chore: update SBOM for Python 3.9 (#4528)

github-actions[bot] · web-flow · web-flow · commit b4c371b803f4 · 2024-10-28T14:15:49.000-07:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:446914dd-c18a-4e5a-8c75-a21664d12eb9",
+  "serialNumber": "urn:uuid:fad70535-a2c6-4cf6-84b8-75bf196560b4",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-10-21T00:38:06Z",
+    "timestamp": "2024-10-28T00:40:22Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -129,6 +129,12 @@
       },
       "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
       "description": "Happy Eyeballs for asyncio",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -215,7 +221,7 @@
       "type": "library",
       "bom-ref": "5-frozenlist",
       "name": "frozenlist",
-      "version": "1.4.1",
+      "version": "1.5.0",
       "description": "A list-like structure which implements collections.abc.MutableSequence",
       "licenses": [
         {
@@ -233,12 +239,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/frozenlist/1.4.1/#files",
+          "url": "https://pypi.org/project/frozenlist/1.5.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/frozenlist@1.4.1",
+      "purl": "pkg:pypi/frozenlist@1.5.0",
       "properties": [
         {
           "name": "language",
@@ -247,10 +253,6 @@
         {
           "name": "python_version",
           "value": "3.9.20"
-        },
-        {
-          "name": "package_release_date",
-          "value": "2023-12-15T08:40:29.000Z"
         }
       ]
     },
@@ -432,7 +434,7 @@
       "type": "library",
       "bom-ref": "10-yarl",
       "name": "yarl",
-      "version": "1.15.5",
+      "version": "1.16.0",
       "supplier": {
         "name": "Andrew Svetlov",
         "contact": [
@@ -441,7 +443,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*",
       "description": "Yet another URL library",
       "licenses": [
         {
@@ -459,12 +461,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/yarl/1.15.5/#files",
+          "url": "https://pypi.org/project/yarl/1.16.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/yarl@1.15.5",
+      "purl": "pkg:pypi/yarl@1.16.0",
       "properties": [
         {
           "name": "language",
@@ -2775,18 +2777,12 @@
       "type": "library",
       "bom-ref": "57-packageurl-python",
       "name": "packageurl-python",
-      "version": "0.15.6",
+      "version": "0.16.0",
       "supplier": {
         "name": "the purl authors"
       },
-      "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
       "description": "A purl aka. Package URL parser and builder",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "14a11b50ab723796888133d3722b5b3e2845b084"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -2803,12 +2799,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/packageurl-python/0.15.6/#files",
+          "url": "https://pypi.org/project/packageurl-python/0.16.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/packageurl-python@0.15.6",
+      "purl": "pkg:pypi/packageurl-python@0.16.0",
       "properties": [
         {
           "name": "language",
@@ -2824,7 +2820,7 @@
       "type": "library",
       "bom-ref": "58-rich",
       "name": "rich",
-      "version": "13.9.2",
+      "version": "13.9.3",
       "supplier": {
         "name": "Will McGugan",
         "contact": [
@@ -2833,7 +2829,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*",
       "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
       "licenses": [
         {
@@ -2851,12 +2847,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/rich/13.9.2/#files",
+          "url": "https://pypi.org/project/rich/13.9.3/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rich@13.9.2",
+      "purl": "pkg:pypi/rich@13.9.3",
       "properties": [
         {
           "name": "language",
@@ -3590,7 +3586,7 @@
       "type": "library",
       "bom-ref": "74-elementpath",
       "name": "elementpath",
-      "version": "4.5.0",
+      "version": "4.6.0",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -3599,7 +3595,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*",
       "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
       "licenses": [
         {
@@ -3617,12 +3613,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/elementpath/4.5.0/#files",
+          "url": "https://pypi.org/project/elementpath/4.6.0/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/elementpath@4.5.0",
+      "purl": "pkg:pypi/elementpath@4.6.0",
       "properties": [
         {
           "name": "language",
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fb473dd3-9d06-4045-8446-8b94d55b0135
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-eb859755-2df3-4cff-8f13-6688d449550c
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.11.3
-Created: 2024-10-21T00:37:14Z
+Created: 2024-10-28T00:39:33Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -49,6 +49,7 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
 PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
+PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
 PackageLicenseDeclared: PSF-2.0
 PackageLicenseConcluded: PSF-2.0
 PackageCopyrightText: NOASSERTION
@@ -76,18 +77,18 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1
 
 PackageName: frozenlist
 SPDXID: SPDXRef-5-frozenlist
-PackageVersion: 1.4.1
+PackageVersion: 1.5.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.1/#files
+PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/frozenlist
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A list-like structure which implements collections.abc.MutableSequence</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0
 ##### 
 
 PackageName: async-timeout
@@ -157,18 +158,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
 
 PackageName: yarl
 SPDXID: SPDXRef-10-yarl
-PackageVersion: 1.15.5
+PackageVersion: 1.16.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.16.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/yarl
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Yet another URL library</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.16.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.16.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: idna
@@ -945,35 +946,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*
 
 PackageName: packageurl-python
 SPDXID: SPDXRef-57-packageurl-python
-PackageVersion: 0.15.6
+PackageVersion: 0.16.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6/#files
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/package-url/packageurl-python
-PackageChecksum: SHA1: 14a11b50ab723796888133d3722b5b3e2845b084
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A purl aka. Package URL parser and builder</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.15.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: rich
 SPDXID: SPDXRef-58-rich
-PackageVersion: 13.9.2
+PackageVersion: 13.9.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.9.2/#files
+PackageDownloadLocation: https://pypi.org/project/rich/13.9.3/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/Textualize/rich
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: markdown-it-py
@@ -1224,18 +1224,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*
 
 PackageName: elementpath
 SPDXID: SPDXRef-74-elementpath
-PackageVersion: 4.5.0
+PackageVersion: 4.6.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.5.0/#files
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/sissaschool/elementpath
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: zstandard
