chore: update SBOM for Python 3.10 (#3483)

github-actions[bot] · web-flow · web-flow · commit 78565a4accf2 · 2023-10-30T10:43:18.000-07:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:e5ac966f-751e-4e0c-9940-5db28eba09b6",
+  "serialNumber": "urn:uuid:11282881-19c0-4924-87ee-2ee2b2e5d6bf",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-10-23T00:26:34Z",
+    "timestamp": "2023-10-30T00:25:51Z",
     "tools": {
       "components": [
         {
@@ -506,7 +506,7 @@
       "type": "library",
       "bom-ref": "16-gsutil",
       "name": "gsutil",
-      "version": "5.26",
+      "version": "5.27",
       "supplier": {
         "name": "Google Inc .",
         "contact": [
@@ -515,7 +515,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_inc.:gsutil:5.26:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*",
       "description": "A command line tool for interacting with cloud storage services.",
       "licenses": [
         {
@@ -527,12 +527,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/gsutil/5.26",
+          "url": "https://pypi.org/project/gsutil/5.27",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/gsutil@5.26",
+      "purl": "pkg:pypi/gsutil@5.27",
       "properties": [
         {
           "name": "License Comments",
@@ -1021,7 +1021,7 @@
       "type": "library",
       "bom-ref": "31-pyopenssl",
       "name": "pyopenssl",
-      "version": "23.2.0",
+      "version": "23.3.0",
       "supplier": {
         "name": "The pyOpenSSL developers",
         "contact": [
@@ -1030,7 +1030,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.2.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.3.0:*:*:*:*:*:*:*",
       "description": "Python wrapper module around the OpenSSL library",
       "licenses": [
         {
@@ -1042,12 +1042,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/pyOpenSSL/23.2.0",
+          "url": "https://pypi.org/project/pyOpenSSL/23.3.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/pyopenssl@23.2.0",
+      "purl": "pkg:pypi/pyopenssl@23.3.0",
       "properties": [
         {
           "name": "License Comments",
@@ -1059,7 +1059,7 @@
       "type": "library",
       "bom-ref": "32-cryptography",
       "name": "cryptography",
-      "version": "41.0.4",
+      "version": "41.0.5",
       "supplier": {
         "name": "The Python Cryptographic Authority and individual contributors",
         "contact": [
@@ -1068,7 +1068,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.5:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
       "licenses": [
         {
@@ -1077,12 +1077,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cryptography/41.0.4",
+          "url": "https://pypi.org/project/cryptography/41.0.5",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cryptography@41.0.4"
+      "purl": "pkg:pypi/cryptography@41.0.5"
     },
     {
       "type": "library",
@@ -1266,7 +1266,7 @@
       "type": "library",
       "bom-ref": "38-cachetools",
       "name": "cachetools",
-      "version": "5.3.1",
+      "version": "5.3.2",
       "supplier": {
         "name": "Thomas Kemmer",
         "contact": [
@@ -1275,7 +1275,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.2:*:*:*:*:*:*:*",
       "description": "Extensible memoizing collections and decorators",
       "licenses": [
         {
@@ -1287,12 +1287,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cachetools/5.3.1",
+          "url": "https://pypi.org/project/cachetools/5.3.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/cachetools@5.3.1"
+      "purl": "pkg:pypi/cachetools@5.3.2"
     },
     {
       "type": "library",
@@ -1667,7 +1667,7 @@
       "type": "library",
       "bom-ref": "51-plotly",
       "name": "plotly",
-      "version": "5.17.0",
+      "version": "5.18.0",
       "supplier": {
         "name": "Chris P",
         "contact": [
@@ -1676,7 +1676,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:chris_p:plotly:5.17.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:chris_p:plotly:5.18.0:*:*:*:*:*:*:*",
       "description": "An open-source, interactive data visualization library for Python",
       "licenses": [
         {
@@ -1688,12 +1688,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/plotly/5.17.0",
+          "url": "https://pypi.org/project/plotly/5.18.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/plotly@5.17.0"
+      "purl": "pkg:pypi/plotly@5.18.0"
     },
     {
       "type": "library",
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e56edda7-59a7-425c-aef1-943456c21d03
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a5211367-a3cc-462e-92ba-689359343aa7
 LicenseListVersion: 3.21
 Creator: Tool: sbom4python-0.10.0
-Created: 2023-10-23T00:25:01Z
+Created: 2023-10-30T00:24:33Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -240,18 +240,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:*
 
 PackageName: gsutil
 SPDXID: SPDXRef-Package-16-gsutil
-PackageVersion: 5.26
+PackageVersion: 5.27
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.26
+PackageDownloadLocation: https://pypi.org/project/gsutil/5.27
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A command line tool for interacting with cloud storage services.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.26
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.26:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.27
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*
 ##### 
 
 PackageName: argcomplete
@@ -473,33 +473,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*
 
 PackageName: pyopenssl
 SPDXID: SPDXRef-Package-31-pyopenssl
-PackageVersion: 23.2.0
+PackageVersion: 23.3.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.2.0
+PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.3.0
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python wrapper module around the OpenSSL library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.3.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cryptography
 SPDXID: SPDXRef-Package-32-cryptography
-PackageVersion: 41.0.4
+PackageVersion: 41.0.5
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.4
+PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.5
 FilesAnalyzed: false
 PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
 PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.5:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cffi
@@ -582,17 +582,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.23
 
 PackageName: cachetools
 SPDXID: SPDXRef-Package-38-cachetools
-PackageVersion: 5.3.1
+PackageVersion: 5.3.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.1
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.2
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Extensible memoizing collections and decorators</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: monotonic
@@ -779,17 +779,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut
 
 PackageName: plotly
 SPDXID: SPDXRef-Package-51-plotly
-PackageVersion: 5.17.0
+PackageVersion: 5.18.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/5.17.0
+PackageDownloadLocation: https://pypi.org/project/plotly/5.18.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An open-source, interactive data visualization library for Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.17.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.17.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.18.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.18.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: tenacity
