chore: update SBOM for Python 3.9 (#4143)

Co-authored-by: GitHub <noreply@github.com>
intel · May 30, 2024 · 64b562a · 64b562a
1 parent 935fb46
commit 64b562a
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 36 deletions.
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:da25ffa1-1384-461d-a6c5-84dfce937e55",
+  "serialNumber": "urn:uuid:0781fcf5-6025-4253-8689-3fb0fee811fe",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-05-20T00:28:52Z",
+    "timestamp": "2024-05-27T00:28:55Z",
     "tools": {
       "components": [
         {
@@ -1839,7 +1839,7 @@
       "type": "library",
       "bom-ref": "42-zipp",
       "name": "zipp",
-      "version": "3.18.2",
+      "version": "3.19.0",
       "supplier": {
         "name": "Jason R .",
         "contact": [
@@ -1848,22 +1848,16 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:jason_r.:zipp:3.18.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:jason_r.:zipp:3.19.0:*:*:*:*:*:*:*",
       "description": "Backport of pathlib-compatible object wrapper for zip files",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "051250eb0e3024d75e7de09921e4efab074f0112"
-        }
-      ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/zipp/3.18.2",
+          "url": "https://pypi.org/project/zipp/3.19.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/zipp@3.18.2",
+      "purl": "pkg:pypi/zipp@3.19.0",
       "properties": [
         {
           "name": "language",
@@ -2442,7 +2436,7 @@
       "type": "library",
       "bom-ref": "57-requests",
       "name": "requests",
-      "version": "2.31.0",
+      "version": "2.32.2",
       "supplier": {
         "name": "Kenneth Reitz",
         "contact": [
@@ -2451,14 +2445,8 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.32.2:*:*:*:*:*:*:*",
       "description": "Python HTTP for Humans.",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "147c8511ddbfa5e8f71bbf5c18ede0c4ceb3bba4"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -2469,12 +2457,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/requests/2.31.0",
+          "url": "https://pypi.org/project/requests/2.32.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/requests@2.31.0",
+      "purl": "pkg:pypi/requests@2.32.2",
       "properties": [
         {
           "name": "language",

diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3138d3f8-dc63-447a-b0be-cca4b60da110
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-2d1ead98-5e2d-4e22-afb9-6dc405871fbe
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.10.4
-Created: 2024-05-20T00:27:19Z
+Created: 2024-05-27T00:27:28Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -671,18 +671,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:7.1
 
 PackageName: zipp
 SPDXID: SPDXRef-Package-42-zipp
-PackageVersion: 3.18.2
+PackageVersion: 3.19.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.18.2
+PackageDownloadLocation: https://pypi.org/project/zipp/3.19.0
 FilesAnalyzed: false
-PackageChecksum: SHA1: 051250eb0e3024d75e7de09921e4efab074f0112
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Backport of pathlib-compatible object wrapper for zip files</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.18.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.18.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.19.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.19.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jinja2
@@ -905,19 +904,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:*
 
 PackageName: requests
 SPDXID: SPDXRef-Package-57-requests
-PackageVersion: 2.31.0
+PackageVersion: 2.32.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
-PackageDownloadLocation: https://pypi.org/project/requests/2.31.0
+PackageDownloadLocation: https://pypi.org/project/requests/2.32.2
 FilesAnalyzed: false
-PackageChecksum: SHA1: 147c8511ddbfa5e8f71bbf5c18ede0c4ceb3bba4
-PackageLicenseDeclared: NOASSERTION
+PackageLicenseDeclared: Apache-2.0
 PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: <text>requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python HTTP for Humans.</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.31.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.32.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: certifi