "2024-10-14T00:37:17Z",
"timestamp": "2024-10-21T00:38:07Z",
"lifecycles": [
{
"phase": "build"
Expand Down Expand Up @@ -340,7 +340,7 @@
"type": "library",
"bom-ref": "8-yarl",
"name": "yarl",
"version": "1.15.2",
"version": "1.15.5",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
Expand All @@ -349,7 +349,7 @@
}
]
},
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
Expand All @@ -367,12 +367,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/yarl/1.15.2/#files",
"url": "https://pypi.org/project/yarl/1.15.5/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].2",
"purl": "pkg:pypi/[email protected].5",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -1773,7 +1773,7 @@
"type": "library",
"bom-ref": "36-cryptography",
"name": "cryptography",
"version": "43.0.1",
"version": "43.0.3",
"supplier": {
"name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
"contact": [
Expand All @@ -1782,7 +1782,7 @@
}
]
},
"cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
Expand All @@ -1796,12 +1796,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/cryptography/43.0.1/#files",
"url": "https://pypi.org/project/cryptography/43.0.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].1",
"purl": "pkg:pypi/[email protected].3",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -2132,16 +2132,16 @@
"type": "library",
"bom-ref": "43-markupsafe",
"name": "markupsafe",
"version": "3.0.1",
"version": "3.0.2",
"description": "Safely add untrusted strings to HTML/XML markup.",
"externalReferences": [
{
"url": "https://pypi.org/project/markupsafe/3.0.1/#files",
"url": "https://pypi.org/project/markupsafe/3.0.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].1",
"purl": "pkg:pypi/[email protected].2",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -3290,7 +3290,7 @@
"type": "library",
"bom-ref": "67-setuptools",
"name": "setuptools",
"version": "75.1.0",
"version": "75.2.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
Expand All @@ -3299,16 +3299,16 @@
}
]
},
"cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
"url": "https://pypi.org/project/setuptools/75.1.0/#files",
"url": "https://pypi.org/project/setuptools/75.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/setuptools@75.1.0",
"purl": "pkg:pypi/setuptools@75.2.0",
"properties": [
{
"name": "language",
Expand Down
34 changes: 17 additions & 17 deletions sbom/cve-bin-tool-py3.11.spdx
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-83273c1a-c2a7-4932-bcfd-c8afe2b06d17
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a9a33c0b-ebd3-45ac-a9ec-32d3d43f6e62
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
Created: 2024-10-14T00:36:22Z
Created: 2024-10-21T00:37:27Z
CreatorComment: <text>This document has been automatically generated.</text>
#####

Expand Down Expand Up @@ -124,18 +124,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*

PackageName: yarl
SPDXID: SPDXRef-8-yarl
PackageVersion: 1.15.2
PackageVersion: 1.15.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov ([email protected])
PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files
PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Yet another URL library</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].5
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*
#####

PackageName: idna
Expand Down Expand Up @@ -599,18 +599,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.

PackageName: cryptography
SPDXID: SPDXRef-36-cryptography
PackageVersion: 43.0.1
PackageVersion: 43.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors ([email protected])
PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.1/#files
PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyca/cryptography
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
#####

PackageName: cffi
Expand Down Expand Up @@ -716,17 +716,17 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected]

PackageName: markupsafe
SPDXID: SPDXRef-43-markupsafe
PackageVersion: 3.0.1
PackageVersion: 3.0.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.1/#files
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageLicenseComments: <text>markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.</text>
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Safely add untrusted strings to HTML/XML markup.</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].1
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].2
#####

PackageName: jsonschema
Expand Down Expand Up @@ -1113,17 +1113,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*

PackageName: setuptools
SPDXID: SPDXRef-67-setuptools
PackageVersion: 75.1.0
PackageVersion: 75.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority ([email protected])
PackageDownloadLocation: https://pypi.org/project/setuptools/75.1.0/#files
PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Easily download, build, install, upgrade, and uninstall Python packages</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*
#####

PackageName: xmlschema
Expand Down

0 comments on commit 66f71d4

Please sign in to comment.