chore: update SBOM for Python 3.7 (#2981)

github-actions[bot] · web-flow · web-flow · commit a160cbcfbaa4 · 2023-05-09T18:06:26.000-07:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.7.json b/sbom/cve-bin-tool-py3.7.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid2c457c00-8c22-418c-ae05-b8925c5b646b",
+  "serialNumber": "urn:uuidca8671a5-fa96-42ce-8c2e-c4fc1edc4acc",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-04-24T00:27:29Z",
+    "timestamp": "2023-05-08T01:13:51Z",
     "tools": [
       {
         "name": "sbom4python",
@@ -434,7 +434,7 @@
       "type": "library",
       "bom-ref": "13-yarl",
       "name": "yarl",
-      "version": "1.9.1",
+      "version": "1.9.2",
       "supplier": {
         "name": "Andrew Svetlov",
         "contact": [
@@ -443,7 +443,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:*",
       "description": "Yet another URL library",
       "licenses": [
         {
@@ -460,12 +460,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/yarl/1.9.1",
+          "url": "https://pypi.org/project/yarl/1.9.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/yarl@1.9.1"
+      "purl": "pkg:pypi/yarl@1.9.2"
     },
     {
       "type": "library",
@@ -2060,7 +2060,7 @@
       "type": "library",
       "bom-ref": "56-requests",
       "name": "requests",
-      "version": "2.28.2",
+      "version": "2.30.0",
       "supplier": {
         "name": "Kenneth Reitz",
         "contact": [
@@ -2069,7 +2069,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.30.0:*:*:*:*:*:*:*",
       "description": "Python HTTP for Humans.",
       "licenses": [
         {
@@ -2086,12 +2086,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/requests/2.28.2",
+          "url": "https://pypi.org/project/requests/2.30.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/requests@2.28.2",
+      "purl": "pkg:pypi/requests@2.30.0",
       "properties": [
         {
           "name": "License Comments",
@@ -2103,7 +2103,7 @@
       "type": "library",
       "bom-ref": "57-certifi",
       "name": "certifi",
-      "version": "2022.12.7",
+      "version": "2023.5.7",
       "supplier": {
         "name": "Kenneth Reitz",
         "contact": [
@@ -2112,7 +2112,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*",
       "description": "Python package for providing Mozilla's CA Bundle.",
       "licenses": [
         {
@@ -2129,18 +2129,18 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/certifi/2022.12.7",
+          "url": "https://pypi.org/project/certifi/2023.5.7",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/certifi@2022.12.7"
+      "purl": "pkg:pypi/certifi@2023.5.7"
     },
     {
       "type": "library",
       "bom-ref": "58-urllib3",
       "name": "urllib3",
-      "version": "1.26.15",
+      "version": "2.0.2",
       "supplier": {
         "name": "Andrey Petrov",
         "contact": [
@@ -2149,35 +2149,22 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.0.2:*:*:*:*:*:*:*",
       "description": "HTTP library with thread-safe connection pooling, file post, and more.",
-      "licenses": [
-        {
-          "license": {
-            "id": "MIT",
-            "url": "https://opensource.org/licenses/MIT"
-          }
-        }
-      ],
       "externalReferences": [
         {
-          "url": "https://urllib3.readthedocs.io/",
-          "type": "website",
-          "comment": "Home page for project"
-        },
-        {
-          "url": "https://pypi.org/project/urllib3/1.26.15",
+          "url": "https://pypi.org/project/urllib3/2.0.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/urllib3@1.26.15"
+      "purl": "pkg:pypi/urllib3@2.0.2"
     },
     {
       "type": "library",
       "bom-ref": "59-rich",
       "name": "rich",
-      "version": "13.3.4",
+      "version": "13.3.5",
       "supplier": {
         "name": "Will McGugan",
         "contact": [
@@ -2186,7 +2173,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.5:*:*:*:*:*:*:*",
       "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
       "licenses": [
         {
@@ -2203,12 +2190,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/rich/13.3.4",
+          "url": "https://pypi.org/project/rich/13.3.5",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rich@13.3.4"
+      "purl": "pkg:pypi/rich@13.3.5"
     },
     {
       "type": "library",
@@ -2405,7 +2392,7 @@
       "type": "library",
       "bom-ref": "66-elementpath",
       "name": "elementpath",
-      "version": "4.1.1",
+      "version": "4.1.2",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -2414,7 +2401,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.2:*:*:*:*:*:*:*",
       "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
       "licenses": [
         {
@@ -2431,12 +2418,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/elementpath/4.1.1",
+          "url": "https://pypi.org/project/elementpath/4.1.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/elementpath@4.1.1"
+      "purl": "pkg:pypi/elementpath@4.1.2"
     },
     {
       "type": "library",
diff --git a/sbom/cve-bin-tool-py3.7.spdx b/sbom/cve-bin-tool-py3.7.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-d84b9d8c-409a-42ae-ac76-92c9209bcfcb
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-017c6e15-70c3-4e52-8848-f3b20d8272e3
 LicenseListVersion: 3.20
 Creator: Tool: sbom4python-0.9.1
-Created: 2023-04-24T00:25:50Z
+Created: 2023-05-08T01:12:05Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -204,18 +204,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:*
 
 PackageName: yarl
 SPDXID: SPDXRef-Package-13-yarl
-PackageVersion: 1.9.1
+PackageVersion: 1.9.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.9.1
+PackageDownloadLocation: https://pypi.org/project/yarl/1.9.2
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/yarl/
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Yet another URL library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: idna
@@ -907,67 +907,66 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*
 
 PackageName: requests
 SPDXID: SPDXRef-Package-56-requests
-PackageVersion: 2.28.2
+PackageVersion: 2.30.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
-PackageDownloadLocation: https://pypi.org/project/requests/2.28.2
+PackageDownloadLocation: https://pypi.org/project/requests/2.30.0
 FilesAnalyzed: false
 PackageHomePage: https://requests.readthedocs.io
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python HTTP for Humans.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.28.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.30.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.30.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: certifi
 SPDXID: SPDXRef-Package-57-certifi
-PackageVersion: 2022.12.7
+PackageVersion: 2023.5.7
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2022.12.7
+PackageDownloadLocation: https://pypi.org/project/certifi/2023.5.7
 FilesAnalyzed: false
 PackageHomePage: https://github.com/certifi/python-certifi
 PackageLicenseDeclared: MPL-2.0
 PackageLicenseConcluded: MPL-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python package for providing Mozilla's CA Bundle.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2022.12.7
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2023.5.7
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*
 ##### 
 
 PackageName: urllib3
 SPDXID: SPDXRef-Package-58-urllib3
-PackageVersion: 1.26.15
+PackageVersion: 2.0.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
-PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.15
+PackageDownloadLocation: https://pypi.org/project/urllib3/2.0.2
 FilesAnalyzed: false
-PackageHomePage: https://urllib3.readthedocs.io/
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>HTTP library with thread-safe connection pooling, file post, and more.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.15
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@2.0.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.0.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: rich
 SPDXID: SPDXRef-Package-59-rich
-PackageVersion: 13.3.4
+PackageVersion: 13.3.5
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.3.4
+PackageDownloadLocation: https://pypi.org/project/rich/13.3.5
 FilesAnalyzed: false
 PackageHomePage: https://github.com/Textualize/rich
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.5:*:*:*:*:*:*:*
 ##### 
 
 PackageName: markdown-it-py
@@ -1065,18 +1064,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.3:*:*:*:*
 
 PackageName: elementpath
 SPDXID: SPDXRef-Package-66-elementpath
-PackageVersion: 4.1.1
+PackageVersion: 4.1.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.1
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.2
 FilesAnalyzed: false
 PackageHomePage: https://github.com/sissaschool/elementpath
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: zstandard
