forked from intel/cve-bin-tool
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: update SBOM for Python 3.10 (intel#3747)
Co-authored-by: GitHub <[email protected]>
- Loading branch information
1 parent
902ef25
commit 0986fc5
Showing
2 changed files
with
49 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,10 +2,10 @@ | |
| "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", | ||
| "bomFormat": "CycloneDX", | ||
| "specVersion": "1.5", | ||
| "serialNumber": "urn:uuid:055a78b9-2a63-4e07-bb1b-ebb33387923e", | ||
| "serialNumber": "urn:uuid:df2024e0-55ff-462f-859b-ebc335df71aa", | ||
| "version": 1, | ||
| "metadata": { | ||
| "timestamp": "2024-01-15T00:28:56Z", | ||
| "timestamp": "2024-01-22T00:29:04Z", | ||
| "tools": { | ||
| "components": [ | ||
| { | ||
|
|
@@ -416,7 +416,7 @@ | |
| "type": "library", | ||
| "bom-ref": "10-beautifulsoup4", | ||
| "name": "beautifulsoup4", | ||
| "version": "4.12.2", | ||
| "version": "4.12.3", | ||
| "supplier": { | ||
| "name": "Leonard Richardson", | ||
| "contact": [ | ||
|
|
@@ -425,16 +425,24 @@ | |
| } | ||
| ] | ||
| }, | ||
| "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.2:*:*:*:*:*:*:*", | ||
| "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*", | ||
| "description": "Screen-scraping library", | ||
| "licenses": [ | ||
| { | ||
| "license": { | ||
| "id": "MIT", | ||
| "url": "https://opensource.org/licenses/MIT" | ||
| } | ||
| } | ||
| ], | ||
| "externalReferences": [ | ||
| { | ||
| "url": "https://pypi.org/project/beautifulsoup4/4.12.2", | ||
| "url": "https://pypi.org/project/beautifulsoup4/4.12.3", | ||
| "type": "distribution", | ||
| "comment": "Download location for component" | ||
| } | ||
| ], | ||
| "purl": "pkg:pypi/[email protected].2", | ||
| "purl": "pkg:pypi/[email protected].3", | ||
| "properties": [ | ||
| { | ||
| "name": "language", | ||
|
|
@@ -443,6 +451,10 @@ | |
| { | ||
| "name": "python_version", | ||
| "value": "3.10.13" | ||
| }, | ||
| { | ||
| "name": "License Comments", | ||
| "value": "beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression." | ||
| } | ||
| ] | ||
| }, | ||
|
|
@@ -780,6 +792,12 @@ | |
| }, | ||
| "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*", | ||
| "description": "A python package that provides useful locks", | ||
| "hashes": [ | ||
| { | ||
| "alg": "SHA-1", | ||
| "content": "06c3f06cab4e135b8d921932019a231c180eb9f4" | ||
| } | ||
| ], | ||
| "licenses": [ | ||
| { | ||
| "license": { | ||
|
|
@@ -1813,12 +1831,12 @@ | |
| "type": "library", | ||
| "bom-ref": "40-markupsafe", | ||
| "name": "markupsafe", | ||
| "version": "2.1.3", | ||
| "version": "2.1.4", | ||
| "description": "Safely add untrusted strings to HTML/XML markup.", | ||
| "hashes": [ | ||
| { | ||
| "alg": "SHA-1", | ||
| "content": "496112e00fcfa54d81d256f1f7e221ad01d033cc" | ||
| "content": "b7cd6523579ea5a08d89799f2a64ec2c2bc45eca" | ||
| } | ||
| ], | ||
| "licenses": [ | ||
|
|
@@ -1831,12 +1849,12 @@ | |
| ], | ||
| "externalReferences": [ | ||
| { | ||
| "url": "https://pypi.org/project/MarkupSafe/2.1.3", | ||
| "url": "https://pypi.org/project/MarkupSafe/2.1.4", | ||
| "type": "distribution", | ||
| "comment": "Download location for component" | ||
| } | ||
| ], | ||
| "purl": "pkg:pypi/[email protected].3", | ||
| "purl": "pkg:pypi/[email protected].4", | ||
| "properties": [ | ||
| { | ||
| "name": "language", | ||
|
|
@@ -1852,18 +1870,12 @@ | |
| "type": "library", | ||
| "bom-ref": "41-jsonschema", | ||
| "name": "jsonschema", | ||
| "version": "4.20.0", | ||
| "version": "4.21.1", | ||
| "supplier": { | ||
| "name": "Julian Berman" | ||
| }, | ||
| "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*:*:*:*:*", | ||
| "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*", | ||
| "description": "An implementation of JSON Schema validation for Python", | ||
| "hashes": [ | ||
| { | ||
| "alg": "SHA-1", | ||
| "content": "5ff5999d50420251744bc49e758f3b15ad2f8569" | ||
| } | ||
| ], | ||
| "licenses": [ | ||
| { | ||
| "license": { | ||
|
|
@@ -1874,12 +1886,12 @@ | |
| ], | ||
| "externalReferences": [ | ||
| { | ||
| "url": "https://pypi.org/project/jsonschema/4.20.0", | ||
| "url": "https://pypi.org/project/jsonschema/4.21.1", | ||
| "type": "distribution", | ||
| "comment": "Download location for component" | ||
| } | ||
| ], | ||
| "purl": "pkg:pypi/jsonschema@4.20.0", | ||
| "purl": "pkg:pypi/jsonschema@4.21.1", | ||
| "properties": [ | ||
| { | ||
| "name": "language", | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 | |
| DataLicense: CC0-1.0 | ||
| SPDXID: SPDXRef-DOCUMENT | ||
| DocumentName: Python-cve-bin-tool | ||
| DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-23ce7aee-b65e-4e50-8505-e69ea92226c9 | ||
| DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7f3a6df6-e0a0-4e43-9d16-11bb8e973a21 | ||
| LicenseListVersion: 3.22 | ||
| Creator: Tool: sbom4python-0.10.3 | ||
| Created: 2024-01-15T00:27:22Z | ||
| Created: 2024-01-22T00:27:28Z | ||
| CreatorComment: <text>This document has been automatically generated.</text> | ||
| ##### | ||
|
|
||
|
|
@@ -153,17 +153,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:* | |
|
|
||
| PackageName: beautifulsoup4 | ||
| SPDXID: SPDXRef-Package-10-beautifulsoup4 | ||
| PackageVersion: 4.12.2 | ||
| PackageVersion: 4.12.3 | ||
| PrimaryPackagePurpose: LIBRARY | ||
| PackageSupplier: Person: Leonard Richardson ([email protected]) | ||
| PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.2 | ||
| PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3 | ||
| FilesAnalyzed: false | ||
| PackageLicenseDeclared: NOASSERTION | ||
| PackageLicenseConcluded: NOASSERTION | ||
| PackageLicenseConcluded: MIT | ||
| PackageLicenseComments: <text>beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.</text> | ||
| PackageCopyrightText: NOASSERTION | ||
| PackageSummary: <text>Screen-scraping library</text> | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].2 | ||
| ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.2:*:*:*:*:*:*:* | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].3 | ||
| ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:* | ||
| ##### | ||
|
|
||
| PackageName: soupsieve | ||
|
|
@@ -286,6 +287,7 @@ PrimaryPackagePurpose: LIBRARY | |
| PackageSupplier: Person: Joshua Harlow | ||
| PackageDownloadLocation: https://pypi.org/project/fasteners/0.19 | ||
| FilesAnalyzed: false | ||
| PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4 | ||
| PackageLicenseDeclared: Apache-2.0 | ||
| PackageLicenseConcluded: Apache-2.0 | ||
| PackageCopyrightText: NOASSERTION | ||
|
|
@@ -637,33 +639,32 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected] | |
|
|
||
| PackageName: markupsafe | ||
| SPDXID: SPDXRef-Package-40-markupsafe | ||
| PackageVersion: 2.1.3 | ||
| PackageVersion: 2.1.4 | ||
| PrimaryPackagePurpose: LIBRARY | ||
| PackageSupplier: NOASSERTION | ||
| PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.3 | ||
| PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.4 | ||
| FilesAnalyzed: false | ||
| PackageChecksum: SHA1: 496112e00fcfa54d81d256f1f7e221ad01d033cc | ||
| PackageChecksum: SHA1: b7cd6523579ea5a08d89799f2a64ec2c2bc45eca | ||
| PackageLicenseDeclared: BSD-3-Clause | ||
| PackageLicenseConcluded: BSD-3-Clause | ||
| PackageCopyrightText: NOASSERTION | ||
| PackageSummary: <text>Safely add untrusted strings to HTML/XML markup.</text> | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].3 | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].4 | ||
| ##### | ||
|
|
||
| PackageName: jsonschema | ||
| SPDXID: SPDXRef-Package-41-jsonschema | ||
| PackageVersion: 4.20.0 | ||
| PackageVersion: 4.21.1 | ||
| PrimaryPackagePurpose: LIBRARY | ||
| PackageSupplier: Person: Julian Berman | ||
| PackageDownloadLocation: https://pypi.org/project/jsonschema/4.20.0 | ||
| PackageDownloadLocation: https://pypi.org/project/jsonschema/4.21.1 | ||
| FilesAnalyzed: false | ||
| PackageChecksum: SHA1: 5ff5999d50420251744bc49e758f3b15ad2f8569 | ||
| PackageLicenseDeclared: MIT | ||
| PackageLicenseConcluded: MIT | ||
| PackageCopyrightText: NOASSERTION | ||
| PackageSummary: <text>An implementation of JSON Schema validation for Python</text> | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.20.0 | ||
| ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*:*:*:*:* | ||
| ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.21.1 | ||
| ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:* | ||
| ##### | ||
|
|
||
| PackageName: jsonschema-specifications | ||
|
|
||