From 321a60463581c62acd483471b085f2857f4fc981 Mon Sep 17 00:00:00 2001
From: GitHub <noreply@github.com>
Date: Mon, 13 May 2024 00:28:46 +0000
Subject: [PATCH] chore: update SBOM for Python 3.12

---
 sbom/cve-bin-tool-py3.12.json | 54 ++++++++++++++++-------------------
 sbom/cve-bin-tool-py3.12.spdx | 39 ++++++++++++-------------
 2 files changed, 43 insertions(+), 50 deletions(-)

diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
index ed62e1b698..ac4acfe779 100644
--- a/sbom/cve-bin-tool-py3.12.json
+++ b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:12351262-6b7f-46e3-88c6-5f4fc3b85611",
+  "serialNumber": "urn:uuid:647cf345-f92b-4004-8628-0aa7151539eb",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-05-06T00:28:28Z",
+    "timestamp": "2024-05-13T00:28:45Z",
     "tools": {
       "components": [
         {
@@ -435,6 +435,12 @@
       },
       "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:*",
       "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -604,7 +610,7 @@
       "type": "library",
       "bom-ref": "15-gsutil",
       "name": "gsutil",
-      "version": "5.28",
+      "version": "5.29",
       "supplier": {
         "name": "Google Inc .",
         "contact": [
@@ -613,7 +619,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_inc.:gsutil:5.28:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_inc.:gsutil:5.29:*:*:*:*:*:*:*",
       "description": "A command line tool for interacting with cloud storage services.",
       "licenses": [
         {
@@ -625,12 +631,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/gsutil/5.28",
+          "url": "https://pypi.org/project/gsutil/5.29",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/gsutil@5.28",
+      "purl": "pkg:pypi/gsutil@5.29",
       "properties": [
         {
           "name": "language",
@@ -1466,7 +1472,7 @@
       "type": "library",
       "bom-ref": "34-cryptography",
       "name": "cryptography",
-      "version": "42.0.6",
+      "version": "42.0.7",
       "supplier": {
         "name": "The Python Cryptographic Authority and individual contributors",
         "contact": [
@@ -1475,7 +1481,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.6:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
       "licenses": [
         {
@@ -1484,12 +1490,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cryptography/42.0.6",
+          "url": "https://pypi.org/project/cryptography/42.0.7",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cryptography@42.0.6",
+      "purl": "pkg:pypi/cryptography@42.0.7",
       "properties": [
         {
           "name": "language",
@@ -1772,12 +1778,6 @@
       "name": "markupsafe",
       "version": "2.1.5",
       "description": "Safely add untrusted strings to HTML/XML markup.",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "fbba4acd0312826cec9cfe18371c7df07962cb65"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -1918,11 +1918,11 @@
       "type": "library",
       "bom-ref": "45-rpds-py",
       "name": "rpds-py",
-      "version": "0.18.0",
+      "version": "0.18.1",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.18.1:*:*:*:*:*:*:*",
       "description": "Python bindings to Rust's persistent data structures (rpds)",
       "licenses": [
         {
@@ -1934,12 +1934,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/rpds-py/0.18.0",
+          "url": "https://pypi.org/project/rpds-py/0.18.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rpds-py@0.18.0",
+      "purl": "pkg:pypi/rpds-py@0.18.1",
       "properties": [
         {
           "name": "language",
@@ -2218,7 +2218,7 @@
       "type": "library",
       "bom-ref": "52-tenacity",
       "name": "tenacity",
-      "version": "8.2.3",
+      "version": "8.3.0",
       "supplier": {
         "name": "Julien Danjou",
         "contact": [
@@ -2227,14 +2227,8 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.3.0:*:*:*:*:*:*:*",
       "description": "Retry code until it succeeds",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "41ed2420cda8ab7650a39900451099f4730266c3"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -2245,12 +2239,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/tenacity/8.2.3",
+          "url": "https://pypi.org/project/tenacity/8.3.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/tenacity@8.2.3",
+      "purl": "pkg:pypi/tenacity@8.3.0",
       "properties": [
         {
           "name": "language",
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
index beaa141b11..3fef1d1b19 100644
--- a/sbom/cve-bin-tool-py3.12.spdx
+++ b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8d81238b-9384-4182-821b-52125fbd59c3
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-d2671e66-189e-4da7-8011-d89002436f1a
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.10.4
-Created: 2024-05-06T00:26:55Z
+Created: 2024-05-13T00:27:17Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -172,6 +172,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
 PackageDownloadLocation: https://pypi.org/project/cvss/3.1
 FilesAnalyzed: false
+PackageChecksum: SHA1: e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: LGPL-3.0-or-later
 PackageLicenseComments: <text>cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.</text>
@@ -232,18 +233,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:
 
 PackageName: gsutil
 SPDXID: SPDXRef-Package-15-gsutil
-PackageVersion: 5.28
+PackageVersion: 5.29
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.28
+PackageDownloadLocation: https://pypi.org/project/gsutil/5.29
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A command line tool for interacting with cloud storage services.</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.28
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.28:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.29
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.29:*:*:*:*:*:*:*
 ##### 
 
 PackageName: argcomplete
@@ -540,17 +541,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.
 
 PackageName: cryptography
 SPDXID: SPDXRef-Package-34-cryptography
-PackageVersion: 42.0.6
+PackageVersion: 42.0.7
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.6
+PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.7
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
 PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.6:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.7
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.7:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
@@ -656,7 +657,6 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: NOASSERTION
 PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.5
 FilesAnalyzed: false
-PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65
 PackageLicenseDeclared: BSD-3-Clause
 PackageLicenseConcluded: BSD-3-Clause
 PackageCopyrightText: NOASSERTION
@@ -712,17 +712,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*
 
 PackageName: rpds-py
 SPDXID: SPDXRef-Package-45-rpds-py
-PackageVersion: 0.18.0
+PackageVersion: 0.18.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.18.0
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.18.1
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python bindings to Rust's persistent data structures (rpds)</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.18.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.18.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: lib4sbom
@@ -822,19 +822,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*
 
 PackageName: tenacity
 SPDXID: SPDXRef-Package-52-tenacity
-PackageVersion: 8.2.3
+PackageVersion: 8.3.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julien Danjou (julien@danjou.info)
-PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.3
+PackageDownloadLocation: https://pypi.org/project/tenacity/8.3.0
 FilesAnalyzed: false
-PackageChecksum: SHA1: 41ed2420cda8ab7650a39900451099f4730266c3
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Retry code until it succeeds</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.2.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.3.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: python-gnupg