Skip to content

Commit 4d60668

Browse files
web-flowgithub-actions[bot]
authored andcommitted
chore: update SBOM for Python 3.9
1 parent 2b15bc5 commit 4d60668

File tree

2 files changed

+34
-34
lines changed

2 files changed

+34
-34
lines changed

sbom/cve-bin-tool-py3.9.json

Lines changed: 17 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,10 @@
22
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
33
"bomFormat": "CycloneDX",
44
"specVersion": "1.6",
5-
"serialNumber": "urn:uuid:830ada42-625f-4aab-a5fe-a0a3581e1e5b",
5+
"serialNumber": "urn:uuid:446914dd-c18a-4e5a-8c75-a21664d12eb9",
66
"version": 1,
77
"metadata": {
8-
"timestamp": "2024-10-14T00:40:11Z",
8+
"timestamp": "2024-10-21T00:38:06Z",
99
"lifecycles": [
1010
{
1111
"phase": "build"
@@ -432,7 +432,7 @@
432432
"type": "library",
433433
"bom-ref": "10-yarl",
434434
"name": "yarl",
435-
"version": "1.15.2",
435+
"version": "1.15.5",
436436
"supplier": {
437437
"name": "Andrew Svetlov",
438438
"contact": [
@@ -441,7 +441,7 @@
441441
}
442442
]
443443
},
444-
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*",
444+
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*",
445445
"description": "Yet another URL library",
446446
"licenses": [
447447
{
@@ -459,12 +459,12 @@
459459
"comment": "Home page for project"
460460
},
461461
{
462-
"url": "https://pypi.org/project/yarl/1.15.2/#files",
462+
"url": "https://pypi.org/project/yarl/1.15.5/#files",
463463
"type": "distribution",
464464
"comment": "Download location for component"
465465
}
466466
],
467-
"purl": "pkg:pypi/[email protected].2",
467+
"purl": "pkg:pypi/[email protected].5",
468468
"properties": [
469469
{
470470
"name": "language",
@@ -1865,7 +1865,7 @@
18651865
"type": "library",
18661866
"bom-ref": "38-cryptography",
18671867
"name": "cryptography",
1868-
"version": "43.0.1",
1868+
"version": "43.0.3",
18691869
"supplier": {
18701870
"name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
18711871
"contact": [
@@ -1874,7 +1874,7 @@
18741874
}
18751875
]
18761876
},
1877-
"cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*",
1877+
"cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
18781878
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
18791879
"licenses": [
18801880
{
@@ -1888,12 +1888,12 @@
18881888
"comment": "Home page for project"
18891889
},
18901890
{
1891-
"url": "https://pypi.org/project/cryptography/43.0.1/#files",
1891+
"url": "https://pypi.org/project/cryptography/43.0.3/#files",
18921892
"type": "distribution",
18931893
"comment": "Download location for component"
18941894
}
18951895
],
1896-
"purl": "pkg:pypi/[email protected].1",
1896+
"purl": "pkg:pypi/[email protected].3",
18971897
"properties": [
18981898
{
18991899
"name": "language",
@@ -2292,16 +2292,16 @@
22922292
"type": "library",
22932293
"bom-ref": "47-markupsafe",
22942294
"name": "markupsafe",
2295-
"version": "3.0.1",
2295+
"version": "3.0.2",
22962296
"description": "Safely add untrusted strings to HTML/XML markup.",
22972297
"externalReferences": [
22982298
{
2299-
"url": "https://pypi.org/project/markupsafe/3.0.1/#files",
2299+
"url": "https://pypi.org/project/markupsafe/3.0.2/#files",
23002300
"type": "distribution",
23012301
"comment": "Download location for component"
23022302
}
23032303
],
2304-
"purl": "pkg:pypi/[email protected].1",
2304+
"purl": "pkg:pypi/[email protected].2",
23052305
"properties": [
23062306
{
23072307
"name": "language",
@@ -3450,7 +3450,7 @@
34503450
"type": "library",
34513451
"bom-ref": "71-setuptools",
34523452
"name": "setuptools",
3453-
"version": "75.1.0",
3453+
"version": "75.2.0",
34543454
"supplier": {
34553455
"name": "Python Packaging Authority",
34563456
"contact": [
@@ -3459,16 +3459,16 @@
34593459
}
34603460
]
34613461
},
3462-
"cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:*",
3462+
"cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*",
34633463
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
34643464
"externalReferences": [
34653465
{
3466-
"url": "https://pypi.org/project/setuptools/75.1.0/#files",
3466+
"url": "https://pypi.org/project/setuptools/75.2.0/#files",
34673467
"type": "distribution",
34683468
"comment": "Download location for component"
34693469
}
34703470
],
3471-
"purl": "pkg:pypi/setuptools@75.1.0",
3471+
"purl": "pkg:pypi/setuptools@75.2.0",
34723472
"properties": [
34733473
{
34743474
"name": "language",

sbom/cve-bin-tool-py3.9.spdx

Lines changed: 17 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
22
DataLicense: CC0-1.0
33
SPDXID: SPDXRef-DOCUMENT
44
DocumentName: Python-cve-bin-tool
5-
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e4486aea-13eb-4981-be76-1677436a925a
5+
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fb473dd3-9d06-4045-8446-8b94d55b0135
66
LicenseListVersion: 3.22
77
Creator: Tool: sbom4python-0.11.3
8-
Created: 2024-10-14T00:39:13Z
8+
Created: 2024-10-21T00:37:14Z
99
CreatorComment: <text>This document has been automatically generated.</text>
1010
#####
1111

@@ -157,18 +157,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
157157

158158
PackageName: yarl
159159
SPDXID: SPDXRef-10-yarl
160-
PackageVersion: 1.15.2
160+
PackageVersion: 1.15.5
161161
PrimaryPackagePurpose: LIBRARY
162162
PackageSupplier: Person: Andrew Svetlov ([email protected])
163-
PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files
163+
PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files
164164
FilesAnalyzed: false
165165
PackageHomePage: https://github.com/aio-libs/yarl
166166
PackageLicenseDeclared: Apache-2.0
167167
PackageLicenseConcluded: Apache-2.0
168168
PackageCopyrightText: NOASSERTION
169169
PackageSummary: <text>Yet another URL library</text>
170-
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].2
171-
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*
170+
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].5
171+
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*
172172
#####
173173

174174
PackageName: idna
@@ -632,18 +632,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.
632632

633633
PackageName: cryptography
634634
SPDXID: SPDXRef-38-cryptography
635-
PackageVersion: 43.0.1
635+
PackageVersion: 43.0.3
636636
PrimaryPackagePurpose: LIBRARY
637637
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors ([email protected])
638-
PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.1/#files
638+
PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
639639
FilesAnalyzed: false
640640
PackageHomePage: https://github.com/pyca/cryptography
641641
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
642642
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
643643
PackageCopyrightText: NOASSERTION
644644
PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text>
645-
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].1
646-
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*
645+
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].3
646+
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
647647
#####
648648

649649
PackageName: cffi
@@ -779,17 +779,17 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected]
779779

780780
PackageName: markupsafe
781781
SPDXID: SPDXRef-47-markupsafe
782-
PackageVersion: 3.0.1
782+
PackageVersion: 3.0.2
783783
PrimaryPackagePurpose: LIBRARY
784784
PackageSupplier: NOASSERTION
785-
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.1/#files
785+
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
786786
FilesAnalyzed: false
787787
PackageLicenseDeclared: NOASSERTION
788788
PackageLicenseConcluded: NOASSERTION
789789
PackageLicenseComments: <text>markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.</text>
790790
PackageCopyrightText: NOASSERTION
791791
PackageSummary: <text>Safely add untrusted strings to HTML/XML markup.</text>
792-
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].1
792+
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].2
793793
#####
794794

795795
PackageName: jsonschema
@@ -1176,17 +1176,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
11761176

11771177
PackageName: setuptools
11781178
SPDXID: SPDXRef-71-setuptools
1179-
PackageVersion: 75.1.0
1179+
PackageVersion: 75.2.0
11801180
PrimaryPackagePurpose: LIBRARY
11811181
PackageSupplier: Organization: Python Packaging Authority ([email protected])
1182-
PackageDownloadLocation: https://pypi.org/project/setuptools/75.1.0/#files
1182+
PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files
11831183
FilesAnalyzed: false
11841184
PackageLicenseDeclared: NOASSERTION
11851185
PackageLicenseConcluded: NOASSERTION
11861186
PackageCopyrightText: NOASSERTION
11871187
PackageSummary: <text>Easily download, build, install, upgrade, and uninstall Python packages</text>
1188-
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.1.0
1189-
ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:*
1188+
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0
1189+
ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*
11901190
#####
11911191

11921192
PackageName: toml

0 commit comments

Comments
 (0)