chore: update SBOM for Python 3.8 (#3517)

github-actions[bot] · web-flow · web-flow · commit 59cb6fe355cd · 2023-11-13T10:31:35.000-08:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:0d337128-8043-410a-958f-5b759eb2bc29",
+  "serialNumber": "urn:uuid:e8392695-9371-4090-934a-62a03621952e",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-11-06T00:26:15Z",
+    "timestamp": "2023-11-13T00:26:18Z",
     "tools": {
       "components": [
         {
@@ -544,7 +544,7 @@
       "type": "library",
       "bom-ref": "17-argcomplete",
       "name": "argcomplete",
-      "version": "3.1.4",
+      "version": "3.1.6",
       "supplier": {
         "name": "Andrey Kislyuk",
         "contact": [
@@ -553,7 +553,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.6:*:*:*:*:*:*:*",
       "description": "Bash tab completion for argparse",
       "licenses": [
         {
@@ -565,12 +565,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/argcomplete/3.1.4",
+          "url": "https://pypi.org/project/argcomplete/3.1.6",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/argcomplete@3.1.4",
+      "purl": "pkg:pypi/argcomplete@3.1.6",
       "properties": [
         {
           "name": "License Comments",
@@ -1384,7 +1384,7 @@
       "type": "library",
       "bom-ref": "42-importlib-resources",
       "name": "importlib-resources",
-      "version": "6.1.0",
+      "version": "6.1.1",
       "supplier": {
         "name": "Barry Warsaw",
         "contact": [
@@ -1393,16 +1393,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.1.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.1.1:*:*:*:*:*:*:*",
       "description": "Read resources from Python packages",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/importlib-resources/6.1.0",
+          "url": "https://pypi.org/project/importlib-resources/6.1.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/importlib-resources@6.1.0"
+      "purl": "pkg:pypi/importlib-resources@6.1.1"
     },
     {
       "type": "library",
@@ -2101,7 +2101,7 @@
       "type": "library",
       "bom-ref": "66-rpmfile",
       "name": "rpmfile",
-      "version": "1.1.1",
+      "version": "2.0.0",
       "supplier": {
         "name": "Sean Ross",
         "contact": [
@@ -2110,7 +2110,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*",
       "description": "Read rpm archive files",
       "licenses": [
         {
@@ -2122,12 +2122,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/rpmfile/1.1.1",
+          "url": "https://pypi.org/project/rpmfile/2.0.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rpmfile@1.1.1"
+      "purl": "pkg:pypi/rpmfile@2.0.0"
     },
     {
       "type": "library",
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-f51c8a98-01cc-461e-9cb6-719415e95c01
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-d5cb827d-62d1-4395-bc5c-4b146e1be7c2
 LicenseListVersion: 3.21
 Creator: Tool: sbom4python-0.10.0
-Created: 2023-11-06T00:25:00Z
+Created: 2023-11-13T00:25:05Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -256,18 +256,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*
 
 PackageName: argcomplete
 SPDXID: SPDXRef-Package-17-argcomplete
-PackageVersion: 3.1.4
+PackageVersion: 3.1.6
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.4
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.6
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Bash tab completion for argparse</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.1.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.1.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.6:*:*:*:*:*:*:*
 ##### 
 
 PackageName: crcmod
@@ -643,17 +643,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.17.0:*:*:*:*:*:
 
 PackageName: importlib-resources
 SPDXID: SPDXRef-Package-42-importlib-resources
-PackageVersion: 6.1.0
+PackageVersion: 6.1.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Barry Warsaw (barry@python.org)
-PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.1.0
+PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.1.1
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Read resources from Python packages</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-resources@6.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-resources@6.1.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.1.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jinja2
@@ -1007,17 +1007,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
 
 PackageName: rpmfile
 SPDXID: SPDXRef-Package-66-rpmfile
-PackageVersion: 1.1.1
+PackageVersion: 2.0.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Sean Ross (srossross@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rpmfile/1.1.1
+PackageDownloadLocation: https://pypi.org/project/rpmfile/2.0.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Read rpm archive files</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@1.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@2.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: toml
