Project

General

Profile

Files » SBoM_haketilo-1.0_hydrilla-1.0.txt

koszko, 02/23/2022 02:08 PM

 
1
Last updated: 2022-02-23
2

    
3
You may also want to look at SBoMs of Haketilo and Hydrilla on Redmine-powered wiki:
4
- https://hydrillabugs.koszko.org/projects/haketilo/wiki/Haketilo_Software_Bill_of_Materials
5
- https://hydrillabugs.koszko.org/projects/hydrilla/wiki/Hydrilla_Software_Bill_of_Materials
6

    
7

    
8
# Software Bill of Materials - Haketilo
9

    
10
*Note: This SBOM corresponds to the upcoming Haketilo version 1.0.*
11

    
12
## Incorporated code
13
Software parts that have been copied over to Haketilo source tree with only slight or no modification (code that has been mostly rewritten and non-software artworks are not mentioned here).
14

    
15
### js-sha256
16
| field        | value                                       |
17
|--------------+---------------------------------------------|
18
| name         | js-sha256                                   |
19
| version      | 0.9.0                                       |
20
| copyright    | 2014-2017 Chen, Yi-Cyuan <emn178@gmail.com> |
21
| license      | MIT (Expat)                                 |
22
| upstream url | https://github.com/emn178/js-sha256         |
23

    
24
This JavaScript implementation of SHA256 is included in the browser extension itself. It is used to derive nonces used internally by Haketilo. This library is only used in contexts where synchronous computation of SHA256 digest is required. In other cases (e.g. verification of integrity of downloaded files), the asynchronous crypto.subtle JavaScript API is used.
25

    
26
### Reset CSS
27
| field        | value                                      |
28
|--------------+--------------------------------------------|
29
| name         | Reset CSS                                  |
30
| version      | 2.0                                        |
31
| copyright    | 2008,2011 Eric A. Meyer                    |
32
| license      | public domain                              |
33
| upstream url | https://meyerweb.com/eric/tools/css/reset/ |
34

    
35
The CSS Reset style sheet is used on pages displayed by Haketilo.
36

    
37
### jsonschema (JavaScript library)
38
| field        | value                                                    |
39
|--------------+----------------------------------------------------------|
40
| name         | jsonschema                                               |
41
| version      | 1.4.0                                                    |
42
| copyright    | 2012-2021 Tom de Grunt <tom@degrunt.nl> and contributors |
43
| license      | MIT (Expat)                                              |
44
| upstream url | https://github.com/tdegrunt/jsonschema                   |
45

    
46
This library shall be used to validate external JSON documents (e.g. those downloaded from Hydrilla repository).
47

    
48
## External dependencies
49

    
50
### POSIX environment
51
Standard UNIX tools (sh, awk, etc.) are needed to **build** Haketilo. There's no known dependency on specific implementations of those (e.g. gawk should work just as well as nawk).
52

    
53
### Make
54
Make build system is an **optional requirement for building** Haketilo and a **strict requirement for running the test suite**. There's no known dependency on specific Make implementation.
55

    
56
### Python3
57
Python in at least version 3.7 is needed to run the automated test suite.
58

    
59
### Pytest
60
| field        | value                              |
61
|--------------+------------------------------------|
62
| name         | pytest                             |
63
| version      | no known constraints (6.0.2 used)  |
64
| copyright    | 2004-2021 Holger Krekel and others |
65
| license      | MIT (Expat)                        |
66
| upstream url | https://pytest.org                 |
67

    
68
Pytest library is used in automated tests of the extension.
69

    
70
### Selenium webdriver (Python)
71
| field        | value                                                                 |
72
|--------------+-----------------------------------------------------------------------|
73
| name         | selenium                                                              |
74
| version      | no known constraints (3.141.0 used)                                   |
75
| copyright    | 2011-2021 Software Freedom Conservancy; 2004-2011 Selenium committers |
76
| license      | Apache-2.0                                                            |
77
| upstream url | https://www.selenium.dev/                                             |
78

    
79
Selenium Python library is used in automated tests of the extension.
80

    
81
### Web browser
82
A Firefox-derived web browser with at least version 60 **or** a Chromium-derived browser with at least version 90 (although older Chromium versions are likely to work as well) is needed to use the extensions.
83

    
84
In addition, a Firefox-derived web browser with at least version 60 is needed to run the automated test suite.
85

    
86
### geckodriver
87
| field        | value                                                                  |
88
|--------------+------------------------------------------------------------------------|
89
| name         | geckodriver                                                            |
90
| version      | no known constraints (0.30.0 used for development)                     |
91
| copyright    | ???                                                                    |
92
| license      | MPL-2.0                                                                |
93
| upstream url | https://firefox-source-docs.mozilla.org/testing/geckodriver/index.html |
94

    
95
Geckodriver compatible with the Firefox-derived browser used is needed to run the automated test suite.
96

    
97
### Inkscape
98
| field        | value                                              |
99
|--------------+----------------------------------------------------|
100
| name         | Inkscape                                           |
101
| version      | no known constraints (0.92.4 used for development) |
102
| copyright    | Inkscape Authors                                   |
103
| license      | GPL-3.0-only                                       |
104
| upstream url | https://inkscape.org/                              |
105

    
106
Inkscape is an optional build dependency used to generate png icons from an svg file.
107

    
108

    
109
# Software Bill of Materials - Hydrilla
110

    
111
*Note: This SBOM corresponds to the upcoming Hydrilla version 1.0 written in Python.*
112

    
113
## Incorporated code
114

    
115
*Currently none*
116

    
117
## External dependencies
118

    
119
### Python3
120
Python is needed to both build and run Hydrilla. At least version 3.7 is required.
121

    
122
### Pytest
123
| field        | value                              |
124
|--------------+------------------------------------|
125
| name         | pytest                             |
126
| version      | no known constraints (6.0.2 used)  |
127
| copyright    | 2004-2020 Holger Krekel and others |
128
| license      | MIT (Expat)                        |
129
| upstream url | https://pytest.org                 |
130

    
131
Pytest is used in automated tests of Hydrilla.
132

    
133
### Setuptools
134
| field        | value                                           |
135
|--------------+-------------------------------------------------|
136
| name         | setuptools                                      |
137
| version      | >=45 (52.0.0 used for development)              |
138
| copyright    | Jason R. Coombs                                 |
139
| license      | MIT (Expat)                                     |
140
| upstream url | https://setuptools.pypa.io/en/latest/           |
141

    
142
Setuptools are used to build Hydrilla.
143

    
144
### setuptools_scm
145
| field        | value                                                                 |
146
|--------------+-----------------------------------------------------------------------|
147
| name         | setuptools_scm                                                        |
148
| version      | >=5.0 (5.0 used for development)                                      |
149
| copyright    | Ronny Pfannschmidt <opensource@ronnypfannschmidt.de> and contributors |
150
| license      | MIT (Expat)                                                           |
151
| upstream url | https://github.com/pypa/setuptools_scm                                |
152

    
153
Needed to extract some VCS data when building from git repo.
154

    
155
### jsonschema (Python library)
156
| field        | value                                                    |
157
|--------------+----------------------------------------------------------|
158
| name         | jsonschema                                               |
159
| version      | >=3.0 (3.2.0 used for development)                       |
160
| copyright    | 2011-2019 Julian Berman and contributors                 |
161
| license      | MIT (Expat)                                              |
162
| upstream url | https://github.com/Julian/jsonschema                     |
163

    
164
This library is used to validate JSON documents loaded by Hydrilla.
165

    
166
### Flask
167
| field        | value                                             |
168
|--------------+---------------------------------------------------|
169
| name         | flask                                             |
170
| version      | no known constraints (1.0.2 used for development) |
171
| copyright    | 2010-2021 Pallets                                 |
172
| license      | BSD-3-Clause                                      |
173
| upstream url | https://flask.palletsprojects.com/en/2.0.x/       |
174

    
175
### Click
176
| field        | value                                             |
177
|--------------+---------------------------------------------------|
178
| name         | click                                             |
179
| version      | no known constraints (7.1.2 used for development) |
180
| copyright    | 2014-2020 Pallets                                 |
181
| license      | BSD-3-Clause                                      |
182
| upstream url | https://click.palletsprojects.com/en/8.0.x/       |
(12-12/14)