Commit Graph

18 Commits

Author SHA1 Message Date
Seth Michael Larson 3c99969094
gh-126623: Update libexpat to 2.6.4, make future updates easier (GH-126792)
Update libexpat to 2.6.4, make future updates easier.
2024-11-13 18:31:20 +00:00
Seth Michael Larson db42934270
gh-123458: Skip SBOM generation if no git repository is detected (#123507) 2024-09-02 22:35:30 +03:00
Jonathan Protzenko 325e9b8ef4
gh-99108: Add HACL* Blake2 implementation to hashlib (GH-119316)
This replaces the existing hashlib Blake2 module with a single implementation that uses HACL\*'s Blake2b/Blake2s implementations. We added support for all the modes exposed by the Python API, including tree hashing, leaf nodes, and so on. We ported and merged all of these changes upstream in HACL\*, added test vectors based on Python's existing implementation, and exposed everything needed for hashlib.

This was joint work done with @R1kM.

See the PR for much discussion and benchmarking details.   TL;DR: On many systems, 8-50% faster (!) than `libb2`, on some systems it appeared 10-20% slower than `libb2`.
2024-08-13 21:42:19 +00:00
Seth Michael Larson 4e04d1a3d2
gh-122044: Don't error during gitignore filtering with no files (#122045) 2024-07-27 14:10:05 +03:00
Seth Michael Larson 1195c164da
gh-112844: Update CPE references for external dependencies (#118521) 2024-05-20 13:27:09 -04:00
Seth Michael Larson 72dae53e09
gh-116122: Add SBOM generation to PCbuild/build.bat (GH-116138) 2024-04-30 16:05:05 +01:00
Seth Michael Larson 669ef49c7d
gh-99108: Update and check HACL* version information (GH-117295)
* Update and check HACL* version information
2024-03-27 14:56:14 -07:00
Seth Michael Larson 45d8871dc4
gh-112844: Add SBOM for external dependencies (#115789) 2024-02-29 17:38:04 +02:00
Seth Michael Larson 889cc43cb1
gh-112302: Move pip SBOM discovery to release-tools (#115360) 2024-02-14 12:47:15 -07:00
Seth Michael Larson 4b2d1786cc
gh-115399: Upgrade bundled libexpat to 2.6.0 (#115431) 2024-02-14 16:29:06 +00:00
Seth Michael Larson 4bf41879d0
gh-112302: Change 'licenseConcluded' field to 'NOASSERTION' (#115038) 2024-02-06 12:25:58 +02:00
Seth Michael Larson 582d95e8bb
gh-114250: Fetch metadata for pip and its vendored dependencies from PyPI (#114450) 2024-01-26 09:48:13 +00:00
Erlend E. Aasland 7a0ac89b29
gh-114178: Fix generate_sbom.py for out-of-tree builds (#114179) 2024-01-17 17:25:39 +01:00
Seth Michael Larson e82b096335
gh-112302: Point core developers to SBOM devguide on errors (#113490)
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
2024-01-10 19:21:04 +00:00
Seth Michael Larson b221e03010
gh-113257: Automatically generate pip SBOM metadata from wheel (#113295)
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
2023-12-20 17:28:20 +00:00
Seth Michael Larson 4658464e9c
gh-113257: Fix SBOM metadata for pip 23.3.2 (#113262)
Fix SBOM metadata for pip 23.3.2
2023-12-19 08:34:53 +02:00
Stéphane Bidoul 4a24bf9a13
gh-113246: Updated bundled pip to 23.3.2 (gh-113249)
Updated bundled pip to 23.3.2
2023-12-18 10:21:46 +00:00
Seth Michael Larson 21221c398f
gh-112302: Add Software Bill-of-Materials (SBOM) tracking for dependencies (#112303) 2023-12-07 18:01:58 +02:00