chore: update SBOM for Python 3.10 (#4490)

github-actions[bot] · web-flow · web-flow · commit fdd570dde13b · 2024-10-07T15:23:39.000-07:00
Co-authored-by: GitHub &lt;noreply@github.com&gt;
diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:a49b3b2e-848e-4270-b4b6-2c42aabe82e9",
+  "serialNumber": "urn:uuid:6e552fed-4009-40c8-963a-a1103b9e34b5",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-09-30T00:40:12Z",
+    "timestamp": "2024-10-07T00:38:19Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -15,7 +15,7 @@
       "components": [
         {
           "name": "sbom4python",
-          "version": "0.11.2",
+          "version": "0.11.3",
           "type": "application"
         }
       ]
@@ -79,7 +79,7 @@
       "type": "library",
       "bom-ref": "2-aiohttp",
       "name": "aiohttp",
-      "version": "3.10.8",
+      "version": "3.10.9",
       "description": "Async http client/server framework (asyncio)",
       "licenses": [
         {
@@ -97,12 +97,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/aiohttp/3.10.8/#files",
+          "url": "https://pypi.org/project/aiohttp/3.10.9/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/aiohttp@3.10.8",
+      "purl": "pkg:pypi/aiohttp@3.10.9",
       "properties": [
         {
           "name": "language",
@@ -118,7 +118,7 @@
       "type": "library",
       "bom-ref": "3-aiohappyeyeballs",
       "name": "aiohappyeyeballs",
-      "version": "2.4.2",
+      "version": "2.4.3",
       "supplier": {
         "name": "J. Nick Koston",
         "contact": [
@@ -127,13 +127,13 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
       "description": "Happy Eyeballs for asyncio",
       "licenses": [
         {
           "license": {
-            "id": "Python-2.0.1",
-            "url": "https://www.python.org/download/releases/2.0.1/license/",
+            "id": "PSF-2.0",
+            "url": "https://opensource.org/licenses/Python-2.0",
             "acknowledgement": "concluded"
           }
         }
@@ -145,12 +145,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/aiohappyeyeballs/2.4.2/#files",
+          "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/aiohappyeyeballs@2.4.2",
+      "purl": "pkg:pypi/aiohappyeyeballs@2.4.3",
       "properties": [
         {
           "name": "language",
@@ -2745,7 +2745,7 @@
       "type": "library",
       "bom-ref": "55-rich",
       "name": "rich",
-      "version": "13.8.1",
+      "version": "13.9.2",
       "supplier": {
         "name": "Will McGugan",
         "contact": [
@@ -2754,7 +2754,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.8.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*",
       "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
       "licenses": [
         {
@@ -2772,12 +2772,12 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/rich/13.8.1/#files",
+          "url": "https://pypi.org/project/rich/13.9.2/#files",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rich@13.8.1",
+      "purl": "pkg:pypi/rich@13.9.2",
       "properties": [
         {
           "name": "language",
@@ -3893,7 +3893,8 @@
       "ref": "55-rich",
       "dependsOn": [
         "56-markdown-it-py",
-        "58-pygments"
+        "58-pygments",
+        "9-typing-extensions"
       ]
     },
     {
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4705584a-ef66-4c66-b17b-3a81ce10e8e5
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-f342fd75-77a2-483b-8170-2340b13d2867
 LicenseListVersion: 3.22
-Creator: Tool: sbom4python-0.11.2
-Created: 2024-09-30T00:38:38Z
+Creator: Tool: sbom4python-0.11.3
+Created: 2024-10-07T00:37:22Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -27,34 +27,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*
 
 PackageName: aiohttp
 SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.10.8
+PackageVersion: 3.10.9
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.8/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.9/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/aiohttp
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Async http client/server framework (asyncio)</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.8
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.9
 ##### 
 
 PackageName: aiohappyeyeballs
 SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.2
+PackageVersion: 2.4.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.2/#files
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageLicenseDeclared: Python-2.0.1
-PackageLicenseConcluded: Python-2.0.1
+PackageLicenseDeclared: PSF-2.0
+PackageLicenseConcluded: PSF-2.0
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Happy Eyeballs for asyncio</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: aiosignal
@@ -917,18 +917,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1
 
 PackageName: rich
 SPDXID: SPDXRef-55-rich
-PackageVersion: 13.8.1
+PackageVersion: 13.9.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.8.1/#files
+PackageDownloadLocation: https://pypi.org/project/rich/13.9.2/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/Textualize/rich
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal</text>
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.8.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.8.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: markdown-it-py
@@ -1326,6 +1326,7 @@ Relationship: SPDXRef-53-csaf-tool DEPENDS_ON SPDXRef-54-packageurl-python
 Relationship: SPDXRef-53-csaf-tool DEPENDS_ON SPDXRef-55-rich
 Relationship: SPDXRef-55-rich DEPENDS_ON SPDXRef-56-markdown-it-py
 Relationship: SPDXRef-55-rich DEPENDS_ON SPDXRef-58-pygments
+Relationship: SPDXRef-55-rich DEPENDS_ON SPDXRef-9-typing-extensions
 Relationship: SPDXRef-56-markdown-it-py DEPENDS_ON SPDXRef-57-mdurl
 Relationship: SPDXRef-60-plotly DEPENDS_ON SPDXRef-59-packaging
 Relationship: SPDXRef-60-plotly DEPENDS_ON SPDXRef-61-tenacity

Original file line number	Diff line number	Diff line change
`@@ -2,10 +2,10 @@`
`2`	`2`	`"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",`
`3`	`3`	`"bomFormat": "CycloneDX",`
`4`	`4`	`"specVersion": "1.6",`
`5`		`- "serialNumber": "urn:uuid:a49b3b2e-848e-4270-b4b6-2c42aabe82e9",`
	`5`	`+ "serialNumber": "urn:uuid:6e552fed-4009-40c8-963a-a1103b9e34b5",`
`6`	`6`	`"version": 1,`
`7`	`7`	`"metadata": {`
`8`		`- "timestamp": "2024-09-30T00:40:12Z",`
	`8`	`+ "timestamp": "2024-10-07T00:38:19Z",`
`9`	`9`	`"lifecycles": [`
`10`	`10`	`{`
`11`	`11`	`"phase": "build"`
`@@ -15,7 +15,7 @@`
`15`	`15`	`"components": [`
`16`	`16`	`{`
`17`	`17`	`"name": "sbom4python",`
`18`		`- "version": "0.11.2",`
	`18`	`+ "version": "0.11.3",`
`19`	`19`	`"type": "application"`
`20`	`20`	`}`
`21`	`21`	`]`
`@@ -79,7 +79,7 @@`
`79`	`79`	`"type": "library",`
`80`	`80`	`"bom-ref": "2-aiohttp",`
`81`	`81`	`"name": "aiohttp",`
`82`		`- "version": "3.10.8",`
	`82`	`+ "version": "3.10.9",`
`83`	`83`	`"description": "Async http client/server framework (asyncio)",`
`84`	`84`	`"licenses": [`
`85`	`85`	`{`
`@@ -97,12 +97,12 @@`
`97`	`97`	`"comment": "Home page for project"`
`98`	`98`	`},`
`99`	`99`	`{`
`100`		`- "url": "https://pypi.org/project/aiohttp/3.10.8/#files",`
	`100`	`+ "url": "https://pypi.org/project/aiohttp/3.10.9/#files",`
`101`	`101`	`"type": "distribution",`
`102`	`102`	`"comment": "Download location for component"`
`103`	`103`	`}`
`104`	`104`	`],`
`105`		`- "purl": "pkg:pypi/[email protected].8",`
	`105`	`+ "purl": "pkg:pypi/[email protected].9",`
`106`	`106`	`"properties": [`
`107`	`107`	`{`
`108`	`108`	`"name": "language",`
`@@ -118,7 +118,7 @@`
`118`	`118`	`"type": "library",`
`119`	`119`	`"bom-ref": "3-aiohappyeyeballs",`
`120`	`120`	`"name": "aiohappyeyeballs",`
`121`		`- "version": "2.4.2",`
	`121`	`+ "version": "2.4.3",`
`122`	`122`	`"supplier": {`
`123`	`123`	`"name": "J. Nick Koston",`
`124`	`124`	`"contact": [`
`@@ -127,13 +127,13 @@`
`127`	`127`	`}`
`128`	`128`	`]`
`129`	`129`	`},`
`130`		`- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.2:::::::*",`
	`130`	`+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:::::::*",`
`131`	`131`	`"description": "Happy Eyeballs for asyncio",`
`132`	`132`	`"licenses": [`
`133`	`133`	`{`
`134`	`134`	`"license": {`
`135`		`- "id": "Python-2.0.1",`
`136`		`- "url": "https://www.python.org/download/releases/2.0.1/license/",`
	`135`	`+ "id": "PSF-2.0",`
	`136`	`+ "url": "https://opensource.org/licenses/Python-2.0",`
`137`	`137`	`"acknowledgement": "concluded"`
`138`	`138`	`}`
`139`	`139`	`}`
`@@ -145,12 +145,12 @@`
`145`	`145`	`"comment": "Home page for project"`
`146`	`146`	`},`
`147`	`147`	`{`
`148`		`- "url": "https://pypi.org/project/aiohappyeyeballs/2.4.2/#files",`
	`148`	`+ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files",`
`149`	`149`	`"type": "distribution",`
`150`	`150`	`"comment": "Download location for component"`
`151`	`151`	`}`
`152`	`152`	`],`
`153`		`- "purl": "pkg:pypi/[email protected].2",`
	`153`	`+ "purl": "pkg:pypi/[email protected].3",`
`154`	`154`	`"properties": [`
`155`	`155`	`{`
`156`	`156`	`"name": "language",`
`@@ -2745,7 +2745,7 @@`
`2745`	`2745`	`"type": "library",`
`2746`	`2746`	`"bom-ref": "55-rich",`
`2747`	`2747`	`"name": "rich",`
`2748`		`- "version": "13.8.1",`
	`2748`	`+ "version": "13.9.2",`
`2749`	`2749`	`"supplier": {`
`2750`	`2750`	`"name": "Will McGugan",`
`2751`	`2751`	`"contact": [`
`@@ -2754,7 +2754,7 @@`
`2754`	`2754`	`}`
`2755`	`2755`	`]`
`2756`	`2756`	`},`
`2757`		`- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.8.1:::::::*",`
	`2757`	`+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.9.2:::::::*",`
`2758`	`2758`	`"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",`
`2759`	`2759`	`"licenses": [`
`2760`	`2760`	`{`
`@@ -2772,12 +2772,12 @@`
`2772`	`2772`	`"comment": "Home page for project"`
`2773`	`2773`	`},`
`2774`	`2774`	`{`
`2775`		`- "url": "https://pypi.org/project/rich/13.8.1/#files",`
	`2775`	`+ "url": "https://pypi.org/project/rich/13.9.2/#files",`
`2776`	`2776`	`"type": "distribution",`
`2777`	`2777`	`"comment": "Download location for component"`
`2778`	`2778`	`}`
`2779`	`2779`	`],`
`2780`		`- "purl": "pkg:pypi/rich@13.8.1",`
	`2780`	`+ "purl": "pkg:pypi/rich@13.9.2",`
`2781`	`2781`	`"properties": [`
`2782`	`2782`	`{`
`2783`	`2783`	`"name": "language",`
`@@ -3893,7 +3893,8 @@`
`3893`	`3893`	`"ref": "55-rich",`
`3894`	`3894`	`"dependsOn": [`
`3895`	`3895`	`"56-markdown-it-py",`
`3896`		`- "58-pygments"`
	`3896`	`+ "58-pygments",`
	`3897`	`+ "9-typing-extensions"`
`3897`	`3898`	`]`
`3898`	`3899`	`},`
`3899`	`3900`	`{`