chore: update SBOM for Python 3.9 (#3573)

github-actions[bot] · web-flow · web-flow · commit faba2b870f5a · 2023-12-12T08:59:06.000-08:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:5faec005-00d7-49fc-be2c-b56094c5996d",
+  "serialNumber": "urn:uuid:00560eb8-f7f3-4b89-a31b-b855e8292733",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-12-04T00:26:52Z",
+    "timestamp": "2023-12-11T00:27:30Z",
     "tools": {
       "components": [
         {
@@ -288,7 +288,7 @@
       "type": "library",
       "bom-ref": "8-yarl",
       "name": "yarl",
-      "version": "1.9.3",
+      "version": "1.9.4",
       "supplier": {
         "name": "Andrew Svetlov",
         "contact": [
@@ -297,7 +297,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.3:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:*",
       "description": "Yet another URL library",
       "licenses": [
         {
@@ -309,12 +309,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/yarl/1.9.3",
+          "url": "https://pypi.org/project/yarl/1.9.4",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/yarl@1.9.3",
+      "purl": "pkg:pypi/yarl@1.9.4",
       "properties": [
         {
           "name": "language",
@@ -584,7 +584,7 @@
       "type": "library",
       "bom-ref": "16-argcomplete",
       "name": "argcomplete",
-      "version": "3.1.6",
+      "version": "3.2.1",
       "supplier": {
         "name": "Andrey Kislyuk",
         "contact": [
@@ -593,7 +593,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.6:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.1:*:*:*:*:*:*:*",
       "description": "Bash tab completion for argparse",
       "licenses": [
         {
@@ -605,12 +605,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/argcomplete/3.1.6",
+          "url": "https://pypi.org/project/argcomplete/3.2.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/argcomplete@3.1.6",
+      "purl": "pkg:pypi/argcomplete@3.2.1",
       "properties": [
         {
           "name": "language",
@@ -1368,7 +1368,7 @@
       "type": "library",
       "bom-ref": "36-google-auth",
       "name": "google-auth",
-      "version": "2.24.0",
+      "version": "2.25.2",
       "supplier": {
         "name": "Google Cloud Platform",
         "contact": [
@@ -1377,7 +1377,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.24.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.25.2:*:*:*:*:*:*:*",
       "description": "Google Authentication Library",
       "licenses": [
         {
@@ -1389,12 +1389,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/google-auth/2.24.0",
+          "url": "https://pypi.org/project/google-auth/2.25.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/google-auth@2.24.0",
+      "purl": "pkg:pypi/google-auth@2.25.2",
       "properties": [
         {
           "name": "language",
@@ -1687,11 +1687,11 @@
       "type": "library",
       "bom-ref": "45-referencing",
       "name": "referencing",
-      "version": "0.31.1",
+      "version": "0.32.0",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:referencing:0.31.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:referencing:0.32.0:*:*:*:*:*:*:*",
       "description": "JSON Referencing + Python",
       "licenses": [
         {
@@ -1703,12 +1703,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/referencing/0.31.1",
+          "url": "https://pypi.org/project/referencing/0.32.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/referencing@0.31.1",
+      "purl": "pkg:pypi/referencing@0.32.0",
       "properties": [
         {
           "name": "language",
@@ -1871,11 +1871,11 @@
       "type": "library",
       "bom-ref": "50-packageurl-python",
       "name": "packageurl-python",
-      "version": "0.11.2",
+      "version": "0.12.0",
       "supplier": {
         "name": "the purl authors"
       },
-      "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.11.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.12.0:*:*:*:*:*:*:*",
       "description": "A purl aka. Package URL parser and builder",
       "licenses": [
         {
@@ -1887,12 +1887,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/packageurl-python/0.11.2",
+          "url": "https://pypi.org/project/packageurl-python/0.12.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/packageurl-python@0.11.2",
+      "purl": "pkg:pypi/packageurl-python@0.12.0",
       "properties": [
         {
           "name": "language",
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-959a5a9a-4960-46de-b5bd-1c59a2b55f26
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-09721373-8824-4863-a461-f8f7ee4f4ea6
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.10.1
-Created: 2023-12-04T00:25:47Z
+Created: 2023-12-11T00:26:21Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -117,17 +117,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:*
 
 PackageName: yarl
 SPDXID: SPDXRef-Package-8-yarl
-PackageVersion: 1.9.3
+PackageVersion: 1.9.4
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.9.3
+PackageDownloadLocation: https://pypi.org/project/yarl/1.9.4
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Yet another URL library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:*
 ##### 
 
 PackageName: idna
@@ -241,18 +241,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*
 
 PackageName: argcomplete
 SPDXID: SPDXRef-Package-16-argcomplete
-PackageVersion: 3.1.6
+PackageVersion: 3.2.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.6
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.2.1
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Bash tab completion for argparse</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.1.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.6:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: crcmod
@@ -551,18 +551,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
 
 PackageName: google-auth
 SPDXID: SPDXRef-Package-36-google-auth
-PackageVersion: 2.24.0
+PackageVersion: 2.25.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.24.0
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.25.2
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Google Authentication Library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.24.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.24.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.25.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.25.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cachetools
@@ -687,17 +687,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
 
 PackageName: referencing
 SPDXID: SPDXRef-Package-45-referencing
-PackageVersion: 0.31.1
+PackageVersion: 0.32.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.31.1
+PackageDownloadLocation: https://pypi.org/project/referencing/0.32.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>JSON Referencing + Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.31.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.31.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.32.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.32.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: rpds-py
@@ -763,17 +763,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.
 
 PackageName: packageurl-python
 SPDXID: SPDXRef-Package-50-packageurl-python
-PackageVersion: 0.11.2
+PackageVersion: 0.12.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.11.2
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.12.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A purl aka. Package URL parser and builder</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.11.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.11.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.12.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.12.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: packaging
