-
Notifications
You must be signed in to change notification settings - Fork 454
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: update SBOM for Python 3.11 (#3355)
Co-authored-by: GitHub <[email protected]>
- Loading branch information
1 parent
2d2584c
commit 55afd3c
Showing
2 changed files
with
45 additions
and
52 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,10 +2,10 @@ | |
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", | ||
"bomFormat": "CycloneDX", | ||
"specVersion": "1.5", | ||
"serialNumber": "urn:uuid:9e0d9ef6-4219-4732-b001-2a804ed48e4b", | ||
"serialNumber": "urn:uuid:758a5fba-6b35-4744-83e4-2c943faa0649", | ||
"version": 1, | ||
"metadata": { | ||
"timestamp": "2023-09-18T00:25:32Z", | ||
"timestamp": "2023-09-25T02:38:40Z", | ||
"tools": { | ||
"components": [ | ||
{ | ||
|
@@ -494,7 +494,7 @@ | |
"type": "library", | ||
"bom-ref": "16-gsutil", | ||
"name": "gsutil", | ||
"version": "5.25", | ||
"version": "5.26", | ||
"supplier": { | ||
"name": "Google Inc.", | ||
"contact": [ | ||
|
@@ -503,7 +503,7 @@ | |
} | ||
] | ||
}, | ||
"cpe": "cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:*", | ||
"cpe": "cpe:2.3:a:google_inc.:gsutil:5.26:*:*:*:*:*:*:*", | ||
"description": "A command line tool for interacting with cloud storage services.", | ||
"licenses": [ | ||
{ | ||
|
@@ -515,12 +515,12 @@ | |
], | ||
"externalReferences": [ | ||
{ | ||
"url": "https://pypi.org/project/gsutil/5.25", | ||
"url": "https://pypi.org/project/gsutil/5.26", | ||
"type": "distribution", | ||
"comment": "Download location for component" | ||
} | ||
], | ||
"purl": "pkg:pypi/gsutil@5.25", | ||
"purl": "pkg:pypi/gsutil@5.26", | ||
"properties": [ | ||
{ | ||
"name": "License Comments", | ||
|
@@ -602,11 +602,11 @@ | |
"type": "library", | ||
"bom-ref": "19-fasteners", | ||
"name": "fasteners", | ||
"version": "0.18", | ||
"version": "0.19", | ||
"supplier": { | ||
"name": "Joshua Harlow" | ||
}, | ||
"cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:*", | ||
"cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*", | ||
"description": "A python package that provides useful locks", | ||
"licenses": [ | ||
{ | ||
|
@@ -618,18 +618,12 @@ | |
], | ||
"externalReferences": [ | ||
{ | ||
"url": "https://pypi.org/project/fasteners/0.18", | ||
"url": "https://pypi.org/project/fasteners/0.19", | ||
"type": "distribution", | ||
"comment": "Download location for component" | ||
} | ||
], | ||
"purl": "pkg:pypi/[email protected]", | ||
"properties": [ | ||
{ | ||
"name": "License Comments", | ||
"value": "fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression." | ||
} | ||
] | ||
"purl": "pkg:pypi/[email protected]" | ||
}, | ||
{ | ||
"type": "library", | ||
|
@@ -1053,7 +1047,7 @@ | |
"type": "library", | ||
"bom-ref": "32-cryptography", | ||
"name": "cryptography", | ||
"version": "41.0.3", | ||
"version": "41.0.4", | ||
"supplier": { | ||
"name": "The Python Cryptographic Authority and individual contributors", | ||
"contact": [ | ||
|
@@ -1062,7 +1056,7 @@ | |
} | ||
] | ||
}, | ||
"cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:*", | ||
"cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.4:*:*:*:*:*:*:*", | ||
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", | ||
"licenses": [ | ||
{ | ||
|
@@ -1073,12 +1067,12 @@ | |
], | ||
"externalReferences": [ | ||
{ | ||
"url": "https://pypi.org/project/cryptography/41.0.3", | ||
"url": "https://pypi.org/project/cryptography/41.0.4", | ||
"type": "distribution", | ||
"comment": "Download location for component" | ||
} | ||
], | ||
"purl": "pkg:pypi/[email protected].3" | ||
"purl": "pkg:pypi/[email protected].4" | ||
}, | ||
{ | ||
"type": "library", | ||
|
@@ -1419,11 +1413,11 @@ | |
"type": "library", | ||
"bom-ref": "43-jsonschema", | ||
"name": "jsonschema", | ||
"version": "4.19.0", | ||
"version": "4.19.1", | ||
"supplier": { | ||
"name": "Julian Berman" | ||
}, | ||
"cpe": "cpe:2.3:a:julian_berman:jsonschema:4.19.0:*:*:*:*:*:*:*", | ||
"cpe": "cpe:2.3:a:julian_berman:jsonschema:4.19.1:*:*:*:*:*:*:*", | ||
"description": "An implementation of JSON Schema validation for Python", | ||
"licenses": [ | ||
{ | ||
|
@@ -1435,12 +1429,12 @@ | |
], | ||
"externalReferences": [ | ||
{ | ||
"url": "https://pypi.org/project/jsonschema/4.19.0", | ||
"url": "https://pypi.org/project/jsonschema/4.19.1", | ||
"type": "distribution", | ||
"comment": "Download location for component" | ||
} | ||
], | ||
"purl": "pkg:pypi/[email protected].0" | ||
"purl": "pkg:pypi/[email protected].1" | ||
}, | ||
{ | ||
"type": "library", | ||
|
@@ -2020,7 +2014,7 @@ | |
"type": "library", | ||
"bom-ref": "62-xmlschema", | ||
"name": "xmlschema", | ||
"version": "2.4.0", | ||
"version": "2.5.0", | ||
"supplier": { | ||
"name": "Davide Brunato", | ||
"contact": [ | ||
|
@@ -2029,7 +2023,7 @@ | |
} | ||
] | ||
}, | ||
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.4.0:*:*:*:*:*:*:*", | ||
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.5.0:*:*:*:*:*:*:*", | ||
"description": "An XML Schema validator and decoder", | ||
"licenses": [ | ||
{ | ||
|
@@ -2041,12 +2035,12 @@ | |
], | ||
"externalReferences": [ | ||
{ | ||
"url": "https://pypi.org/project/xmlschema/2.4.0", | ||
"url": "https://pypi.org/project/xmlschema/2.5.0", | ||
"type": "distribution", | ||
"comment": "Download location for component" | ||
} | ||
], | ||
"purl": "pkg:pypi/xmlschema@2.4.0" | ||
"purl": "pkg:pypi/xmlschema@2.5.0" | ||
}, | ||
{ | ||
"type": "library", | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 | |
DataLicense: CC0-1.0 | ||
SPDXID: SPDXRef-DOCUMENT | ||
DocumentName: Python-cve-bin-tool | ||
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9b7d661f-8c05-4a65-b825-97c65f0eeeec | ||
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-614e9003-0e56-4c10-8646-baa4fe349f4d | ||
LicenseListVersion: 3.21 | ||
Creator: Tool: sbom4python-0.10.0 | ||
Created: 2023-09-18T00:24:17Z | ||
Created: 2023-09-25T02:37:27Z | ||
CreatorComment: <text>This document has been automatically generated.</text> | ||
##### | ||
|
||
|
@@ -240,18 +240,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:* | |
|
||
PackageName: gsutil | ||
SPDXID: SPDXRef-Package-16-gsutil | ||
PackageVersion: 5.25 | ||
PackageVersion: 5.26 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Google Inc. ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/gsutil/5.25 | ||
PackageDownloadLocation: https://pypi.org/project/gsutil/5.26 | ||
FilesAnalyzed: false | ||
PackageLicenseDeclared: NOASSERTION | ||
PackageLicenseConcluded: Apache-2.0 | ||
PackageLicenseComments: <text>gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text> | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: <text>A command line tool for interacting with cloud storage services.</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.25 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:* | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.26 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.26:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: argcomplete | ||
|
@@ -287,18 +287,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* | |
|
||
PackageName: fasteners | ||
SPDXID: SPDXRef-Package-19-fasteners | ||
PackageVersion: 0.18 | ||
PackageVersion: 0.19 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Joshua Harlow | ||
PackageDownloadLocation: https://pypi.org/project/fasteners/0.18 | ||
PackageDownloadLocation: https://pypi.org/project/fasteners/0.19 | ||
FilesAnalyzed: false | ||
PackageLicenseDeclared: NOASSERTION | ||
PackageLicenseDeclared: Apache-2.0 | ||
PackageLicenseConcluded: Apache-2.0 | ||
PackageLicenseComments: <text>fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression.</text> | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: <text>A python package that provides useful locks</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.18 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:* | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.19 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: gcs-oauth2-boto-plugin | ||
|
@@ -490,17 +489,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23. | |
|
||
PackageName: cryptography | ||
SPDXID: SPDXRef-Package-32-cryptography | ||
PackageVersion: 41.0.3 | ||
PackageVersion: 41.0.4 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.3 | ||
PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.4 | ||
FilesAnalyzed: false | ||
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause | ||
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].3 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:* | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].4 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.4:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: cffi | ||
|
@@ -658,17 +657,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected] | |
|
||
PackageName: jsonschema | ||
SPDXID: SPDXRef-Package-43-jsonschema | ||
PackageVersion: 4.19.0 | ||
PackageVersion: 4.19.1 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Julian Berman | ||
PackageDownloadLocation: https://pypi.org/project/jsonschema/4.19.0 | ||
PackageDownloadLocation: https://pypi.org/project/jsonschema/4.19.1 | ||
FilesAnalyzed: false | ||
PackageLicenseDeclared: MIT | ||
PackageLicenseConcluded: MIT | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: <text>An implementation of JSON Schema validation for Python</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].0 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.19.0:*:*:*:*:*:*:* | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].1 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.19.1:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: jsonschema-specifications | ||
|
@@ -948,17 +947,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: | |
|
||
PackageName: xmlschema | ||
SPDXID: SPDXRef-Package-62-xmlschema | ||
PackageVersion: 2.4.0 | ||
PackageVersion: 2.5.0 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Davide Brunato ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/xmlschema/2.4.0 | ||
PackageDownloadLocation: https://pypi.org/project/xmlschema/2.5.0 | ||
FilesAnalyzed: false | ||
PackageLicenseDeclared: MIT | ||
PackageLicenseConcluded: MIT | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: <text>An XML Schema validator and decoder</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.4.0 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.4.0:*:*:*:*:*:*:* | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.5.0 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.5.0:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: elementpath | ||
|