Skip to content

Commit 2132a4c

Browse files
github-actions[bot]web-flow
authored andcommitted
chore: update SBOM for Python 3.9 (intel#3748)
Co-authored-by: GitHub <[email protected]>
1 parent e2c1d9a commit 2132a4c

File tree

2 files changed

+49
-36
lines changed

2 files changed

+49
-36
lines changed

sbom/cve-bin-tool-py3.9.json

Lines changed: 32 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,10 @@
22
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
33
"bomFormat": "CycloneDX",
44
"specVersion": "1.5",
5-
"serialNumber": "urn:uuid:d6700b9e-a9c6-43fc-bb2b-5ba9af2f2d22",
5+
"serialNumber": "urn:uuid:54d4b079-3b5b-49e9-ae53-306b733aa60d",
66
"version": 1,
77
"metadata": {
8-
"timestamp": "2024-01-15T00:31:22Z",
8+
"timestamp": "2024-01-22T00:29:31Z",
99
"tools": {
1010
"components": [
1111
{
@@ -416,7 +416,7 @@
416416
"type": "library",
417417
"bom-ref": "10-beautifulsoup4",
418418
"name": "beautifulsoup4",
419-
"version": "4.12.2",
419+
"version": "4.12.3",
420420
"supplier": {
421421
"name": "Leonard Richardson",
422422
"contact": [
@@ -425,16 +425,24 @@
425425
}
426426
]
427427
},
428-
"cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.2:*:*:*:*:*:*:*",
428+
"cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*",
429429
"description": "Screen-scraping library",
430+
"licenses": [
431+
{
432+
"license": {
433+
"id": "MIT",
434+
"url": "https://opensource.org/licenses/MIT"
435+
}
436+
}
437+
],
430438
"externalReferences": [
431439
{
432-
"url": "https://pypi.org/project/beautifulsoup4/4.12.2",
440+
"url": "https://pypi.org/project/beautifulsoup4/4.12.3",
433441
"type": "distribution",
434442
"comment": "Download location for component"
435443
}
436444
],
437-
"purl": "pkg:pypi/[email protected].2",
445+
"purl": "pkg:pypi/[email protected].3",
438446
"properties": [
439447
{
440448
"name": "language",
@@ -443,6 +451,10 @@
443451
{
444452
"name": "python_version",
445453
"value": "3.9.18"
454+
},
455+
{
456+
"name": "License Comments",
457+
"value": "beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression."
446458
}
447459
]
448460
},
@@ -780,6 +792,12 @@
780792
},
781793
"cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*",
782794
"description": "A python package that provides useful locks",
795+
"hashes": [
796+
{
797+
"alg": "SHA-1",
798+
"content": "06c3f06cab4e135b8d921932019a231c180eb9f4"
799+
}
800+
],
783801
"licenses": [
784802
{
785803
"license": {
@@ -1887,12 +1905,12 @@
18871905
"type": "library",
18881906
"bom-ref": "42-markupsafe",
18891907
"name": "markupsafe",
1890-
"version": "2.1.3",
1908+
"version": "2.1.4",
18911909
"description": "Safely add untrusted strings to HTML/XML markup.",
18921910
"hashes": [
18931911
{
18941912
"alg": "SHA-1",
1895-
"content": "496112e00fcfa54d81d256f1f7e221ad01d033cc"
1913+
"content": "b7cd6523579ea5a08d89799f2a64ec2c2bc45eca"
18961914
}
18971915
],
18981916
"licenses": [
@@ -1905,12 +1923,12 @@
19051923
],
19061924
"externalReferences": [
19071925
{
1908-
"url": "https://pypi.org/project/MarkupSafe/2.1.3",
1926+
"url": "https://pypi.org/project/MarkupSafe/2.1.4",
19091927
"type": "distribution",
19101928
"comment": "Download location for component"
19111929
}
19121930
],
1913-
"purl": "pkg:pypi/[email protected].3",
1931+
"purl": "pkg:pypi/[email protected].4",
19141932
"properties": [
19151933
{
19161934
"name": "language",
@@ -1926,18 +1944,12 @@
19261944
"type": "library",
19271945
"bom-ref": "43-jsonschema",
19281946
"name": "jsonschema",
1929-
"version": "4.20.0",
1947+
"version": "4.21.1",
19301948
"supplier": {
19311949
"name": "Julian Berman"
19321950
},
1933-
"cpe": "cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*:*:*:*:*",
1951+
"cpe": "cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*",
19341952
"description": "An implementation of JSON Schema validation for Python",
1935-
"hashes": [
1936-
{
1937-
"alg": "SHA-1",
1938-
"content": "5ff5999d50420251744bc49e758f3b15ad2f8569"
1939-
}
1940-
],
19411953
"licenses": [
19421954
{
19431955
"license": {
@@ -1948,12 +1960,12 @@
19481960
],
19491961
"externalReferences": [
19501962
{
1951-
"url": "https://pypi.org/project/jsonschema/4.20.0",
1963+
"url": "https://pypi.org/project/jsonschema/4.21.1",
19521964
"type": "distribution",
19531965
"comment": "Download location for component"
19541966
}
19551967
],
1956-
"purl": "pkg:pypi/jsonschema@4.20.0",
1968+
"purl": "pkg:pypi/jsonschema@4.21.1",
19571969
"properties": [
19581970
{
19591971
"name": "language",

sbom/cve-bin-tool-py3.9.spdx

Lines changed: 17 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
22
DataLicense: CC0-1.0
33
SPDXID: SPDXRef-DOCUMENT
44
DocumentName: Python-cve-bin-tool
5-
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4afe55af-b7c9-4665-8ecf-9c62a1b633ca
5+
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-5f4d31df-fd73-4951-8e94-ddefa13884ec
66
LicenseListVersion: 3.22
77
Creator: Tool: sbom4python-0.10.3
8-
Created: 2024-01-15T00:29:16Z
8+
Created: 2024-01-22T00:27:48Z
99
CreatorComment: <text>This document has been automatically generated.</text>
1010
#####
1111

@@ -153,17 +153,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:*
153153

154154
PackageName: beautifulsoup4
155155
SPDXID: SPDXRef-Package-10-beautifulsoup4
156-
PackageVersion: 4.12.2
156+
PackageVersion: 4.12.3
157157
PrimaryPackagePurpose: LIBRARY
158158
PackageSupplier: Person: Leonard Richardson ([email protected])
159-
PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.2
159+
PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3
160160
FilesAnalyzed: false
161161
PackageLicenseDeclared: NOASSERTION
162-
PackageLicenseConcluded: NOASSERTION
162+
PackageLicenseConcluded: MIT
163+
PackageLicenseComments: <text>beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.</text>
163164
PackageCopyrightText: NOASSERTION
164165
PackageSummary: <text>Screen-scraping library</text>
165-
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].2
166-
ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.2:*:*:*:*:*:*:*
166+
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].3
167+
ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*
167168
#####
168169

169170
PackageName: soupsieve
@@ -286,6 +287,7 @@ PrimaryPackagePurpose: LIBRARY
286287
PackageSupplier: Person: Joshua Harlow
287288
PackageDownloadLocation: https://pypi.org/project/fasteners/0.19
288289
FilesAnalyzed: false
290+
PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4
289291
PackageLicenseDeclared: Apache-2.0
290292
PackageLicenseConcluded: Apache-2.0
291293
PackageCopyrightText: NOASSERTION
@@ -668,33 +670,32 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected]
668670

669671
PackageName: markupsafe
670672
SPDXID: SPDXRef-Package-42-markupsafe
671-
PackageVersion: 2.1.3
673+
PackageVersion: 2.1.4
672674
PrimaryPackagePurpose: LIBRARY
673675
PackageSupplier: NOASSERTION
674-
PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.3
676+
PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.4
675677
FilesAnalyzed: false
676-
PackageChecksum: SHA1: 496112e00fcfa54d81d256f1f7e221ad01d033cc
678+
PackageChecksum: SHA1: b7cd6523579ea5a08d89799f2a64ec2c2bc45eca
677679
PackageLicenseDeclared: BSD-3-Clause
678680
PackageLicenseConcluded: BSD-3-Clause
679681
PackageCopyrightText: NOASSERTION
680682
PackageSummary: <text>Safely add untrusted strings to HTML/XML markup.</text>
681-
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].3
683+
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].4
682684
#####
683685

684686
PackageName: jsonschema
685687
SPDXID: SPDXRef-Package-43-jsonschema
686-
PackageVersion: 4.20.0
688+
PackageVersion: 4.21.1
687689
PrimaryPackagePurpose: LIBRARY
688690
PackageSupplier: Person: Julian Berman
689-
PackageDownloadLocation: https://pypi.org/project/jsonschema/4.20.0
691+
PackageDownloadLocation: https://pypi.org/project/jsonschema/4.21.1
690692
FilesAnalyzed: false
691-
PackageChecksum: SHA1: 5ff5999d50420251744bc49e758f3b15ad2f8569
692693
PackageLicenseDeclared: MIT
693694
PackageLicenseConcluded: MIT
694695
PackageCopyrightText: NOASSERTION
695696
PackageSummary: <text>An implementation of JSON Schema validation for Python</text>
696-
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.20.0
697-
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*:*:*:*:*
697+
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.21.1
698+
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*
698699
#####
699700

700701
PackageName: jsonschema-specifications

0 commit comments

Comments
 (0)