gps-denied-onboard/cmake/dependencies.cmake

# Pinned third-party native dependencies.
#
# D-CROSS-CVE-1: OpenCV must be >= 4.12.0. The `ci/opencv_pin_gate.py` CI step
# also enforces this against the resolved pyproject lockfile.

# pybind11 (header-only — vendored under cpp/pybind11/ as a submodule placeholder).
set(PYBIND11_VENDORED_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cpp/pybind11")

# OpenCV minimum (D-CROSS-CVE-1).
set(OPENCV_MIN_VERSION "4.12.0")

# Pinned native dependency commit refs — bootstrap declares the pins; concrete
# fetch_content / find_package wiring lands with the dependent component tasks.
set(OKVIS2_GIT_TAG     "v2.0.0"  CACHE STRING "OKVIS2 git tag/commit")
set(VINS_MONO_GIT_TAG  "v0.9"    CACHE STRING "VINS-Mono git tag/commit")
set(GTSAM_GIT_TAG      "4.2.0"   CACHE STRING "GTSAM git tag/commit")
set(FAISS_GIT_TAG      "v1.8.0"  CACHE STRING "FAISS git tag/commit")

# Output pin summary for CI capture into the SBOM.
message(STATUS "[deps] OPENCV_MIN_VERSION=${OPENCV_MIN_VERSION}")
message(STATUS "[deps] OKVIS2_GIT_TAG=${OKVIS2_GIT_TAG}")
message(STATUS "[deps] VINS_MONO_GIT_TAG=${VINS_MONO_GIT_TAG}")
message(STATUS "[deps] GTSAM_GIT_TAG=${GTSAM_GIT_TAG}")
message(STATUS "[deps] FAISS_GIT_TAG=${FAISS_GIT_TAG}")