Skip to content

Commit d98dd6f

Browse files
web-flowgithub-actions[bot]
web-flow
authored and
github-actions[bot]
committed
chore: update SBOM for Python 3.11
1 parent 2c99748 commit d98dd6f

File tree

2 files changed

+26
-26
lines changed

2 files changed

+26
-26
lines changed

sbom/cve-bin-tool-py3.11.json

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,10 @@
22
"$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
33
"bomFormat": "CycloneDX",
44
"specVersion": "1.7",
5-
"serialNumber": "urn:uuid:7028081c-321c-4f41-83d9-e4fb54855c7b",
5+
"serialNumber": "urn:uuid:4a902649-ff6d-4934-be86-2eb8dd79be62",
66
"version": 1,
77
"metadata": {
8-
"timestamp": "2025-11-03T00:42:32Z",
8+
"timestamp": "2025-11-10T00:41:52Z",
99
"lifecycles": [
1010
{
1111
"phase": "build"
@@ -4063,7 +4063,7 @@
40634063
"type": "library",
40644064
"bom-ref": "63-plotly",
40654065
"name": "plotly",
4066-
"version": "6.3.1",
4066+
"version": "6.4.0",
40674067
"supplier": {
40684068
"name": "Chris P",
40694069
"contact": [
@@ -4072,12 +4072,12 @@
40724072
}
40734073
]
40744074
},
4075-
"cpe": "cpe:2.3:a:chris_p:plotly:6.3.1:*:*:*:*:*:*:*",
4075+
"cpe": "cpe:2.3:a:chris_p:plotly:6.4.0:*:*:*:*:*:*:*",
40764076
"description": "An open-source interactive data visualization library for Python",
40774077
"hashes": [
40784078
{
40794079
"alg": "SHA-256",
4080-
"content": "8b4420d1dcf2b040f5983eed433f95732ed24930e496d36eb70d211923532e64"
4080+
"content": "a1062eafbdc657976c2eedd276c90e184ccd6c21282a5e9ee8f20efca9c9a4c5"
40814081
}
40824082
],
40834083
"externalReferences": [
@@ -4087,7 +4087,7 @@
40874087
"comment": "Home page for project"
40884088
},
40894089
{
4090-
"url": "https://pypi.org/project/plotly/6.3.1/#files",
4090+
"url": "https://pypi.org/project/plotly/6.4.0/#files",
40914091
"type": "distribution",
40924092
"comment": "Download location for component"
40934093
},
@@ -4104,11 +4104,11 @@
41044104
"type": "log"
41054105
}
41064106
],
4107-
"purl": "pkg:pypi/plotly@6.3.1",
4107+
"purl": "pkg:pypi/plotly@6.4.0",
41084108
"properties": [
41094109
{
41104110
"name": "release_date",
4111-
"value": "2025-10-02T16:10:22Z"
4111+
"value": "2025-11-04T17:59:22Z"
41124112
},
41134113
{
41144114
"name": "language",
@@ -4128,7 +4128,7 @@
41284128
"type": "library",
41294129
"bom-ref": "64-narwhals",
41304130
"name": "narwhals",
4131-
"version": "2.10.1",
4131+
"version": "2.10.2",
41324132
"supplier": {
41334133
"name": "Marco Gorelli",
41344134
"contact": [
@@ -4137,7 +4137,7 @@
41374137
}
41384138
]
41394139
},
4140-
"cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.10.1:*:*:*:*:*:*:*",
4140+
"cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.10.2:*:*:*:*:*:*:*",
41414141
"description": "Extremely lightweight compatibility layer between dataframe libraries",
41424142
"licenses": [
41434143
{
@@ -4155,7 +4155,7 @@
41554155
"comment": "Home page for project"
41564156
},
41574157
{
4158-
"url": "https://pypi.org/project/narwhals/2.10.1/#files",
4158+
"url": "https://pypi.org/project/narwhals/2.10.2/#files",
41594159
"type": "distribution",
41604160
"comment": "Download location for component"
41614161
},
@@ -4172,11 +4172,11 @@
41724172
"type": "issue-tracker"
41734173
}
41744174
],
4175-
"purl": "pkg:pypi/narwhals@2.10.1",
4175+
"purl": "pkg:pypi/narwhals@2.10.2",
41764176
"properties": [
41774177
{
41784178
"name": "release_date",
4179-
"value": "2025-10-02T16:10:22Z"
4179+
"value": "2025-11-04T17:59:22Z"
41804180
},
41814181
{
41824182
"name": "language",

sbom/cve-bin-tool-py3.11.spdx

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
22
DataLicense: CC0-1.0
33
SPDXID: SPDXRef-DOCUMENT
44
DocumentName: Python-cve-bin-tool
5-
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-5cf11eb5-8c66-4959-9c9a-48fa6274697a
5+
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c21d4eba-37d8-4ed9-b75c-5654f6ff8187
66
LicenseListVersion: 3.26
77
Creator: Tool: sbom4python-0.12.4
8-
Created: 2025-11-03T00:42:21Z
8+
Created: 2025-11-10T00:41:40Z
99
CreatorComment: <text>SBOM Type: Build - This document has been automatically generated.</text>
1010
#####
1111

@@ -1279,13 +1279,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:25.0:*:*:*:*:*
12791279

12801280
PackageName: plotly
12811281
SPDXID: SPDXRef-63-plotly
1282-
PackageVersion: 6.3.1
1282+
PackageVersion: 6.4.0
12831283
PrimaryPackagePurpose: LIBRARY
12841284
PackageSupplier: Person: Chris P (chris@plot.ly)
1285-
PackageDownloadLocation: https://pypi.org/project/plotly/6.3.1/#files
1285+
PackageDownloadLocation: https://pypi.org/project/plotly/6.4.0/#files
12861286
FilesAnalyzed: false
12871287
PackageHomePage: https://plotly.com/python/
1288-
PackageChecksum: SHA256: 8b4420d1dcf2b040f5983eed433f95732ed24930e496d36eb70d211923532e64
1288+
PackageChecksum: SHA256: a1062eafbdc657976c2eedd276c90e184ccd6c21282a5e9ee8f20efca9c9a4c5
12891289
PackageLicenseDeclared: NOASSERTION
12901290
PackageLicenseConcluded: NOASSERTION
12911291
PackageLicenseComments: <text>plotly declares MIT License
@@ -1312,33 +1312,33 @@ THE SOFTWARE.
13121312
which is not currently a valid SPDX License identifier or expression.</text>
13131313
PackageCopyrightText: NOASSERTION
13141314
PackageSummary: <text>An open-source interactive data visualization library for Python</text>
1315-
ReleaseDate: 2025-10-02T16:10:22Z
1315+
ReleaseDate: 2025-11-04T17:59:22Z
13161316
ExternalRef: OTHER documentation https://plotly.com/python/
13171317
ExternalRef: OTHER vcs https://github.com/plotly/plotly.py
13181318
ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/main/CHANGELOG.md
1319-
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@6.3.1
1320-
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.3.1:*:*:*:*:*:*:*
1319+
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@6.4.0
1320+
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.4.0:*:*:*:*:*:*:*
13211321
#####
13221322

13231323
PackageName: narwhals
13241324
SPDXID: SPDXRef-64-narwhals
1325-
PackageVersion: 2.10.1
1325+
PackageVersion: 2.10.2
13261326
PrimaryPackagePurpose: LIBRARY
13271327
PackageSupplier: Person: Marco Gorelli (hello_narwhals@proton.me)
1328-
PackageDownloadLocation: https://pypi.org/project/narwhals/2.10.1/#files
1328+
PackageDownloadLocation: https://pypi.org/project/narwhals/2.10.2/#files
13291329
FilesAnalyzed: false
13301330
PackageHomePage: https://github.com/narwhals-dev/narwhals
13311331
PackageLicenseDeclared: NOASSERTION
13321332
PackageLicenseConcluded: MIT
13331333
PackageLicenseComments: <text>narwhals declares MIT License which is not currently a valid SPDX License identifier or expression.</text>
13341334
PackageCopyrightText: NOASSERTION
13351335
PackageSummary: <text>Extremely lightweight compatibility layer between dataframe libraries</text>
1336-
ReleaseDate: 2025-10-02T16:10:22Z
1336+
ReleaseDate: 2025-11-04T17:59:22Z
13371337
ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/
13381338
ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals
13391339
ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues
1340-
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.10.1
1341-
ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.10.1:*:*:*:*:*:*:*
1340+
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.10.2
1341+
ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.10.2:*:*:*:*:*:*:*
13421342
#####
13431343

13441344
PackageName: python-gnupg

0 commit comments

Comments
 (0)