chore: update SBOM for Python 3.10 (#4361)

github-actions[bot] · web-flow · web-flow · commit 657fc1384e44 · 2024-08-19T11:52:24.000-07:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:b2a3ef54-5071-4b59-a347-d01baa74b594",
+  "serialNumber": "urn:uuid:22720d5a-f6b4-4a5c-84a7-38b76308c94c",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-08-12T00:35:19Z",
+    "timestamp": "2024-08-19T00:34:42Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -74,7 +74,7 @@
       "type": "library",
       "bom-ref": "2-aiohttp",
       "name": "aiohttp",
-      "version": "3.10.3",
+      "version": "3.10.4",
       "description": "Async http client/server framework (asyncio)",
       "licenses": [
         {
@@ -87,12 +87,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/aiohttp/3.10.3",
+          "url": "https://pypi.org/project/aiohttp/3.10.4",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/aiohttp@3.10.3",
+      "purl": "pkg:pypi/aiohttp@3.10.4",
       "properties": [
         {
           "name": "language",
@@ -108,7 +108,7 @@
       "type": "library",
       "bom-ref": "3-aiohappyeyeballs",
       "name": "aiohappyeyeballs",
-      "version": "2.3.5",
+      "version": "2.3.7",
       "supplier": {
         "name": "J. Nick Koston",
         "contact": [
@@ -117,31 +117,25 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.5:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.7:*:*:*:*:*:*:*",
       "description": "Happy Eyeballs for asyncio",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "01595bbda3380154cc4e72702a1f82502a15940a"
-        }
-      ],
       "licenses": [
         {
           "license": {
-            "id": "Python-2.0",
-            "url": "https://opensource.org/licenses/Python-2.0",
+            "id": "Python-2.0.1",
+            "url": "https://www.python.org/download/releases/2.0.1/license/",
             "acknowledgement": "concluded"
           }
         }
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/aiohappyeyeballs/2.3.5",
+          "url": "https://pypi.org/project/aiohappyeyeballs/2.3.7",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/aiohappyeyeballs@2.3.5",
+      "purl": "pkg:pypi/aiohappyeyeballs@2.3.7",
       "properties": [
         {
           "name": "language",
@@ -494,7 +488,7 @@
       "type": "library",
       "bom-ref": "12-soupsieve",
       "name": "soupsieve",
-      "version": "2.5",
+      "version": "2.6",
       "supplier": {
         "name": "Isaac Muse",
         "contact": [
@@ -503,22 +497,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
       "description": "A modern CSS selector implementation for Beautiful Soup.",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "51ec317ada7e34f70fad6bfddaef8a2cfac1aebd"
-        }
-      ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/soupsieve/2.5",
+          "url": "https://pypi.org/project/soupsieve/2.6",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/soupsieve@2.5",
+      "purl": "pkg:pypi/soupsieve@2.6",
       "properties": [
         {
           "name": "language",
@@ -1038,7 +1026,7 @@
       "type": "library",
       "bom-ref": "24-cachetools",
       "name": "cachetools",
-      "version": "5.4.0",
+      "version": "5.5.0",
       "supplier": {
         "name": "Thomas Kemmer",
         "contact": [
@@ -1047,7 +1035,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.4.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
       "description": "Extensible memoizing collections and decorators",
       "licenses": [
         {
@@ -1060,12 +1048,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cachetools/5.4.0",
+          "url": "https://pypi.org/project/cachetools/5.5.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cachetools@5.4.0",
+      "purl": "pkg:pypi/cachetools@5.5.0",
       "properties": [
         {
           "name": "language",
@@ -2084,7 +2072,7 @@
       "type": "library",
       "bom-ref": "48-lib4sbom",
       "name": "lib4sbom",
-      "version": "0.7.2",
+      "version": "0.7.3",
       "supplier": {
         "name": "Anthony Harrison",
         "contact": [
@@ -2093,7 +2081,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.3:*:*:*:*:*:*:*",
       "description": "Software Bill of Material (SBOM) generator and consumer library",
       "licenses": [
         {
@@ -2106,12 +2094,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/lib4sbom/0.7.2",
+          "url": "https://pypi.org/project/lib4sbom/0.7.3",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/lib4sbom@0.7.2",
+      "purl": "pkg:pypi/lib4sbom@0.7.3",
       "properties": [
         {
           "name": "language",
@@ -2323,6 +2311,12 @@
       },
       "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*",
       "description": "A purl aka. Package URL parser and builder",
+      "hashes": [
+        {
+          "alg": "SHA-1",
+          "content": "14a11b50ab723796888133d3722b5b3e2845b084"
+        }
+      ],
       "licenses": [
         {
           "license": {
@@ -2920,7 +2914,7 @@
       "type": "library",
       "bom-ref": "67-setuptools",
       "name": "setuptools",
-      "version": "72.1.0",
+      "version": "72.2.0",
       "supplier": {
         "name": "Python Packaging Authority",
         "contact": [
@@ -2929,16 +2923,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:72.2.0:*:*:*:*:*:*:*",
       "description": "Easily download, build, install, upgrade, and uninstall Python packages",
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/setuptools/72.1.0",
+          "url": "https://pypi.org/project/setuptools/72.2.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/setuptools@72.1.0",
+      "purl": "pkg:pypi/setuptools@72.2.0",
       "properties": [
         {
           "name": "language",
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-d4f53a29-2289-4fd0-aab5-dc209d7086f9
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-af9fbf22-0efe-4861-a905-a0089c080318
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.11.1
-Created: 2024-08-12T00:34:01Z
+Created: 2024-08-19T00:33:30Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -26,33 +26,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:
 
 PackageName: aiohttp
 SPDXID: SPDXRef-Package-2-aiohttp
-PackageVersion: 3.10.3
+PackageVersion: 3.10.4
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.3
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.4
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Async http client/server framework (asyncio)</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.4
 ##### 
 
 PackageName: aiohappyeyeballs
 SPDXID: SPDXRef-Package-3-aiohappyeyeballs
-PackageVersion: 2.3.5
+PackageVersion: 2.3.7
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.3.5
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.3.7
 FilesAnalyzed: false
-PackageChecksum: SHA1: 01595bbda3380154cc4e72702a1f82502a15940a
-PackageLicenseDeclared: Python-2.0
-PackageLicenseConcluded: Python-2.0
+PackageLicenseDeclared: Python-2.0.1
+PackageLicenseConcluded: Python-2.0.1
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Happy Eyeballs for asyncio</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.3.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.3.7
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.7:*:*:*:*:*:*:*
 ##### 
 
 PackageName: aiosignal
@@ -184,18 +183,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12
 
 PackageName: soupsieve
 SPDXID: SPDXRef-Package-12-soupsieve
-PackageVersion: 2.5
+PackageVersion: 2.6
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Isaac Muse (use@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/soupsieve/2.5
+PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6
 FilesAnalyzed: false
-PackageChecksum: SHA1: 51ec317ada7e34f70fad6bfddaef8a2cfac1aebd
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A modern CSS selector implementation for Beautiful Soup.</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cvss
@@ -378,17 +376,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17
 
 PackageName: cachetools
 SPDXID: SPDXRef-Package-24-cachetools
-PackageVersion: 5.4.0
+PackageVersion: 5.5.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.4.0
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Extensible memoizing collections and decorators</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.4.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: pyasn1-modules
@@ -758,17 +756,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*
 
 PackageName: lib4sbom
 SPDXID: SPDXRef-Package-48-lib4sbom
-PackageVersion: 0.7.2
+PackageVersion: 0.7.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.2
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.3
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Software Bill of Material (SBOM) generator and consumer library</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: pyyaml
@@ -842,6 +840,7 @@ PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: the purl authors
 PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6
 FilesAnalyzed: false
+PackageChecksum: SHA1: 14a11b50ab723796888133d3722b5b3e2845b084
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
@@ -1056,17 +1055,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
 
 PackageName: setuptools
 SPDXID: SPDXRef-Package-67-setuptools
-PackageVersion: 72.1.0
+PackageVersion: 72.2.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/72.1.0
+PackageDownloadLocation: https://pypi.org/project/setuptools/72.2.0
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Easily download, build, install, upgrade, and uninstall Python packages</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@72.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@72.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:72.2.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: toml
