chore: update SBOM for Python 3.10

web-flow · web-flow · commit b56797f6b6a1 · 2024-01-09T17:40:35.000Z
diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:9b458f18-7b9d-433e-be17-35e4c3704d73",
+  "serialNumber": "urn:uuid:c700a6f1-9bd1-4cdc-bd37-9399ed85c2ba",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-01-04T20:02:20Z",
+    "timestamp": "2024-01-09T17:40:33Z",
     "tools": {
       "components": [
         {
@@ -1947,18 +1947,12 @@
       "type": "library",
       "bom-ref": "43-referencing",
       "name": "referencing",
-      "version": "0.32.0",
+      "version": "0.32.1",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:referencing:0.32.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:referencing:0.32.1:*:*:*:*:*:*:*",
       "description": "JSON Referencing + Python",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "ff99d1e5e46c43c63c0bc45188206d02615c0672"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -1969,12 +1963,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/referencing/0.32.0",
+          "url": "https://pypi.org/project/referencing/0.32.1",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/referencing@0.32.0",
+      "purl": "pkg:pypi/referencing@0.32.1",
       "properties": [
         {
           "name": "language",
@@ -2169,18 +2163,12 @@
       "type": "library",
       "bom-ref": "48-packageurl-python",
       "name": "packageurl-python",
-      "version": "0.13.1",
+      "version": "0.13.4",
       "supplier": {
         "name": "the purl authors"
       },
-      "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.13.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.13.4:*:*:*:*:*:*:*",
       "description": "A purl aka. Package URL parser and builder",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "b820e15ae401cb2aa9b9efc9f239a098bc754e19"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -2191,12 +2179,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/packageurl-python/0.13.1",
+          "url": "https://pypi.org/project/packageurl-python/0.13.4",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/packageurl-python@0.13.1",
+      "purl": "pkg:pypi/packageurl-python@0.13.4",
       "properties": [
         {
           "name": "language",
@@ -2834,7 +2822,7 @@
       "type": "library",
       "bom-ref": "63-xmlschema",
       "name": "xmlschema",
-      "version": "2.5.1",
+      "version": "3.0.0",
       "supplier": {
         "name": "Davide Brunato",
         "contact": [
@@ -2843,14 +2831,8 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.5.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.0.0:*:*:*:*:*:*:*",
       "description": "An XML Schema validator and decoder",
-      "hashes": [
-        {
-          "alg": "SHA-1",
-          "content": "faff4d8ca954d8722df89e1e77bc4246a36ed62c"
-        }
-      ],
       "licenses": [
         {
           "license": {
@@ -2861,12 +2843,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/xmlschema/2.5.1",
+          "url": "https://pypi.org/project/xmlschema/3.0.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/xmlschema@2.5.1",
+      "purl": "pkg:pypi/xmlschema@3.0.0",
       "properties": [
         {
           "name": "language",
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8eaa059d-aaab-41a7-a30c-0faccf910a0f
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-33aa23be-5a3e-4536-a2d5-a1135a9c2e46
 LicenseListVersion: 3.22
 Creator: Tool: sbom4python-0.10.3
-Created: 2024-01-04T20:00:36Z
+Created: 2024-01-09T17:39:00Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -685,18 +685,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
 
 PackageName: referencing
 SPDXID: SPDXRef-Package-43-referencing
-PackageVersion: 0.32.0
+PackageVersion: 0.32.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.32.0
+PackageDownloadLocation: https://pypi.org/project/referencing/0.32.1
 FilesAnalyzed: false
-PackageChecksum: SHA1: ff99d1e5e46c43c63c0bc45188206d02615c0672
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>JSON Referencing + Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.32.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.32.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.32.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.32.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: rpds-py
@@ -764,18 +763,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.
 
 PackageName: packageurl-python
 SPDXID: SPDXRef-Package-48-packageurl-python
-PackageVersion: 0.13.1
+PackageVersion: 0.13.4
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: the purl authors
-PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.13.1
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.13.4
 FilesAnalyzed: false
-PackageChecksum: SHA1: b820e15ae401cb2aa9b9efc9f239a098bc754e19
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>A purl aka. Package URL parser and builder</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.13.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.13.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.13.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.13.4:*:*:*:*:*:*:*
 ##### 
 
 PackageName: packaging
@@ -1002,18 +1000,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
 
 PackageName: xmlschema
 SPDXID: SPDXRef-Package-63-xmlschema
-PackageVersion: 2.5.1
+PackageVersion: 3.0.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/2.5.1
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.0.0
 FilesAnalyzed: false
-PackageChecksum: SHA1: faff4d8ca954d8722df89e1e77bc4246a36ed62c
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An XML Schema validator and decoder</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.5.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.5.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.0.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: elementpath
