chore: update SBOM for Python 3.12 (#4094)

github-actions[bot] · web-flow · web-flow · commit 4eb033376e6c · 2024-04-29T13:53:23.000-07:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
@@ -1,11 +1,11 @@
 {
-  "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
-  "specVersion": "1.5",
-  "serialNumber": "urn:uuid:0acfe7bf-745e-4b5d-b8fe-4730e94a4f6d",
+  "specVersion": "1.6",
+  "serialNumber": "urn:uuid:6cea83d8-e0e4-409a-9626-7141d6bb5e04",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-04-22T00:27:41Z",
+    "timestamp": "2024-04-29T00:26:56Z",
     "tools": {
       "components": [
         {
@@ -313,6 +313,12 @@
       },
       "cpe": "cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:*",
       "description": "Internationalized Domain Names in Applications (IDNA)",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"
+        }
+      ],
       "externalReferences": [
         {
           "url": "https://pypi.org/project/idna/3.7",
@@ -651,6 +657,12 @@
       },
       "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:*",
       "description": "Bash tab completion for argparse",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "c7cc834df1fddcf94bd35b740fef7c7ab8e9c350"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -1328,6 +1340,12 @@
       },
       "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "33833f031d9d36234e11d9671be150d53b9e598d"
+        }
+      ],
       "licenses": [
         {
           "expression": "Apache-2.0 OR BSD-3-Clause"
@@ -1415,6 +1433,12 @@
       },
       "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
       "description": "C parser in Python",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "129d32ef805d715d90a3b2035b13168c17ca63d2"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -1832,20 +1856,20 @@
       "type": "library",
       "bom-ref": "43-referencing",
       "name": "referencing",
-      "version": "0.34.0",
+      "version": "0.35.0",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.0:*:*:*:*:*:*:*",
       "description": "JSON Referencing + Python",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/referencing/0.34.0",
+          "url": "https://pypi.org/project/referencing/0.35.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/referencing@0.34.0",
+      "purl": "pkg:pypi/referencing@0.35.0",
       "properties": [
         {
           "name": "language",
@@ -1898,7 +1922,7 @@
       "type": "library",
       "bom-ref": "45-lib4sbom",
       "name": "lib4sbom",
-      "version": "0.7.0",
+      "version": "0.7.1",
       "supplier": {
         "name": "Anthony Harrison",
         "contact": [
@@ -1907,7 +1931,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*",
       "description": "Software Bill of Material (SBOM) generator and consumer library",
       "licenses": [
         {
@@ -1919,12 +1943,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/lib4sbom/0.7.0",
+          "url": "https://pypi.org/project/lib4sbom/0.7.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/lib4sbom@0.7.0",
+      "purl": "pkg:pypi/lib4sbom@0.7.1",
       "properties": [
         {
           "name": "language",
@@ -2635,7 +2659,7 @@
       "type": "library",
       "bom-ref": "62-xmlschema",
       "name": "xmlschema",
-      "version": "3.3.0",
+      "version": "3.3.1",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -2644,7 +2668,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*",
       "description": "An XML Schema validator and decoder",
       "licenses": [
         {
@@ -2656,12 +2680,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/xmlschema/3.3.0",
+          "url": "https://pypi.org/project/xmlschema/3.3.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/xmlschema@3.3.0",
+      "purl": "pkg:pypi/xmlschema@3.3.1",
       "properties": [
         {
           "name": "language",
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-aaa91dd7-47bb-4ce8-b80c-b04e18631b28
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0f3c0601-aa4c-44f2-9ea1-8d4b70b94f9a
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.10.4
-Created: 2024-04-22T00:26:28Z
+Created: 2024-04-29T00:25:47Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -124,6 +124,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
 PackageDownloadLocation: https://pypi.org/project/idna/3.7
 FilesAnalyzed: false
+PackageChecksum: SHA1: 1d365e17e10d72d0b7876316fc7b9ca0eebdd38d
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
@@ -252,6 +253,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
 PackageDownloadLocation: https://pypi.org/project/argcomplete/3.3.0
 FilesAnalyzed: false
+PackageChecksum: SHA1: c7cc834df1fddcf94bd35b740fef7c7ab8e9c350
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.</text>
@@ -495,6 +497,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
 PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.5
 FilesAnalyzed: false
+PackageChecksum: SHA1: 33833f031d9d36234e11d9671be150d53b9e598d
 PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
 PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
 PackageCopyrightText: NOASSERTION
@@ -526,6 +529,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
 PackageDownloadLocation: https://pypi.org/project/pycparser/2.22
 FilesAnalyzed: false
+PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2
 PackageLicenseDeclared: BSD-3-Clause
 PackageLicenseConcluded: BSD-3-Clause
 PackageCopyrightText: NOASSERTION
@@ -678,17 +682,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
 
 PackageName: referencing
 SPDXID: SPDXRef-Package-43-referencing
-PackageVersion: 0.34.0
+PackageVersion: 0.35.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.34.0
+PackageDownloadLocation: https://pypi.org/project/referencing/0.35.0
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>JSON Referencing + Python</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.34.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: rpds-py
@@ -708,17 +712,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*
 
 PackageName: lib4sbom
 SPDXID: SPDXRef-Package-45-lib4sbom
-PackageVersion: 0.7.0
+PackageVersion: 0.7.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.0
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.1
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Software Bill of Material (SBOM) generator and consumer library</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: pyyaml
@@ -977,17 +981,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*
 
 PackageName: xmlschema
 SPDXID: SPDXRef-Package-62-xmlschema
-PackageVersion: 3.3.0
+PackageVersion: 3.3.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.0
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.1
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An XML Schema validator and decoder</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: elementpath
