From 561b48a377b69c2dd5d74a6631aab380e7834f8d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 14 Jan 2025 17:59:26 +0000 Subject: [PATCH] chore: update SBOM for Python 3.12 (#4688) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.12.json | 40 +++++++++++++++++------------------ sbom/cve-bin-tool-py3.12.spdx | 40 +++++++++++++++++------------------ 2 files changed, 40 insertions(+), 40 deletions(-) diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index ac0101be7d..ec6ad1266d 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:fcab39ff-a147-4ec9-beb0-46341817a2c0", + "serialNumber": "urn:uuid:cbffac4d-bb66-46fa-87d7-12e1dfdd35ed", "version": 1, "metadata": { - "timestamp": "2025-01-06T00:36:47Z", + "timestamp": "2025-01-13T00:37:15Z", "lifecycles": [ { "phase": "build" @@ -3782,7 +3782,7 @@ "type": "library", "bom-ref": "60-pygments", "name": "pygments", - "version": "2.19.0", + "version": "2.19.1", "supplier": { "name": "Georg Brandl", "contact": [ @@ -3791,12 +3791,12 @@ } ] }, - "cpe": "cpe:2.3:a:georg_brandl:pygments:2.19.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:georg_brandl:pygments:2.19.1:*:*:*:*:*:*:*", "description": "Pygments is a syntax highlighting package written in Python.", "hashes": [ { "alg": "SHA-256", - "content": "4755e6e64d22161d5b61432c0600c923c5927214e7c956e31c23923c89251a9b" + "content": "9ea1544ad55cecf4b8242fab6dd35a93bbce657034b0611ee383099054ab6d8c" } ], "licenses": [ @@ -3815,7 +3815,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pygments/2.19.0/#files", + "url": "https://pypi.org/project/pygments/2.19.1/#files", "type": "distribution", "comment": "Download location for component" }, @@ -3836,11 +3836,11 @@ "type": "log" } ], - "purl": "pkg:pypi/pygments@2.19.0", + "purl": "pkg:pypi/pygments@2.19.1", "properties": [ { "name": "release_date", - "value": "2025-01-05T14:11:12Z" + "value": "2025-01-06T17:26:25Z" }, { "name": "language", @@ -3856,7 +3856,7 @@ "type": "library", "bom-ref": "61-python-gnupg", "name": "python-gnupg", - "version": "0.5.3", + "version": "0.5.4", "supplier": { "name": "Vinay Sajip", "contact": [ @@ -3865,12 +3865,12 @@ } ] }, - "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.4:*:*:*:*:*:*:*", "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", "hashes": [ { "alg": "SHA-256", - "content": "2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248" + "content": "40ce25cde9df29af91fe931ce9df3ce544e14a37f62b13ca878c897217b2de6c" } ], "licenses": [ @@ -3889,7 +3889,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/python-gnupg/0.5.3/#files", + "url": "https://pypi.org/project/python-gnupg/0.5.4/#files", "type": "distribution", "comment": "Download location for component" }, @@ -3906,11 +3906,11 @@ "type": "issue-tracker" } ], - "purl": "pkg:pypi/python-gnupg@0.5.3", + "purl": "pkg:pypi/python-gnupg@0.5.4", "properties": [ { "name": "release_date", - "value": "2024-09-20T16:43:47Z" + "value": "2025-01-07T11:58:32Z" }, { "name": "language", @@ -4421,7 +4421,7 @@ "type": "library", "bom-ref": "70-setuptools", "name": "setuptools", - "version": "75.7.0", + "version": "75.8.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -4430,17 +4430,17 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.7.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.8.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "hashes": [ { "alg": "SHA-256", - "content": "84fb203f278ebcf5cd08f97d3fb96d3fbed4b629d500b29ad60d11e00769b183" + "content": "e3982f444617239225d675215d51f6ba05f845d4eec313da4418fdbb56fb27e3" } ], "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.7.0/#files", + "url": "https://pypi.org/project/setuptools/75.8.0/#files", "type": "distribution", "comment": "Download location for component" }, @@ -4457,11 +4457,11 @@ "type": "log" } ], - "purl": "pkg:pypi/setuptools@75.7.0", + "purl": "pkg:pypi/setuptools@75.8.0", "properties": [ { "name": "release_date", - "value": "2025-01-05T16:31:09Z" + "value": "2025-01-08T18:28:20Z" }, { "name": "language", diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index 59f0b4f6b4..5df9f2b94c 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fdb12592-02b6-41ec-bc50-b1ca7a76ab10 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c66c7546-184a-4e83-b762-cfe09cebf66d LicenseListVersion: 3.25 Creator: Tool: sbom4python-0.12.1 -Created: 2025-01-06T00:36:40Z +Created: 2025-01-13T00:37:08Z CreatorComment: This document has been automatically generated. ##### @@ -1248,46 +1248,46 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: PackageName: pygments SPDXID: SPDXRef-60-pygments -PackageVersion: 2.19.0 +PackageVersion: 2.19.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/pygments/2.19.0/#files +PackageDownloadLocation: https://pypi.org/project/pygments/2.19.1/#files FilesAnalyzed: false PackageHomePage: https://pygments.org -PackageChecksum: SHA256: 4755e6e64d22161d5b61432c0600c923c5927214e7c956e31c23923c89251a9b +PackageChecksum: SHA256: 9ea1544ad55cecf4b8242fab6dd35a93bbce657034b0611ee383099054ab6d8c PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. -ReleaseDate: 2025-01-05T14:11:12Z +ReleaseDate: 2025-01-06T17:26:25Z ExternalRef: OTHER documentation https://pygments.org/docs ExternalRef: OTHER vcs https://github.com/pygments/pygments ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.19.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.19.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.19.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.19.1:*:*:*:*:*:*:* ##### PackageName: python-gnupg SPDXID: SPDXRef-61-python-gnupg -PackageVersion: 0.5.3 +PackageVersion: 0.5.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) -PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files +PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/vsajip/python-gnupg -PackageChecksum: SHA256: 2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248 +PackageChecksum: SHA256: 40ce25cde9df29af91fe931ce9df3ce544e14a37f62b13ca878c897217b2de6c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) -ReleaseDate: 2024-09-20T16:43:47Z +ReleaseDate: 2025-01-07T11:58:32Z ExternalRef: OTHER documentation https://gnupg.readthedocs.io/ ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.4:*:*:*:*:*:*:* ##### PackageName: packaging @@ -1450,22 +1450,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-70-setuptools -PackageVersion: 75.7.0 +PackageVersion: 75.8.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.7.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.8.0/#files FilesAnalyzed: false -PackageChecksum: SHA256: 84fb203f278ebcf5cd08f97d3fb96d3fbed4b629d500b29ad60d11e00769b183 +PackageChecksum: SHA256: e3982f444617239225d675215d51f6ba05f845d4eec313da4418fdbb56fb27e3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ReleaseDate: 2025-01-05T16:31:09Z +ReleaseDate: 2025-01-08T18:28:20Z ExternalRef: OTHER vcs https://github.com/pypa/setuptools ExternalRef: OTHER documentation https://setuptools.pypa.io/ ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@75.7.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.7.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@75.8.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.8.0:*:*:*:*:*:*:* ##### PackageName: xmlschema