chore: update SBOM for Python 3.8

ffontaine · Jan 30, 2023 · e5ca43d · e5ca43d
1 parent 3bb7bf9
commit e5ca43d
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 34 deletions.
diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuidf529a309-ba7a-475a-9cd4-e2aaf86d518d",
+  "serialNumber": "urn:uuid501e3c0f-3fa5-43ef-b4d9-59d5f5fb3baf",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-23T00:26:15Z",
+    "timestamp": "2023-01-30T00:55:42Z",
     "tools": [
       {
         "name": "sbom4python",
@@ -200,10 +200,10 @@
       "type": "library",
       "bom-ref": "13-cvss",
       "name": "cvss",
-      "version": "2.5",
+      "version": "2.6",
       "author": "Stanislav Red Hat Product Security",
-      "cpe": "cpe:/a:stanislav_red_hat_product_security:cvss:2.5",
-      "purl": "pkg:pypi/cvss@2.5"
+      "cpe": "cpe:/a:stanislav_red_hat_product_security:cvss:2.6",
+      "purl": "pkg:pypi/cvss@2.6"
     },
     {
       "type": "library",
@@ -235,9 +235,9 @@
       "type": "library",
       "bom-ref": "16-gsutil",
       "name": "gsutil",
-      "version": "5.18",
+      "version": "5.19",
       "author": "Google Inc.",
-      "cpe": "cpe:/a:google_inc.:gsutil:5.18",
+      "cpe": "cpe:/a:google_inc.:gsutil:5.19",
       "licenses": [
         {
           "license": {
@@ -246,7 +246,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/gsutil@5.18"
+      "purl": "pkg:pypi/gsutil@5.19"
     },
     {
       "type": "library",
@@ -596,10 +596,10 @@
       "type": "library",
       "bom-ref": "41-zipp",
       "name": "zipp",
-      "version": "3.11.0",
+      "version": "3.12.0",
       "author": "Jason R. Coombs",
-      "cpe": "cpe:/a:jason_r._coombs:zipp:3.11.0",
-      "purl": "pkg:pypi/zipp@3.11.0"
+      "cpe": "cpe:/a:jason_r._coombs:zipp:3.12.0",
+      "purl": "pkg:pypi/zipp@3.12.0"
     },
     {
       "type": "library",
@@ -691,9 +691,9 @@
       "type": "library",
       "bom-ref": "48-plotly",
       "name": "plotly",
-      "version": "5.12.0",
+      "version": "5.13.0",
       "author": "Chris P",
-      "cpe": "cpe:/a:chris_p:plotly:5.12.0",
+      "cpe": "cpe:/a:chris_p:plotly:5.13.0",
       "licenses": [
         {
           "license": {
@@ -702,7 +702,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/plotly@5.12.0"
+      "purl": "pkg:pypi/plotly@5.13.0"
     },
     {
       "type": "library",
@@ -793,9 +793,9 @@
       "type": "library",
       "bom-ref": "54-rich",
       "name": "rich",
-      "version": "13.2.0",
+      "version": "13.3.1",
       "author": "Will McGugan",
-      "cpe": "cpe:/a:will_mcgugan:rich:13.2.0",
+      "cpe": "cpe:/a:will_mcgugan:rich:13.3.1",
       "licenses": [
         {
           "license": {
@@ -804,7 +804,7 @@
           }
         }
       ],
-      "purl": "pkg:pypi/rich@13.2.0"
+      "purl": "pkg:pypi/rich@13.3.1"
     },
     {
       "type": "library",

diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.2
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-5e8b5b3e-b140-4f19-abd8-d8acc6b4c776
+DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-527447ef-77ab-41ae-9e03-657173f78640
 LicenseListVersion: 3.18
 Creator: Tool: sbom4python-0.7.0
-Created: 2023-01-23T00:25:03Z
+Created: 2023-01-30T00:54:08Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -177,15 +177,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.3.2.post1:*:*:*
 PackageName: cvss
 SPDXID: SPDXRef-Package-13-cvss
 PackageSupplier: Organization: Stanislav Red Hat Product Security ([email protected])
-PackageVersion: 2.5
+PackageVersion: 2.6
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license LGPLv3+
 PackageLicenseConcluded: NOASSERTION
 PackageLicenseDeclared: NOASSERTION
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@2.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:2.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@2.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:2.6:*:*:*:*:*:*:*
 ##### 
 
 PackageName: defusedxml
@@ -219,15 +219,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:*
 PackageName: gsutil
 SPDXID: SPDXRef-Package-16-gsutil
 PackageSupplier: Person: Google Inc. ([email protected])
-PackageVersion: 5.18
+PackageVersion: 5.19
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license Apache 2.0
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseDeclared: Apache-2.0
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.18
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.18:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.19
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.19:*:*:*:*:*:*:*
 ##### 
 
 PackageName: argcomplete
@@ -569,15 +569,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:5.10.
 PackageName: zipp
 SPDXID: SPDXRef-Package-41-zipp
 PackageSupplier: Organization: Jason R. Coombs ([email protected])
-PackageVersion: 3.11.0
+PackageVersion: 3.12.0
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license 
 PackageLicenseConcluded: NOASSERTION
 PackageLicenseDeclared: NOASSERTION
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.11.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.11.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.12.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.12.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jinja2
@@ -667,15 +667,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut
 PackageName: plotly
 SPDXID: SPDXRef-Package-48-plotly
 PackageSupplier: Person: Chris P ([email protected])
-PackageVersion: 5.12.0
+PackageVersion: 5.13.0
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license MIT
 PackageLicenseConcluded: MIT
 PackageLicenseDeclared: MIT
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.12.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.12.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.13.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.13.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: tenacity
@@ -751,15 +751,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.14:*:*:*:*:
 PackageName: rich
 SPDXID: SPDXRef-Package-54-rich
 PackageSupplier: Person: Will McGugan ([email protected])
-PackageVersion: 13.2.0
+PackageVersion: 13.3.1
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 ##### Reported license MIT
 PackageLicenseConcluded: MIT
 PackageLicenseDeclared: MIT
 PackageCopyrightText: NOASSERTION
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: markdown-it-py