From 117f0e40db9dd7e99763b9bebd951d3ae8cf7d43 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 22 Sep 2025 00:45:58 +0000 Subject: [PATCH] chore: update SBOM for Python 3.11 --- sbom/cve-bin-tool-py3.11.json | 28 ++++++++++++++-------------- sbom/cve-bin-tool-py3.11.spdx | 21 ++++++++++----------- 2 files changed, 24 insertions(+), 25 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index 2529f2bb6f..ab631d5fcd 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:10e931cf-1843-4135-aa46-65bcb078f08e", + "serialNumber": "urn:uuid:56cdbb59-a28a-4073-b404-d4f51e96841a", "version": 1, "metadata": { - "timestamp": "2025-09-15T00:42:54Z", + "timestamp": "2025-09-22T00:45:57Z", "lifecycles": [ { "phase": "build" @@ -2002,7 +2002,7 @@ "type": "library", "bom-ref": "30-pyparsing", "name": "pyparsing", - "version": "3.2.4", + "version": "3.2.5", "supplier": { "name": "Paul McGuire", "contact": [ @@ -2011,14 +2011,8 @@ } ] }, - "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.5:*:*:*:*:*:*:*", "description": "pyparsing - Classes and methods to define and execute parsing grammars", - "hashes": [ - { - "alg": "SHA-256", - "content": "91d0fcde680d42cd031daf3a6ba20da3107e08a75de50da58360e7d94ab24d36" - } - ], "externalReferences": [ { "url": "https://github.com/pyparsing/pyparsing/", @@ -2026,16 +2020,16 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyparsing/3.2.4/#files", + "url": "https://pypi.org/project/pyparsing/3.2.5/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyparsing@3.2.4", + "purl": "pkg:pypi/pyparsing@3.2.5", "properties": [ { "name": "release_date", - "value": "2025-09-13T05:47:17Z" + "value": "2022-02-03T00:00:29Z" }, { "name": "language", @@ -4720,6 +4714,12 @@ }, "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.25.0:*:*:*:*:*:*:*", "description": "Zstandard bindings for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "e59fdc271772f6686e01e1b3b74537259800f57e24280be3f29c8a0deb1904dd" + } + ], "externalReferences": [ { "url": "https://github.com/indygreg/python-zstandard", @@ -4740,7 +4740,7 @@ "properties": [ { "name": "release_date", - "value": "2025-06-08T17:06:38Z" + "value": "2025-09-14T22:15:56Z" }, { "name": "language", diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index 32bc810331..f05fd1262e 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-93b6ffc8-05d8-42f2-963e-94a7dc07f735 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e4ffcd62-802d-455a-9431-b69f7b96202b LicenseListVersion: 3.26 Creator: Tool: sbom4python-0.12.4 -Created: 2025-09-15T00:42:41Z +Created: 2025-09-22T00:45:34Z CreatorComment: SBOM Type: Build - This document has been automatically generated. ##### @@ -395,13 +395,12 @@ PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install FilesAnalyzed: false PackageHomePage: https://cloud.google.com/storage/docs/gsutil -PackageChecksum: SHA256: b6970ea6c0950c854ce2e33c591e177a6f4a657f2824a1b54eaefa2dff2576bb PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ReleaseDate: 2025-06-25T08:28:10Z +ReleaseDate: 2022-11-02T17:34:01Z ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.35 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.35:*:*:*:*:*:*:* ##### @@ -619,20 +618,19 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* PackageName: pyparsing SPDXID: SPDXRef-30-pyparsing -PackageVersion: 3.2.4 +PackageVersion: 3.2.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.4/#files +PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.5/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyparsing/pyparsing/ -PackageChecksum: SHA256: 91d0fcde680d42cd031daf3a6ba20da3107e08a75de50da58360e7d94ab24d36 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: pyparsing - Classes and methods to define and execute parsing grammars -ReleaseDate: 2025-09-13T05:47:17Z -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.2.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.4:*:*:*:*:*:*:* +ReleaseDate: 2022-02-03T00:00:29Z +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.2.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.5:*:*:*:*:*:*:* ##### PackageName: oauth2client @@ -1539,11 +1537,12 @@ PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) PackageDownloadLocation: https://pypi.org/project/zstandard/0.25.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/indygreg/python-zstandard +PackageChecksum: SHA256: e59fdc271772f6686e01e1b3b74537259800f57e24280be3f29c8a0deb1904dd PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Zstandard bindings for Python -ReleaseDate: 2025-06-08T17:06:38Z +ReleaseDate: 2025-09-14T22:15:56Z ExternalRef: OTHER documentation https://python-zstandard.readthedocs.io/en/latest/ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.25.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.25.0:*:*:*:*:*:*:*