chore: update SBOM for Python 3.9 (#4492)

github-actions[bot] · web-flow · web-flow · commit 97b61a024215 · 2024-10-07T15:22:15.000-07:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:b01bf299-408a-4e43-a959-44c49efa21f8",
+  "serialNumber": "urn:uuid:0f55e1a7-0266-4532-892d-3de628a427ac",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-09-30T00:40:37Z",
+    "timestamp": "2024-10-07T00:39:28Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -15,7 +15,7 @@
       "components": [
         {
           "name": "sbom4python",
-          "version": "0.11.2",
+          "version": "0.11.3",
           "type": "application"
         }
       ]
@@ -79,7 +79,7 @@
       "type": "library",
       "bom-ref": "2-aiohttp",
       "name": "aiohttp",
-      "version": "3.10.8",
+      "version": "3.10.9",
       "description": "Async http client/server framework (asyncio)",
       "licenses": [
         {
@@ -97,12 +97,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/aiohttp/3.10.8/#files",
+          "url": "https://pypi.org/project/aiohttp/3.10.9/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/aiohttp@3.10.8",
+      "purl": "pkg:pypi/aiohttp@3.10.9",
       "properties": [
         {
           "name": "language",
@@ -118,7 +118,7 @@
       "type": "library",
       "bom-ref": "3-aiohappyeyeballs",
       "name": "aiohappyeyeballs",
-      "version": "2.4.2",
+      "version": "2.4.3",
       "supplier": {
         "name": "J. Nick Koston",
         "contact": [
@@ -127,13 +127,13 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
       "description": "Happy Eyeballs for asyncio",
       "licenses": [
         {
           "license": {
-            "id": "Python-2.0.1",
-            "url": "https://www.python.org/download/releases/2.0.1/license/",
+            "id": "PSF-2.0",
+            "url": "https://opensource.org/licenses/Python-2.0",
             "acknowledgement": "concluded"
           }
         }
@@ -145,12 +145,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/aiohappyeyeballs/2.4.2/#files",
+          "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/aiohappyeyeballs@2.4.2",
+      "purl": "pkg:pypi/aiohappyeyeballs@2.4.3",
       "properties": [
         {
           "name": "language",
@@ -2813,7 +2813,7 @@
       "type": "library",
       "bom-ref": "57-rich",
       "name": "rich",
-      "version": "13.8.1",
+      "version": "13.9.2",
       "supplier": {
         "name": "Will McGugan",
         "contact": [
@@ -2822,7 +2822,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.8.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*",
       "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
       "licenses": [
         {
@@ -2840,12 +2840,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/rich/13.8.1/#files",
+          "url": "https://pypi.org/project/rich/13.9.2/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rich@13.8.1",
+      "purl": "pkg:pypi/rich@13.9.2",
       "properties": [
         {
           "name": "language",
@@ -3934,7 +3934,8 @@
       "ref": "57-rich",
       "dependsOn": [
         "58-markdown-it-py",
-        "60-pygments"
+        "60-pygments",
+        "9-typing-extensions"
       ]
     },
     {
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-cd098b6e-d3fd-4cd2-bae8-9649c9842de8
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-1d0fa934-b15d-43f1-8b71-ecc92bca3f10
 LicenseListVersion: 3.22
-Creator: Tool: sbom4python-0.11.2
-Created: 2024-09-30T00:39:14Z
+Creator: Tool: sbom4python-0.11.3
+Created: 2024-10-07T00:38:36Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -27,34 +27,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*
 
 PackageName: aiohttp
 SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.10.8
+PackageVersion: 3.10.9
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.8/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.9/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/aiohttp
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Async http client/server framework (asyncio)</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.8
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.9
 ##### 
 
 PackageName: aiohappyeyeballs
 SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.2
+PackageVersion: 2.4.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.2/#files
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageLicenseDeclared: Python-2.0.1
-PackageLicenseConcluded: Python-2.0.1
+PackageLicenseDeclared: PSF-2.0
+PackageLicenseConcluded: PSF-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Happy Eyeballs for asyncio</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: aiosignal
@@ -947,18 +947,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1
 
 PackageName: rich
 SPDXID: SPDXRef-57-rich
-PackageVersion: 13.8.1
+PackageVersion: 13.9.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.8.1/#files
+PackageDownloadLocation: https://pypi.org/project/rich/13.9.2/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/Textualize/rich
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.8.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.8.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: markdown-it-py
@@ -1343,6 +1343,7 @@ Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-56-packageurl-python
 Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-57-rich
 Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-58-markdown-it-py
 Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-60-pygments
+Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-9-typing-extensions
 Relationship: SPDXRef-58-markdown-it-py DEPENDS_ON SPDXRef-59-mdurl
 Relationship: SPDXRef-62-plotly DEPENDS_ON SPDXRef-61-packaging
 Relationship: SPDXRef-62-plotly DEPENDS_ON SPDXRef-63-tenacity

Original file line number	Diff line number	Diff line change
`@@ -2,10 +2,10 @@`
`2`	`2`	`"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",`
`3`	`3`	`"bomFormat": "CycloneDX",`
`4`	`4`	`"specVersion": "1.6",`
`5`		`- "serialNumber": "urn:uuid:b01bf299-408a-4e43-a959-44c49efa21f8",`
	`5`	`+ "serialNumber": "urn:uuid:0f55e1a7-0266-4532-892d-3de628a427ac",`
`6`	`6`	`"version": 1,`
`7`	`7`	`"metadata": {`
`8`		`- "timestamp": "2024-09-30T00:40:37Z",`
	`8`	`+ "timestamp": "2024-10-07T00:39:28Z",`
`9`	`9`	`"lifecycles": [`
`10`	`10`	`{`
`11`	`11`	`"phase": "build"`
`@@ -15,7 +15,7 @@`
`15`	`15`	`"components": [`
`16`	`16`	`{`
`17`	`17`	`"name": "sbom4python",`
`18`		`- "version": "0.11.2",`
	`18`	`+ "version": "0.11.3",`
`19`	`19`	`"type": "application"`
`20`	`20`	`}`
`21`	`21`	`]`
`@@ -79,7 +79,7 @@`
`79`	`79`	`"type": "library",`
`80`	`80`	`"bom-ref": "2-aiohttp",`
`81`	`81`	`"name": "aiohttp",`
`82`		`- "version": "3.10.8",`
	`82`	`+ "version": "3.10.9",`
`83`	`83`	`"description": "Async http client/server framework (asyncio)",`
`84`	`84`	`"licenses": [`
`85`	`85`	`{`
`@@ -97,12 +97,12 @@`
`97`	`97`	`"comment": "Home page for project"`
`98`	`98`	`},`
`99`	`99`	`{`
`100`		`- "url": "https://pypi.org/project/aiohttp/3.10.8/#files",`
	`100`	`+ "url": "https://pypi.org/project/aiohttp/3.10.9/#files",`
`101`	`101`	`"type": "distribution",`
`102`	`102`	`"comment": "Download location for component"`
`103`	`103`	`}`
`104`	`104`	`],`
`105`		`- "purl": "pkg:pypi/[email protected].8",`
	`105`	`+ "purl": "pkg:pypi/[email protected].9",`
`106`	`106`	`"properties": [`
`107`	`107`	`{`
`108`	`108`	`"name": "language",`
`@@ -118,7 +118,7 @@`
`118`	`118`	`"type": "library",`
`119`	`119`	`"bom-ref": "3-aiohappyeyeballs",`
`120`	`120`	`"name": "aiohappyeyeballs",`
`121`		`- "version": "2.4.2",`
	`121`	`+ "version": "2.4.3",`
`122`	`122`	`"supplier": {`
`123`	`123`	`"name": "J. Nick Koston",`
`124`	`124`	`"contact": [`
`@@ -127,13 +127,13 @@`
`127`	`127`	`}`
`128`	`128`	`]`
`129`	`129`	`},`
`130`		`- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.2:::::::*",`
	`130`	`+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:::::::*",`
`131`	`131`	`"description": "Happy Eyeballs for asyncio",`
`132`	`132`	`"licenses": [`
`133`	`133`	`{`
`134`	`134`	`"license": {`
`135`		`- "id": "Python-2.0.1",`
`136`		`- "url": "https://www.python.org/download/releases/2.0.1/license/",`
	`135`	`+ "id": "PSF-2.0",`
	`136`	`+ "url": "https://opensource.org/licenses/Python-2.0",`
`137`	`137`	`"acknowledgement": "concluded"`
`138`	`138`	`}`
`139`	`139`	`}`
`@@ -145,12 +145,12 @@`
`145`	`145`	`"comment": "Home page for project"`
`146`	`146`	`},`
`147`	`147`	`{`
`148`		`- "url": "https://pypi.org/project/aiohappyeyeballs/2.4.2/#files",`
	`148`	`+ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files",`
`149`	`149`	`"type": "distribution",`
`150`	`150`	`"comment": "Download location for component"`
`151`	`151`	`}`
`152`	`152`	`],`
`153`		`- "purl": "pkg:pypi/[email protected].2",`
	`153`	`+ "purl": "pkg:pypi/[email protected].3",`
`154`	`154`	`"properties": [`
`155`	`155`	`{`
`156`	`156`	`"name": "language",`
`@@ -2813,7 +2813,7 @@`
`2813`	`2813`	`"type": "library",`
`2814`	`2814`	`"bom-ref": "57-rich",`
`2815`	`2815`	`"name": "rich",`
`2816`		`- "version": "13.8.1",`
	`2816`	`+ "version": "13.9.2",`
`2817`	`2817`	`"supplier": {`
`2818`	`2818`	`"name": "Will McGugan",`
`2819`	`2819`	`"contact": [`
`@@ -2822,7 +2822,7 @@`
`2822`	`2822`	`}`
`2823`	`2823`	`]`
`2824`	`2824`	`},`
`2825`		`- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.8.1:::::::*",`
	`2825`	`+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.2:::::::*",`
`2826`	`2826`	`"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",`
`2827`	`2827`	`"licenses": [`
`2828`	`2828`	`{`
`@@ -2840,12 +2840,12 @@`
`2840`	`2840`	`"comment": "Home page for project"`
`2841`	`2841`	`},`
`2842`	`2842`	`{`
`2843`		`- "url": "https://pypi.org/project/rich/13.8.1/#files",`
	`2843`	`+ "url": "https://pypi.org/project/rich/13.9.2/#files",`
`2844`	`2844`	`"type": "distribution",`
`2845`	`2845`	`"comment": "Download location for component"`
`2846`	`2846`	`}`
`2847`	`2847`	`],`
`2848`		`- "purl": "pkg:pypi/rich@13.8.1",`
	`2848`	`+ "purl": "pkg:pypi/rich@13.9.2",`
`2849`	`2849`	`"properties": [`
`2850`	`2850`	`{`
`2851`	`2851`	`"name": "language",`
`@@ -3934,7 +3934,8 @@`
`3934`	`3934`	`"ref": "57-rich",`
`3935`	`3935`	`"dependsOn": [`
`3936`	`3936`	`"58-markdown-it-py",`
`3937`		`- "60-pygments"`
	`3937`	`+ "60-pygments",`
	`3938`	`+ "9-typing-extensions"`
`3938`	`3939`	`]`
`3939`	`3940`	`},`
`3940`	`3941`	`{`