chore: update SBOM for Python 3.8 (#3563)

github-actions[bot] · web-flow · web-flow · commit dc2bc84b5a8d · 2023-12-04T12:30:31.000-08:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:ad8b422c-3353-40d3-9fe2-39159471e9e1",
+  "serialNumber": "urn:uuid:63b6ddf0-0f47-4d29-9bc7-d74d55620fb5",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-11-27T00:27:09Z",
+    "timestamp": "2023-12-04T00:27:26Z",
     "tools": {
       "components": [
         {
@@ -26,7 +26,7 @@
       "type": "application",
       "bom-ref": "1-cve-bin-tool",
       "name": "cve-bin-tool",
-      "version": "3.2.2.dev0",
+      "version": "3.3a0",
       "supplier": {
         "name": "Terri Oda",
         "contact": [
@@ -35,7 +35,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.2.2.dev0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.3a0:*:*:*:*:*:*:*",
       "description": "CVE Binary Checker Tool",
       "licenses": [
         {
@@ -47,12 +47,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cve-bin-tool/3.2.2.dev0",
+          "url": "https://pypi.org/project/cve-bin-tool/3.3a0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cve-bin-tool@3.2.2.dev0",
+      "purl": "pkg:pypi/cve-bin-tool@3.3a0",
       "properties": [
         {
           "name": "language",
@@ -1173,7 +1173,7 @@
       "type": "library",
       "bom-ref": "31-cryptography",
       "name": "cryptography",
-      "version": "41.0.5",
+      "version": "41.0.7",
       "supplier": {
         "name": "The Python Cryptographic Authority and individual contributors",
         "contact": [
@@ -1182,7 +1182,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.5:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.7:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
       "licenses": [
         {
@@ -1191,12 +1191,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cryptography/41.0.5",
+          "url": "https://pypi.org/project/cryptography/41.0.7",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cryptography@41.0.5",
+      "purl": "pkg:pypi/cryptography@41.0.7",
       "properties": [
         {
           "name": "language",
@@ -1368,7 +1368,7 @@
       "type": "library",
       "bom-ref": "36-google-auth",
       "name": "google-auth",
-      "version": "2.23.4",
+      "version": "2.24.0",
       "supplier": {
         "name": "Google Cloud Platform",
         "contact": [
@@ -1377,7 +1377,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.23.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.24.0:*:*:*:*:*:*:*",
       "description": "Google Authentication Library",
       "licenses": [
         {
@@ -1389,12 +1389,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/google-auth/2.23.4",
+          "url": "https://pypi.org/project/google-auth/2.24.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/google-auth@2.23.4",
+      "purl": "pkg:pypi/google-auth@2.24.0",
       "properties": [
         {
           "name": "language",
@@ -1490,7 +1490,7 @@
       "type": "library",
       "bom-ref": "39-importlib-metadata",
       "name": "importlib-metadata",
-      "version": "6.8.0",
+      "version": "7.0.0",
       "supplier": {
         "name": "Jason R . Coombs",
         "contact": [
@@ -1499,16 +1499,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:6.8.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:7.0.0:*:*:*:*:*:*:*",
       "description": "Read metadata from Python packages",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/importlib-metadata/6.8.0",
+          "url": "https://pypi.org/project/importlib-metadata/7.0.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/importlib-metadata@6.8.0",
+      "purl": "pkg:pypi/importlib-metadata@7.0.0",
       "properties": [
         {
           "name": "language",
@@ -1684,11 +1684,11 @@
       "type": "library",
       "bom-ref": "45-jsonschema-specifications",
       "name": "jsonschema-specifications",
-      "version": "2023.11.1",
+      "version": "2023.11.2",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:*",
       "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
       "licenses": [
         {
@@ -1700,12 +1700,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/jsonschema-specifications/2023.11.1",
+          "url": "https://pypi.org/project/jsonschema-specifications/2023.11.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/jsonschema-specifications@2023.11.1",
+      "purl": "pkg:pypi/jsonschema-specifications@2023.11.2",
       "properties": [
         {
           "name": "language",
@@ -1717,11 +1717,11 @@
       "type": "library",
       "bom-ref": "46-referencing",
       "name": "referencing",
-      "version": "0.31.0",
+      "version": "0.31.1",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:referencing:0.31.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:referencing:0.31.1:*:*:*:*:*:*:*",
       "description": "JSON Referencing + Python",
       "licenses": [
         {
@@ -1733,12 +1733,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/referencing/0.31.0",
+          "url": "https://pypi.org/project/referencing/0.31.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/referencing@0.31.0",
+      "purl": "pkg:pypi/referencing@0.31.1",
       "properties": [
         {
           "name": "language",
@@ -1750,11 +1750,11 @@
       "type": "library",
       "bom-ref": "47-rpds-py",
       "name": "rpds-py",
-      "version": "0.13.1",
+      "version": "0.13.2",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.13.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.13.2:*:*:*:*:*:*:*",
       "description": "Python bindings to Rust's persistent data structures (rpds)",
       "licenses": [
         {
@@ -1766,12 +1766,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/rpds-py/0.13.1",
+          "url": "https://pypi.org/project/rpds-py/0.13.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rpds-py@0.13.1",
+      "purl": "pkg:pypi/rpds-py@0.13.2",
       "properties": [
         {
           "name": "language",
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,26 +2,26 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-49c0d102-3d22-46cc-bb3f-a32a0fa5b018
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c97adb49-cd97-4afa-abfa-56c2f899134b
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.10.1
-Created: 2023-11-27T00:25:54Z
+Created: 2023-12-04T00:26:07Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
 PackageName: cve-bin-tool
 SPDXID: SPDXRef-Package-1-cve-bin-tool
-PackageVersion: 3.2.2.dev0
+PackageVersion: 3.3a0
 PrimaryPackagePurpose: APPLICATION
 PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
-PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.2.2.dev0
+PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3a0
 FilesAnalyzed: false
 PackageLicenseDeclared: GPL-3.0-or-later
 PackageLicenseConcluded: GPL-3.0-or-later
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>CVE Binary Checker Tool</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.2.2.dev0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.2.dev0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.3a0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3a0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: aiohttp
@@ -474,17 +474,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.
 
 PackageName: cryptography
 SPDXID: SPDXRef-Package-31-cryptography
-PackageVersion: 41.0.5
+PackageVersion: 41.0.7
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.5
+PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.7
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
 PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.7
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.7:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
@@ -551,18 +551,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
 
 PackageName: google-auth
 SPDXID: SPDXRef-Package-36-google-auth
-PackageVersion: 2.23.4
+PackageVersion: 2.24.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.23.4
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.24.0
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Google Authentication Library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.23.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.23.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.24.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.24.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cachetools
@@ -598,17 +598,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
 
 PackageName: importlib-metadata
 SPDXID: SPDXRef-Package-39-importlib-metadata
-PackageVersion: 6.8.0
+PackageVersion: 7.0.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/importlib-metadata/6.8.0
+PackageDownloadLocation: https://pypi.org/project/importlib-metadata/7.0.0
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Read metadata from Python packages</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-metadata@6.8.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:6.8.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-metadata@7.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:7.0.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: zipp
@@ -687,47 +687,47 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*:
 
 PackageName: jsonschema-specifications
 SPDXID: SPDXRef-Package-45-jsonschema-specifications
-PackageVersion: 2023.11.1
+PackageVersion: 2023.11.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.11.1
+PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.11.2
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>The JSON Schema meta-schemas and vocabularies, exposed as a Registry</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.11.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.11.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: referencing
 SPDXID: SPDXRef-Package-46-referencing
-PackageVersion: 0.31.0
+PackageVersion: 0.31.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.31.0
+PackageDownloadLocation: https://pypi.org/project/referencing/0.31.1
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>JSON Referencing + Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.31.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.31.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.31.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.31.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: rpds-py
 SPDXID: SPDXRef-Package-47-rpds-py
-PackageVersion: 0.13.1
+PackageVersion: 0.13.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.13.1
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.13.2
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python bindings to Rust's persistent data structures (rpds)</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.13.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.13.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.13.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.13.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: pkgutil-resolve-name
