Skip to content

Commit ae78fb7

Browse files
chore: update SBOM for Python 3.10 (#4982)
Co-authored-by: GitHub <[email protected]>
1 parent 703193c commit ae78fb7

File tree

2 files changed

+102
-105
lines changed

2 files changed

+102
-105
lines changed

sbom/cve-bin-tool-py3.10.json

Lines changed: 53 additions & 56 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,10 @@
22
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
33
"bomFormat": "CycloneDX",
44
"specVersion": "1.6",
5-
"serialNumber": "urn:uuid:796a191c-088b-45d2-bd13-4d623246be88",
5+
"serialNumber": "urn:uuid:e42ec5d3-77cb-4558-847c-ffb97d06487e",
66
"version": 1,
77
"metadata": {
8-
"timestamp": "2025-03-24T00:38:31Z",
8+
"timestamp": "2025-03-31T00:39:36Z",
99
"lifecycles": [
1010
{
1111
"phase": "build"
@@ -633,7 +633,7 @@
633633
"type": "library",
634634
"bom-ref": "9-typing-extensions",
635635
"name": "typing-extensions",
636-
"version": "4.12.2",
636+
"version": "4.13.0",
637637
"supplier": {
638638
"name": "Guido van Jukka ukasz Michael",
639639
"contact": [
@@ -642,21 +642,12 @@
642642
}
643643
]
644644
},
645-
"cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
645+
"cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.13.0:*:*:*:*:*:*:*",
646646
"description": "Backported and Experimental Type Hints for Python 3.8+",
647647
"hashes": [
648648
{
649649
"alg": "SHA-256",
650-
"content": "04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d"
651-
}
652-
],
653-
"licenses": [
654-
{
655-
"license": {
656-
"id": "PSF-2.0",
657-
"url": "https://opensource.org/licenses/Python-2.0",
658-
"acknowledgement": "concluded"
659-
}
650+
"content": "c8dd92cc0d6425a97c18fbb9d1954e5ff92c1ca881a309c45f06ebc0b79058e5"
660651
}
661652
],
662653
"externalReferences": [
@@ -666,7 +657,7 @@
666657
"comment": "Home page for project"
667658
},
668659
{
669-
"url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
660+
"url": "https://pypi.org/project/typing-extensions/4.13.0/#files",
670661
"type": "distribution",
671662
"comment": "Download location for component"
672663
},
@@ -691,11 +682,11 @@
691682
"type": "vcs"
692683
}
693684
],
694-
"purl": "pkg:pypi/typing-extensions@4.12.2",
685+
"purl": "pkg:pypi/typing-extensions@4.13.0",
695686
"properties": [
696687
{
697688
"name": "release_date",
698-
"value": "2024-06-07T18:52:13Z"
689+
"value": "2025-03-26T03:49:40Z"
699690
},
700691
{
701692
"name": "language",
@@ -711,7 +702,7 @@
711702
"type": "library",
712703
"bom-ref": "10-propcache",
713704
"name": "propcache",
714-
"version": "0.3.0",
705+
"version": "0.3.1",
715706
"supplier": {
716707
"name": "Andrew Svetlov",
717708
"contact": [
@@ -720,12 +711,12 @@
720711
}
721712
]
722713
},
723-
"cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.3.0:*:*:*:*:*:*:*",
714+
"cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.3.1:*:*:*:*:*:*:*",
724715
"description": "Accelerated property cache",
725716
"hashes": [
726717
{
727718
"alg": "SHA-256",
728-
"content": "efa44f64c37cc30c9f05932c740a8b40ce359f51882c70883cc95feac842da4d"
719+
"content": "f27785888d2fdd918bc36de8b8739f2d6c791399552333721b58193f68ea3e98"
729720
}
730721
],
731722
"licenses": [
@@ -744,7 +735,7 @@
744735
"comment": "Home page for project"
745736
},
746737
{
747-
"url": "https://pypi.org/project/propcache/0.3.0/#files",
738+
"url": "https://pypi.org/project/propcache/0.3.1/#files",
748739
"type": "distribution",
749740
"comment": "Download location for component"
750741
},
@@ -785,11 +776,11 @@
785776
"type": "vcs"
786777
}
787778
],
788-
"purl": "pkg:pypi/[email protected].0",
779+
"purl": "pkg:pypi/[email protected].1",
789780
"properties": [
790781
{
791782
"name": "release_date",
792-
"value": "2025-02-20T18:59:44Z"
783+
"value": "2025-03-26T03:03:35Z"
793784
},
794785
{
795786
"name": "language",
@@ -2055,7 +2046,7 @@
20552046
"type": "library",
20562047
"bom-ref": "31-pyparsing",
20572048
"name": "pyparsing",
2058-
"version": "3.2.1",
2049+
"version": "3.2.3",
20592050
"supplier": {
20602051
"name": "Paul McGuire",
20612052
"contact": [
@@ -2064,12 +2055,12 @@
20642055
}
20652056
]
20662057
},
2067-
"cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.1:*:*:*:*:*:*:*",
2058+
"cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.3:*:*:*:*:*:*:*",
20682059
"description": "pyparsing module - Classes and methods to define and execute parsing grammars",
20692060
"hashes": [
20702061
{
20712062
"alg": "SHA-256",
2072-
"content": "506ff4f4386c4cec0590ec19e6302d3aedb992fdc02c761e90416f158dacf8e1"
2063+
"content": "a749938e02d6fd0b59b356ca504a24982314bb090c383e3cf201c95ef7e2bfcf"
20732064
}
20742065
],
20752066
"licenses": [
@@ -2088,16 +2079,16 @@
20882079
"comment": "Home page for project"
20892080
},
20902081
{
2091-
"url": "https://pypi.org/project/pyparsing/3.2.1/#files",
2082+
"url": "https://pypi.org/project/pyparsing/3.2.3/#files",
20922083
"type": "distribution",
20932084
"comment": "Download location for component"
20942085
}
20952086
],
2096-
"purl": "pkg:pypi/[email protected].1",
2087+
"purl": "pkg:pypi/[email protected].3",
20972088
"properties": [
20982089
{
20992090
"name": "release_date",
2100-
"value": "2024-12-31T20:59:42Z"
2091+
"value": "2025-03-25T05:01:24Z"
21012092
},
21022093
{
21032094
"name": "language",
@@ -2171,7 +2162,7 @@
21712162
"type": "library",
21722163
"bom-ref": "33-pyasn1-modules",
21732164
"name": "pyasn1-modules",
2174-
"version": "0.4.1",
2165+
"version": "0.4.2",
21752166
"supplier": {
21762167
"name": "Ilya Etingof",
21772168
"contact": [
@@ -2180,12 +2171,12 @@
21802171
}
21812172
]
21822173
},
2183-
"cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*",
2174+
"cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.2:*:*:*:*:*:*:*",
21842175
"description": "A collection of ASN.1-based protocols modules",
21852176
"hashes": [
21862177
{
21872178
"alg": "SHA-256",
2188-
"content": "c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c"
2179+
"content": "29253a9207ce32b64c3ac6600edc75368f98473906e8fd1043bd6b5b1de2c14a"
21892180
}
21902181
],
21912182
"licenses": [
@@ -2204,7 +2195,7 @@
22042195
"comment": "Home page for project"
22052196
},
22062197
{
2207-
"url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files",
2198+
"url": "https://pypi.org/project/pyasn1-modules/0.4.2/#files",
22082199
"type": "distribution",
22092200
"comment": "Download location for component"
22102201
},
@@ -2221,11 +2212,11 @@
22212212
"type": "log"
22222213
}
22232214
],
2224-
"purl": "pkg:pypi/[email protected].1",
2215+
"purl": "pkg:pypi/[email protected].2",
22252216
"properties": [
22262217
{
22272218
"name": "release_date",
2228-
"value": "2024-09-10T22:42:08Z"
2219+
"value": "2025-03-28T02:41:19Z"
22292220
},
22302221
{
22312222
"name": "language",
@@ -3327,7 +3318,7 @@
33273318
"type": "library",
33283319
"bom-ref": "51-rpds-py",
33293320
"name": "rpds-py",
3330-
"version": "0.23.1",
3321+
"version": "0.24.0",
33313322
"supplier": {
33323323
"name": "Julian Berman",
33333324
"contact": [
@@ -3336,12 +3327,12 @@
33363327
}
33373328
]
33383329
},
3339-
"cpe": "cpe:2.3:a:julian_berman:rpds-py:0.23.1:*:*:*:*:*:*:*",
3330+
"cpe": "cpe:2.3:a:julian_berman:rpds-py:0.24.0:*:*:*:*:*:*:*",
33403331
"description": "Python bindings to Rust's persistent data structures (rpds)",
33413332
"hashes": [
33423333
{
33433334
"alg": "SHA-256",
3344-
"content": "2a54027554ce9b129fc3d633c92fa33b30de9f08bc61b32c053dc9b537266fed"
3335+
"content": "006f4342fe729a368c6df36578d7a348c7c716be1da0a1a0f86e3021f8e98724"
33453336
}
33463337
],
33473338
"licenses": [
@@ -3360,7 +3351,7 @@
33603351
"comment": "Home page for project"
33613352
},
33623353
{
3363-
"url": "https://pypi.org/project/rpds-py/0.23.1/#files",
3354+
"url": "https://pypi.org/project/rpds-py/0.24.0/#files",
33643355
"type": "distribution",
33653356
"comment": "Download location for component"
33663357
},
@@ -3389,11 +3380,11 @@
33893380
"type": "other"
33903381
}
33913382
],
3392-
"purl": "pkg:pypi/rpds-py@0.23.1",
3383+
"purl": "pkg:pypi/rpds-py@0.24.0",
33933384
"properties": [
33943385
{
33953386
"name": "release_date",
3396-
"value": "2025-02-21T15:01:14Z"
3387+
"value": "2025-03-26T14:52:41Z"
33973388
},
33983389
{
33993390
"name": "language",
@@ -3772,7 +3763,7 @@
37723763
"type": "library",
37733764
"bom-ref": "58-rich",
37743765
"name": "rich",
3775-
"version": "13.9.4",
3766+
"version": "14.0.0",
37763767
"supplier": {
37773768
"name": "Will McGugan",
37783769
"contact": [
@@ -3781,12 +3772,12 @@
37813772
}
37823773
]
37833774
},
3784-
"cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*",
3775+
"cpe": "cpe:2.3:a:will_mcgugan:rich:14.0.0:*:*:*:*:*:*:*",
37853776
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
37863777
"hashes": [
37873778
{
37883779
"alg": "SHA-256",
3789-
"content": "6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90"
3780+
"content": "1c9491e1951aac09caffd42f448ee3d04e58923ffe14993f6e83068dc395d7e0"
37903781
}
37913782
],
37923783
"licenses": [
@@ -3805,7 +3796,7 @@
38053796
"comment": "Home page for project"
38063797
},
38073798
{
3808-
"url": "https://pypi.org/project/rich/13.9.4/#files",
3799+
"url": "https://pypi.org/project/rich/14.0.0/#files",
38093800
"type": "distribution",
38103801
"comment": "Download location for component"
38113802
},
@@ -3814,11 +3805,11 @@
38143805
"type": "documentation"
38153806
}
38163807
],
3817-
"purl": "pkg:pypi/rich@13.9.4",
3808+
"purl": "pkg:pypi/rich@14.0.0",
38183809
"properties": [
38193810
{
38203811
"name": "release_date",
3821-
"value": "2024-11-01T16:43:55Z"
3812+
"value": "2025-03-30T14:15:12Z"
38223813
},
38233814
{
38243815
"name": "language",
@@ -4216,7 +4207,7 @@
42164207
"type": "library",
42174208
"bom-ref": "65-narwhals",
42184209
"name": "narwhals",
4219-
"version": "1.31.0",
4210+
"version": "1.32.0",
42204211
"supplier": {
42214212
"name": "Marco Gorelli",
42224213
"contact": [
@@ -4225,7 +4216,7 @@
42254216
}
42264217
]
42274218
},
4228-
"cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.31.0:*:*:*:*:*:*:*",
4219+
"cpe": "cpe:2.3:a:marco_gorelli:narwhals:1.32.0:*:*:*:*:*:*:*",
42294220
"description": "Extremely lightweight compatibility layer between dataframe libraries",
42304221
"licenses": [
42314222
{
@@ -4243,7 +4234,7 @@
42434234
"comment": "Home page for project"
42444235
},
42454236
{
4246-
"url": "https://pypi.org/project/narwhals/1.31.0/#files",
4237+
"url": "https://pypi.org/project/narwhals/1.32.0/#files",
42474238
"type": "distribution",
42484239
"comment": "Download location for component"
42494240
},
@@ -4260,7 +4251,7 @@
42604251
"type": "issue-tracker"
42614252
}
42624253
],
4263-
"purl": "pkg:pypi/narwhals@1.31.0",
4254+
"purl": "pkg:pypi/narwhals@1.32.0",
42644255
"properties": [
42654256
{
42664257
"name": "release_date",
@@ -4604,7 +4595,7 @@
46044595
"type": "library",
46054596
"bom-ref": "71-setuptools",
46064597
"name": "setuptools",
4607-
"version": "77.0.3",
4598+
"version": "78.1.0",
46084599
"supplier": {
46094600
"name": "Python Packaging Authority",
46104601
"contact": [
@@ -4613,8 +4604,14 @@
46134604
}
46144605
]
46154606
},
4616-
"cpe": "cpe:2.3:a:python_packaging_authority:setuptools:77.0.3:*:*:*:*:*:*:*",
4607+
"cpe": "cpe:2.3:a:python_packaging_authority:setuptools:78.1.0:*:*:*:*:*:*:*",
46174608
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
4609+
"hashes": [
4610+
{
4611+
"alg": "SHA-256",
4612+
"content": "3e386e96793c8702ae83d17b853fb93d3e09ef82ec62722e61da5cd22376dcd8"
4613+
}
4614+
],
46184615
"licenses": [
46194616
{
46204617
"license": {
@@ -4626,7 +4623,7 @@
46264623
],
46274624
"externalReferences": [
46284625
{
4629-
"url": "https://pypi.org/project/setuptools/77.0.3/#files",
4626+
"url": "https://pypi.org/project/setuptools/78.1.0/#files",
46304627
"type": "distribution",
46314628
"comment": "Download location for component"
46324629
},
@@ -4643,11 +4640,11 @@
46434640
"type": "log"
46444641
}
46454642
],
4646-
"purl": "pkg:pypi/setuptools@77.0.3",
4643+
"purl": "pkg:pypi/setuptools@78.1.0",
46474644
"properties": [
46484645
{
46494646
"name": "release_date",
4650-
"value": "2024-07-24T21:57:45Z"
4647+
"value": "2025-03-25T22:49:33Z"
46514648
},
46524649
{
46534650
"name": "language",

0 commit comments

Comments
 (0)