chore: update SBOM for Python 3.11 (intel#3688)

Co-authored-by: GitHub <[email protected]>

Author: 2 people

sbom/cve-bin-tool-py3.11.json

@@ -2,15 +2,15 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:04ec1dd8-d2ec-44b9-ba93-cee74b34cc8e",
+  "serialNumber": "urn:uuid:3276bc0a-d0c8-4c99-95f1-c47bc965e860",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-12-25T00:30:14Z",
+    "timestamp": "2024-01-04T20:02:20Z",
     "tools": {
       "components": [
         {
           "name": "sbom4python",
-          "version": "0.10.2",
+          "version": "0.10.3",
           "type": "application"
         }
       ]
@@ -196,7 +196,7 @@
       "type": "library",
       "bom-ref": "5-attrs",
       "name": "attrs",
-      "version": "23.1.0",
+      "version": "23.2.0",
       "supplier": {
         "name": "Hynek Schlawack",
         "contact": [
@@ -205,22 +205,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*",
       "description": "Classes Without Boilerplate",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "1e2f6f9cac5cc60f0adab051c14adf09ffe39155"
-        }
-      ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/attrs/23.1.0",
+          "url": "https://pypi.org/project/attrs/23.2.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/attrs@23.1.0",
+      "purl": "pkg:pypi/attrs@23.2.0",
       "properties": [
         {
           "name": "language",
@@ -1302,6 +1296,12 @@
       },
       "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.3.0:*:*:*:*:*:*:*",
       "description": "Python wrapper module around the OpenSSL library",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "5ba8ce10ed7c318e57516a7ec8447cbb5626d3f9"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -1576,7 +1576,7 @@
       "type": "library",
       "bom-ref": "35-google-auth",
       "name": "google-auth",
-      "version": "2.25.2",
+      "version": "2.26.1",
       "supplier": {
         "name": "Google Cloud Platform",
         "contact": [
@@ -1585,7 +1585,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.25.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.26.1:*:*:*:*:*:*:*",
       "description": "Google Authentication Library",
       "licenses": [
         {
@@ -1597,12 +1597,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/google-auth/2.25.2",
+          "url": "https://pypi.org/project/google-auth/2.26.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/google-auth@2.25.2",
+      "purl": "pkg:pypi/google-auth@2.26.1",
       "properties": [
         {
           "name": "language",
@@ -1852,16 +1852,16 @@
       "type": "library",
       "bom-ref": "41-jsonschema-specifications",
       "name": "jsonschema-specifications",
-      "version": "2023.11.2",
+      "version": "2023.12.1",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*",
       "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
       "hashes": [
         {
           "alg": "SHA-1",
-          "content": "a2fec386cdb2ed38041ccbfff0fc3e8a566997a3"
+          "content": "544e0ff86850af1c6d9e533c4b58b76c59542a76"
         }
       ],
       "licenses": [
@@ -1874,12 +1874,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/jsonschema-specifications/2023.11.2",
+          "url": "https://pypi.org/project/jsonschema-specifications/2023.12.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/jsonschema-specifications@2023.11.2",
+      "purl": "pkg:pypi/jsonschema-specifications@2023.12.1",
       "properties": [
         {
           "name": "language",
@@ -1938,11 +1938,11 @@
       "type": "library",
       "bom-ref": "43-rpds-py",
       "name": "rpds-py",
-      "version": "0.15.2",
+      "version": "0.16.2",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.15.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.16.2:*:*:*:*:*:*:*",
       "description": "Python bindings to Rust's persistent data structures (rpds)",
       "licenses": [
         {
@@ -1954,12 +1954,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/rpds-py/0.15.2",
+          "url": "https://pypi.org/project/rpds-py/0.16.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rpds-py@0.15.2",
+      "purl": "pkg:pypi/rpds-py@0.16.2",
       "properties": [
         {
           "name": "language",
@@ -1975,7 +1975,7 @@
       "type": "library",
       "bom-ref": "44-lib4sbom",
       "name": "lib4sbom",
-      "version": "0.5.4",
+      "version": "0.6.1",
       "supplier": {
         "name": "Anthony Harrison",
         "contact": [
@@ -1984,14 +1984,8 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.5.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.6.1:*:*:*:*:*:*:*",
       "description": "Software Bill of Material (SBOM) generator and consumer library",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "3de23e3f3b32c08f9bf8231e2765a06ebb82dc80"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -2002,12 +1996,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/lib4sbom/0.5.4",
+          "url": "https://pypi.org/project/lib4sbom/0.6.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/lib4sbom@0.5.4",
+      "purl": "pkg:pypi/lib4sbom@0.6.1",
       "properties": [
         {
           "name": "language",

sbom/cve-bin-tool-py3.11.spdx

@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-f1f34e30-f49a-4f73-90bd-80e0bdc889b9
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-6bb28944-b0e3-45eb-9feb-dc60bec1512c
 LicenseListVersion: 3.22
-Creator: Tool: sbom4python-0.10.2
-Created: 2023-12-25T00:28:34Z
+Creator: Tool: sbom4python-0.10.3
+Created: 2024-01-04T20:00:41Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -73,18 +73,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected]
 
 PackageName: attrs
 SPDXID: SPDXRef-Package-5-attrs
-PackageVersion: 23.1.0
+PackageVersion: 23.2.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Hynek Schlawack ([email protected])
-PackageDownloadLocation: https://pypi.org/project/attrs/23.1.0
+PackageDownloadLocation: https://pypi.org/project/attrs/23.2.0
 FilesAnalyzed: false
-PackageChecksum: SHA1: 1e2f6f9cac5cc60f0adab051c14adf09ffe39155
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Classes Without Boilerplate</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@23.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@23.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: multidict
@@ -464,6 +463,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The pyOpenSSL developers ([email protected])
 PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.3.0
 FilesAnalyzed: false
+PackageChecksum: SHA1: 5ba8ce10ed7c318e57516a7ec8447cbb5626d3f9
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.</text>
@@ -556,18 +556,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
 
 PackageName: google-auth
 SPDXID: SPDXRef-Package-35-google-auth
-PackageVersion: 2.25.2
+PackageVersion: 2.26.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Google Cloud Platform ([email protected])
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.25.2
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.26.1
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Google Authentication Library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.25.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.25.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.26.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.26.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cachetools
@@ -652,18 +652,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*:
 
 PackageName: jsonschema-specifications
 SPDXID: SPDXRef-Package-41-jsonschema-specifications
-PackageVersion: 2023.11.2
+PackageVersion: 2023.12.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.11.2
+PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.12.1
 FilesAnalyzed: false
-PackageChecksum: SHA1: a2fec386cdb2ed38041ccbfff0fc3e8a566997a3
+PackageChecksum: SHA1: 544e0ff86850af1c6d9e533c4b58b76c59542a76
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>The JSON Schema meta-schemas and vocabularies, exposed as a Registry</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.11.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: referencing
@@ -684,33 +684,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.32.0:*:*:*
 
 PackageName: rpds-py
 SPDXID: SPDXRef-Package-43-rpds-py
-PackageVersion: 0.15.2
+PackageVersion: 0.16.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.15.2
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.16.2
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python bindings to Rust's persistent data structures (rpds)</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.15.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.15.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.16.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.16.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: lib4sbom
 SPDXID: SPDXRef-Package-44-lib4sbom
-PackageVersion: 0.5.4
+PackageVersion: 0.6.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Anthony Harrison ([email protected])
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.5.4
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.6.1
 FilesAnalyzed: false
-PackageChecksum: SHA1: 3de23e3f3b32c08f9bf8231e2765a06ebb82dc80
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Software Bill of Material (SBOM) generator and consumer library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.5.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.5.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.6.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.6.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: pyyaml