Seth Michael Larson
3c99969094
gh-126623: Update libexpat to 2.6.4, make future updates easier (GH-126792)
...
Update libexpat to 2.6.4, make future updates easier.
2024-11-13 18:31:20 +00:00
Seth Michael Larson
db42934270
gh-123458: Skip SBOM generation if no git repository is detected ( #123507 )
2024-09-02 22:35:30 +03:00
Jonathan Protzenko
325e9b8ef4
gh-99108: Add HACL* Blake2 implementation to hashlib (GH-119316)
...
This replaces the existing hashlib Blake2 module with a single implementation that uses HACL\*'s Blake2b/Blake2s implementations. We added support for all the modes exposed by the Python API, including tree hashing, leaf nodes, and so on. We ported and merged all of these changes upstream in HACL\*, added test vectors based on Python's existing implementation, and exposed everything needed for hashlib.
This was joint work done with @R1kM.
See the PR for much discussion and benchmarking details. TL;DR: On many systems, 8-50% faster (!) than `libb2`, on some systems it appeared 10-20% slower than `libb2`.
2024-08-13 21:42:19 +00:00
Seth Michael Larson
4e04d1a3d2
gh-122044: Don't error during gitignore filtering with no files ( #122045 )
2024-07-27 14:10:05 +03:00
Seth Michael Larson
1195c164da
gh-112844: Update CPE references for external dependencies ( #118521 )
2024-05-20 13:27:09 -04:00
Seth Michael Larson
72dae53e09
gh-116122: Add SBOM generation to PCbuild/build.bat (GH-116138)
2024-04-30 16:05:05 +01:00
Seth Michael Larson
669ef49c7d
gh-99108: Update and check HACL* version information (GH-117295)
...
* Update and check HACL* version information
2024-03-27 14:56:14 -07:00
Seth Michael Larson
45d8871dc4
gh-112844: Add SBOM for external dependencies ( #115789 )
2024-02-29 17:38:04 +02:00
Seth Michael Larson
889cc43cb1
gh-112302: Move pip SBOM discovery to release-tools ( #115360 )
2024-02-14 12:47:15 -07:00
Seth Michael Larson
4b2d1786cc
gh-115399: Upgrade bundled libexpat to 2.6.0 ( #115431 )
2024-02-14 16:29:06 +00:00
Seth Michael Larson
4bf41879d0
gh-112302: Change 'licenseConcluded' field to 'NOASSERTION' ( #115038 )
2024-02-06 12:25:58 +02:00
Seth Michael Larson
582d95e8bb
gh-114250: Fetch metadata for pip and its vendored dependencies from PyPI ( #114450 )
2024-01-26 09:48:13 +00:00
Erlend E. Aasland
7a0ac89b29
gh-114178: Fix generate_sbom.py for out-of-tree builds ( #114179 )
2024-01-17 17:25:39 +01:00
Seth Michael Larson
e82b096335
gh-112302: Point core developers to SBOM devguide on errors ( #113490 )
...
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
2024-01-10 19:21:04 +00:00
Seth Michael Larson
b221e03010
gh-113257: Automatically generate pip SBOM metadata from wheel ( #113295 )
...
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
2023-12-20 17:28:20 +00:00
Seth Michael Larson
4658464e9c
gh-113257: Fix SBOM metadata for pip 23.3.2 ( #113262 )
...
Fix SBOM metadata for pip 23.3.2
2023-12-19 08:34:53 +02:00
Stéphane Bidoul
4a24bf9a13
gh-113246: Updated bundled pip to 23.3.2 (gh-113249)
...
Updated bundled pip to 23.3.2
2023-12-18 10:21:46 +00:00
Seth Michael Larson
21221c398f
gh-112302: Add Software Bill-of-Materials (SBOM) tracking for dependencies ( #112303 )
2023-12-07 18:01:58 +02:00