chore: update SBOM for Python 3.12 (#4703)

Co-authored-by: GitHub <[email protected]>
intel · Jan 21, 2025 · 178660c · 178660c
1 parent a756f0d
commit 178660c
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 17 deletions.
diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:cbffac4d-bb66-46fa-87d7-12e1dfdd35ed",
+  "serialNumber": "urn:uuid:632061a2-9026-4d11-97a8-a7159d14ca5f",
   "version": 1,
   "metadata": {
-    "timestamp": "2025-01-13T00:37:15Z",
+    "timestamp": "2025-01-20T00:37:46Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -3109,7 +3109,7 @@
       "type": "library",
       "bom-ref": "49-referencing",
       "name": "referencing",
-      "version": "0.35.1",
+      "version": "0.36.1",
       "supplier": {
         "name": "Julian Berman",
         "contact": [
@@ -3118,12 +3118,12 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:referencing:0.36.1:*:*:*:*:*:*:*",
       "description": "JSON Referencing + Python",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de"
+          "content": "363d9c65f080d0d70bc41c721dce3c7f3e77fc09f269cd5c8813da18069a6794"
         }
       ],
       "externalReferences": [
@@ -3133,7 +3133,7 @@
           "comment": "Home page for project"
         },
         {
-          "url": "https://pypi.org/project/referencing/0.35.1/#files",
+          "url": "https://pypi.org/project/referencing/0.36.1/#files",
           "type": "distribution",
           "comment": "Download location for component"
         },
@@ -3162,11 +3162,11 @@
           "type": "vcs"
         }
       ],
-      "purl": "pkg:pypi/referencing@0.35.1",
+      "purl": "pkg:pypi/referencing@0.36.1",
       "properties": [
         {
           "name": "release_date",
-          "value": "2024-05-01T20:26:02Z"
+          "value": "2025-01-17T02:22:02Z"
         },
         {
           "name": "language",
@@ -4864,7 +4864,8 @@
       "ref": "49-referencing",
       "dependsOn": [
         "6-attrs",
-        "50-rpds-py"
+        "50-rpds-py",
+        "8-typing-extensions"
       ]
     },
     {

diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c66c7546-184a-4e83-b762-cfe09cebf66d
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-5c4f4034-0f8c-4e39-bfdf-40241bd1bedf
 LicenseListVersion: 3.25
 Creator: Tool: sbom4python-0.12.1
-Created: 2025-01-13T00:37:08Z
+Created: 2025-01-20T00:37:39Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -1030,26 +1030,26 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
 
 PackageName: referencing
 SPDXID: SPDXRef-49-referencing
-PackageVersion: 0.35.1
+PackageVersion: 0.36.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman ([email protected])
-PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files
+PackageDownloadLocation: https://pypi.org/project/referencing/0.36.1/#files
 FilesAnalyzed: false
 PackageHomePage: https://github.com/python-jsonschema/referencing
-PackageChecksum: SHA256: eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de
+PackageChecksum: SHA256: 363d9c65f080d0d70bc41c721dce3c7f3e77fc09f269cd5c8813da18069a6794
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: NOASSERTION
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>JSON Referencing + Python</text>
-ReleaseDate: 2024-05-01T20:26:02Z
+ReleaseDate: 2025-01-17T02:22:02Z
 ExternalRef: OTHER documentation https://referencing.readthedocs.io/
 ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/
 ExternalRef: OTHER other https://github.com/sponsors/Julian
 ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link
 ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/
 ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.35.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.36.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.36.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: rpds-py
@@ -1614,6 +1614,7 @@ Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-6-attrs
 Relationship: SPDXRef-48-jsonschema-specifications DEPENDS_ON SPDXRef-49-referencing
 Relationship: SPDXRef-49-referencing DEPENDS_ON SPDXRef-50-rpds-py
 Relationship: SPDXRef-49-referencing DEPENDS_ON SPDXRef-6-attrs
+Relationship: SPDXRef-49-referencing DEPENDS_ON SPDXRef-8-typing-extensions
 Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-15-defusedxml
 Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-52-pyyaml
 Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-53-semantic-version