From 3263bb36b08dd90ab9375600f20d3548c77d1801 Mon Sep 17 00:00:00 2001
From: Frantisek Hrbata <frantisek.hrbata@espressif.com>
Date: Tue, 9 Sep 2025 16:30:52 +0200
Subject: [PATCH] fix(cjson): add CPE with davegamble as vendor

The latest cJSON vulnerabilities appear to list "davegamble" as the
vendor instead of "cjson_project." Add a new CPE with "davegamble" as
the vendor.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
---
 .gitmodules | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitmodules b/.gitmodules
index 316c46041f..cc53f2979b 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -51,6 +51,7 @@
 	url = ../../DaveGamble/cJSON.git
 	sbom-version = 1.7.18
 	sbom-cpe = cpe:2.3:a:cjson_project:cjson:{}:*:*:*:*:*:*:*
+	sbom-cpe = cpe:2.3:a:davegamble:cjson:{}:*:*:*:*:*:*:*
 	sbom-supplier = Person: Dave Gamble
 	sbom-url = https://github.com/DaveGamble/cJSON
 	sbom-description = Ultralightweight JSON parser in ANSI C