# Set the versionInfo and downloadLocation fields for all packages.
for package in sbom_data["packages"]:
- package["versionInfo"] = externals_name_to_version[package["name"]]
+ package_version = externals_name_to_version[package["name"]]
+
+ # Update the version information in all the locations.
+ package["versionInfo"] = package_version
+ for external_ref in package["externalRefs"]:
+ if external_ref["referenceType"] != "cpe23Type":
+ continue
+ # Version is the fifth field of a CPE.
+ cpe23ref = external_ref["referenceLocator"]
+ external_ref["referenceLocator"] = re.sub(
+ r"\A(cpe(?::[^:]+){4}):[^:]+:",
+ fr"\1:{package_version}:",
+ cpe23ref
+ )
+
download_location = (
f"https://github.com/python/cpython-source-deps/archive/refs/tags/{externals_name_to_git_tag[package['name']]}.tar.gz"
)
projects / thirdparty / Python / cpython.git / commitdiff
