chore: update SBOM for Python 3.11 (#3355)

Co-authored-by: GitHub <[email protected]>

sbom/cve-bin-tool-py3.11.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:9e0d9ef6-4219-4732-b001-2a804ed48e4b",
+  "serialNumber": "urn:uuid:758a5fba-6b35-4744-83e4-2c943faa0649",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-09-18T00:25:32Z",
+    "timestamp": "2023-09-25T02:38:40Z",
     "tools": {
       "components": [
         {
@@ -494,7 +494,7 @@
       "type": "library",
       "bom-ref": "16-gsutil",
       "name": "gsutil",
-      "version": "5.25",
+      "version": "5.26",
       "supplier": {
         "name": "Google Inc.",
         "contact": [
@@ -503,7 +503,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_inc.:gsutil:5.26:*:*:*:*:*:*:*",
       "description": "A command line tool for interacting with cloud storage services.",
       "licenses": [
         {
@@ -515,12 +515,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/gsutil/5.25",
+          "url": "https://pypi.org/project/gsutil/5.26",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/gsutil@5.25",
+      "purl": "pkg:pypi/gsutil@5.26",
       "properties": [
         {
           "name": "License Comments",
@@ -602,11 +602,11 @@
       "type": "library",
       "bom-ref": "19-fasteners",
       "name": "fasteners",
-      "version": "0.18",
+      "version": "0.19",
       "supplier": {
         "name": "Joshua Harlow"
       },
-      "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*",
       "description": "A python package that provides useful locks",
       "licenses": [
         {
@@ -618,18 +618,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/fasteners/0.18",
+          "url": "https://pypi.org/project/fasteners/0.19",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected]",
-      "properties": [
-        {
-          "name": "License Comments",
-          "value": "fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression."
-        }
-      ]
+      "purl": "pkg:pypi/[email protected]"
     },
     {
       "type": "library",
@@ -1053,7 +1047,7 @@
       "type": "library",
       "bom-ref": "32-cryptography",
       "name": "cryptography",
-      "version": "41.0.3",
+      "version": "41.0.4",
       "supplier": {
         "name": "The Python Cryptographic Authority and individual contributors",
         "contact": [
@@ -1062,7 +1056,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.4:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
       "licenses": [
         {
@@ -1073,12 +1067,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cryptography/41.0.3",
+          "url": "https://pypi.org/project/cryptography/41.0.4",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].3"
+      "purl": "pkg:pypi/[email protected].4"
     },
     {
       "type": "library",
@@ -1419,11 +1413,11 @@
       "type": "library",
       "bom-ref": "43-jsonschema",
       "name": "jsonschema",
-      "version": "4.19.0",
+      "version": "4.19.1",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.19.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.19.1:*:*:*:*:*:*:*",
       "description": "An implementation of JSON Schema validation for Python",
       "licenses": [
         {
@@ -1435,12 +1429,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/jsonschema/4.19.0",
+          "url": "https://pypi.org/project/jsonschema/4.19.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].0"
+      "purl": "pkg:pypi/[email protected].1"
     },
     {
       "type": "library",
@@ -2020,7 +2014,7 @@
       "type": "library",
       "bom-ref": "62-xmlschema",
       "name": "xmlschema",
-      "version": "2.4.0",
+      "version": "2.5.0",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -2029,7 +2023,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.4.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.5.0:*:*:*:*:*:*:*",
       "description": "An XML Schema validator and decoder",
       "licenses": [
         {
@@ -2041,12 +2035,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/xmlschema/2.4.0",
+          "url": "https://pypi.org/project/xmlschema/2.5.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/xmlschema@2.4.0"
+      "purl": "pkg:pypi/xmlschema@2.5.0"
     },
     {
       "type": "library",

sbom/cve-bin-tool-py3.11.spdx

@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9b7d661f-8c05-4a65-b825-97c65f0eeeec
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-614e9003-0e56-4c10-8646-baa4fe349f4d
 LicenseListVersion: 3.21
 Creator: Tool: sbom4python-0.10.0
-Created: 2023-09-18T00:24:17Z
+Created: 2023-09-25T02:37:27Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -240,18 +240,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:*
 
 PackageName: gsutil
 SPDXID: SPDXRef-Package-16-gsutil
-PackageVersion: 5.25
+PackageVersion: 5.26
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Google Inc. ([email protected])
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.25
+PackageDownloadLocation: https://pypi.org/project/gsutil/5.26
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A command line tool for interacting with cloud storage services.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.25
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.26
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.26:*:*:*:*:*:*:*
 ##### 
 
 PackageName: argcomplete
@@ -287,18 +287,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
 
 PackageName: fasteners
 SPDXID: SPDXRef-Package-19-fasteners
-PackageVersion: 0.18
+PackageVersion: 0.19
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Joshua Harlow
-PackageDownloadLocation: https://pypi.org/project/fasteners/0.18
+PackageDownloadLocation: https://pypi.org/project/fasteners/0.19
 FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
+PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: <text>fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A python package that provides useful locks</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.18
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.19
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*
 ##### 
 
 PackageName: gcs-oauth2-boto-plugin
@@ -490,17 +489,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.
 
 PackageName: cryptography
 SPDXID: SPDXRef-Package-32-cryptography
-PackageVersion: 41.0.3
+PackageVersion: 41.0.4
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors ([email protected])
-PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.3
+PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.4
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
 PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.4:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
@@ -658,17 +657,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected]
 
 PackageName: jsonschema
 SPDXID: SPDXRef-Package-43-jsonschema
-PackageVersion: 4.19.0
+PackageVersion: 4.19.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.19.0
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.19.1
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An implementation of JSON Schema validation for Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.19.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.19.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jsonschema-specifications
@@ -948,17 +947,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
 
 PackageName: xmlschema
 SPDXID: SPDXRef-Package-62-xmlschema
-PackageVersion: 2.4.0
+PackageVersion: 2.5.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato ([email protected])
-PackageDownloadLocation: https://pypi.org/project/xmlschema/2.4.0
+PackageDownloadLocation: https://pypi.org/project/xmlschema/2.5.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An XML Schema validator and decoder</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.4.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.5.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: elementpath