From 1f7794b9ce15091b955faa04b2583f757802f09d Mon Sep 17 00:00:00 2001 From: prabhu Date: Mon, 6 Nov 2023 08:59:08 +0000 Subject: [PATCH] cpp improvements (#688) * Use generic type for c/c++ instead of conan Signed-off-by: Prabhu Subramanian Updated wrapdb Signed-off-by: Prabhu Subramanian Load evinser dynamically. Fixes #686 Signed-off-by: Prabhu Subramanian Update atom to bring improved peformance in header analysis mode Support for vcpkg.json and dependency tree construction while generating cpp modules Signed-off-by: Prabhu Subramanian Update atom which brings the symlink fix Signed-off-by: Prabhu Subramanian * Bug fix Signed-off-by: Prabhu Subramanian * Added repo tests Signed-off-by: Prabhu Subramanian * Support for BOM profile Signed-off-by: Prabhu Subramanian * Support for BOM profile Signed-off-by: Prabhu Subramanian * Try again with jenkins tests Signed-off-by: Prabhu Subramanian * Use options instead of args Signed-off-by: Prabhu Subramanian --------- Signed-off-by: Prabhu Subramanian --- .github/workflows/repotests.yml | 24 +- README.md | 6 +- bin/cdxgen.js | 88 +++- data/wrapdb-releases.json | 709 ++++++++++++++++++++++---------- docs/ADVANCED.md | 11 + docs/CLI.md | 4 + index.js | 50 ++- package-lock.json | 12 +- package.json | 4 +- test/data/cmakes/conanfile1.txt | 100 +++++ test/data/vcpkg.json | 29 ++ utils.js | 148 ++++++- utils.test.js | 26 +- 13 files changed, 943 insertions(+), 268 deletions(-) create mode 100644 test/data/cmakes/conanfile1.txt create mode 100644 test/data/vcpkg.json diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml index 3ad09f2f3..b6aca649f 100644 --- a/.github/workflows/repotests.yml +++ b/.github/workflows/repotests.yml @@ -152,6 +152,10 @@ jobs: with: repository: 'DefectDojo/django-DefectDojo' path: 'repotests/django-DefectDojo' + - uses: actions/checkout@v3 + with: + repository: 'googleprojectzero/Jackalope' + path: 'repotests/Jackalope' - uses: dtolnay/rust-toolchain@stable - name: repotests run: | @@ -162,6 +166,8 @@ jobs: bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code.json --filter postgres --filter json bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code.json --only spring bin/cdxgen.js -p -t java repotests/java-sec-code -o repotests/java-sec-code/bom.json --deep --evidence + bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code.json --profile research + bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code.json --profile license-compliance bin/cdxgen.js -t python repotests/django-DefectDojo -o repotests/django-DefectDojo/bom.json --deep --evidence bin/cdxgen.js -p -r -t java repotests/shiftleft-java-example -o bomresults/bom-java.json --generate-key-and-sign node bin/evinse.js -i bomresults/bom-java.json -o bomresults/bom-java.evinse.json -l java --with-data-flow -p repotests/shiftleft-java-example @@ -190,6 +196,7 @@ jobs: bin/cdxgen.js -r -t yaml-manifest repotests/microservices-demo -o bomresults/bom-yaml.json --validate FETCH_LICENSE=true bin/cdxgen.js -p -r -t js repotests/shiftleft-ts-example -o bomresults/bom-ts.json --validate bin/cdxgen.js -r -t c repotests/openpbs -o bomresults/bom-openpbs.json + bin/cdxgen.js -r -t c repotests/Jackalope -o bomresults/bom-Jackalope.json -p cd repotests/ha-android && ./gradlew assembleDebug || true && cd ../.. bin/cdxgen.js -r -t java repotests/ha-android -o bomresults/bom-android.json CDXGEN_DEBUG_MODE=debug bin/evinse.js -i bomresults/bom-android.json -o bomresults/bom-android.evinse.json -l java repotests/ha-android @@ -201,15 +208,18 @@ jobs: bin/cdxgen.js -p -r -t dotnet repotests/dotnet-paket -o bomresults/bom-dotnet-paket.json --validate bin/cdxgen.js -p -t python repotests/blint -o bomresults/bom-blint.json bin/cdxgen.js -p -t python repotests/blint -o bomresults/bom-blint-deep.json --deep - # mkdir -p jenkins - # wget https://updates.jenkins.io/download/plugins/sonar/2.14/sonar.hpi - # wget https://updates.jenkins.io/download/plugins/bouncycastle-api/2.26/bouncycastle-api.hpi - # wget https://updates.jenkins.io/download/plugins/jsch/0.1.55.61.va_e9ee26616e7/jsch.hpi - # wget https://updates.jenkins.io/download/plugins/momentjs/1.1.1/momentjs.hpi - # mv *.hpi jenkins - # CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -p -r -t jenkins jenkins -o bomresults/bom-jenkins.json --validate ls -ltr bomresults shell: bash + - name: jenkins plugins + run: | + mkdir -p jenkins + curl -LO https://updates.jenkins.io/download/plugins/sonar/2.14/sonar.hpi + curl -LO https://updates.jenkins.io/download/plugins/bouncycastle-api/2.26/bouncycastle-api.hpi + curl -LO https://updates.jenkins.io/download/plugins/jsch/0.1.55.61.va_e9ee26616e7/jsch.hpi + curl -LO https://updates.jenkins.io/download/plugins/momentjs/1.1.1/momentjs.hpi + mv *.hpi jenkins + CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -p -r -t jenkins jenkins -o bomresults/bom-jenkins.json --validate + shell: bash - name: repotests 1.4 run: | bin/cdxgen.js -p -r -t java repotests/shiftleft-java-example -o bomresults/bom-java.json --generate-key-and-sign --spec-version 1.4 diff --git a/README.md b/README.md index 3ea613445..6f9779cfa 100644 --- a/README.md +++ b/README.md @@ -181,6 +181,10 @@ Options: --author The person(s) who created the BOM. Set this value if you're intending the modify the BOM and claim authorship.[array] [default: "OWASP Foundation"] + --profile BOM profile to use for generation. Default generi + c. + [choices: "appsec", "research", "operational", "threat-modeling", "license-com + pliance", "generic"] [default: "generic"] --auto-compositions Automatically set compositions when the BOM was f iltered. Defaults to true [boolean] [default: true] @@ -373,7 +377,7 @@ cdxgen can retain the dependency tree under the `dependencies` attribute for a s | SBOM_SIGN_ALGORITHM | Signature algorithm. Some valid values are RS256, RS384, RS512, PS256, PS384, PS512, ES256 etc | | SBOM_SIGN_PRIVATE_KEY | Private key to use for signing | | SBOM_SIGN_PUBLIC_KEY | Optional. Public key to include in the SBOM signature | -| CDX_MAVEN_PLUGIN | CycloneDX Maven plugin to use. Default "org.cyclonedx:cyclonedx-maven-plugin:2.7.8" | +| CDX_MAVEN_PLUGIN | CycloneDX Maven plugin to use. Default "org.cyclonedx:cyclonedx-maven-plugin:2.7.10" | | CDX_MAVEN_GOAL | CycloneDX Maven plugin goal to use. Default makeAggregateBom. Other options: makeBom, makePackageBom | | CDX_MAVEN_INCLUDE_TEST_SCOPE | Whether test scoped dependencies should be included from Maven projects, Default: true | | ASTGEN_IGNORE_DIRS | Comma separated list of directories to ignore while analyzing using babel. The environment variable is also used by atom and astgen. | diff --git a/bin/cdxgen.js b/bin/cdxgen.js index 0be34d03d..dd8646e8c 100755 --- a/bin/cdxgen.js +++ b/bin/cdxgen.js @@ -21,7 +21,6 @@ import { import { findUpSync } from "find-up"; import { load as _load } from "js-yaml"; import { postProcess } from "../postgen.js"; -import { analyzeProject, createEvinseFile, prepareDB } from "../evinser.js"; import { ATOM_DB } from "../utils.js"; // Support for config files @@ -204,6 +203,18 @@ const args = yargs(hideBin(process.argv)) "The person(s) who created the BOM. Set this value if you're intending the modify the BOM and claim authorship.", default: "OWASP Foundation" }) + .option("profile", { + description: "BOM profile to use for generation. Default generic.", + default: "generic", + choices: [ + "appsec", + "research", + "operational", + "threat-modeling", + "license-compliance", + "generic" + ] + }) .completion("completion", "Generate bash/zsh completion") .array("filter") .array("only") @@ -259,6 +270,32 @@ if (process.argv[1].includes("obom") && !args.type) { args.type = "os"; } +const applyProfile = (options) => { + switch (options.profile) { + case "appsec": + options.deep = true; + break; + case "research": + options.deep = true; + options.evidence = true; + process.env.CDX_MAVEN_INCLUDE_TEST_SCOPE = true; + process.env.ASTGEN_IGNORE_DIRS = ""; + process.env.ASTGEN_IGNORE_FILE_PATTERN = ""; + break; + case "operational": + options.projectType = options.projectType || "os"; + break; + case "threat-modeling": // unused + break; + case "license-compliance": + process.env.FETCH_LICENSE = true; + break; + default: + break; + } + return options; +}; + /** * Command line options */ @@ -266,8 +303,10 @@ const options = Object.assign({}, args, { projectType: args.type, multiProject: args.recurse, noBabel: args.noBabel || args.babel === false, - project: args.projectId + project: args.projectId, + deep: args.deep || args.evidence }); +applyProfile(options); /** * Check for node >= 20 permissions @@ -306,7 +345,7 @@ const checkPermissions = (filePath) => { */ (async () => { // Start SBOM server - if (args.server) { + if (options.server) { const serverModule = await import("../server.js"); return serverModule.start(options); } @@ -323,15 +362,15 @@ const checkPermissions = (filePath) => { bomNSData = postProcess(bomNSData, options); } if ( - args.output && - (typeof args.output === "string" || args.output instanceof String) + options.output && + (typeof options.output === "string" || options.output instanceof String) ) { if (bomNSData.bomXmlFiles) { console.log("BOM files produced:", bomNSData.bomXmlFiles); } else { - const jsonFile = args.output.replace(".xml", ".json"); + const jsonFile = options.output.replace(".xml", ".json"); // Create bom json file - if (!args.output.endsWith(".xml") && bomNSData.bomJson) { + if (!options.output.endsWith(".xml") && bomNSData.bomJson) { let jsonPayload = undefined; if ( typeof bomNSData.bomJson === "string" || @@ -345,7 +384,7 @@ const checkPermissions = (filePath) => { } if ( jsonPayload && - (args.generateKeyAndSign || + (options.generateKeyAndSign || (process.env.SBOM_SIGN_ALGORITHM && process.env.SBOM_SIGN_ALGORITHM !== "none" && process.env.SBOM_SIGN_PRIVATE_KEY && @@ -358,7 +397,7 @@ const checkPermissions = (filePath) => { let privateKeyToUse = undefined; let jwkPublicKey = undefined; let publicKeyFile = undefined; - if (args.generateKeyAndSign) { + if (options.generateKeyAndSign) { const jdirName = dirname(jsonFile); publicKeyFile = join(jdirName, "public.key"); const privateKeyFile = join(jdirName, "private.key"); @@ -468,8 +507,8 @@ const checkPermissions = (filePath) => { } } // Create bom xml file - if (args.output.endsWith(".xml") && bomNSData.bomXml) { - fs.writeFileSync(args.output, bomNSData.bomXml); + if (options.output.endsWith(".xml") && bomNSData.bomXml) { + fs.writeFileSync(options.output, bomNSData.bomXml); } // if (bomNSData.nsMapping && Object.keys(bomNSData.nsMapping).length) { @@ -478,7 +517,7 @@ const checkPermissions = (filePath) => { console.log("Namespace mapping file written to", nsFile); } } - } else if (!args.print) { + } else if (!options.print) { if (bomNSData.bomJson) { console.log(JSON.stringify(bomNSData.bomJson, null, 2)); } else if (bomNSData.bomXml) { @@ -489,7 +528,8 @@ const checkPermissions = (filePath) => { } } // Evidence generation - if (args.evidence) { + if (options.evidence) { + const evinserModule = await import("../evinser.js"); const evinseOptions = { _: args._, input: options.output, @@ -503,12 +543,18 @@ const checkPermissions = (filePath) => { dataFlowSlicesFile: options.dataFlowSlicesFile, reachablesSlicesFile: options.reachablesSlicesFile }; - const dbObjMap = await prepareDB(evinseOptions); + const dbObjMap = await evinserModule.prepareDB(evinseOptions); if (dbObjMap) { - const sliceArtefacts = await analyzeProject(dbObjMap, evinseOptions); - const evinseJson = createEvinseFile(sliceArtefacts, evinseOptions); + const sliceArtefacts = await evinserModule.analyzeProject( + dbObjMap, + evinseOptions + ); + const evinseJson = evinserModule.createEvinseFile( + sliceArtefacts, + evinseOptions + ); bomNSData.bomJson = evinseJson; - if (args.print && evinseJson) { + if (options.print && evinseJson) { printOccurrences(evinseJson); printCallStack(evinseJson); printReachables(sliceArtefacts); @@ -517,22 +563,22 @@ const checkPermissions = (filePath) => { } } // Perform automatic validation - if (args.validate) { + if (options.validate) { if (!validateBom(bomNSData.bomJson)) { process.exit(1); } } // Automatically submit the bom data - if (args.serverUrl && args.serverUrl != true && args.apiKey) { + if (options.serverUrl && options.serverUrl != true && options.apiKey) { try { - const dbody = await submitBom(args, bomNSData.bomJson); + const dbody = await submitBom(options, bomNSData.bomJson); console.log("Response from server", dbody); } catch (err) { console.log(err); } } - if (args.print && bomNSData.bomJson && bomNSData.bomJson.components) { + if (options.print && bomNSData.bomJson && bomNSData.bomJson.components) { printDependencyTree(bomNSData.bomJson); printTable(bomNSData.bomJson); } diff --git a/data/wrapdb-releases.json b/data/wrapdb-releases.json index a13bdd164..1ca214af7 100644 --- a/data/wrapdb-releases.json +++ b/data/wrapdb-releases.json @@ -6,12 +6,16 @@ "analyzed_source_filename": "abseil-cpp-20230125.1.tar.gz", "analyzed_source_hash": "81311c17599b3712069ded20cca09a62ab0bf2a89dfa16993786c8782b7ed145", "PkgProvides": [ + "absl_algorithm_container", + "absl_any_invocable", "absl_bad_any_cast_impl", "absl_bad_optional_access", "absl_bad_variant_access", "absl_base", + "absl_bind_front", "absl_city", "absl_civil_time", + "absl_cleanup", "absl_container", "absl_cord", "absl_cord_internal", @@ -19,6 +23,7 @@ "absl_cordz_handle", "absl_cordz_info", "absl_cordz_sample_token", + "absl_core_headers", "absl_crc", "absl_debugging", "absl_debugging_internal", @@ -38,18 +43,25 @@ "absl_flags_reflection", "absl_flags_usage", "absl_flags_usage_internal", + "absl_flat_hash_map", + "absl_flat_hash_set", + "absl_function_ref", "absl_graphcycles_internal", "absl_hash", "absl_hashtablez_sampler", + "absl_inlined_vector", "absl_int128", "absl_leak_check", "absl_log", "absl_log_severity", "absl_low_level_hash", + "absl_memory", "absl_numeric", + "absl_optional", "absl_periodic_sampler", "absl_profiling", "absl_random", + "absl_random_bit_gen_ref", "absl_random_distributions", "absl_random_internal_distribution_test_util", "absl_random_internal_platform", @@ -59,15 +71,18 @@ "absl_random_internal_randen_hwaes_impl", "absl_random_internal_randen_slow", "absl_random_internal_seed_material", + "absl_random_random", "absl_random_seed_gen_exception", "absl_random_seed_sequences", "absl_raw_hash_set", "absl_raw_logging_internal", "absl_scoped_set_env", + "absl_span", "absl_spinlock_wait", "absl_stacktrace", "absl_status", "absl_statusor", + "absl_str_format", "absl_str_format_internal", "absl_strerror", "absl_strings", @@ -77,9 +92,13 @@ "absl_throw_delegate", "absl_time", "absl_time_zone", - "absl_types" + "absl_type_traits", + "absl_types", + "absl_utility", + "absl_variant" ], "available_versions": [ + "20230125.1-5", "20230125.1-4", "20230125.1-3", "20230125.1-2", @@ -131,13 +150,13 @@ "available_versions": ["0.0.1-1"] }, "asio": { - "name_with_version": "asio-1.24.0", - "analyzed_version": "1.24.0", - "analyzed_source_url": "https://sourceforge.net/projects/asio/files/asio/1.24.0%20%28Stable%29/asio-1.24.0.tar.gz/download", - "analyzed_source_filename": "asio-1.24.0.tar.gz", - "analyzed_source_hash": "2f23ef6eada06ecc1472af5df6365ed4f15452ccd07dc0a6851fa20d571dba94", + "name_with_version": "asio-1.28.1", + "analyzed_version": "1.28.1", + "analyzed_source_url": "https://sourceforge.net/projects/asio/files/asio/1.28.1%20%28Stable%29/asio-1.28.1.tar.gz/download", + "analyzed_source_filename": "asio-1.28.1.tar.gz", + "analyzed_source_hash": "eef0eddce419827876f4929c6d7523e010528031e5289ec57914e89fb9ab9d8d", "PkgProvides": ["asio"], - "available_versions": ["1.24.0-1"] + "available_versions": ["1.28.1-1", "1.24.0-1"] }, "backward-cpp": { "name_with_version": "backward-cpp-1.6", @@ -157,6 +176,15 @@ "PkgProvides": ["gc"], "available_versions": ["8.2.2-1", "8.2.0-1", "7.6.8-1"] }, + "blueprint-compiler": { + "name_with_version": "blueprint-compiler-v0.10.0", + "analyzed_version": "v0.10.0", + "analyzed_source_url": "https://gitlab.gnome.org/jwestman/blueprint-compiler/-/archive/v0.10.0/blueprint-compiler-v0.10.0.tar.gz", + "analyzed_source_filename": "blueprint-compiler-v0.10.0.tar.gz", + "analyzed_source_hash": "2bc729b36897d0959a9890fb0997c9847aa9d2fc9356520bd8a46ed0b51ff4c0", + "PkgProvides": ["program_names"], + "available_versions": ["0.10.0-1"] + }, "box2d": { "name_with_version": "box2d-2.4.1", "analyzed_version": "2.4.1", @@ -183,6 +211,15 @@ "PkgProvides": ["bshoshany-thread-pool"], "available_versions": ["3.5.0-1", "3.4.0-1", "3.3.0-1"] }, + "c-ares": { + "name_with_version": "c-ares-1.20.1", + "analyzed_version": "1.20.1", + "analyzed_source_url": "https://github.com/c-ares/c-ares/releases/download/cares-1_20_1/c-ares-1.20.1.tar.gz", + "analyzed_source_filename": "c-ares-1.20.1.tar.gz", + "analyzed_source_hash": "de24a314844cb157909730828560628704f4f896d167dd7da0fa2fb93ea18b10", + "PkgProvides": ["libcares"], + "available_versions": ["1.20.1-1"] + }, "c-flags": { "name_with_version": "c-flags-1.5.4", "analyzed_version": "1.5.4", @@ -193,13 +230,13 @@ "available_versions": ["1.5.4-1"] }, "cairo": { - "name_with_version": "cairo-1.17.8", - "analyzed_version": "1.17.8", - "analyzed_source_url": "https://gitlab.freedesktop.org/cairo/cairo/-/archive/1.17.8/cairo-1.17.8.tar.bz2", - "analyzed_source_filename": "cairo-1.17.8.tar.bz2", - "analyzed_source_hash": "ead4724423eb969f98b456fe1e3ee1e1741fe1c8dfb1a41ca12afa81a6c1665f", + "name_with_version": "cairo-1.18.0", + "analyzed_version": "1.18.0", + "analyzed_source_url": "https://www.cairographics.org/releases/cairo-1.18.0.tar.xz", + "analyzed_source_filename": "cairo-1.18.0.tar.xz", + "analyzed_source_hash": "243a0736b978a33dee29f9cca7521733b78a65b5418206fef7bd1c3d4cf10b64", "PkgProvides": ["dependency_names"], - "available_versions": ["1.17.8-1"] + "available_versions": ["1.18.0-1", "1.17.8-1"] }, "catch2": { "name_with_version": "Catch2-3.4.0", @@ -278,7 +315,13 @@ "analyzed_source_filename": "check-0.15.2.tar.gz", "analyzed_source_hash": "998d355294bb94072f40584272cf4424571c396c631620ce463f6ea97aa67d2e", "PkgProvides": ["check"], - "available_versions": ["0.15.2-3", "0.15.2-2", "0.15.2-1", "0.14.0-1"] + "available_versions": [ + "0.15.2-4", + "0.15.2-3", + "0.15.2-2", + "0.15.2-1", + "0.14.0-1" + ] }, "chipmunk": { "name_with_version": "Chipmunk2D-Chipmunk-7.0.3", @@ -290,13 +333,14 @@ "available_versions": ["7.0.3-1", "6.2.2-2", "6.2.2-1"] }, "cjson": { - "name_with_version": "cJSON-1.7.15", - "analyzed_version": "cJSON-1.7.15", - "analyzed_source_url": "https://github.com/DaveGamble/cJSON/archive/refs/tags/v1.7.15.tar.gz", - "analyzed_source_filename": "v1.7.15.tar.gz", - "analyzed_source_hash": "5308fd4bd90cef7aa060558514de6a1a4a0819974a26e6ed13973c5f624c24b2", + "name_with_version": "cJSON-1.7.16", + "analyzed_version": "cJSON-1.7.16", + "analyzed_source_url": "https://github.com/DaveGamble/cJSON/archive/refs/tags/v1.7.16.tar.gz", + "analyzed_source_filename": "v1.7.16.tar.gz", + "analyzed_source_hash": "451131a92c55efc5457276807fc0c4c2c2707c9ee96ef90c47d68852d5384c6c", "PkgProvides": ["libcjson", "libcjson_utils"], "available_versions": [ + "1.7.16-1", "1.7.15-6", "1.7.15-5", "1.7.15-4", @@ -345,6 +389,7 @@ "analyzed_source_hash": "810570eb0b8d64804331f82b29ff47c790ce9cd6b163e98d47a4807047ecad82", "PkgProvides": ["cmocka"], "available_versions": [ + "1.1.7-2", "1.1.7-1", "1.1.5-5", "1.1.5-4", @@ -391,13 +436,16 @@ "available_versions": ["4.10.0-1", "4.9.0-1", "4.8.1-2", "4.8.1-1"] }, "cpr": { - "name_with_version": "cpr-1.9.3", - "analyzed_version": "1.9.3", - "analyzed_source_url": "https://github.com/libcpr/cpr/archive/1.9.3.tar.gz", - "analyzed_source_filename": "cpr-1.9.3.tar.gz", - "analyzed_source_hash": "df53e7213d80fdc24583528521f7d3349099f5bb4ed05ab05206091a678cc53c", + "name_with_version": "cpr-1.10.4", + "analyzed_version": "1.10.4", + "analyzed_source_url": "https://github.com/libcpr/cpr/archive/1.10.4.tar.gz", + "analyzed_source_filename": "cpr-1.10.4.tar.gz", + "analyzed_source_hash": "88462d059cd3df22c4d39ae04483ed50dfd2c808b3effddb65ac3b9aa60b542d", "PkgProvides": ["cpr"], "available_versions": [ + "1.10.4-1", + "1.9.6-2", + "1.9.6-1", "1.9.3-1", "1.9.2-2", "1.9.2-1", @@ -415,6 +463,15 @@ "PkgProvides": ["croaring"], "available_versions": ["1.3.0-1"] }, + "curl": { + "name_with_version": "curl-8.4.0", + "analyzed_version": "8.4.0", + "analyzed_source_url": "https://github.com/curl/curl/releases/download/curl-8_4_0/curl-8.4.0.tar.xz", + "analyzed_source_filename": "curl-8.4.0.tar.xz", + "analyzed_source_hash": "16c62a9c4af0f703d28bda6d7bbf37ba47055ad3414d70dec63e2e6336f2a82d", + "PkgProvides": ["dependency_names"], + "available_versions": ["8.4.0-1", "8.3.0-1", "8.0.1-1"] + }, "cxxopts": { "name_with_version": "cxxopts-3.1.1", "analyzed_version": "3.1.1", @@ -430,6 +487,15 @@ "2.2.0-1" ] }, + "directxmath": { + "name_with_version": "DirectXMath-dec2022", + "analyzed_version": "DirectXMath-dec2022", + "analyzed_source_url": "https://github.com/microsoft/DirectXMath/archive/refs/tags/dec2022.tar.gz", + "analyzed_source_filename": "dec2022.tar.gz", + "analyzed_source_hash": "70a18f35343ff07084d31afa7a7978b3b59160f0533424365451c72475ff480f", + "PkgProvides": ["directxmath"], + "available_versions": ["3.1.8-1"] + }, "dlfcn-win32": { "name_with_version": "dlfcn-win32-1.3.1", "analyzed_version": "1.3.1", @@ -572,7 +638,7 @@ "analyzed_source_filename": "0.7.6.tar.gz", "analyzed_source_hash": "dc004017093e1ae3838b8c2a281d77d7cc94a84e0f157d93740838fb61e26d47", "PkgProvides": ["facil"], - "available_versions": ["0.7.6-2", "0.7.6-1", "0.7.5-1"] + "available_versions": ["0.7.6-3", "0.7.6-2", "0.7.6-1", "0.7.5-1"] }, "fdk-aac": { "name_with_version": "fdk-aac-2.0.2", @@ -639,6 +705,7 @@ "analyzed_source_hash": "321f7d3f72206b2522f30a1cb8ad1936fd4533ffc4d29dd335b1953c9fb371e6", "PkgProvides": ["fluidsynth"], "available_versions": [ + "2.3.3-2", "2.3.3-1", "2.3.2-1", "2.3.0-1", @@ -655,13 +722,14 @@ ] }, "fmt": { - "name_with_version": "fmt-9.1.0", - "analyzed_version": "9.1.0", - "analyzed_source_url": "https://github.com/fmtlib/fmt/archive/9.1.0.tar.gz", - "analyzed_source_filename": "fmt-9.1.0.tar.gz", - "analyzed_source_hash": "5dea48d1fcddc3ec571ce2058e13910a0d4a6bab4cc09a809d8b1dd1c88ae6f2", + "name_with_version": "fmt-10.1.1", + "analyzed_version": "10.1.1", + "analyzed_source_url": "https://github.com/fmtlib/fmt/archive/10.1.1.tar.gz", + "analyzed_source_filename": "fmt-10.1.1.tar.gz", + "analyzed_source_hash": "78b8c0a72b1c35e4443a7e308df52498252d1cefc2b08c9a97bc9ee6cfe61f8b", "PkgProvides": ["fmt"], "available_versions": [ + "10.1.1-1", "9.1.0-2", "9.1.0-1", "9.0.0-1", @@ -688,6 +756,15 @@ "PkgProvides": ["fontconfig"], "available_versions": ["2.14.2-1"] }, + "freeglut": { + "name_with_version": "freeglut-3.4.0", + "analyzed_version": "3.4.0", + "analyzed_source_url": "http://downloads.sourceforge.net/freeglut/3.4.0/freeglut-3.4.0.tar.gz", + "analyzed_source_filename": "freeglut-3.4.0.tar.gz", + "analyzed_source_hash": "3c0bcb915d9b180a97edaebd011b7a1de54583a838644dcd42bb0ea0c6f3eaec", + "PkgProvides": ["freeglut", "glut"], + "available_versions": ["3.4.0-2", "3.4.0-1"] + }, "freetype2": { "name_with_version": "freetype-2.13.2", "analyzed_version": "freetype-2.13.2", @@ -760,6 +837,15 @@ "PkgProvides": ["gdbm"], "available_versions": ["1.23-2", "1.23-1", "1.14.1-2", "1.14.1-1"] }, + "gdk-pixbuf": { + "name_with_version": "gdk-pixbuf-2.42.10", + "analyzed_version": "2.42.10", + "analyzed_source_url": "https://download.gnome.org/sources/gdk-pixbuf/2.42/gdk-pixbuf-2.42.10.tar.xz", + "analyzed_source_filename": "gdk-pixbuf-2.42.10.tar.xz", + "analyzed_source_hash": "ee9b6c75d13ba096907a2e3c6b27b61bcd17f5c7ebeab5a5b439d2f2e39fe44b", + "PkgProvides": ["gdk-pixbuf-2.0"], + "available_versions": ["2.42.10-1", "2.42.9-1"] + }, "gee": { "name_with_version": "libgee-0.20.6", "analyzed_version": "libgee-0.20.6", @@ -767,7 +853,7 @@ "analyzed_source_filename": "libgee-0.20.6.tar.xz", "analyzed_source_hash": "1bf834f5e10d60cc6124d74ed3c1dd38da646787fbf7872220b8b4068e476d4d", "PkgProvides": ["dependency_names"], - "available_versions": null + "available_versions": ["0.20.6-1"] }, "giflib": { "name_with_version": "giflib-5.2.1", @@ -776,7 +862,7 @@ "analyzed_source_filename": "giflib-5.2.1.tar.gz", "analyzed_source_hash": "31da5562f44c5f15d63340a09a4fd62b48c45620cd302f77a6d9acf0077879bd", "PkgProvides": ["dependency_names"], - "available_versions": ["5.2.1-1"] + "available_versions": ["5.2.1-3", "5.2.1-2", "5.2.1-1"] }, "glbinding": { "name_with_version": "glbinding-3.3.0", @@ -810,16 +896,27 @@ "analyzed_source_filename": "glfw-3.3.8.tar.gz", "analyzed_source_hash": "f30f42e05f11e5fc62483e513b0488d5bceeab7d9c5da0ffe2252ad81816c713", "PkgProvides": ["glfw3"], - "available_versions": ["3.3.8-2", "3.3.8-1", "3.3.7-1"] + "available_versions": ["3.3.8-3", "3.3.8-2", "3.3.8-1", "3.3.7-1"] + }, + "glib-networking": { + "name_with_version": "glib-networking-2.78.0", + "analyzed_version": "2.78.0", + "analyzed_source_url": "https://download.gnome.org/sources/glib-networking/2.78/glib-networking-2.78.0.tar.xz", + "analyzed_source_filename": "glib-networking-2.78.0.tar.xz", + "analyzed_source_hash": "52fe4ce93f7dc51334b102894599858d23c8a65ac4a1110b30920565d68d3aba", + "PkgProvides": [], + "available_versions": ["2.78.0-1"] }, "glib": { - "name_with_version": "glib-2.76.5", - "analyzed_version": "2.76.5", - "analyzed_source_url": "https://download.gnome.org/sources/glib/2.76/glib-2.76.5.tar.xz", - "analyzed_source_filename": "glib-2.76.5.tar.xz", - "analyzed_source_hash": "ed3a9953a90b20da8e5578a79f7d1c8a532eacbe2adac82aa3881208db8a3abe", + "name_with_version": "glib-2.78.1", + "analyzed_version": "2.78.1", + "analyzed_source_url": "https://download.gnome.org/sources/glib/2.78/glib-2.78.1.tar.xz", + "analyzed_source_filename": "glib-2.78.1.tar.xz", + "analyzed_source_hash": "915bc3d0f8507d650ead3832e2f8fb670fce59aac4d7754a7dab6f1e6fed78b2", "PkgProvides": ["dependency_names", "program_names"], "available_versions": [ + "2.78.1-1", + "2.78.0-1", "2.76.5-1", "2.76.4-1", "2.76.3-1", @@ -864,13 +961,13 @@ ] }, "google-brotli": { - "name_with_version": "brotli-1.0.9", - "analyzed_version": "brotli-1.0.9", - "analyzed_source_url": "https://github.com/google/brotli/archive/v1.0.9.tar.gz", - "analyzed_source_filename": "v1.0.9.tar.gz", - "analyzed_source_hash": "f9e8d81d0405ba66d181529af42a3354f838c939095ff99930da6aa9cdf6fe46", + "name_with_version": "brotli-1.1.0", + "analyzed_version": "brotli-1.1.0", + "analyzed_source_url": "https://github.com/google/brotli/archive/v1.1.0.tar.gz", + "analyzed_source_filename": "v1.1.0.tar.gz", + "analyzed_source_hash": "e720a6ca29428b803f4ad165371771f5398faba397edf6778837a18599ea13ff", "PkgProvides": ["libbrotlicommon", "libbrotlidec", "libbrotlienc"], - "available_versions": ["1.0.9-2", "1.0.9-1", "1.0.7-1"] + "available_versions": ["1.1.0-1", "1.0.9-2", "1.0.9-1", "1.0.7-1"] }, "google-snappy": { "name_with_version": "snappy-1.1.9", @@ -929,14 +1026,30 @@ "1.7.0-2" ] }, + "gumbo-parser": { + "name_with_version": "gumbo-parser", + "analyzed_version": "gumbo-parser", + "analyzed_source_url": "https://codeberg.org/grisha/gumbo-parser/archive/0.12.1.tar.gz", + "analyzed_source_filename": "gumbo-parser-0.12.1.tar.gz", + "analyzed_source_hash": "c0bb5354e46539680724d638dbea07296b797229a7e965b13305c930ddc10d82", + "PkgProvides": ["dependency_names"], + "available_versions": ["0.12.1-2", "0.12.1-1", "0.10.1-1"] + }, "harfbuzz": { - "name_with_version": "harfbuzz-8.1.1", - "analyzed_version": "8.1.1", - "analyzed_source_url": "https://github.com/harfbuzz/harfbuzz/releases/download/8.1.1/harfbuzz-8.1.1.tar.xz", - "analyzed_source_filename": "harfbuzz-8.1.1.tar.xz", - "analyzed_source_hash": "0305ad702e11906a5fc0c1ba11c270b7f64a8f5390d676aacfd71db129d6565f", + "name_with_version": "harfbuzz-8.2.2", + "analyzed_version": "8.2.2", + "analyzed_source_url": "https://github.com/harfbuzz/harfbuzz/releases/download/8.2.2/harfbuzz-8.2.2.tar.xz", + "analyzed_source_filename": "harfbuzz-8.2.2.tar.xz", + "analyzed_source_hash": "e433ad85fbdf57f680be29479b3f964577379aaf319f557eb76569f0ecbc90f3", "PkgProvides": ["dependency_names"], - "available_versions": ["8.1.1-1", "5.2.0-1", "4.4.1-1"] + "available_versions": [ + "8.2.2-1", + "8.2.1-1", + "8.2.0-1", + "8.1.1-1", + "5.2.0-1", + "4.4.1-1" + ] }, "hedley": { "name_with_version": "hedley-15", @@ -984,6 +1097,7 @@ "analyzed_source_hash": "818a80712ed3caacd9b652305e01afc7fa167e6f2e94996da44b90c2ab604ce1", "PkgProvides": ["icu-i18n", "icu-io", "icu-uc", "program_names"], "available_versions": [ + "73.2-2", "73.2-1", "73.1-1", "72.1-5", @@ -1028,13 +1142,14 @@ ] }, "imgui": { - "name_with_version": "imgui-1.89.3", - "analyzed_version": "1.89.3", - "analyzed_source_url": "https://github.com/ocornut/imgui/archive/refs/tags/v1.89.3.tar.gz", - "analyzed_source_filename": "imgui-1.89.3.tar.gz", - "analyzed_source_hash": "3b665fadd5580b7ef494d5d8bb1c12b2ec53ee723034caf43332956381f5d631", + "name_with_version": "imgui-1.89.9", + "analyzed_version": "1.89.9", + "analyzed_source_url": "https://github.com/ocornut/imgui/archive/refs/tags/v1.89.9.tar.gz", + "analyzed_source_filename": "imgui-1.89.9.tar.gz", + "analyzed_source_hash": "1acc27a778b71d859878121a3f7b287cd81c29d720893d2b2bf74455bf9d52d6", "PkgProvides": ["imgui"], "available_versions": [ + "1.89.9-1", "1.89.3-1", "1.89.2-1", "1.88-2", @@ -1065,6 +1180,15 @@ "PkgProvides": ["imguizmo"], "available_versions": ["1.83-1"] }, + "implot": { + "name_with_version": "implot-0.16", + "analyzed_version": "0.16", + "analyzed_source_url": "https://github.com/epezent/implot/archive/refs/tags/v0.16.zip", + "analyzed_source_filename": "implot-0.16.zip", + "analyzed_source_hash": "24f772c688f6b8a6e19d7efc10e4923a04a915f13d487b08b83553aa62ae1708", + "PkgProvides": ["implot"], + "available_versions": ["0.16-1"] + }, "indicators": { "name_with_version": "indicators-2.3", "analyzed_version": "2.3", @@ -1101,6 +1225,15 @@ "PkgProvides": ["jansson"], "available_versions": ["2.14-1", "2.13-1", "2.11-3", "2.11-2", "2.11-1"] }, + "jbig2dec": { + "name_with_version": "jbig2dec-0.20", + "analyzed_version": "0.20", + "analyzed_source_url": "https://github.com/ArtifexSoftware/jbig2dec/archive/refs/tags/0.20.tar.gz", + "analyzed_source_filename": "jbig2dec-0.20.tar.gz", + "analyzed_source_hash": "a9705369a6633aba532693450ec802c562397e1b824662de809ede92f67aff21", + "PkgProvides": ["dependency_names"], + "available_versions": ["0.20-1"] + }, "jbigkit": { "name_with_version": "jbigkit-2.1", "analyzed_version": "2.1", @@ -1111,13 +1244,15 @@ "available_versions": ["2.1-2", "2.1-1"] }, "json-c": { - "name_with_version": "json-c-0.16", - "analyzed_version": "0.16", - "analyzed_source_url": "https://s3.amazonaws.com/json-c_releases/releases/json-c-0.16.tar.gz", - "analyzed_source_filename": "json-c-0.16.tar.gz", - "analyzed_source_hash": "8e45ac8f96ec7791eaf3bb7ee50e9c2100bbbc87b8d0f1d030c5ba8a0288d96b", + "name_with_version": "json-c-0.17", + "analyzed_version": "0.17", + "analyzed_source_url": "https://s3.amazonaws.com/json-c_releases/releases/json-c-0.17.tar.gz", + "analyzed_source_filename": "json-c-0.17.tar.gz", + "analyzed_source_hash": "7550914d58fb63b2c3546f3ccfbe11f1c094147bd31a69dcd23714d7956159e6", "PkgProvides": ["json-c"], "available_versions": [ + "0.17-2", + "0.17-1", "0.16-4", "0.16-3", "0.16-2", @@ -1193,13 +1328,16 @@ "available_versions": ["1.83.1-2", "1.83.1-1"] }, "libarchive": { - "name_with_version": "libarchive-3.7.1", - "analyzed_version": "3.7.1", - "analyzed_source_url": "https://github.com/libarchive/libarchive/releases/download/v3.7.1/libarchive-3.7.1.tar.xz", - "analyzed_source_filename": "libarchive-3.7.1.tar.xz", - "analyzed_source_hash": "b17403ce670ff18d8e06fea05a9ea9accf70678c88f1b9392a2e29b51127895f", + "name_with_version": "libarchive-3.7.2", + "analyzed_version": "3.7.2", + "analyzed_source_url": "https://github.com/libarchive/libarchive/releases/download/v3.7.2/libarchive-3.7.2.tar.xz", + "analyzed_source_filename": "libarchive-3.7.2.tar.xz", + "analyzed_source_hash": "04357661e6717b6941682cde02ad741ae4819c67a260593dfb2431861b251acb", "PkgProvides": ["libarchive"], "available_versions": [ + "3.7.2-3", + "3.7.2-2", + "3.7.2-1", "3.7.1-2", "3.7.1-1", "3.7.0-1", @@ -1217,6 +1355,15 @@ "PkgProvides": ["libccp4c"], "available_versions": ["8.0.0-1", "6.5.1-2", "6.5.1-1"] }, + "libdicom": { + "name_with_version": "libdicom-1.0.5", + "analyzed_version": "1.0.5", + "analyzed_source_url": "https://github.com/ImagingDataCommons/libdicom/releases/download/v1.0.5/libdicom-1.0.5.tar.xz", + "analyzed_source_filename": "libdicom-1.0.5.tar.xz", + "analyzed_source_hash": "3b88f267b58009005bc1182d8bd0c4a3218013ce202da722e5e8c9867c6f94f4", + "PkgProvides": ["dependency_names"], + "available_versions": ["1.0.5-1", "1.0.2-1", "1.0.1-1"] + }, "libdrm": { "name_with_version": "libdrm-2.4.115", "analyzed_version": "2.4.115", @@ -1269,7 +1416,7 @@ "analyzed_source_filename": "libffi-3.4.4.tar.gz", "analyzed_source_hash": "d66c56ad259a82cf2a9dfc408b32bf5da52371500b84745f7fb8b645712df676", "PkgProvides": ["dependency_names"], - "available_versions": ["3.4.4-2", "3.4.4-1"] + "available_versions": ["3.4.4-3", "3.4.4-2", "3.4.4-1"] }, "libffmpegthumbnailer": { "name_with_version": "ffmpegthumbnailer-2.2.2", @@ -1278,7 +1425,7 @@ "analyzed_source_filename": "ffmpegthumbnailer-2.2.2.tar.bz2", "analyzed_source_hash": "1cb24059c38223f657b300c84dd80491b7040d4b69471c4fea69be862bc99b5b", "PkgProvides": ["libffmpegthumbnailer"], - "available_versions": ["2.2.2-2", "2.2.2-1"] + "available_versions": ["2.2.2-3", "2.2.2-2", "2.2.2-1"] }, "libgpiod": { "name_with_version": "libgpiod-1.6.3", @@ -1290,13 +1437,16 @@ "available_versions": ["1.6.3-1"] }, "libjpeg-turbo": { - "name_with_version": "libjpeg-turbo-3.0.0", - "analyzed_version": "3.0.0", - "analyzed_source_url": "https://sourceforge.net/projects/libjpeg-turbo/files/3.0.0/libjpeg-turbo-3.0.0.tar.gz", - "analyzed_source_filename": "libjpeg-turbo-3.0.0.tar.gz", - "analyzed_source_hash": "c77c65fcce3d33417b2e90432e7a0eb05f59a7fff884022a9d931775d583bfaa", + "name_with_version": "libjpeg-turbo-3.0.1", + "analyzed_version": "3.0.1", + "analyzed_source_url": "https://sourceforge.net/projects/libjpeg-turbo/files/3.0.1/libjpeg-turbo-3.0.1.tar.gz", + "analyzed_source_filename": "libjpeg-turbo-3.0.1.tar.gz", + "analyzed_source_hash": "22429507714ae147b3acacd299e82099fce5d9f456882fc28e252e4579ba2a75", "PkgProvides": ["dependency_names"], "available_versions": [ + "3.0.1-1", + "3.0.0-5", + "3.0.0-4", "3.0.0-3", "3.0.0-2", "3.0.0-1", @@ -1316,7 +1466,7 @@ "analyzed_source_filename": "libkqueue-2.6.2.tar.gz", "analyzed_source_hash": "c3502d918ad167957302314b6d97e14052beabc5f5698ea76d0527878900d300", "PkgProvides": ["libkqueue"], - "available_versions": ["2.6.2-1", "2.6.1-2", "2.6.1-1"] + "available_versions": ["2.6.2-2", "2.6.2-1", "2.6.1-2", "2.6.1-1"] }, "liblangtag": { "name_with_version": "liblangtag-0.6.4", @@ -1355,13 +1505,14 @@ "available_versions": ["0.3.0-1"] }, "liblzma": { - "name_with_version": "xz-5.2.11", - "analyzed_version": "xz-5.2.11", - "analyzed_source_url": "http://tukaani.org/xz/xz-5.2.11.tar.xz", - "analyzed_source_filename": "xz-5.2.11.tar.xz", - "analyzed_source_hash": "503b4a9fb405e70e1d3912e418fdffe5de27e713e58925fb67e12d20d03a77bc", + "name_with_version": "xz-5.2.12", + "analyzed_version": "xz-5.2.12", + "analyzed_source_url": "http://tukaani.org/xz/xz-5.2.12.tar.xz", + "analyzed_source_filename": "xz-5.2.12.tar.xz", + "analyzed_source_hash": "f79a92b84101d19d76be833aecc93e68e56065b61ec737610964cd4f6c54ff2e", "PkgProvides": ["liblzma"], "available_versions": [ + "5.2.12-1", "5.2.11-2", "5.2.11-1", "5.2.10-1", @@ -1395,16 +1546,23 @@ "analyzed_source_filename": "libmicrohttpd-0.9.77.tar.gz", "analyzed_source_hash": "9e7023a151120060d2806a6ea4c13ca9933ece4eacfc5c9464d20edddb76b0a0", "PkgProvides": ["libmicrohttpd"], - "available_versions": ["0.9.77-1", "0.9.76-3", "0.9.76-2", "0.9.76-1"] + "available_versions": [ + "0.9.77-2", + "0.9.77-1", + "0.9.76-3", + "0.9.76-2", + "0.9.76-1" + ] }, "libnpupnp": { - "name_with_version": "libnpupnp-5.0.1", - "analyzed_version": "5.0.1", - "analyzed_source_url": "https://www.lesbonscomptes.com/upmpdcli/downloads/libnpupnp-5.0.1.tar.gz", - "analyzed_source_filename": "libnpupnp-5.0.1.tar.gz", - "analyzed_source_hash": "3fbc2a63e12c0db2235926017e82e78037278a3ec7f97e1a4e160a5db3576a1c", + "name_with_version": "libnpupnp-5.0.2", + "analyzed_version": "5.0.2", + "analyzed_source_url": "https://www.lesbonscomptes.com/upmpdcli/downloads/libnpupnp-5.0.2.tar.gz", + "analyzed_source_filename": "libnpupnp-5.0.2.tar.gz", + "analyzed_source_hash": "33f90fc14906f2cea1bb7af56677b4e950eed6976e07d98a8e2b2e91b0755558", "PkgProvides": ["libnpupnp"], "available_versions": [ + "5.0.2-1", "5.0.1-1", "5.0.0-2", "5.0.0-1", @@ -1415,13 +1573,13 @@ ] }, "libobsd": { - "name_with_version": "libobsd-1.1.0", - "analyzed_version": "1.1.0", - "analyzed_source_url": "https://github.com/guijan/libobsd/releases/download/v1.1.0/libobsd-1.1.0.tar.xz", - "analyzed_source_filename": "libobsd-1.1.0.tar.xz", - "analyzed_source_hash": "64343ccdd3b7c479954d9806a4531091195d410cc54d0172018d959a61693c2c", + "name_with_version": "libobsd-1.1.1", + "analyzed_version": "1.1.1", + "analyzed_source_url": "https://github.com/guijan/libobsd/releases/download/v1.1.1/libobsd-1.1.1.tar.xz", + "analyzed_source_filename": "libobsd-1.1.1.tar.xz", + "analyzed_source_hash": "332b72ba5f9a76c40f8a526771b78dae3ac3388f689f818c0ac4ab77ef52809d", "PkgProvides": ["libbsd-overlay", "libobsd"], - "available_versions": ["1.1.0-1", "1.0.0-1"] + "available_versions": ["1.1.1-1", "1.1.0-1", "1.0.0-1"] }, "libopenjp2": { "name_with_version": "openjpeg-2.5.0", @@ -1431,6 +1589,8 @@ "analyzed_source_hash": "0333806d6adecc6f7a91243b2b839ff4d2053823634d4f6ed7a59bc87409122a", "PkgProvides": ["libopenjp2"], "available_versions": [ + "2.5.0-3", + "2.5.0-2", "2.5.0-1", "2.3.1-9", "2.3.1-8", @@ -1473,14 +1633,33 @@ "1.6.17-2" ] }, + "libpsl": { + "name_with_version": "libpsl-0.21.2", + "analyzed_version": "0.21.2", + "analyzed_source_url": "https://github.com/rockdaboot/libpsl/releases/download/0.21.2/libpsl-0.21.2.tar.gz", + "analyzed_source_filename": "libpsl-0.21.2.tar.gz", + "analyzed_source_hash": "e35991b6e17001afa2c0ca3b10c357650602b92596209b7492802f3768a6285f", + "PkgProvides": ["libpsl"], + "available_versions": ["0.21.2-1"] + }, + "libsass": { + "name_with_version": "libsass-3.6.4", + "analyzed_version": "3.6.4", + "analyzed_source_url": "https://github.com/sass/libsass/archive/refs/tags/3.6.4.tar.gz", + "analyzed_source_filename": "libsass-3.6.4.tar.gz", + "analyzed_source_hash": "f9484d9a6df60576e791566eab2f757a97fd414fce01dd41fc0a693ea5db2889", + "PkgProvides": ["libsass"], + "available_versions": ["3.6.4-1"] + }, "libsndfile": { - "name_with_version": "libsndfile-1.2.0", - "analyzed_version": "1.2.0", - "analyzed_source_url": "https://github.com/libsndfile/libsndfile/releases/download/1.2.0/libsndfile-1.2.0.tar.xz", - "analyzed_source_filename": "libsndfile-1.2.0.tar.xz", - "analyzed_source_hash": "0e30e7072f83dc84863e2e55f299175c7e04a5902ae79cfb99d4249ee8f6d60a", + "name_with_version": "libsndfile-1.2.2", + "analyzed_version": "1.2.2", + "analyzed_source_url": "https://github.com/libsndfile/libsndfile/releases/download/1.2.2/libsndfile-1.2.2.tar.xz", + "analyzed_source_filename": "libsndfile-1.2.2.tar.xz", + "analyzed_source_hash": "3799ca9924d3125038880367bf1468e53a1b7e3686a934f098b7e1d286cdb80e", "PkgProvides": ["sndfile"], "available_versions": [ + "1.2.2-1", "1.2.0-1", "1.1.0-6", "1.1.0-5", @@ -1515,13 +1694,14 @@ ] }, "libtiff": { - "name_with_version": "tiff-4.5.1", - "analyzed_version": "tiff-4.5.1", - "analyzed_source_url": "https://download.osgeo.org/libtiff/tiff-4.5.1.tar.xz", - "analyzed_source_filename": "tiff-4.5.1.tar.gz", - "analyzed_source_hash": "3c080867114c26edab3129644a63b708028a90514b7fe3126e38e11d24f9f88a", + "name_with_version": "tiff-4.6.0", + "analyzed_version": "tiff-4.6.0", + "analyzed_source_url": "https://download.osgeo.org/libtiff/tiff-4.6.0.tar.xz", + "analyzed_source_filename": "tiff-4.6.0.tar.gz", + "analyzed_source_hash": "e178649607d1e22b51cf361dd20a3753f244f022eefab1f2f218fc62ebaf87d2", "PkgProvides": ["libtiff-4"], "available_versions": [ + "4.6.0-1", "4.5.1-1", "4.5.0-3", "4.5.0-2", @@ -1561,16 +1741,17 @@ "analyzed_source_filename": "libunibreak-5.1.tar.gz", "analyzed_source_hash": "dd1a92d4c5646aa0e457ff41d89812ec5243863be6c20bbcb5ee380f3dd78377", "PkgProvides": ["dependency_names"], - "available_versions": ["5.1-1"] + "available_versions": ["5.1-3", "5.1-2", "5.1-1"] }, "libupnp": { - "name_with_version": "libupnp-1.14.17", - "analyzed_version": "1.14.17", - "analyzed_source_url": "https://github.com/pupnp/pupnp/releases/download/release-1.14.17/libupnp-1.14.17.tar.bz2", - "analyzed_source_filename": "libupnp-1.14.17.tar.bz2", - "analyzed_source_hash": "9b877242eba0428c7f949af4d6e7b7b908ce5ebc67cc13475ee6eb0d9bcb6ffb", + "name_with_version": "libupnp-1.14.18", + "analyzed_version": "1.14.18", + "analyzed_source_url": "https://github.com/pupnp/pupnp/releases/download/release-1.14.18/libupnp-1.14.18.tar.bz2", + "analyzed_source_filename": "libupnp-1.14.18.tar.bz2", + "analyzed_source_hash": "16a7cee93ce2868ae63ab1a8164dc7de43577c59983b9f61293a310d6888dceb", "PkgProvides": ["libupnp"], "available_versions": [ + "1.14.18-1", "1.14.17-1", "1.14.15-1", "1.14.14-2", @@ -1581,13 +1762,14 @@ ] }, "liburing": { - "name_with_version": "liburing-liburing-2.3", - "analyzed_version": "liburing-2.3", - "analyzed_source_url": "https://github.com/axboe/liburing/archive/refs/tags/liburing-2.3.tar.gz", - "analyzed_source_filename": "liburing-2.3.tar.gz", - "analyzed_source_hash": "60b367dbdc6f2b0418a6e0cd203ee0049d9d629a36706fcf91dfb9428bae23c8", + "name_with_version": "liburing-liburing-2.4", + "analyzed_version": "liburing-2.4", + "analyzed_source_url": "https://github.com/axboe/liburing/archive/refs/tags/liburing-2.4.tar.gz", + "analyzed_source_filename": "liburing-2.4.tar.gz", + "analyzed_source_hash": "2398ec82d967a6f903f3ae1fd4541c754472d3a85a584dc78c5da2fabc90706b", "PkgProvides": ["dependency_names"], "available_versions": [ + "2.4-1", "2.3-3", "2.3-2", "2.3-1", @@ -1604,16 +1786,23 @@ "analyzed_source_filename": "libusb-1.0.26.tar.bz2", "analyzed_source_hash": "12ce7a61fc9854d1d2a1ffe095f7b5fac19ddba095c259e6067a46500381b5a5", "PkgProvides": ["libusb-1.0"], - "available_versions": ["1.0.26-4", "1.0.26-3", "1.0.26-2", "1.0.26-1"] + "available_versions": [ + "1.0.26-5", + "1.0.26-4", + "1.0.26-3", + "1.0.26-2", + "1.0.26-1" + ] }, "libuv": { - "name_with_version": "libuv-v1.44.2", - "analyzed_version": "v1.44.2", - "analyzed_source_url": "https://dist.libuv.org/dist/v1.44.2/libuv-v1.44.2.tar.gz", - "analyzed_source_filename": "libuv-v1.44.2.tar.gz", - "analyzed_source_hash": "ccfcdc968c55673c6526d8270a9c8655a806ea92468afcbcabc2b16040f03cb4", + "name_with_version": "libuv-v1.46.0", + "analyzed_version": "v1.46.0", + "analyzed_source_url": "https://dist.libuv.org/dist/v1.46.0/libuv-v1.46.0.tar.gz", + "analyzed_source_filename": "libuv-v1.46.0.tar.gz", + "analyzed_source_hash": "111f83958b9fdc65f1489195d25f342b9f7a3e683140c60e62c00fbaccddddce", "PkgProvides": ["libuv"], "available_versions": [ + "1.46.0-1", "1.44.2-2", "1.44.2-1", "1.44.1-1", @@ -1626,13 +1815,13 @@ ] }, "libwebp": { - "name_with_version": "libwebp-1.3.1", - "analyzed_version": "1.3.1", - "analyzed_source_url": "https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.3.1.tar.gz", - "analyzed_source_filename": "libwebp-1.3.1.tar.gz", - "analyzed_source_hash": "b3779627c2dfd31e3d8c4485962c2efe17785ef975e2be5c8c0c9e6cd3c4ef66", + "name_with_version": "libwebp-1.3.2", + "analyzed_version": "1.3.2", + "analyzed_source_url": "https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.3.2.tar.gz", + "analyzed_source_filename": "libwebp-1.3.2.tar.gz", + "analyzed_source_hash": "2a499607df669e40258e53d0ade8035ba4ec0175244869d1025d460562aa09b4", "PkgProvides": ["dependency_names"], - "available_versions": ["1.3.1-2", "1.3.1-1"] + "available_versions": ["1.3.2-1", "1.3.1-2", "1.3.1-1"] }, "libwebsockets": { "name_with_version": "libwebsockets-v4.3.2", @@ -1660,13 +1849,13 @@ "available_versions": ["1.2.1-1"] }, "libxext": { - "name_with_version": "libXext-1.3.4", - "analyzed_version": "libXext-1.3.4", - "analyzed_source_url": "https://xorg.freedesktop.org/releases/individual/lib/libXext-1.3.4.tar.bz2", - "analyzed_source_filename": "libXext-1.3.4.tar.bz2", - "analyzed_source_hash": "59ad6fcce98deaecc14d39a672cf218ca37aba617c9a0f691cac3bcd28edf82b", + "name_with_version": "libXext-1.3.5", + "analyzed_version": "libXext-1.3.5", + "analyzed_source_url": "https://xorg.freedesktop.org/releases/individual/lib/libXext-1.3.5.tar.xz", + "analyzed_source_filename": "libXext-1.3.5.tar.xz", + "analyzed_source_hash": "db14c0c895c57ea33a8559de8cb2b93dc76c42ea4a39e294d175938a133d7bca", "PkgProvides": ["xext"], - "available_versions": ["1.3.4-1"] + "available_versions": ["1.3.5-1", "1.3.4-1"] }, "libxinerama": { "name_with_version": "libXinerama-1.1.4", @@ -1685,6 +1874,7 @@ "analyzed_source_hash": "3727b078c360ec69fa869de14bd6f75d7ee8d36987b071e6928d4720a28df3a6", "PkgProvides": ["libxml-2.0"], "available_versions": [ + "2.11.5-2", "2.11.5-1", "2.11.4-1", "2.11.1-1", @@ -1811,6 +2001,7 @@ "analyzed_source_hash": "7d5ea1b9cb6aa0b59ca3dde1c6adcb57ef83a1ba8e5432c0ecd06bf439b3ad88", "PkgProvides": ["lua", "lua-5.4"], "available_versions": [ + "5.4.6-3", "5.4.6-2", "5.4.6-1", "5.4.4-1", @@ -1861,13 +2052,13 @@ "available_versions": ["1.4.19-1"] }, "magic_enum": { - "name_with_version": "magic_enum-0.9.2", - "analyzed_version": "0.9.2", - "analyzed_source_url": "https://github.com/Neargye/magic_enum/archive/refs/tags/v0.9.2.tar.gz", - "analyzed_source_filename": "magic_enum-v0.9.2.tar.gz", - "analyzed_source_hash": "7887d6a2dfdec65acb7a529a620b3c6f53f30cca55b419ac8ca688a089149e1a", + "name_with_version": "magic_enum-0.9.3", + "analyzed_version": "0.9.3", + "analyzed_source_url": "https://github.com/Neargye/magic_enum/archive/refs/tags/v0.9.3.tar.gz", + "analyzed_source_filename": "magic_enum-v0.9.3.tar.gz", + "analyzed_source_hash": "3cadd6a05f1bffc5141e5e731c46b2b73c2dbff025e723c8abaa659e0a24f072", "PkgProvides": ["magic_enum"], - "available_versions": ["0.9.2-1", "0.8.2-1", "0.8.1-1"] + "available_versions": ["0.9.3-1", "0.9.2-1", "0.8.2-1", "0.8.1-1"] }, "mdds": { "name_with_version": "mdds-2.0.1", @@ -1903,13 +2094,15 @@ ] }, "minizip-ng": { - "name_with_version": "minizip-ng-4.0.0", - "analyzed_version": "4.0.0", - "analyzed_source_url": "https://github.com/zlib-ng/minizip-ng/archive/refs/tags/4.0.0.tar.gz", - "analyzed_source_filename": "4.0.0.tar.gz", - "analyzed_source_hash": "f9062e576de026fd5026d65597de3b05263cd4d91400cacdbbe36dfa8a642fff", + "name_with_version": "minizip-ng-4.0.1", + "analyzed_version": "4.0.1", + "analyzed_source_url": "https://github.com/zlib-ng/minizip-ng/archive/refs/tags/4.0.1.tar.gz", + "analyzed_source_filename": "4.0.1.tar.gz", + "analyzed_source_hash": "63e47a2b4dbac0da501f43f4da74f118dfb3ef0dee0ffbbe89428271002260f8", "PkgProvides": ["minizip"], "available_versions": [ + "4.0.1-2", + "4.0.1-1", "4.0.0-2", "4.0.0-1", "3.0.10-1", @@ -1952,13 +2145,14 @@ "available_versions": ["6.1.0-1", "5.0.0-1"] }, "mt32emu": { - "name_with_version": "munt-libmt32emu_2_7_0", - "analyzed_version": "munt-libmt32emu_2_7_0", - "analyzed_source_url": "https://github.com/munt/munt/archive/libmt32emu_2_7_0.tar.gz", - "analyzed_source_filename": "libmt32emu_2_7_0.tar.gz", - "analyzed_source_hash": "5ede7c3d28a3bb0d9e637935b8b96484fadb409c9e5952a9e5432b3e05e5dbc1", + "name_with_version": "munt-libmt32emu_2_7_1", + "analyzed_version": "munt-libmt32emu_2_7_1", + "analyzed_source_url": "https://github.com/munt/munt/archive/libmt32emu_2_7_1.tar.gz", + "analyzed_source_filename": "libmt32emu_2_7_1.tar.gz", + "analyzed_source_hash": "e4524d52d6799a4e32a961a2e92074f14adcb2f110a4e7a06bede77050cfdaf4", "PkgProvides": ["mt32emu"], "available_versions": [ + "2.7.1-1", "2.7.0-1", "2.6.1-1", "2.5.3-1", @@ -1976,6 +2170,15 @@ "PkgProvides": [], "available_versions": ["1.2.3-1"] }, + "mujs": { + "name_with_version": "mujs-1.3.3", + "analyzed_version": "1.3.3", + "analyzed_source_url": "https://github.com/ArtifexSoftware/mujs/archive/refs/tags/1.3.3.tar.gz", + "analyzed_source_filename": "mujs-1.3.3.tar.gz", + "analyzed_source_hash": "e2c5ee5416dfda2230c7a0cb7895df9a9b2d5b2065bb18e7e64dec2a796abe1b", + "PkgProvides": ["dependency_names"], + "available_versions": ["1.3.3-1"] + }, "netstring-c": { "name_with_version": "netstring-c-92104d314ad885fd444b70bffd12a2963ef37a2f", "analyzed_version": "92104d314ad885fd444b70bffd12a2963ef37a2f", @@ -1985,6 +2188,15 @@ "PkgProvides": ["netstring-c"], "available_versions": ["0.0.0-3", "0.0.0-2", "0.0.0-1"] }, + "nghttp2": { + "name_with_version": "nghttp2-1.56.0", + "analyzed_version": "1.56.0", + "analyzed_source_url": "https://github.com/nghttp2/nghttp2/releases/download/v1.56.0/nghttp2-1.56.0.tar.xz", + "analyzed_source_filename": "nghttp2-1.56.0.tar.xz", + "analyzed_source_hash": "65eee8021e9d3620589a4a4e91ce9983d802b5229f78f3313770e13f4d2720e9", + "PkgProvides": ["dependency_names"], + "available_versions": ["1.56.0-1"] + }, "nlohmann_json": { "name_with_version": "nlohmann_json-3.11.2", "analyzed_version": "3.11.2", @@ -2009,7 +2221,13 @@ "analyzed_source_filename": "nng-1.5.2.tar.gz", "analyzed_source_hash": "f8b25ab86738864b1f2e3128e8badab581510fa8085ff5ca9bb980d317334c46", "PkgProvides": ["nng"], - "available_versions": ["1.5.2-2", "1.5.2-1", "1.3.2-2", "1.3.2-1"] + "available_versions": [ + "1.5.2-3", + "1.5.2-2", + "1.5.2-1", + "1.3.2-2", + "1.3.2-1" + ] }, "nonstd-any-lite": { "name_with_version": "any-lite-0.2.0", @@ -2099,7 +2317,7 @@ "analyzed_source_filename": "oatpp-openssl-1.3.0.tar.gz", "analyzed_source_hash": "add694cf6294e5cd8b8f4681e0425802f01d798b9d17e29cdb865448a6aa81c8", "PkgProvides": ["oatpp-openssl"], - "available_versions": ["1.3.0-1"] + "available_versions": ["1.3.0-2", "1.3.0-1"] }, "oatpp-sqlite": { "name_with_version": "oatpp-sqlite-1.3.0", @@ -2128,6 +2346,15 @@ "PkgProvides": ["oatpp-websocket"], "available_versions": ["1.3.0-1"] }, + "oatpp-zlib": { + "name_with_version": "oatpp-zlib-1.3.0", + "analyzed_version": "1.3.0", + "analyzed_source_url": "https://github.com/oatpp/oatpp-zlib/archive/refs/tags/1.3.0.tar.gz", + "analyzed_source_filename": "oatpp-zlib-1.3.0.tar.gz", + "analyzed_source_hash": "6103b041a424b280e7de1f7ae75404f770049750044531f8d41ec4bafaa9497f", + "PkgProvides": ["oatpp-zlib"], + "available_versions": ["1.3.0-1"] + }, "oatpp": { "name_with_version": "oatpp-1.3.0", "analyzed_version": "1.3.0", @@ -2145,6 +2372,7 @@ "analyzed_source_hash": "c4d91be36fc8e54deae7575241e03f4211eb102afb3fc0775fbbc1b740016705", "PkgProvides": ["ogg"], "available_versions": [ + "1.3.5-6", "1.3.5-5", "1.3.5-4", "1.3.5-3", @@ -2167,13 +2395,14 @@ "available_versions": ["2.4.0-1", "2.3.7-1"] }, "openal-soft": { - "name_with_version": "openal-soft-1.23.0", - "analyzed_version": "1.23.0", - "analyzed_source_url": "https://github.com/kcat/openal-soft/archive/refs/tags/1.23.0.tar.gz", - "analyzed_source_filename": "openal-soft-1.23.0.tar.gz", - "analyzed_source_hash": "af2abf9cb539c9d66296a83ba63a75eb5868658d0f0b28b27c556f45e70c5231", + "name_with_version": "openal-soft-1.23.1", + "analyzed_version": "1.23.1", + "analyzed_source_url": "https://github.com/kcat/openal-soft/archive/refs/tags/1.23.1.tar.gz", + "analyzed_source_filename": "openal-soft-1.23.1.tar.gz", + "analyzed_source_hash": "dfddf3a1f61059853c625b7bb03de8433b455f2f79f89548cbcbd5edca3d4a4a", "PkgProvides": ["openal"], "available_versions": [ + "1.23.1-1", "1.23.0-1", "1.22.2-8", "1.22.2-7", @@ -2250,6 +2479,15 @@ "PkgProvides": ["orocos-kdl"], "available_versions": ["1.5.1-1"] }, + "pango": { + "name_with_version": "pango-1.51.0", + "analyzed_version": "1.51.0", + "analyzed_source_url": "https://download.gnome.org/sources/pango/1.51/pango-1.51.0.tar.xz", + "analyzed_source_filename": "pango-1.51.0.tar.xz", + "analyzed_source_hash": "74efc109ae6f903bbe6af77eaa2ac6094b8ee245a2e23f132a7a8f0862d1a9f5", + "PkgProvides": ["dependency_names"], + "available_versions": ["1.51.0-1"] + }, "pcg": { "name_with_version": "pcg-cpp-0.98.1", "analyzed_version": "cpp-0.98.1", @@ -2294,6 +2532,7 @@ "analyzed_source_hash": "4dae6fdcd2bb0bb6c37b5f97c33c2be954da743985369cddac3546e3218bffb8", "PkgProvides": ["libpcre"], "available_versions": [ + "8.45-4", "8.45-3", "8.45-2", "8.45-1", @@ -2347,6 +2586,7 @@ "analyzed_source_hash": "930c2c3b5ecc6c9c12615cf5ad93f1cd6e12d0aba862b572e076259970ac3a53", "PkgProvides": ["program_names", "protobuf", "protobuf-lite", "protoc"], "available_versions": [ + "3.21.12-5", "3.21.12-4", "3.21.12-3", "3.21.12-2", @@ -2363,6 +2603,15 @@ "3.5.0-2" ] }, + "proxy-libintl": { + "name_with_version": "proxy-libintl-0.4", + "analyzed_version": "0.4", + "analyzed_source_url": "https://github.com/frida/proxy-libintl/archive/refs/tags/0.4.tar.gz", + "analyzed_source_filename": "proxy-libintl-0.4.tar.gz", + "analyzed_source_hash": "13ef3eea0a3bc0df55293be368dfbcff5a8dd5f4759280f28e030d1494a5dffb", + "PkgProvides": ["intl"], + "available_versions": ["0.4-1"] + }, "pugixml": { "name_with_version": "pugixml-1.13", "analyzed_version": "1.13", @@ -2402,13 +2651,14 @@ ] }, "qarchive": { - "name_with_version": "QArchive-2.2.6", - "analyzed_version": "QArchive-2.2.6", - "analyzed_source_url": "https://github.com/antony-jr/QArchive/archive/refs/tags/v2.2.6.tar.gz", - "analyzed_source_filename": "QArchive-2.2.6.tar.gz", - "analyzed_source_hash": "c0cad2bc79eeb4ab4180fd97822a967b8a0e3c594387ccf921733449ee5bd3e6", + "name_with_version": "QArchive-2.2.7", + "analyzed_version": "QArchive-2.2.7", + "analyzed_source_url": "https://github.com/antony-jr/QArchive/archive/refs/tags/v2.2.7.tar.gz", + "analyzed_source_filename": "QArchive-2.2.7.tar.gz", + "analyzed_source_hash": "53bc9633e4e75d01d7ae6ff925fd111fc4951f922f74b37d652df51c0eb4aa30", "PkgProvides": ["qarchive"], "available_versions": [ + "2.2.7-1", "2.2.6-1", "2.2.4-1", "2.2.3-1", @@ -2469,6 +2719,7 @@ "analyzed_source_hash": "d8e76c4b1cde99e283a19868feaaff5778aa5c6f35790036c5ef44bc5b5187aa", "PkgProvides": ["rdkafka", "rdkafka++"], "available_versions": [ + "2.1.0-2", "2.1.0-1", "1.9.2-5", "1.9.2-4", @@ -2486,13 +2737,13 @@ ] }, "re2": { - "name_with_version": "re2-2022-04-01", - "analyzed_version": "2022-04-01", - "analyzed_source_url": "https://github.com/google/re2/archive/2022-04-01.tar.gz", - "analyzed_source_filename": "re2-2022-04-01.tar.gz", - "analyzed_source_hash": "1ae8ccfdb1066a731bba6ee0881baad5efd2cd661acd9569b689f2586e1a50e9", + "name_with_version": "re2-2023-03-01", + "analyzed_version": "2023-03-01", + "analyzed_source_url": "https://github.com/google/re2/archive/2023-03-01.tar.gz", + "analyzed_source_filename": "re2-2023-03-01.tar.gz", + "analyzed_source_hash": "7a9a4824958586980926a300b4717202485c4b4115ac031822e29aa4ef207e48", "PkgProvides": ["re2"], - "available_versions": ["20220401-1", "20201101-1"] + "available_versions": ["20230301-1", "20220401-1", "20201101-1"] }, "reflex": { "name_with_version": "RE-flex-3.2.11", @@ -2519,13 +2770,13 @@ "available_versions": ["1.2.1-1"] }, "rtaudio": { - "name_with_version": "rtaudio-5.2.0", - "analyzed_version": "5.2.0", - "analyzed_source_url": "https://github.com/thestk/rtaudio/archive/refs/tags/5.2.0.tar.gz", - "analyzed_source_filename": "5.2.0.tar.gz", - "analyzed_source_hash": "a8d9c738addffd485c3f0bab14cbba72600267e3113f274398c67829bbb49332", + "name_with_version": "rtaudio-6.0.1", + "analyzed_version": "6.0.1", + "analyzed_source_url": "http://www.music.mcgill.ca/~gary/rtaudio/release/rtaudio-6.0.1.tar.gz", + "analyzed_source_filename": "rtaudio-6.0.1.tar.gz", + "analyzed_source_hash": "42d29cc2b5fa378ba3a978faeb1885a0075acf0fecb5ee50f0d76f6c7d8ab28c", "PkgProvides": ["dependency_names"], - "available_versions": ["5.2.0-1"] + "available_versions": ["6.0.1-1", "5.2.0-1"] }, "rubberband": { "name_with_version": "rubberband-2.0.2", @@ -2545,6 +2796,15 @@ "PkgProvides": ["rxcpp"], "available_versions": ["4.1.1-1", "4.1.0-1"] }, + "sassc": { + "name_with_version": "sassc-3.6.2", + "analyzed_version": "3.6.2", + "analyzed_source_url": "https://github.com/sass/sassc/archive/refs/tags/3.6.2.tar.gz", + "analyzed_source_filename": "sassc-3.6.2.tar.gz", + "analyzed_source_hash": "608dc9002b45a91d11ed59e352469ecc05e4f58fc1259fc9a9f5b8f0f8348a03", + "PkgProvides": ["program_names"], + "available_versions": ["3.6.2-1"] + }, "sdl2": { "name_with_version": "SDL2-2.28.1", "analyzed_version": "SDL2-2.28.1", @@ -2553,6 +2813,7 @@ "analyzed_source_hash": "4977ceba5c0054dbe6c2f114641aced43ce3bf2b41ea64b6a372d6ba129cb15d", "PkgProvides": ["sdl2", "sdl2_test", "sdl2main"], "available_versions": [ + "2.28.1-2", "2.28.1-1", "2.26.5-5", "2.26.5-4", @@ -2668,22 +2929,29 @@ "available_versions": ["1.1.4-1"] }, "sfml": { - "name_with_version": "SFML-2.5.1", - "analyzed_version": "SFML-2.5.1", - "analyzed_source_url": "https://github.com/SFML/SFML/archive/refs/tags/2.5.1.tar.gz", - "analyzed_source_filename": "2.5.1.tar.gz", - "analyzed_source_hash": "438c91a917cc8aa19e82c6f59f8714da353c488584a007d401efac8368e1c785", + "name_with_version": "SFML-2.6.0", + "analyzed_version": "SFML-2.6.0", + "analyzed_source_url": "https://github.com/SFML/SFML/archive/refs/tags/2.6.0.tar.gz", + "analyzed_source_filename": "2.6.0.tar.gz", + "analyzed_source_hash": "0c3f84898ea1db07dc46fa92e85038d8c449e3c8653fe09997383173de96bc06", "PkgProvides": ["sfml"], - "available_versions": ["2.5.1-4", "2.5.1-3", "2.5.1-2", "2.5.1-1"] + "available_versions": [ + "2.6.0-2", + "2.6.0-1", + "2.5.1-4", + "2.5.1-3", + "2.5.1-2", + "2.5.1-1" + ] }, "simdjson": { - "name_with_version": "simdjson-3.1.1", - "analyzed_version": "3.1.1", - "analyzed_source_url": "https://github.com/simdjson/simdjson/archive/refs/tags/v3.1.1.tar.gz", - "analyzed_source_filename": "simdjson-3.1.1.tar.gz", - "analyzed_source_hash": "4fcb1c9b1944e2eb8a4a4a22c979e2827165216f859e94d93c846c1261e0e432", + "name_with_version": "simdjson-3.3.0", + "analyzed_version": "3.3.0", + "analyzed_source_url": "https://github.com/simdjson/simdjson/archive/refs/tags/v3.3.0.tar.gz", + "analyzed_source_filename": "simdjson-3.3.0.tar.gz", + "analyzed_source_hash": "a8c9feff2f19c3ff281d42f0b6b4b18f02236513b99229756fa9a1b14787a58a", "PkgProvides": ["simdjson"], - "available_versions": ["3.1.1-1"] + "available_versions": ["3.3.0-2", "3.3.0-1", "3.1.1-1"] }, "slirp": { "name_with_version": "libslirp-v4.7.0", @@ -2694,6 +2962,15 @@ "PkgProvides": ["slirp"], "available_versions": ["4.7.0-1", "4.6.1-2", "4.6.1-1"] }, + "sparsehash-c11": { + "name_with_version": "sparsehash-c11-2.11.1", + "analyzed_version": "2.11.1", + "analyzed_source_url": "https://github.com/sparsehash/sparsehash-c11/archive/refs/tags/v2.11.1.tar.gz", + "analyzed_source_filename": "sparsehash-c11-2.11.1.tar.gz", + "analyzed_source_hash": "d4a43cad1e27646ff0ef3a8ce3e18540dbcb1fdec6cc1d1cb9b5095a9ca2a755", + "PkgProvides": ["sparsehash-c11"], + "available_versions": ["2.11.1-1"] + }, "spdlog": { "name_with_version": "spdlog-1.12.0", "analyzed_version": "1.12.0", @@ -2760,13 +3037,16 @@ ] }, "sqlite3": { - "name_with_version": "sqlite-amalgamation-3430000", - "analyzed_version": "sqlite-amalgamation-3430000", - "analyzed_source_url": "https://www.sqlite.org/2023/sqlite-amalgamation-3430000.zip", - "analyzed_source_filename": "sqlite-amalgamation-3430000.zip", - "analyzed_source_hash": "bb5849ae4d7129c09d20596379a0b3f7b1ac59cf9998eba5ef283ea9b6c000a5", + "name_with_version": "sqlite-amalgamation-3430200", + "analyzed_version": "sqlite-amalgamation-3430200", + "analyzed_source_url": "https://www.sqlite.org/2023/sqlite-amalgamation-3430200.zip", + "analyzed_source_filename": "sqlite-amalgamation-3430200.zip", + "analyzed_source_hash": "a17ac8792f57266847d57651c5259001d1e4e4b46be96ec0d985c953925b2a1c", "PkgProvides": ["sqlite3"], "available_versions": [ + "3.43.2-1", + "3.43.1-2", + "3.43.1-1", "3.43.0-1", "3.42.0-1", "3.41.2-2", @@ -2781,6 +3061,15 @@ "3.34.1-1" ] }, + "sqlitecpp": { + "name_with_version": "SQLiteCpp-3.3.1", + "analyzed_version": "SQLiteCpp-3.3.1", + "analyzed_source_url": "https://github.com/SRombauts/SQLiteCpp/archive/refs/tags/3.3.1.zip", + "analyzed_source_filename": "sqlitecpp-3.3.1.zip", + "analyzed_source_hash": "e1bdc1ff47f201bc2b77703de1001ea5e525151fa57c22ed43f06335b4784603", + "PkgProvides": ["sqlitecpp"], + "available_versions": ["3.3.1-1"] + }, "stduuid": { "name_with_version": "stduuid-1.2.3", "analyzed_version": "1.2.3", @@ -2823,7 +3112,7 @@ "analyzed_source_filename": "tclap-1.2.4.tar.gz", "analyzed_source_hash": "634c5b59dbb1ccbc9d6a5f6de494a257e29a3f59dcb6fc30445ff39b45188574", "PkgProvides": ["tclap"], - "available_versions": ["1.2.4-1", "1.2.2-1", "1.2.1-1"] + "available_versions": ["1.2.4-2", "1.2.4-1", "1.2.2-1", "1.2.1-1"] }, "termbox": { "name_with_version": "termbox-1.1.2", @@ -2911,13 +3200,13 @@ ] }, "tracy": { - "name_with_version": "tracy-0.9.1", - "analyzed_version": "0.9.1", - "analyzed_source_url": "https://github.com/wolfpld/tracy/archive/refs/tags/v0.9.1.tar.gz", - "analyzed_source_filename": "tracy-0.9.1.tar.gz", - "analyzed_source_hash": "c2de9f35ab2a516a9689ff18f5b62a55b73b93b66514bd09ba013d7957993cd7", + "name_with_version": "tracy-0.10", + "analyzed_version": "0.10", + "analyzed_source_url": "https://github.com/wolfpld/tracy/archive/refs/tags/v0.10.tar.gz", + "analyzed_source_filename": "tracy-0.10.tar.gz", + "analyzed_source_hash": "a76017d928f3f2727540fb950edd3b736caa97b12dbb4e5edce66542cbea6600", "PkgProvides": ["tracy"], - "available_versions": ["0.9.1-1", "0.9-1", "0.8.2.1-1", "0.8.1-1"] + "available_versions": ["0.10-1", "0.9.1-1", "0.9-1", "0.8.2.1-1", "0.8.1-1"] }, "trompeloeil": { "name_with_version": "trompeloeil-39", @@ -2989,13 +3278,13 @@ "available_versions": ["2.5.2-1"] }, "utf8proc": { - "name_with_version": "utf8proc-2.8.0", - "analyzed_version": "2.8.0", - "analyzed_source_url": "https://github.com/JuliaStrings/utf8proc/archive/v2.8.0.tar.gz", - "analyzed_source_filename": "v2.8.0.tar.gz", - "analyzed_source_hash": "a0a60a79fe6f6d54e7d411facbfcc867a6e198608f2cd992490e46f04b1bcecc", + "name_with_version": "utf8proc-2.9.0", + "analyzed_version": "2.9.0", + "analyzed_source_url": "https://github.com/JuliaStrings/utf8proc/releases/download/v2.9.0/utf8proc-2.9.0.tar.gz", + "analyzed_source_filename": "utf8proc-2.9.0.tar.gz", + "analyzed_source_hash": "bd215d04313b5bc42c1abedbcb0a6574667e31acee1085543a232204e36384c4", "PkgProvides": ["libutf8proc"], - "available_versions": ["2.8.0-1", "2.7.0-1", "2.6.0-1"] + "available_versions": ["2.9.0-1", "2.8.0-1", "2.7.0-1", "2.6.0-1"] }, "utfcpp": { "name_with_version": "utfcpp-3.2.4", @@ -3043,13 +3332,19 @@ ] }, "vulkan-headers": { - "name_with_version": "Vulkan-Headers-1.2.203", - "analyzed_version": "Vulkan-Headers-1.2.203", - "analyzed_source_url": "https://github.com/KhronosGroup/Vulkan-Headers/archive/v1.2.203.tar.gz", - "analyzed_source_filename": "vulkan-headers-1.2.203.tar.gz", - "analyzed_source_hash": "7239108c372f1fbe365bd8d1610ca2bb4e72b73b2151f2551bf9df54dd539639", - "PkgProvides": [], - "available_versions": ["1.2.203-1", "1.2.158-2", "1.2.158-1", "1.2.142-1"] + "name_with_version": "Vulkan-Headers-1.3.265", + "analyzed_version": "Vulkan-Headers-1.3.265", + "analyzed_source_url": "https://github.com/KhronosGroup/Vulkan-Headers/archive/v1.3.265.tar.gz", + "analyzed_source_filename": "vulkan-headers-1.3.265.tar.gz", + "analyzed_source_hash": "24076540521da1eceecfb56235cb0361a01fb24a306cbefe874c949bf2d2e9a4", + "PkgProvides": ["vulkanheaders"], + "available_versions": [ + "1.3.265-1", + "1.2.203-1", + "1.2.158-2", + "1.2.158-1", + "1.2.142-1" + ] }, "vulkan-memory-allocator": { "name_with_version": "VulkanMemoryAllocator-3.0.1", @@ -3167,6 +3462,8 @@ "analyzed_source_hash": "ff0ba4c292013dbc27530b3a81e1f9a813cd39de01ca5e0f8bf355702efa593e", "PkgProvides": ["zlib"], "available_versions": [ + "1.3-4", + "1.3-3", "1.3-2", "1.3-1", "1.2.13-4", diff --git a/docs/ADVANCED.md b/docs/ADVANCED.md index c796d0f68..93410029e 100644 --- a/docs/ADVANCED.md +++ b/docs/ADVANCED.md @@ -320,3 +320,14 @@ cdxgen completion >> ~/.zshrc # evinse completion >> ~/.zshrc ``` + +## BOM Profile + +With profiles, cdxgen can generate a BOM that is optimized for a specific use case or purpose. The default is `generic`. + +| Profile | Purpose | Configurations enabled | +| ------------------ | ------------------------------------------------------------------------- | ---------------------------------------------------------------------------------- | +| appsec | BOM will be consumed by application security for vulnerability management | Enable deep mode | +| research | BOM for security research | Enables deep and evidence mode. Disable ignore directory for JavaScript/TypeScript | +| operational | Generate OBOM | projectType set to os | +| license-compliance | Fetch license data | Set FETCH_LICENSE environment variable | diff --git a/docs/CLI.md b/docs/CLI.md index eede934b6..e1fb31d96 100644 --- a/docs/CLI.md +++ b/docs/CLI.md @@ -119,6 +119,10 @@ Options: --author The person(s) who created the BOM. Set this value if you're intending the modify the BOM and claim authorship.[array] [default: "OWASP Foundation"] + --profile BOM profile to use for generation. Default generi + c. + [choices: "appsec", "research", "operational", "threat-modeling", "license-com + pliance", "generic"] [default: "generic"] --auto-compositions Automatically set compositions when the BOM was f iltered. Defaults to true [boolean] [default: true] diff --git a/index.js b/index.js index ddfd2930e..8d20f219c 100644 --- a/index.js +++ b/index.js @@ -1153,7 +1153,7 @@ export const createJavaBom = async (path, options) => { ) { const cdxMavenPlugin = process.env.CDX_MAVEN_PLUGIN || - "org.cyclonedx:cyclonedx-maven-plugin:2.7.9"; + "org.cyclonedx:cyclonedx-maven-plugin:2.7.10"; const cdxMavenGoal = process.env.CDX_MAVEN_GOAL || "makeAggregateBom"; let mvnArgs = [`${cdxMavenPlugin}:${cdxMavenGoal}`, "-DoutputName=bom"]; if (includeMavenTestScope) { @@ -3032,6 +3032,7 @@ export const createDartBom = async (path, options) => { */ export const createCppBom = (path, options) => { let parentComponent = undefined; + let dependencies = []; const addedParentComponentsMap = {}; const conanLockFiles = getAllFiles( path, @@ -3082,16 +3083,19 @@ export const createCppBom = (path, options) => { pkgList = pkgList.concat(dlist); } } - } else if (cmakeLikeFiles.length) { + } + if (cmakeLikeFiles.length) { for (const f of cmakeLikeFiles) { if (DEBUG_MODE) { console.log(`Parsing ${f}`); } - const retMap = parseCmakeLikeFile(f, "conan"); + const basePath = dirname(f); + const retMap = parseCmakeLikeFile(f, "generic"); if (retMap.pkgList && retMap.pkgList.length) { pkgList = pkgList.concat(retMap.pkgList); } if ( + basePath === path && retMap.parentComponent && Object.keys(retMap.parentComponent).length ) { @@ -3104,6 +3108,13 @@ export const createCppBom = (path, options) => { addedParentComponentsMap[retMap.parentComponent.name] = true; } } + } else if ( + retMap.parentComponent && + Object.keys(retMap.parentComponent).length && + !addedParentComponentsMap[retMap.parentComponent.name] + ) { + retMap.parentComponent.type = "library"; + pkgList.push(retMap.parentComponent); } } } @@ -3135,20 +3146,41 @@ export const createCppBom = (path, options) => { // Now we check with atom and attempt to detect all external modules via usages // We pass the current list of packages so that we enhance the current list and replace // components inadvertently. For example, we might resolved a name, version and url information already via cmake - const dlist = getCppModules(path, options, osPkgsList, pkgList); - if (dlist && dlist.length) { - pkgList = pkgList.concat(dlist); + const retMap = getCppModules(path, options, osPkgsList, pkgList); + if (retMap.pkgList && retMap.pkgList.length) { + pkgList = pkgList.concat(retMap.pkgList); + } + if (retMap.dependenciesList) { + if (dependencies.length) { + dependencies = mergeDependencies( + dependencies, + retMap.dependenciesList, + parentComponent + ); + } else { + dependencies = retMap.dependenciesList; + } + } + if (!parentComponent) { + parentComponent = retMap.parentComponent; + } else { + parentComponent.components = parentComponent.components || []; + if (!addedParentComponentsMap[retMap.parentComponent.name]) { + parentComponent.components.push(retMap.parentComponent); + addedParentComponentsMap[retMap.parentComponent.name] = true; + } } } if (!options.createMultiXBom) { if (!parentComponent) { - parentComponent = createDefaultParentComponent(path, "conan", options); + parentComponent = createDefaultParentComponent(path, "generic", options); } options.parentComponent = parentComponent; } - return buildBomNSData(options, pkgList, "conan", { + return buildBomNSData(options, pkgList, "generic", { src: path, - parentComponent + parentComponent, + dependencies }); }; diff --git a/package-lock.json b/package-lock.json index 8e22d046e..0a5e09994 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@cyclonedx/cdxgen", - "version": "9.9.1", + "version": "9.9.2", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@cyclonedx/cdxgen", - "version": "9.9.1", + "version": "9.9.2", "license": "Apache-2.0", "dependencies": { "@babel/parser": "^7.23.0", @@ -56,7 +56,7 @@ "node": ">=16" }, "optionalDependencies": { - "@appthreat/atom": "1.5.4", + "@appthreat/atom": "1.5.6", "@cyclonedx/cdxgen-plugins-bin": "^1.4.0", "@cyclonedx/cdxgen-plugins-bin-arm64": "^1.4.0", "@cyclonedx/cdxgen-plugins-bin-ppc64": "^1.4.0", @@ -91,9 +91,9 @@ } }, "node_modules/@appthreat/atom": { - "version": "1.5.4", - "resolved": "https://registry.npmjs.org/@appthreat/atom/-/atom-1.5.4.tgz", - "integrity": "sha512-lpGjNgFOBwU/N2X2IuwupBww9vMW6NJUtN+Q1+1WfJFxhoxDSSHPlC2hILtCiNmTU4jmcVhrFP5S4x4bcktpFQ==", + "version": "1.5.6", + "resolved": "https://registry.npmjs.org/@appthreat/atom/-/atom-1.5.6.tgz", + "integrity": "sha512-TkE22sAfEGsUWGE5LTwsn70HR/0mEVK9BXyas+EMlgevu1kj/6QkMFQDOF1hINvKL0C1fOQ7dvs9S6A4eXL1vw==", "optional": true, "dependencies": { "@babel/parser": "^7.23.0", diff --git a/package.json b/package.json index dbd29065b..c58455185 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@cyclonedx/cdxgen", - "version": "9.9.1", + "version": "9.9.2", "description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image", "homepage": "http://github.com/cyclonedx/cdxgen", "author": "Prabhu Subramanian ", @@ -83,7 +83,7 @@ "yargs": "^17.7.2" }, "optionalDependencies": { - "@appthreat/atom": "1.5.4", + "@appthreat/atom": "1.5.6", "@cyclonedx/cdxgen-plugins-bin": "^1.4.0", "@cyclonedx/cdxgen-plugins-bin-arm64": "^1.4.0", "@cyclonedx/cdxgen-plugins-bin-ppc64": "^1.4.0", diff --git a/test/data/cmakes/conanfile1.txt b/test/data/cmakes/conanfile1.txt new file mode 100644 index 000000000..e50b9bd2a --- /dev/null +++ b/test/data/cmakes/conanfile1.txt @@ -0,0 +1,100 @@ +[requires] +7-Zip/19.00@iw/stable#bb67aa9bc0da3feddc68ca9f334f4c8b +Autofac/4.9.4@iw/stable#5f212ee4882edaf5eb094c810d4ab346 +boost/1.74.0@iw/stable#f9356ef167d2caa029b91f7d32e52f66 +brotli/1.0.9@iw/stable#21633e351451b792f5551b59a515d127 +capstone/4.0.2@iw/stable#e2d9ed34d75b76ee8aae1b9986ab48ba +classifier_dicts/20160809@iw/stable#b0268ec941cf8a738db303070812f64b +ConanVisualStudioMultiGeneratorIW/0.5@iw/stable#253febfed63cabc702aeca9e739f393e +DebenuPDFLibrary/18.11@iw/stable#7346d26006e45f0b3ae3a7a60d6f0524 +DevExpress/10.2@iw/stable#0aa6f41a6560182e69a602ebb3c3c0b7 +dm_filesignatures/1.0@iw/stable#b200df3e0a7e45beb9a587b3570a9e46 +dmdbcore/7.1.0.13@iw/stable#760fa2d81d29193db85782ab5dc5126887e7c0b1 +dmdrivers/7.11.0.129@iw/stable#6a1b0d671c55cbd56d260d4dcb2f1f34439ab0ed +gtest/1.10.0@iw/stable#8c94c8257fda57eb8f1a783ec3ef6b9d +ionic.zip/1.9.3@iw/stable#1b43ac324f787e52aaae904388caaef0 +leveldb/1.23@iw/stable#e536eadc94a124109773599bd2df522f +libcurl/7.75.0@iw/stable#13b08f7f840d7950d373283d946f9dcf +libtm/7.8.0.91@iw/testing#247091686e7b247ac29aed05fc2e2da5 +libxml2/2.9.10@iw/stable#c018d583f61609b8857c810da6d5f7ce +mimetic/0.9.8@iw/stable#d4c8f791348ad68c88b657cd6713866a +Newtonsoft.Json/13.0.1@iw/stable#6d9690270a442de5aac20f58e77636f5 +nss/3.58.0@iw/stable#15d8010e511a0dfc5517b3f19e25f263 +oggdsf/0.85.17777@iw/stable#5c768c4f270845ccf4f21fdd3c54c86e +openssl/1.1.1h@iw/stable#7121d28d742935a5a1f97a1ab6a812af +qt5/5.15.1@iw/stable#d3cd3c40855bd137c9a3130ffea51d5e +rapidjson/1.1.0@iw/stable#b41e9a009591870659a78cec2b5a1797 +renci.sshnet/2020.0.1@iw/stable#131d247d07c5de73d117ea145fba0966 +sqlite3/3.33.0@iw/stable#88a7f373b9297e5ec9798b2e128c62be +SuperSocket.ClientEngine/0.10.0.0@iw/stable#093781d7d686a337d68086803c9c07c1 +tinyxml/2.6.2@iw/stable#138fe33e8a429d6103fd4a167236cf88 +tm_thrift/7.8.0.91@iw/stable#da17f91dcdd09e9bf0533923be33ef2a +WebSocket4Net/0.15.2.11@iw/stable#22ff77e638a2d7625ec7d88a60e73ed6 +windows7certs/1.0@iw/stable#a5ecce669fee8b1061ddaca1a58ff96c +wtl/10.0.10271@iw/stable#69fc609d469d3b6a666a5c706b579767 +yajl/2.1.0@iw/stable#6eaf3e476b3e20f4ceb3ef0bfcf384b2 +zlib/1.2.11@iw/stable#181ba4f80b9a5d85b57ffa2af9bf5cc1 +Detours/4.0.1@iw/stable#fb3dae2c2fc73bc96679f88bbb1ffeaa +libx264/cci.20220602@iw/stable#018d183cfa8ac8c55af9f4406d6d40e4 +gstreamer/1.22.0@iw/stable#8203f61c9b6cff51476122076f96965f +cas_perm/7.8.0.91@iw/stable#02f18079d62a9d2c721fbb0e9d38876d + +[build_requires] +NMock2/2.1@iw/stable#4147c7bc3bb9373462376335b8aab49a +nunit/2.5.10.11092@iw/stable#71e869add7e508fc9c1941e9bbe54710 +OpenCppCoverage/0.9.9.0@iw/stable#c3d7c780d1fa8932163dd054159300a7 +thrift/0.13.0@iw/stable#57e5176746bb38f0c59a77d11a6f500d + +[options] +boost:magic_autolink=True +boost:without_math=True +boost:without_wave=True +boost:without_contract=True +boost:without_exception=True +boost:without_graph=True +boost:without_iostreams=True +boost:without_locale=False +boost:without_log=True +boost:without_random=True +boost:without_mpi=True +boost:without_fiber=True +boost:without_timer=True +boost:without_graph_parallel=True +boost:without_python=True +boost:without_stacktrace=True +boost:without_test=True +boost:without_type_erasure=True +boost:without_coroutine=False +boost:without_context=False +boost:without_chrono=False +boost:without_atomic=False +boost:without_container=False +boost:without_date_time=False +boost:without_exception=False +boost:without_system=False + +dmdrivers:use_signed=True + +leveldb:with_snappy=True + +libcurl:shared=False +libcurl:with_ldap=False +libcurl:with_ssl=openssl +libcurl:with_zlib=True + +libx264:shared=True + +qt5:commercial=False +qt5:GUI=False +qt5:multiconfiguration=False +qt5:opengl=no +qt5:shared=False +qt5:syncqt=False +qt5:widgets=False +qt5:with_sqlite3=False + +zlib:minizip=True +zlib:shared=False + +[generators] +VisualStudioMultiGeneratorIW diff --git a/test/data/vcpkg.json b/test/data/vcpkg.json new file mode 100644 index 000000000..a37df5320 --- /dev/null +++ b/test/data/vcpkg.json @@ -0,0 +1,29 @@ +{ + "name": "v8", + "version": "9.1.269.39", + "port-version": 6, + "description": "Google Chrome's JavaScript engine", + "homepage": "https://v8.dev", + "license": "BSD-3-Clause", + "supports": "!(arm | arm64 | uwp | osx | linux)", + "dependencies": [ + { + "name": "glib", + "platform": "linux" + }, + "icu", + { + "name": "pthread", + "platform": "linux" + }, + { + "name": "vcpkg-gn", + "host": true + }, + { + "name": "vcpkg-tool-python2", + "host": true + }, + "zlib" + ] +} diff --git a/utils.js b/utils.js index 94527bfe5..3681aa3e3 100644 --- a/utils.js +++ b/utils.js @@ -4747,7 +4747,26 @@ export const parseConanLockData = function (conanLockData) { if (nodes[nk].ref) { const tmpA = nodes[nk].ref.split("/"); if (tmpA.length === 2) { - pkgList.push({ name: tmpA[0], version: tmpA[1] }); + let version = tmpA[1] || "latest"; + if (tmpA[1].includes("@")) { + version = version.split("@")[0]; + } else if (tmpA[1].includes("#")) { + version = version.split("#")[0]; + } + const purlString = new PackageURL( + "conan", + "", + tmpA[0], + version, + null, + null + ).toString(); + pkgList.push({ + name: tmpA[0], + version, + purl: purlString, + "bom-ref": decodeURIComponent(purlString) + }); } } } @@ -4759,15 +4778,50 @@ export const parseConanData = function (conanData) { if (!conanData) { return pkgList; } + let scope = "required"; conanData.split("\n").forEach((l) => { l = l.replace("\r", ""); + if (l.includes("[build_requires]")) { + scope = "optional"; + } + if (l.includes("[requires]")) { + scope = "required"; + } if (!l.includes("/")) { return; } if (l.includes("/")) { const tmpA = l.trim().split("#")[0].split("/"); - if (tmpA.length === 2 && /^\d+/.test(tmpA[1])) { - pkgList.push({ name: tmpA[0], version: tmpA[1] }); + if (tmpA.length >= 2 && /^\d+/.test(tmpA[1])) { + let version = tmpA[1] || "latest"; + let qualifiers = undefined; + if (tmpA[1].includes("#")) { + const tmpB = version.split("#"); + version = tmpB[0]; + qualifiers = { revision: tmpB[1] }; + } + if (l.includes("#")) { + const tmpB = l.split("#"); + qualifiers = { revision: tmpB[1] }; + } + if (tmpA[1].includes("@")) { + version = version.split("@")[0]; + } + const purlString = new PackageURL( + "conan", + "", + tmpA[0], + version, + qualifiers, + null + ).toString(); + pkgList.push({ + name: tmpA[0], + version, + purl: purlString, + "bom-ref": decodeURIComponent(purlString), + scope + }); } } }); @@ -6103,7 +6157,7 @@ export const collectGradleDependencies = ( * Method to collect class names from all jars in a directory * * @param {string} jarPath Path containing jars - * @param {object} pomPathMap Map containing jar to pom names. Required to successful parse gradle cache. + * @param {object} pomPathMap Map containing jar to pom names. Required to successfully parse gradle cache. * * @return object containing jar name and class list */ @@ -7750,6 +7804,7 @@ export const parseCmakeLikeFile = (cmakeListFile, pkgType, options = {}) => { !n.startsWith("@") ) { n = n.replace(/"/g, ""); + // Can this be replaced with a db lookup? for (const wrapkey of Object.keys(mesonWrapDB)) { const awrap = mesonWrapDB[wrapkey]; if ( @@ -7863,6 +7918,44 @@ export const getCppModules = (src, options, osPkgsList, epkgList) => { const pkgAddedMap = {}; let sliceData = {}; const epkgMap = {}; + let parentComponent = undefined; + const dependsOn = []; + // Let's look for any vcpkg.json file to tell us about the directory we're scanning + // users can use this file to give us a clue even if they do not use vcpkg library manager + if (existsSync(join(src, "vcpkg.json"))) { + const vcPkgData = JSON.parse(join(src, "vcpkg.json")); + if ( + vcPkgData && + Object.keys(vcPkgData).length && + vcPkgData.name && + vcPkgData.version + ) { + const parentPurl = new PackageURL( + pkgType, + "", + vcPkgData.name, + vcPkgData.version, + null, + null + ).toString(); + parentComponent = { + name: vcPkgData.name, + version: vcPkgData.version, + description: vcPkgData.description, + license: vcPkgData.license, + purl: parentPurl, + "bom-ref": decodeURIComponent(parentPurl) + }; + if (vcPkgData.homepage) { + parentComponent.homepage = { url: vcPkgData.homepage }; + } + } + } else if (existsSync(join(src, "CMakeLists.txt"))) { + const retMap = parseCmakeLikeFile(join(src, "CMakeLists.txt"), pkgType); + if (retMap.parentComponent && Object.keys(retMap.parentComponent).length) { + parentComponent = retMap.parentComponent; + } + } (epkgList || []).forEach((p) => { epkgMap[p.name] = p; }); @@ -7935,15 +8028,14 @@ export const getCppModules = (src, options, osPkgsList, epkgList) => { } if (usageData[afile]) { const usymbols = Array.from(usageData[afile]).filter( - (v) => - !v.startsWith(" !v.startsWith("<") && !v.startsWith("__") ); - if (!apkg["properties"]) { + if (!apkg["properties"] && usymbols.length) { apkg["properties"] = [ { name: "ImportedSymbols", value: usymbols.join(", ") } ]; + } else { + apkg["properties"] = []; } const newProps = []; let symbolsPropertyFound = false; @@ -7956,7 +8048,7 @@ export const getCppModules = (src, options, osPkgsList, epkgList) => { } newProps.push(prop); } - if (!symbolsPropertyFound) { + if (!symbolsPropertyFound && usymbols.length) { apkg["properties"].push({ name: "ImportedSymbols", value: usymbols.join(", ") @@ -7964,10 +8056,40 @@ export const getCppModules = (src, options, osPkgsList, epkgList) => { } apkg["properties"] = newProps; } - pkgList.push(apkg); - pkgAddedMap[name] = true; + // At this point, we have a package but we don't know what it's called + // So let's try to locate this generic package using some heuristics + apkg = locateGenericPackage(apkg); + if (!pkgAddedMap[name]) { + pkgList.push(apkg); + dependsOn.push(apkg["bom-ref"]); + pkgAddedMap[name] = true; + } } - return pkgList; + const dependenciesList = + dependsOn.length && parentComponent + ? [ + { + ref: parentComponent["bom-ref"], + dependsOn + } + ] + : []; + return { + parentComponent, + pkgList, + dependenciesList + }; +}; + +/** + * NOT IMPLEMENTED YET. + * A future method to locate a generic package given some name and properties + * + * @param {object} apkg Package to locate + * @returns Located project with precise purl or the original unmodified input. + */ +export const locateGenericPackage = (apkg) => { + return apkg; }; export const parseCUsageSlice = (sliceData) => { diff --git a/utils.test.js b/utils.test.js index 93b04f5f8..267d3d199 100644 --- a/utils.test.js +++ b/utils.test.js @@ -1061,7 +1061,9 @@ test("parse conan data", () => { expect(dep_list.length).toEqual(3); expect(dep_list[0]).toEqual({ name: "zstd", - version: "1.4.4" + version: "1.4.4", + "bom-ref": "pkg:conan/zstd@1.4.4", + purl: "pkg:conan/zstd@1.4.4" }); dep_list = parseConanData( readFileSync("./test/data/conanfile.txt", { encoding: "utf-8" }) @@ -1069,7 +1071,10 @@ test("parse conan data", () => { expect(dep_list.length).toEqual(3); expect(dep_list[0]).toEqual({ name: "zstd", - version: "1.4.4" + version: "1.4.4", + "bom-ref": "pkg:conan/zstd@1.4.4", + purl: "pkg:conan/zstd@1.4.4", + scope: "required" }); dep_list = parseConanData( readFileSync("./test/data/cmakes/conanfile.txt", { encoding: "utf-8" }) @@ -1077,7 +1082,22 @@ test("parse conan data", () => { expect(dep_list.length).toEqual(1); expect(dep_list[0]).toEqual({ name: "qr-code-generator", - version: "1.8.0" + version: "1.8.0", + "bom-ref": "pkg:conan/qr-code-generator@1.8.0", + purl: "pkg:conan/qr-code-generator@1.8.0", + scope: "required" + }); + dep_list = parseConanData( + readFileSync("./test/data/cmakes/conanfile1.txt", { encoding: "utf-8" }) + ); + expect(dep_list.length).toEqual(42); + expect(dep_list[0]).toEqual({ + "bom-ref": + "pkg:conan/7-Zip@19.00?revision=bb67aa9bc0da3feddc68ca9f334f4c8b", + name: "7-Zip", + purl: "pkg:conan/7-Zip@19.00?revision=bb67aa9bc0da3feddc68ca9f334f4c8b", + scope: "required", + version: "19.00" }); });