@@ -26,6 +26,11 @@ def get_version() -> str:
2626 return version_file .read_text (encoding = "utf-8" ).split ('"' )[1 ]
2727
2828
29+ def load_dep_versions () -> dict [str , str ]:
30+ deps_file = Path (__file__ ).parent / "dependencies.json"
31+ return json .loads (deps_file .read_text (encoding = "utf-8" ))
32+
33+
2934def sha256_file (path : Path ) -> str :
3035 return hashlib .sha256 (path .read_bytes ()).hexdigest ()
3136
@@ -58,6 +63,7 @@ def generate(version: str) -> dict:
5863 purl = f"pkg:pypi/pillow@{ version }
5964 root = Path (__file__ ).parent .parent
6065 thirdparty = root / "src" / "thirdparty"
66+ versions = load_dep_versions ()
6167
6268 metadata_component = {
6369 "bom-ref" : purl ,
@@ -243,6 +249,7 @@ def generate(version: str) -> dict:
243249 "bom-ref" : "pkg:generic/freetype2" ,
244250 "type" : "library" ,
245251 "name" : "FreeType" ,
252+ "version" : versions ["freetype" ],
246253 "scope" : "optional" ,
247254 "description" : "Font rendering (optional, used by PIL._imagingft). "
248255 "Required for text/font support." ,
@@ -259,6 +266,7 @@ def generate(version: str) -> dict:
259266 "bom-ref" : "pkg:generic/fribidi" ,
260267 "type" : "library" ,
261268 "name" : "FriBiDi" ,
269+ "version" : versions ["fribidi" ],
262270 "scope" : "optional" ,
263271 "description" : "Unicode bidi algorithm library (optional, "
264272 "loaded at runtime by fribidi-shim)." ,
@@ -275,6 +283,7 @@ def generate(version: str) -> dict:
275283 "bom-ref" : "pkg:generic/harfbuzz" ,
276284 "type" : "library" ,
277285 "name" : "HarfBuzz" ,
286+ "version" : versions ["harfbuzz" ],
278287 "scope" : "optional" ,
279288 "description" : "Text shaping (optional, required by libraqm "
280289 "for complex text layout)." ,
@@ -291,9 +300,9 @@ def generate(version: str) -> dict:
291300 "bom-ref" : "pkg:generic/libavif" ,
292301 "type" : "library" ,
293302 "name" : "libavif" ,
303+ "version" : versions ["libavif" ],
294304 "scope" : "optional" ,
295- "description" : "AVIF codec (optional, used by PIL._avif). "
296- "Requires libavif >= 1.0.0." ,
305+ "description" : "AVIF codec (optional, used by PIL._avif)." ,
297306 "licenses" : [{"license" : {"id" : "BSD-2-Clause" }}],
298307 "externalReferences" : [
299308 {"type" : "website" , "url" : "https://github.com/AOMediaCodec/libavif" },
@@ -307,9 +316,9 @@ def generate(version: str) -> dict:
307316 "bom-ref" : "pkg:generic/libimagequant" ,
308317 "type" : "library" ,
309318 "name" : "libimagequant" ,
319+ "version" : versions ["libimagequant" ],
310320 "scope" : "optional" ,
311- "description" : "Improved colour quantization (optional). "
312- "Tested with 2.6-4.4.1." ,
321+ "description" : "Improved colour quantization (optional)." ,
313322 "licenses" : [{"license" : {"id" : "GPL-3.0-or-later" }}],
314323 "externalReferences" : [
315324 {"type" : "website" , "url" : "https://pngquant.org/lib/" },
@@ -323,9 +332,9 @@ def generate(version: str) -> dict:
323332 "bom-ref" : "pkg:generic/libjpeg" ,
324333 "type" : "library" ,
325334 "name" : "libjpeg / libjpeg-turbo" ,
335+ "version" : versions ["jpegturbo" ],
326336 "description" : "JPEG codec (required by default; disable with "
327- "-C jpeg=disable). Tested with libjpeg 6b/8/9-9d "
328- "and libjpeg-turbo 2-3." ,
337+ "-C jpeg=disable)." ,
329338 "licenses" : [
330339 {"license" : {"id" : "IJG" }},
331340 {"license" : {"id" : "BSD-3-Clause" }},
@@ -343,8 +352,9 @@ def generate(version: str) -> dict:
343352 "bom-ref" : "pkg:generic/libtiff" ,
344353 "type" : "library" ,
345354 "name" : "libtiff" ,
355+ "version" : versions ["tiff" ],
346356 "scope" : "optional" ,
347- "description" : "TIFF codec (optional). Tested with libtiff 4.0-4.7.1. " ,
357+ "description" : "TIFF codec (optional)." ,
348358 "licenses" : [{"license" : {"id" : "libtiff" }}],
349359 "externalReferences" : [
350360 {"type" : "website" , "url" : "https://libtiff.gitlab.io/libtiff/" },
@@ -358,6 +368,7 @@ def generate(version: str) -> dict:
358368 "bom-ref" : "pkg:generic/libwebp" ,
359369 "type" : "library" ,
360370 "name" : "libwebp" ,
371+ "version" : versions ["libwebp" ],
361372 "scope" : "optional" ,
362373 "description" : "WebP codec (optional, used by PIL._webp)." ,
363374 "licenses" : [{"license" : {"id" : "BSD-3-Clause" }}],
@@ -376,6 +387,7 @@ def generate(version: str) -> dict:
376387 "bom-ref" : "pkg:generic/libxcb" ,
377388 "type" : "library" ,
378389 "name" : "libxcb" ,
390+ "version" : versions ["libxcb" ],
379391 "scope" : "optional" ,
380392 "description" : "X11 screen-grab support (optional, "
381393 "used by PIL._imaging on macOS and Linux)." ,
@@ -392,9 +404,9 @@ def generate(version: str) -> dict:
392404 "bom-ref" : "pkg:generic/littlecms2" ,
393405 "type" : "library" ,
394406 "name" : "Little CMS 2" ,
407+ "version" : versions ["lcms2" ],
395408 "scope" : "optional" ,
396- "description" : "Colour management (optional, used by PIL._imagingcms). "
397- "Tested with lcms2 2.7-2.18." ,
409+ "description" : "Colour management (optional, used by PIL._imagingcms)." ,
398410 "licenses" : [{"license" : {"id" : "MIT" }}],
399411 "externalReferences" : [
400412 {"type" : "website" , "url" : "https://www.littlecms.com" },
@@ -408,9 +420,9 @@ def generate(version: str) -> dict:
408420 "bom-ref" : "pkg:generic/openjpeg" ,
409421 "type" : "library" ,
410422 "name" : "OpenJPEG" ,
423+ "version" : versions ["openjpeg" ],
411424 "scope" : "optional" ,
412- "description" : "JPEG 2000 codec (optional). "
413- "Tested with openjpeg 2.0.0-2.5.4." ,
425+ "description" : "JPEG 2000 codec (optional)." ,
414426 "licenses" : [{"license" : {"id" : "BSD-2-Clause" }}],
415427 "externalReferences" : [
416428 {"type" : "website" , "url" : "https://www.openjpeg.org" },
@@ -439,6 +451,7 @@ def generate(version: str) -> dict:
439451 "bom-ref" : "pkg:generic/zlib" ,
440452 "type" : "library" ,
441453 "name" : "zlib" ,
454+ "version" : versions ["zlib-ng" ],
442455 "description" : "Deflate/PNG compression (required by default; "
443456 "disable with -C zlib=disable)." ,
444457 "licenses" : [{"license" : {"id" : "Zlib" }}],
0 commit comments