chore: update SBOM for Python 3.8

web-flow · web-flow · commit 6d1a590cde3e · 2023-05-29T00:27:24.000Z
diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid8422fb83-076d-48df-a378-970954b2c07a",
+  "serialNumber": "urn:uuidb9b09cec-54df-4f21-b7b2-20fe19b3b8bd",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-05-22T00:27:20Z",
+    "timestamp": "2023-05-29T00:27:22Z",
     "tools": [
       {
         "name": "sbom4python",
@@ -1377,7 +1377,7 @@
       "type": "library",
       "bom-ref": "37-google-auth",
       "name": "google-auth",
-      "version": "2.18.1",
+      "version": "2.19.0",
       "supplier": {
         "name": "Google Cloud Platform",
         "contact": [
@@ -1386,7 +1386,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.18.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.19.0:*:*:*:*:*:*:*",
       "description": "Google Authentication Library",
       "licenses": [
         {
@@ -1403,12 +1403,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/google-auth/2.18.1",
+          "url": "https://pypi.org/project/google-auth/2.19.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/google-auth@2.18.1",
+      "purl": "pkg:pypi/google-auth@2.19.0",
       "properties": [
         {
           "name": "License Comments",
@@ -1420,7 +1420,7 @@
       "type": "library",
       "bom-ref": "38-cachetools",
       "name": "cachetools",
-      "version": "5.3.0",
+      "version": "5.3.1",
       "supplier": {
         "name": "Thomas Kemmer",
         "contact": [
@@ -1429,7 +1429,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:*",
       "description": "Extensible memoizing collections and decorators",
       "licenses": [
         {
@@ -1446,18 +1446,18 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/cachetools/5.3.0",
+          "url": "https://pypi.org/project/cachetools/5.3.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cachetools@5.3.0"
+      "purl": "pkg:pypi/cachetools@5.3.1"
     },
     {
       "type": "library",
       "bom-ref": "39-urllib3",
       "name": "urllib3",
-      "version": "1.26.15",
+      "version": "1.26.16",
       "supplier": {
         "name": "Andrey Petrov",
         "contact": [
@@ -1466,7 +1466,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrey_petrov:urllib3:1.26.16:*:*:*:*:*:*:*",
       "description": "HTTP library with thread-safe connection pooling, file post, and more.",
       "licenses": [
         {
@@ -1483,12 +1483,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/urllib3/1.26.15",
+          "url": "https://pypi.org/project/urllib3/1.26.16",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/urllib3@1.26.15"
+      "purl": "pkg:pypi/urllib3@1.26.16"
     },
     {
       "type": "library",
@@ -2030,7 +2030,7 @@
       "type": "library",
       "bom-ref": "55-requests",
       "name": "requests",
-      "version": "2.30.0",
+      "version": "2.31.0",
       "supplier": {
         "name": "Kenneth Reitz",
         "contact": [
@@ -2039,7 +2039,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.30.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:*",
       "description": "Python HTTP for Humans.",
       "licenses": [
         {
@@ -2056,12 +2056,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/requests/2.30.0",
+          "url": "https://pypi.org/project/requests/2.31.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/requests@2.30.0",
+      "purl": "pkg:pypi/requests@2.31.0",
       "properties": [
         {
           "name": "License Comments",
@@ -2227,7 +2227,7 @@
       "type": "library",
       "bom-ref": "61-typing-extensions",
       "name": "typing-extensions",
-      "version": "4.5.0",
+      "version": "4.6.2",
       "supplier": {
         "name": "Guido van Jukka ukasz Michael",
         "contact": [
@@ -2236,16 +2236,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.5.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.6.2:*:*:*:*:*:*:*",
       "description": "Backported and Experimental Type Hints for Python 3.7+",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/typing_extensions/4.5.0",
+          "url": "https://pypi.org/project/typing_extensions/4.6.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/typing-extensions@4.5.0"
+      "purl": "pkg:pypi/typing-extensions@4.6.2"
     },
     {
       "type": "library",
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3d7ad60e-d4e3-403e-bdc1-2f59271e305d
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-24d84485-8943-44a4-9776-b41bfc9b7686
 LicenseListVersion: 3.20
 Creator: Tool: sbom4python-0.9.1
-Created: 2023-05-22T00:25:58Z
+Created: 2023-05-29T00:25:56Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -599,51 +599,51 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
 
 PackageName: google-auth
 SPDXID: SPDXRef-Package-37-google-auth
-PackageVersion: 2.18.1
+PackageVersion: 2.19.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.18.1
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.19.0
 FilesAnalyzed: false
 PackageHomePage: https://github.com/googleapis/google-auth-library-python
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Google Authentication Library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.18.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.18.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.19.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.19.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cachetools
 SPDXID: SPDXRef-Package-38-cachetools
-PackageVersion: 5.3.0
+PackageVersion: 5.3.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.0
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.1
 FilesAnalyzed: false
 PackageHomePage: https://github.com/tkem/cachetools/
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Extensible memoizing collections and decorators</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: urllib3
 SPDXID: SPDXRef-Package-39-urllib3
-PackageVersion: 1.26.15
+PackageVersion: 1.26.16
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
-PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.15
+PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.16
 FilesAnalyzed: false
 PackageHomePage: https://urllib3.readthedocs.io/
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>HTTP library with thread-safe connection pooling, file post, and more.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.15
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.16
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.16:*:*:*:*:*:*:*
 ##### 
 
 PackageName: monotonic
@@ -891,19 +891,19 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*
 
 PackageName: requests
 SPDXID: SPDXRef-Package-55-requests
-PackageVersion: 2.30.0
+PackageVersion: 2.31.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
-PackageDownloadLocation: https://pypi.org/project/requests/2.30.0
+PackageDownloadLocation: https://pypi.org/project/requests/2.31.0
 FilesAnalyzed: false
 PackageHomePage: https://requests.readthedocs.io
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python HTTP for Humans.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.30.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.30.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.31.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: certifi
@@ -985,17 +985,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*
 
 PackageName: typing-extensions
 SPDXID: SPDXRef-Package-61-typing-extensions
-PackageVersion: 4.5.0
+PackageVersion: 4.6.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/typing_extensions/4.5.0
+PackageDownloadLocation: https://pypi.org/project/typing_extensions/4.6.2
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Backported and Experimental Type Hints for Python 3.7+</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.6.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.6.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: rpmfile
