Skip to content

Commit

Permalink
chore: update SBOM for Python 3.9 (#4131)
Browse files Browse the repository at this point in the history
Co-authored-by: GitHub <[email protected]>
  • Loading branch information
github-actions[bot] and web-flow authored May 20, 2024
1 parent aee7116 commit f00cb76
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 16 deletions.
22 changes: 14 additions & 8 deletions sbom/cve-bin-tool-py3.9.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:6b8040ba-91ea-45e2-b48e-cf3f925e08dd",
"serialNumber": "urn:uuid:da25ffa1-1384-461d-a6c5-84dfce937e55",
"version": 1,
"metadata": {
"timestamp": "2024-05-13T00:29:02Z",
"timestamp": "2024-05-20T00:28:52Z",
"tools": {
"components": [
{
Expand Down Expand Up @@ -1839,31 +1839,31 @@
"type": "library",
"bom-ref": "42-zipp",
"name": "zipp",
"version": "3.18.1",
"version": "3.18.2",
"supplier": {
"name": "Jason R . Coombs",
"name": "Jason R .",
"contact": [
{
"email": "[email protected]"
}
]
},
"cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.18.1:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:jason_r.:zipp:3.18.2:*:*:*:*:*:*:*",
"description": "Backport of pathlib-compatible object wrapper for zip files",
"hashes": [
{
"alg": "SHA-1",
"content": "bfae83474a730e8cc9b8a71027fb859b46b3875c"
"content": "051250eb0e3024d75e7de09921e4efab074f0112"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/zipp/3.18.1",
"url": "https://pypi.org/project/zipp/3.18.2",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].1",
"purl": "pkg:pypi/[email protected].2",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -1906,6 +1906,12 @@
"name": "markupsafe",
"version": "2.1.5",
"description": "Safely add untrusted strings to HTML/XML markup.",
"hashes": [
{
"alg": "SHA-1",
"content": "fbba4acd0312826cec9cfe18371c7df07962cb65"
}
],
"licenses": [
{
"license": {
Expand Down
17 changes: 9 additions & 8 deletions sbom/cve-bin-tool-py3.9.spdx
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-f75310d1-b81b-40c2-930d-22699181394d
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3138d3f8-dc63-447a-b0be-cca4b60da110
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.10.4
Created: 2024-05-13T00:27:25Z
Created: 2024-05-20T00:27:19Z
CreatorComment: <text>This document has been automatically generated.</text>
#####

Expand Down Expand Up @@ -671,18 +671,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:7.1

PackageName: zipp
SPDXID: SPDXRef-Package-42-zipp
PackageVersion: 3.18.1
PackageVersion: 3.18.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. Coombs ([email protected])
PackageDownloadLocation: https://pypi.org/project/zipp/3.18.1
PackageSupplier: Organization: Jason R. ([email protected])
PackageDownloadLocation: https://pypi.org/project/zipp/3.18.2
FilesAnalyzed: false
PackageChecksum: SHA1: bfae83474a730e8cc9b8a71027fb859b46b3875c
PackageChecksum: SHA1: 051250eb0e3024d75e7de09921e4efab074f0112
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Backport of pathlib-compatible object wrapper for zip files</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.18.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.18.2:*:*:*:*:*:*:*
#####

PackageName: jinja2
Expand All @@ -706,6 +706,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.5
FilesAnalyzed: false
PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
Expand Down

0 comments on commit f00cb76

Please sign in to comment.