Skip to content

Commit

Permalink
chore: update SBOM for Python 3.12 (intel#4526)
Browse files Browse the repository at this point in the history 
Co-authored-by: GitHub <[email protected]>
  • Loading branch information
@github-actions @web-flow
github-actions[bot] and web-flow authored Oct 28, 2024
1 parent df49fca commit 06886b3
Show file tree
Hide file tree
Showing 2 changed files with 49 additions and 53 deletions.
58 changes: 27 additions & 31 deletions sbom/cve-bin-tool-py3.12.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:0f75c410-49c3-4b71-9350-9079ef768e63",
"serialNumber": "urn:uuid:c3f0a58f-1000-4930-b89e-cb88efacd5d3",
"version": 1,
"metadata": {
"timestamp": "2024-10-21T00:38:03Z",
"timestamp": "2024-10-28T00:38:50Z",
"lifecycles": [
{
"phase": "build"
Expand Down Expand Up @@ -129,6 +129,12 @@
},
"cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
"hashes": [
{
"alg": "SHA-1",
"content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
}
],
"licenses": [
{
"license": {
Expand Down Expand Up @@ -215,7 +221,7 @@
"type": "library",
"bom-ref": "5-frozenlist",
"name": "frozenlist",
"version": "1.4.1",
"version": "1.5.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
"licenses": [
{
Expand All @@ -233,12 +239,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/frozenlist/1.4.1/#files",
"url": "https://pypi.org/project/frozenlist/1.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/frozenlist@1.4.1",
"purl": "pkg:pypi/frozenlist@1.5.0",
"properties": [
{
"name": "language",
Expand All @@ -247,10 +253,6 @@
{
"name": "python_version",
"value": "3.12.7"
},
{
"name": "package_release_date",
"value": "2023-12-15T08:40:29.000Z"
}
]
},
Expand Down Expand Up @@ -340,7 +342,7 @@
"type": "library",
"bom-ref": "8-yarl",
"name": "yarl",
"version": "1.15.5",
"version": "1.16.0",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
Expand All @@ -349,7 +351,7 @@
}
]
},
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
Expand All @@ -367,12 +369,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/yarl/1.15.5/#files",
"url": "https://pypi.org/project/yarl/1.16.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/yarl@1.15.5",
"purl": "pkg:pypi/yarl@1.16.0",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -2615,18 +2617,12 @@
"type": "library",
"bom-ref": "53-packageurl-python",
"name": "packageurl-python",
"version": "0.15.6",
"version": "0.16.0",
"supplier": {
"name": "the purl authors"
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
"hashes": [
{
"alg": "SHA-1",
"content": "14a11b50ab723796888133d3722b5b3e2845b084"
}
],
"licenses": [
{
"license": {
Expand All @@ -2643,12 +2639,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/packageurl-python/0.15.6/#files",
"url": "https://pypi.org/project/packageurl-python/0.16.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/packageurl-python@0.15.6",
"purl": "pkg:pypi/packageurl-python@0.16.0",
"properties": [
{
"name": "language",
Expand All @@ -2664,7 +2660,7 @@
"type": "library",
"bom-ref": "54-rich",
"name": "rich",
"version": "13.9.2",
"version": "13.9.3",
"supplier": {
"name": "Will McGugan",
"contact": [
Expand All @@ -2673,7 +2669,7 @@
}
]
},
"cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"licenses": [
{
Expand All @@ -2691,12 +2687,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/rich/13.9.2/#files",
"url": "https://pypi.org/project/rich/13.9.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].2",
"purl": "pkg:pypi/[email protected].3",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -3372,7 +3368,7 @@
"type": "library",
"bom-ref": "69-elementpath",
"name": "elementpath",
"version": "4.5.0",
"version": "4.6.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
Expand All @@ -3381,7 +3377,7 @@
}
]
},
"cpe": "cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
"licenses": [
{
Expand All @@ -3399,12 +3395,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/elementpath/4.5.0/#files",
"url": "https://pypi.org/project/elementpath/4.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/elementpath@4.5.0",
"purl": "pkg:pypi/elementpath@4.6.0",
"properties": [
{
"name": "language",
Expand Down
44 changes: 22 additions & 22 deletions sbom/cve-bin-tool-py3.12.spdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-b2973599-018f-42ec-9c3a-664a3e5f75a2
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8092be7a-891d-43e8-92da-4f3a027149cf
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.3
Created: 2024-10-21T00:37:15Z
Created: 2024-10-28T00:38:09Z
CreatorComment: <text>This document has been automatically generated.</text>
#####

Expand Down Expand Up @@ -49,6 +49,7 @@ PackageSupplier: Organization: J. Nick Koston ([email protected])
PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -76,18 +77,18 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected]

PackageName: frozenlist
SPDXID: SPDXRef-5-frozenlist
PackageVersion: 1.4.1
PackageVersion: 1.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.1/#files
PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: <text>frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.</text>
PackageCopyrightText: NOASSERTION
PackageSummary: <text>A list-like structure which implements collections.abc.MutableSequence</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0
#####

PackageName: attrs
Expand Down Expand Up @@ -124,18 +125,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*

PackageName: yarl
SPDXID: SPDXRef-8-yarl
PackageVersion: 1.15.5
PackageVersion: 1.16.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov ([email protected])
PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files
PackageDownloadLocation: https://pypi.org/project/yarl/1.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Yet another URL library</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.5
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.16.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*
#####

PackageName: idna
Expand Down Expand Up @@ -882,35 +883,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*

PackageName: packageurl-python
SPDXID: SPDXRef-53-packageurl-python
PackageVersion: 0.15.6
PackageVersion: 0.16.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6/#files
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
PackageChecksum: SHA1: 14a11b50ab723796888133d3722b5b3e2845b084
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: <text>A purl aka. Package URL parser and builder</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*
#####

PackageName: rich
SPDXID: SPDXRef-54-rich
PackageVersion: 13.9.2
PackageVersion: 13.9.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan ([email protected])
PackageDownloadLocation: https://pypi.org/project/rich/13.9.2/#files
PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*
#####

PackageName: markdown-it-py
Expand Down Expand Up @@ -1144,18 +1144,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*

PackageName: elementpath
SPDXID: SPDXRef-69-elementpath
PackageVersion: 4.5.0
PackageVersion: 4.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato ([email protected])
PackageDownloadLocation: https://pypi.org/project/elementpath/4.5.0/#files
PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: <text>XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.5.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*
#####

PackageName: zipp
Expand Down

0 comments on commit 06886b3

Please sign in to comment.