{ "SchemaVersion": 2, "Trivy": { "Version": "0.69.3" }, "ReportID": "019d57b3-4c05-7b45-a434-a0211f542ef6", "CreatedAt": "2026-04-04T08:54:21.445740057Z", "ArtifactName": "sboms/ai-containers-litellm-database-v1.81.12-stable-cyclonedx.json", "ArtifactType": "cyclonedx", "Metadata": { "OS": { "Family": "wolfi", "Name": "20230201" }, "ImageID": "sha256:aed8bcbe6889001b41411569494059e61f16e132abd35eb40ae9f5ec8a5b23de", "DiffIDs": [ "sha256:065123985f116c8cb4b15d734329d7e039f0fcc535c2e72e3d1eeb27b10cafcd", "sha256:09415f6704429bf538351a5149a730bf1f254708ab21586991db5bb27b8907bd", "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa", "sha256:1f7b804e2e3b2ce78f108ce6ea8e3c5c42309860a59a5342e101ba77669d8a92", "sha256:2aa911042f39c4401b2a739caa8f50d282f7680c9ca233e007b55856d99fa78a", "sha256:2d64e69fa70c9611b9326f3de269d8fb379f944951ca8087d6558c92263697c0", "sha256:309d2790ec4690a4b077992d4a88f61006612dfd119905c02e3147a42a7af8a3", "sha256:3d4e6194acd896e7b55e3bb0c7b070bc42c505ccf8da1a39309b180bbf55df68", "sha256:3febef309d214ce846f50544305e50f36cd53381e101919edfbeca74bf65f8ab", "sha256:4c3d1b778c7b9dc9a2737fe74d15535496ba7a69d746b0f0b4b89164d85dfcc2", "sha256:57baac9e3b8cc045e6005e2209c34c364da9510f57168c7729e76de6b859f97c", "sha256:59575ba6947be2e5867670e1224ee6296551beeea2007a99865bfa80da6b45ed", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:61d57d480092b9ea422f823933458942f581656ba2ac4efde2c652c3d7912251", "sha256:6562679d109c939489d457fcbd6d961c9d5f592f316cefcb2e62fa595199797a", "sha256:6ba730baa29198c5d05e4b0c3579140b2e459733bdd239b2ac482305d953f8df", "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8", "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453", "sha256:835cf21d218d6b0e080162f453686b5c0e24b109874e66d8794efedd918cebc1", "sha256:8b1e4c652510eebe9bc9b168926f12d9794e5418eec1d2e90ce143ec3dbd8f3e", "sha256:8fdac22e5a9f5179b78681e51f2b08148fec58c94019da6e023ba82dfed318f7", "sha256:98481b16b5b7db2fe5071acddc9cb81c29411335c97e9ddeb35c7c800d9fb568", "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413", "sha256:b05f94d9a941bc6659443506983a64b9d131f276bb8ddc0fb504ecd62176a4ee", "sha256:b6b512b9108959a393f94a860379497c2fb37e0ed270f661cc418c748808fc39", "sha256:b8195249dcd92d2c0519946f0a9f9d9ec7b88e9a19b5f83bc156103a39d5ab50", "sha256:c38e600be9e3b4d789f0b1f8c9a67b1ff2094481e475a06cea386c5962b57f54", "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" ], "RepoDigests": [ "registry.suse.com/ai/containers/litellm-database@sha256:7203ac58be4e5ad28b8240e6e9034e633744f2dd241112ca3ae931276db17b01" ] }, "Results": [ { "Target": "sboms/ai-containers-litellm-database-v1.81.12-stable-cyclonedx.json (wolfi 20230201)", "Class": "os-pkgs", "Type": "wolfi", "Packages": [ { "ID": "alsa-lib@1.2.15.3-r1", "Name": "alsa-lib", "Identifier": { "PURL": "pkg:apk/wolfi/alsa-lib@1.2.15.3-r1?arch=x86_64\u0026distro=20230201", "UID": "c7da67862d261688", "BOMRef": "pkg:apk/wolfi/alsa-lib@1.2.15.3-r1?arch=x86_64\u0026distro=20230201" }, "Version": "1.2.15.3-r1", "Arch": "x86_64", "SrcName": "alsa-lib", "SrcVersion": "1.2.15.3-r1", "Licenses": [ "LGPL-2.1-or-later" ], "DependsOn": [ "glibc@2.43-r1", "ld-linux@2.43-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:f102fe2f70af2ef8759d1f41d418cc93b507a5c4" }, { "ID": "apk-tools@2.14.10-r10", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/wolfi/apk-tools@2.14.10-r10?arch=x86_64\u0026distro=20230201", "UID": "3e452ee0d653c6ca", "BOMRef": "pkg:apk/wolfi/apk-tools@2.14.10-r10?arch=x86_64\u0026distro=20230201" }, "Version": "2.14.10-r10", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.14.10-r10", "Licenses": [ "GPL-2.0-only" ], "DependsOn": [ "ca-certificates-bundle@20251003-r3", "glibc@2.43-r1", "ld-linux@2.43-r1", "libcrypto3@3.6.1-r1", "libssl3@3.6.1-r1", "wolfi-baselayout@20230201-r27", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:1d53393b78f00c417dbc484afee224f386ba037746127e62a4bc86b6ad11daa1", "DiffID": "sha256:6562679d109c939489d457fcbd6d961c9d5f592f316cefcb2e62fa595199797a" }, "Digest": "sha1:360094f42540d8f16177f251916e29619be762fe" }, { "ID": "bash@5.3-r5", "Name": "bash", "Identifier": { "PURL": "pkg:apk/wolfi/bash@5.3-r5?arch=x86_64\u0026distro=20230201", "UID": "6d121f6c09e64cbf", "BOMRef": "pkg:apk/wolfi/bash@5.3-r5?arch=x86_64\u0026distro=20230201" }, "Version": "5.3-r5", "Arch": "x86_64", "SrcName": "bash", "SrcVersion": "5.3-r5", "Licenses": [ "GPL-3.0-or-later" ], "DependsOn": [ "glibc@2.43-r1", "ld-linux@2.43-r1", "ncurses@6.6_p20251230-r1", "wolfi-baselayout@20230201-r27" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:9dd00dcd7654147d2998f5b11213adb52cae5ad2" }, { "ID": "busybox@1.37.0-r54", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/wolfi/busybox@1.37.0-r54?arch=x86_64\u0026distro=20230201", "UID": "aca654f8a0ba155a", "BOMRef": "pkg:apk/wolfi/busybox@1.37.0-r54?arch=x86_64\u0026distro=20230201" }, "Version": "1.37.0-r54", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r54", "Licenses": [ "GPL-2.0-only" ], "DependsOn": [ "glibc@2.43-r1", "ld-linux@2.43-r1", "libcrypt1@2.43-r1", "wolfi-baselayout@20230201-r27" ], "Layer": { "Digest": "sha256:3f02fc482423f53d1d5bfdf6094776ebe0b7eba4617489f96d32e6c61ac92d92", "DiffID": "sha256:1f7b804e2e3b2ce78f108ce6ea8e3c5c42309860a59a5342e101ba77669d8a92" }, "Digest": "sha1:dfbfdd4815b2ce870ce5a428f10f6ad21a1f549a" }, { "ID": "c-ares@1.34.6-r0", "Name": "c-ares", "Identifier": { "PURL": "pkg:apk/wolfi/c-ares@1.34.6-r0?arch=x86_64\u0026distro=20230201", "UID": "fde1238e764a903c", "BOMRef": "pkg:apk/wolfi/c-ares@1.34.6-r0?arch=x86_64\u0026distro=20230201" }, "Version": "1.34.6-r0", "Arch": "x86_64", "SrcName": "c-ares", "SrcVersion": "1.34.6-r0", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:72c82e5c25bfd691982cf508bfda988bad5ced12" }, { "ID": "ca-certificates-bundle@20251003-r3", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/wolfi/ca-certificates-bundle@20251003-r3?arch=x86_64\u0026distro=20230201", "UID": "b7a1329569e2e4c5", "BOMRef": "pkg:apk/wolfi/ca-certificates-bundle@20251003-r3?arch=x86_64\u0026distro=20230201" }, "Version": "20251003-r3", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20251003-r3", "Licenses": [ "MPL-2.0", "MIT" ], "DependsOn": [ "wolfi-baselayout@20230201-r27" ], "Layer": { "Digest": "sha256:2a4da0691147ee88d0960b8ac8bda5481f91b115a20a0dcb9f30481401d91d36", "DiffID": "sha256:98481b16b5b7db2fe5071acddc9cb81c29411335c97e9ddeb35c7c800d9fb568" }, "Digest": "sha1:b8fb05eba8b52c5b8e3ae448c96ec4218e2bc447" }, { "ID": "gdbm@1.26-r2", "Name": "gdbm", "Identifier": { "PURL": "pkg:apk/wolfi/gdbm@1.26-r2?arch=x86_64\u0026distro=20230201", "UID": "e593979a68f9366c", "BOMRef": "pkg:apk/wolfi/gdbm@1.26-r2?arch=x86_64\u0026distro=20230201" }, "Version": "1.26-r2", "Arch": "x86_64", "SrcName": "gdbm", "SrcVersion": "1.26-r2", "Licenses": [ "GPL-3.0-or-later" ], "DependsOn": [ "glibc@2.43-r1", "ld-linux@2.43-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:375d22e56a0c032b92b8f3bd9eb4112e7864fb25" }, { "ID": "glibc@2.43-r1", "Name": "glibc", "Identifier": { "PURL": "pkg:apk/wolfi/glibc@2.43-r1?arch=x86_64\u0026distro=20230201", "UID": "19fc32b613e931a6", "BOMRef": "pkg:apk/wolfi/glibc@2.43-r1?arch=x86_64\u0026distro=20230201" }, "Version": "2.43-r1", "Arch": "x86_64", "SrcName": "glibc", "SrcVersion": "2.43-r1", "Licenses": [ "LGPL-2.1-or-later" ], "DependsOn": [ "glibc-locale-posix@2.43-r1", "ld-linux@2.43-r1", "libgcc@15.2.0-r9", "wolfi-baselayout@20230201-r27" ], "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" }, "Digest": "sha1:45d78518d648056160ca67d9ced0d9ae735718c3" }, { "ID": "glibc-locale-posix@2.43-r1", "Name": "glibc-locale-posix", "Identifier": { "PURL": "pkg:apk/wolfi/glibc-locale-posix@2.43-r1?arch=x86_64\u0026distro=20230201", "UID": "5e241543b8fe7d0", "BOMRef": "pkg:apk/wolfi/glibc-locale-posix@2.43-r1?arch=x86_64\u0026distro=20230201" }, "Version": "2.43-r1", "Arch": "x86_64", "SrcName": "glibc", "SrcVersion": "2.43-r1", "Licenses": [ "LGPL-2.1-or-later" ], "DependsOn": [ "wolfi-baselayout@20230201-r27" ], "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" }, "Digest": "sha1:71c70566fef73a5f03323418c29988aa79322016" }, { "ID": "icu78-data-full@78.2-r0", "Name": "icu78-data-full", "Identifier": { "PURL": "pkg:apk/wolfi/icu78-data-full@78.2-r0?arch=x86_64\u0026distro=20230201", "UID": "79aae065d9103888", "BOMRef": "pkg:apk/wolfi/icu78-data-full@78.2-r0?arch=x86_64\u0026distro=20230201" }, "Version": "78.2-r0", "Arch": "x86_64", "SrcName": "icu", "SrcVersion": "78.2-r0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:e615eeade973d33e6d30bca1bcb08383dec2c505" }, { "ID": "ld-linux@2.43-r1", "Name": "ld-linux", "Identifier": { "PURL": "pkg:apk/wolfi/ld-linux@2.43-r1?arch=x86_64\u0026distro=20230201", "UID": "e85685852da579df", "BOMRef": "pkg:apk/wolfi/ld-linux@2.43-r1?arch=x86_64\u0026distro=20230201" }, "Version": "2.43-r1", "Arch": "x86_64", "SrcName": "glibc", "SrcVersion": "2.43-r1", "Licenses": [ "LGPL-2.1-or-later" ], "DependsOn": [ "glibc@2.43-r1", "wolfi-baselayout@20230201-r27" ], "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" }, "Digest": "sha1:36773aca32fddc2957a0b46c436841e49509dd29" }, { "ID": "libbrotlicommon1@1.2.0-r1", "Name": "libbrotlicommon1", "Identifier": { "PURL": "pkg:apk/wolfi/libbrotlicommon1@1.2.0-r1?arch=x86_64\u0026distro=20230201", "UID": "e4f69c90132f7ab0", "BOMRef": "pkg:apk/wolfi/libbrotlicommon1@1.2.0-r1?arch=x86_64\u0026distro=20230201" }, "Version": "1.2.0-r1", "Arch": "x86_64", "SrcName": "brotli", "SrcVersion": "1.2.0-r1", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:f16ef9c593de91cc6945073b4636aeeda0c80a0e" }, { "ID": "libbrotlidec1@1.2.0-r1", "Name": "libbrotlidec1", "Identifier": { "PURL": "pkg:apk/wolfi/libbrotlidec1@1.2.0-r1?arch=x86_64\u0026distro=20230201", "UID": "90e3302a7bd611c4", "BOMRef": "pkg:apk/wolfi/libbrotlidec1@1.2.0-r1?arch=x86_64\u0026distro=20230201" }, "Version": "1.2.0-r1", "Arch": "x86_64", "SrcName": "brotli", "SrcVersion": "1.2.0-r1", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r1", "libbrotlicommon1@1.2.0-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:b98182b5ebf03788a5dfd808af6e2d3eeb4ff13c" }, { "ID": "libbrotlienc1@1.2.0-r1", "Name": "libbrotlienc1", "Identifier": { "PURL": "pkg:apk/wolfi/libbrotlienc1@1.2.0-r1?arch=x86_64\u0026distro=20230201", "UID": "b728d609daebdd82", "BOMRef": "pkg:apk/wolfi/libbrotlienc1@1.2.0-r1?arch=x86_64\u0026distro=20230201" }, "Version": "1.2.0-r1", "Arch": "x86_64", "SrcName": "brotli", "SrcVersion": "1.2.0-r1", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r1", "libbrotlicommon1@1.2.0-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:da1a062cc901589428b8d8fc3daa83a23f8cb929" }, { "ID": "libbz2-1@1.0.8-r22", "Name": "libbz2-1", "Identifier": { "PURL": "pkg:apk/wolfi/libbz2-1@1.0.8-r22?arch=x86_64\u0026distro=20230201", "UID": "c6713ef18d40a900", "BOMRef": "pkg:apk/wolfi/libbz2-1@1.0.8-r22?arch=x86_64\u0026distro=20230201" }, "Version": "1.0.8-r22", "Arch": "x86_64", "SrcName": "bzip2", "SrcVersion": "1.0.8-r22", "Licenses": [ "MPL-2.0", "MIT" ], "DependsOn": [ "glibc@2.43-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:7881510d91ca841ea9441e08e4a352199b87ff65" }, { "ID": "libcrypt1@2.43-r1", "Name": "libcrypt1", "Identifier": { "PURL": "pkg:apk/wolfi/libcrypt1@2.43-r1?arch=x86_64\u0026distro=20230201", "UID": "bf9f632e216bab3", "BOMRef": "pkg:apk/wolfi/libcrypt1@2.43-r1?arch=x86_64\u0026distro=20230201" }, "Version": "2.43-r1", "Arch": "x86_64", "SrcName": "glibc", "SrcVersion": "2.43-r1", "Licenses": [ "LGPL-2.1-or-later" ], "DependsOn": [ "glibc@2.43-r1", "libxcrypt@4.5.2-r2", "wolfi-baselayout@20230201-r27" ], "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" }, "Digest": "sha1:c67ac42c65c2936d748c7fbb6161b64c650f3f3f" }, { "ID": "libcrypto3@3.6.1-r1", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/wolfi/libcrypto3@3.6.1-r1?arch=x86_64\u0026distro=20230201", "UID": "85aab75953abd74", "BOMRef": "pkg:apk/wolfi/libcrypto3@3.6.1-r1?arch=x86_64\u0026distro=20230201" }, "Version": "3.6.1-r1", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.6.1-r1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "glibc@2.43-r1" ], "Layer": { "Digest": "sha256:02fc55a9c757fa6bcfe11d95fb21dbe82723d434ab5cb91cfedf674fb3eb8267", "DiffID": "sha256:2d64e69fa70c9611b9326f3de269d8fb379f944951ca8087d6558c92263697c0" }, "Digest": "sha1:d8bbdb6c6fc823c4567afe7518475cdeb6cfd67a" }, { "ID": "libexpat1@2.7.4-r1", "Name": "libexpat1", "Identifier": { "PURL": "pkg:apk/wolfi/libexpat1@2.7.4-r1?arch=x86_64\u0026distro=20230201", "UID": "3654ead0806efa41", "BOMRef": "pkg:apk/wolfi/libexpat1@2.7.4-r1?arch=x86_64\u0026distro=20230201" }, "Version": "2.7.4-r1", "Arch": "x86_64", "SrcName": "expat", "SrcVersion": "2.7.4-r1", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:c5b2bb591573c0337e81a12513a9e010ee5f8495" }, { "ID": "libffi@3.5.2-r1", "Name": "libffi", "Identifier": { "PURL": "pkg:apk/wolfi/libffi@3.5.2-r1?arch=x86_64\u0026distro=20230201", "UID": "42e42a180268712e", "BOMRef": "pkg:apk/wolfi/libffi@3.5.2-r1?arch=x86_64\u0026distro=20230201" }, "Version": "3.5.2-r1", "Arch": "x86_64", "SrcName": "libffi", "SrcVersion": "3.5.2-r1", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:ce40e7d1f8951ac77983c4e263e2d7b04b194c17" }, { "ID": "libflac@1.4.3-r5", "Name": "libflac", "Identifier": { "PURL": "pkg:apk/wolfi/libflac@1.4.3-r5?arch=x86_64\u0026distro=20230201", "UID": "b15f443a02420e88", "BOMRef": "pkg:apk/wolfi/libflac@1.4.3-r5?arch=x86_64\u0026distro=20230201" }, "Version": "1.4.3-r5", "Arch": "x86_64", "SrcName": "flac", "SrcVersion": "1.4.3-r5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "DependsOn": [ "glibc@2.43-r1", "libogg@1.3.6-r3" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:9f85a0f6948efb6edb5a9108403306d5c5eefe79" }, { "ID": "libgcc@15.2.0-r9", "Name": "libgcc", "Identifier": { "PURL": "pkg:apk/wolfi/libgcc@15.2.0-r9?arch=x86_64\u0026distro=20230201", "UID": "3a7d891b2f8b4450", "BOMRef": "pkg:apk/wolfi/libgcc@15.2.0-r9?arch=x86_64\u0026distro=20230201" }, "Version": "15.2.0-r9", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "15.2.0-r9", "Licenses": [ "GPL-3.0-or-later WITH GCC-exception-3.1" ], "DependsOn": [ "glibc@2.43-r1", "ld-linux@2.43-r1" ], "Layer": { "Digest": "sha256:a45907cabfcb964d4109679f34e2aa5b1fda1d0069e136002f2594df87afa35e", "DiffID": "sha256:b6b512b9108959a393f94a860379497c2fb37e0ed270f661cc418c748808fc39" }, "Digest": "sha1:a384338305a4de5ba0f1cc4a472de2eefdeda7a5" }, { "ID": "libicu78@78.2-r0", "Name": "libicu78", "Identifier": { "PURL": "pkg:apk/wolfi/libicu78@78.2-r0?arch=x86_64\u0026distro=20230201", "UID": "54a569eb35ef3189", "BOMRef": "pkg:apk/wolfi/libicu78@78.2-r0?arch=x86_64\u0026distro=20230201" }, "Version": "78.2-r0", "Arch": "x86_64", "SrcName": "icu", "SrcVersion": "78.2-r0", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r1", "icu78-data-full@78.2-r0", "ld-linux@2.43-r1", "libgcc@15.2.0-r9", "libstdc++@15.2.0-r9" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:7afb4e60da61c174faf3cde4b2919c67653c8630" }, { "ID": "libnghttp2-14@1.68.0-r1", "Name": "libnghttp2-14", "Identifier": { "PURL": "pkg:apk/wolfi/libnghttp2-14@1.68.0-r1?arch=x86_64\u0026distro=20230201", "UID": "ba061563a7cea205", "BOMRef": "pkg:apk/wolfi/libnghttp2-14@1.68.0-r1?arch=x86_64\u0026distro=20230201" }, "Version": "1.68.0-r1", "Arch": "x86_64", "SrcName": "nghttp2", "SrcVersion": "1.68.0-r1", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:51db5560582e98f33ac7d85cce1255191c92a3f3" }, { "ID": "libogg@1.3.6-r3", "Name": "libogg", "Identifier": { "PURL": "pkg:apk/wolfi/libogg@1.3.6-r3?arch=x86_64\u0026distro=20230201", "UID": "98557b3bd860e351", "BOMRef": "pkg:apk/wolfi/libogg@1.3.6-r3?arch=x86_64\u0026distro=20230201" }, "Version": "1.3.6-r3", "Arch": "x86_64", "SrcName": "libogg", "SrcVersion": "1.3.6-r3", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "glibc@2.43-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:24e5b3b62b7c88003c8c977b62eb3db15f107af3" }, { "ID": "libsndfile@1.2.2-r1", "Name": "libsndfile", "Identifier": { "PURL": "pkg:apk/wolfi/libsndfile@1.2.2-r1?arch=x86_64\u0026distro=20230201", "UID": "2483de8ccbc01666", "BOMRef": "pkg:apk/wolfi/libsndfile@1.2.2-r1?arch=x86_64\u0026distro=20230201" }, "Version": "1.2.2-r1", "Arch": "x86_64", "SrcName": "libsndfile", "SrcVersion": "1.2.2-r1", "Licenses": [ "LGPL-2.1-or-later" ], "DependsOn": [ "alsa-lib@1.2.15.3-r1", "glibc@2.43-r1", "ld-linux@2.43-r1", "libflac@1.4.3-r5", "libogg@1.3.6-r3", "libvorbis@1.3.7-r7", "opus@1.6.1-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:0e9784f527d467113f8d92c88ac386cb7e95aedf" }, { "ID": "libssl3@3.6.1-r1", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/wolfi/libssl3@3.6.1-r1?arch=x86_64\u0026distro=20230201", "UID": "2737a9b43318bb67", "BOMRef": "pkg:apk/wolfi/libssl3@3.6.1-r1?arch=x86_64\u0026distro=20230201" }, "Version": "3.6.1-r1", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.6.1-r1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "glibc@2.43-r1", "libcrypto3@3.6.1-r1" ], "Layer": { "Digest": "sha256:02fc55a9c757fa6bcfe11d95fb21dbe82723d434ab5cb91cfedf674fb3eb8267", "DiffID": "sha256:2d64e69fa70c9611b9326f3de269d8fb379f944951ca8087d6558c92263697c0" }, "Digest": "sha1:ac161813a56c650f73fa5596266b79810629c5f9" }, { "ID": "libstdc++@15.2.0-r9", "Name": "libstdc++", "Identifier": { "PURL": "pkg:apk/wolfi/libstdc%2B%2B@15.2.0-r9?arch=x86_64\u0026distro=20230201", "UID": "7ae2f1abf1fa343b", "BOMRef": "pkg:apk/wolfi/libstdc%2B%2B@15.2.0-r9?arch=x86_64\u0026distro=20230201" }, "Version": "15.2.0-r9", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "15.2.0-r9", "Licenses": [ "GPL-3.0-or-later WITH GCC-exception-3.1" ], "DependsOn": [ "glibc@2.43-r1", "ld-linux@2.43-r1", "libgcc@15.2.0-r9" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:586a6a321fe58c61d7b52123565676db37acd673" }, { "ID": "libuuid@2.41.3-r3", "Name": "libuuid", "Identifier": { "PURL": "pkg:apk/wolfi/libuuid@2.41.3-r3?arch=x86_64\u0026distro=20230201", "UID": "d82df38b74aeafa1", "BOMRef": "pkg:apk/wolfi/libuuid@2.41.3-r3?arch=x86_64\u0026distro=20230201" }, "Version": "2.41.3-r3", "Arch": "x86_64", "SrcName": "util-linux", "SrcVersion": "2.41.3-r3", "Licenses": [ "GPL-3.0-or-later", "GPL-2.0-or-later", "GPL-2.0-only", "GPL-1.0-only", "LGPL-2.1-or-later", "BSD-1-Clause", "BSD-3-Clause", "BSD-4-Clause-UC", "MIT", "CC-PDDC" ], "DependsOn": [ "glibc@2.43-r1", "wolfi-baselayout@20230201-r27" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:578db12606c45c43abe623521fe7c1d8692eeb3a" }, { "ID": "libuv@1.52.0-r0", "Name": "libuv", "Identifier": { "PURL": "pkg:apk/wolfi/libuv@1.52.0-r0?arch=x86_64\u0026distro=20230201", "UID": "c30c85c46e1be8e4", "BOMRef": "pkg:apk/wolfi/libuv@1.52.0-r0?arch=x86_64\u0026distro=20230201" }, "Version": "1.52.0-r0", "Arch": "x86_64", "SrcName": "libuv", "SrcVersion": "1.52.0-r0", "Licenses": [ "MIT", "ISC" ], "DependsOn": [ "glibc@2.43-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:c6b05df19485549b3c0a54e97b7a079dc92ee909" }, { "ID": "libvorbis@1.3.7-r7", "Name": "libvorbis", "Identifier": { "PURL": "pkg:apk/wolfi/libvorbis@1.3.7-r7?arch=x86_64\u0026distro=20230201", "UID": "df029e2d968cac60", "BOMRef": "pkg:apk/wolfi/libvorbis@1.3.7-r7?arch=x86_64\u0026distro=20230201" }, "Version": "1.3.7-r7", "Arch": "x86_64", "SrcName": "libvorbis", "SrcVersion": "1.3.7-r7", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "glibc@2.43-r1", "libogg@1.3.6-r3" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:767b9dd3dce1347ade0946cc58e1accdef131dd9" }, { "ID": "libxcrypt@4.5.2-r2", "Name": "libxcrypt", "Identifier": { "PURL": "pkg:apk/wolfi/libxcrypt@4.5.2-r2?arch=x86_64\u0026distro=20230201", "UID": "fc1ad85f26b1fd3b", "BOMRef": "pkg:apk/wolfi/libxcrypt@4.5.2-r2?arch=x86_64\u0026distro=20230201" }, "Version": "4.5.2-r2", "Arch": "x86_64", "SrcName": "libxcrypt", "SrcVersion": "4.5.2-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Layer": { "Digest": "sha256:7c6e71c1fdfdf429844e25aad86441920641c0ba46466bc1d043556bfb81b24e", "DiffID": "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453" }, "Digest": "sha1:1dde219a6ba81f29f519398066c7924a90e34598" }, { "ID": "mpdecimal@4.0.1-r3", "Name": "mpdecimal", "Identifier": { "PURL": "pkg:apk/wolfi/mpdecimal@4.0.1-r3?arch=x86_64\u0026distro=20230201", "UID": "f575fcb53bbd8316", "BOMRef": "pkg:apk/wolfi/mpdecimal@4.0.1-r3?arch=x86_64\u0026distro=20230201" }, "Version": "4.0.1-r3", "Arch": "x86_64", "SrcName": "mpdecimal", "SrcVersion": "4.0.1-r3", "Licenses": [ "BSD-2-Clause" ], "DependsOn": [ "glibc@2.43-r1", "ld-linux@2.43-r1", "libgcc@15.2.0-r9", "libstdc++@15.2.0-r9" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:12885674e7ba1c71ee370a6876aedfd8c4f02ce4" }, { "ID": "ncurses@6.6_p20251230-r1", "Name": "ncurses", "Identifier": { "PURL": "pkg:apk/wolfi/ncurses@6.6_p20251230-r1?arch=x86_64\u0026distro=20230201", "UID": "d0f9b9c77161cb6c", "BOMRef": "pkg:apk/wolfi/ncurses@6.6_p20251230-r1?arch=x86_64\u0026distro=20230201" }, "Version": "6.6_p20251230-r1", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.6_p20251230-r1", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r1", "ld-linux@2.43-r1", "ncurses-terminfo-base@6.6_p20251230-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:d4f7df25bc5592a35e8b474da4abe726d6453883" }, { "ID": "ncurses-terminfo-base@6.6_p20251230-r1", "Name": "ncurses-terminfo-base", "Identifier": { "PURL": "pkg:apk/wolfi/ncurses-terminfo-base@6.6_p20251230-r1?arch=x86_64\u0026distro=20230201", "UID": "8b995df73af8c4b9", "BOMRef": "pkg:apk/wolfi/ncurses-terminfo-base@6.6_p20251230-r1?arch=x86_64\u0026distro=20230201" }, "Version": "6.6_p20251230-r1", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.6_p20251230-r1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:4dd42bfac7a276233bc5b8d479ab024134b7622c" }, { "ID": "nodejs-25@25.6.1-r0", "Name": "nodejs-25", "Identifier": { "PURL": "pkg:apk/wolfi/nodejs-25@25.6.1-r0?arch=x86_64\u0026distro=20230201", "UID": "20ec955b5ede30cc", "BOMRef": "pkg:apk/wolfi/nodejs-25@25.6.1-r0?arch=x86_64\u0026distro=20230201" }, "Version": "25.6.1-r0", "Arch": "x86_64", "SrcName": "nodejs-25", "SrcVersion": "25.6.1-r0", "Licenses": [ "MIT" ], "DependsOn": [ "c-ares@1.34.6-r0", "glibc@2.43-r1", "ld-linux@2.43-r1", "libbrotlidec1@1.2.0-r1", "libbrotlienc1@1.2.0-r1", "libcrypto3@3.6.1-r1", "libgcc@15.2.0-r9", "libicu78@78.2-r0", "libnghttp2-14@1.68.0-r1", "libssl3@3.6.1-r1", "libstdc++@15.2.0-r9", "libuv@1.52.0-r0", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:d17c1677488692f6028d43a2e5d63c821b4a48f0" }, { "ID": "npm@11.10.1-r0", "Name": "npm", "Identifier": { "PURL": "pkg:apk/wolfi/npm@11.10.1-r0?arch=x86_64\u0026distro=20230201", "UID": "f2a032bc132b5ea0", "BOMRef": "pkg:apk/wolfi/npm@11.10.1-r0?arch=x86_64\u0026distro=20230201" }, "Version": "11.10.1-r0", "Arch": "x86_64", "SrcName": "npm", "SrcVersion": "11.10.1-r0", "Licenses": [ "Artistic-2.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:cd0d221a520a2d8d886b960961526f5b6706cd96" }, { "ID": "openssl@3.6.1-r1", "Name": "openssl", "Identifier": { "PURL": "pkg:apk/wolfi/openssl@3.6.1-r1?arch=x86_64\u0026distro=20230201", "UID": "cc9a33a241878db4", "BOMRef": "pkg:apk/wolfi/openssl@3.6.1-r1?arch=x86_64\u0026distro=20230201" }, "Version": "3.6.1-r1", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.6.1-r1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "glibc@2.43-r1", "ld-linux@2.43-r1", "libcrypto3@3.6.1-r1", "libssl3@3.6.1-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:f8d343216b1b16abe5c51e7f168b2d2209e1bfdb" }, { "ID": "opus@1.6.1-r1", "Name": "opus", "Identifier": { "PURL": "pkg:apk/wolfi/opus@1.6.1-r1?arch=x86_64\u0026distro=20230201", "UID": "6bf2d926d3422def", "BOMRef": "pkg:apk/wolfi/opus@1.6.1-r1?arch=x86_64\u0026distro=20230201" }, "Version": "1.6.1-r1", "Arch": "x86_64", "SrcName": "opus", "SrcVersion": "1.6.1-r1", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "glibc@2.43-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:2015751abf16343d398868abaaeff27211fce661" }, { "ID": "py3-pip-wheel@26.0.1-r0", "Name": "py3-pip-wheel", "Identifier": { "PURL": "pkg:apk/wolfi/py3-pip-wheel@26.0.1-r0?arch=x86_64\u0026distro=20230201", "UID": "a6dee2338c80d3d8", "BOMRef": "pkg:apk/wolfi/py3-pip-wheel@26.0.1-r0?arch=x86_64\u0026distro=20230201" }, "Version": "26.0.1-r0", "Arch": "x86_64", "SrcName": "py3-pip", "SrcVersion": "26.0.1-r0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:0a649ce580c2fdfeed16fd3c504bb3b50a906a8b" }, { "ID": "py3.13-pip@26.0.1-r0", "Name": "py3.13-pip", "Identifier": { "PURL": "pkg:apk/wolfi/py3.13-pip@26.0.1-r0?arch=x86_64\u0026distro=20230201", "UID": "b63d244cb2094948", "BOMRef": "pkg:apk/wolfi/py3.13-pip@26.0.1-r0?arch=x86_64\u0026distro=20230201" }, "Version": "26.0.1-r0", "Arch": "x86_64", "SrcName": "py3-pip", "SrcVersion": "26.0.1-r0", "Licenses": [ "MIT" ], "DependsOn": [ "py3.13-pip-base@26.0.1-r0", "python-3.13-base@3.13.12-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:8ab914ab26482f5502a318f47d9116ae60fbc1e7" }, { "ID": "py3.13-pip-base@26.0.1-r0", "Name": "py3.13-pip-base", "Identifier": { "PURL": "pkg:apk/wolfi/py3.13-pip-base@26.0.1-r0?arch=x86_64\u0026distro=20230201", "UID": "93f2f750c9cbd16e", "BOMRef": "pkg:apk/wolfi/py3.13-pip-base@26.0.1-r0?arch=x86_64\u0026distro=20230201" }, "Version": "26.0.1-r0", "Arch": "x86_64", "SrcName": "py3-pip", "SrcVersion": "26.0.1-r0", "Licenses": [ "MIT" ], "DependsOn": [ "py3.13-setuptools@82.0.0-r0", "python-3.13-base@3.13.12-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:ade9cfc60cf3655567b67b29e5cb6d9703a1a060" }, { "ID": "py3.13-setuptools@82.0.0-r0", "Name": "py3.13-setuptools", "Identifier": { "PURL": "pkg:apk/wolfi/py3.13-setuptools@82.0.0-r0?arch=x86_64\u0026distro=20230201", "UID": "b980f551a415a365", "BOMRef": "pkg:apk/wolfi/py3.13-setuptools@82.0.0-r0?arch=x86_64\u0026distro=20230201" }, "Version": "82.0.0-r0", "Arch": "x86_64", "SrcName": "py3-setuptools", "SrcVersion": "82.0.0-r0", "Licenses": [ "MIT" ], "DependsOn": [ "python-3.13-base@3.13.12-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:6a1c9a677c2a6367be4755ac0f5ad22eaa9c42dc" }, { "ID": "python-3.13@3.13.12-r1", "Name": "python-3.13", "Identifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=20230201", "UID": "90c717d9d9fdb144", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=20230201" }, "Version": "3.13.12-r1", "Arch": "x86_64", "SrcName": "python-3.13", "SrcVersion": "3.13.12-r1", "Licenses": [ "PSF-2.0" ], "DependsOn": [ "python-3.13-base@3.13.12-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:0241e1ce72e390d29f7d306898141c96e0c749cd" }, { "ID": "python-3.13-base@3.13.12-r1", "Name": "python-3.13-base", "Identifier": { "PURL": "pkg:apk/wolfi/python-3.13-base@3.13.12-r1?arch=x86_64\u0026distro=20230201", "UID": "464d44cc1c4d2a38", "BOMRef": "pkg:apk/wolfi/python-3.13-base@3.13.12-r1?arch=x86_64\u0026distro=20230201" }, "Version": "3.13.12-r1", "Arch": "x86_64", "SrcName": "python-3.13", "SrcVersion": "3.13.12-r1", "Licenses": [ "PSF-2.0" ], "DependsOn": [ "gdbm@1.26-r2", "glibc@2.43-r1", "ld-linux@2.43-r1", "libbz2-1@1.0.8-r22", "libcrypto3@3.6.1-r1", "libexpat1@2.7.4-r1", "libffi@3.5.2-r1", "libssl3@3.6.1-r1", "libuuid@2.41.3-r3", "mpdecimal@4.0.1-r3", "ncurses@6.6_p20251230-r1", "py3-pip-wheel@26.0.1-r0", "readline@8.3-r1", "sqlite-libs@3.51.1-r0", "xz@5.8.2-r1", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:d8c899deefcc9a65040c6ba138ed428c7f2f18fe" }, { "ID": "readline@8.3-r1", "Name": "readline", "Identifier": { "PURL": "pkg:apk/wolfi/readline@8.3-r1?arch=x86_64\u0026distro=20230201", "UID": "dd14b463b026972e", "BOMRef": "pkg:apk/wolfi/readline@8.3-r1?arch=x86_64\u0026distro=20230201" }, "Version": "8.3-r1", "Arch": "x86_64", "SrcName": "readline", "SrcVersion": "8.3-r1", "Licenses": [ "GPL-3.0-or-later" ], "DependsOn": [ "glibc@2.43-r1", "ncurses@6.6_p20251230-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:bcbe178d5b1edd94ce7b1cb8465e1cda8964a3db" }, { "ID": "sqlite-libs@3.51.1-r0", "Name": "sqlite-libs", "Identifier": { "PURL": "pkg:apk/wolfi/sqlite-libs@3.51.1-r0?arch=x86_64\u0026distro=20230201", "UID": "82ee8ab0818656d6", "BOMRef": "pkg:apk/wolfi/sqlite-libs@3.51.1-r0?arch=x86_64\u0026distro=20230201" }, "Version": "3.51.1-r0", "Arch": "x86_64", "SrcName": "sqlite", "SrcVersion": "3.51.1-r0", "Licenses": [ "blessing" ], "DependsOn": [ "glibc@2.43-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:d0361a0bc6717f9262dbf71e350da24cd1987755" }, { "ID": "supervisor@4.3.0-r0", "Name": "supervisor", "Identifier": { "PURL": "pkg:apk/wolfi/supervisor@4.3.0-r0?arch=x86_64\u0026distro=20230201", "UID": "b02e5de734edbe26", "BOMRef": "pkg:apk/wolfi/supervisor@4.3.0-r0?arch=x86_64\u0026distro=20230201" }, "Version": "4.3.0-r0", "Arch": "x86_64", "SrcName": "supervisor", "SrcVersion": "4.3.0-r0", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "py3.13-setuptools@82.0.0-r0", "python-3.13-base@3.13.12-r1", "supervisor-config@4.3.0-r0" ], "Layer": { "Digest": "sha256:bd6a1e5aec5fa69df53a2d0da3c68035c757bed7137acb80e14b8c7998398fee", "DiffID": "sha256:3febef309d214ce846f50544305e50f36cd53381e101919edfbeca74bf65f8ab" }, "Digest": "sha1:6daf57e1bd2a466563021c6c1d2b726d4f32a659" }, { "ID": "supervisor-config@4.3.0-r0", "Name": "supervisor-config", "Identifier": { "PURL": "pkg:apk/wolfi/supervisor-config@4.3.0-r0?arch=x86_64\u0026distro=20230201", "UID": "9d2c39c2c70a54d6", "BOMRef": "pkg:apk/wolfi/supervisor-config@4.3.0-r0?arch=x86_64\u0026distro=20230201" }, "Version": "4.3.0-r0", "Arch": "x86_64", "SrcName": "supervisor", "SrcVersion": "4.3.0-r0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:bd6a1e5aec5fa69df53a2d0da3c68035c757bed7137acb80e14b8c7998398fee", "DiffID": "sha256:3febef309d214ce846f50544305e50f36cd53381e101919edfbeca74bf65f8ab" }, "Digest": "sha1:9dc25d852bd533a57c94bba2e0649a696c81efae" }, { "ID": "tzdata@2025c-r0", "Name": "tzdata", "Identifier": { "PURL": "pkg:apk/wolfi/tzdata@2025c-r0?arch=x86_64\u0026distro=20230201", "UID": "1ea70a6e8acba9fc", "BOMRef": "pkg:apk/wolfi/tzdata@2025c-r0?arch=x86_64\u0026distro=20230201" }, "Version": "2025c-r0", "Arch": "x86_64", "SrcName": "tzdata", "SrcVersion": "2025c-r0", "Licenses": [ "CC-PDDC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:2c137e3cd0482cb748f0d5ab1c1907bd2a03598a" }, { "ID": "wolfi-base@1-r7", "Name": "wolfi-base", "Identifier": { "PURL": "pkg:apk/wolfi/wolfi-base@1-r7?arch=x86_64\u0026distro=20230201", "UID": "6f8cf0f66597c990", "BOMRef": "pkg:apk/wolfi/wolfi-base@1-r7?arch=x86_64\u0026distro=20230201" }, "Version": "1-r7", "Arch": "x86_64", "SrcName": "wolfi-base", "SrcVersion": "1-r7", "Licenses": [ "MIT" ], "DependsOn": [ "apk-tools@2.14.10-r10", "busybox@1.37.0-r54", "wolfi-keys@1-r13" ], "Layer": { "Digest": "sha256:cdea145aa11554331de7d95b1834fd4f2a784fa573086475ff0d7c86d3abd020", "DiffID": "sha256:b8195249dcd92d2c0519946f0a9f9d9ec7b88e9a19b5f83bc156103a39d5ab50" }, "Digest": "sha1:e82b5ced3be890350f3a2fb44e41c27929abca1d" }, { "ID": "wolfi-baselayout@20230201-r27", "Name": "wolfi-baselayout", "Identifier": { "PURL": "pkg:apk/wolfi/wolfi-baselayout@20230201-r27?arch=x86_64\u0026distro=20230201", "UID": "57a37cd26a729add", "BOMRef": "pkg:apk/wolfi/wolfi-baselayout@20230201-r27?arch=x86_64\u0026distro=20230201" }, "Version": "20230201-r27", "Arch": "x86_64", "SrcName": "wolfi-baselayout", "SrcVersion": "20230201-r27", "Licenses": [ "MIT" ], "DependsOn": [ "ca-certificates-bundle@20251003-r3" ], "Layer": { "Digest": "sha256:b287abf0b51506c574830a1df8c83ea04b65f96da2d6c71f303f6d994a458b70", "DiffID": "sha256:c38e600be9e3b4d789f0b1f8c9a67b1ff2094481e475a06cea386c5962b57f54" }, "Digest": "sha1:86baca1658b3ab2a62e0e8d8067cce510764ca95" }, { "ID": "wolfi-keys@1-r13", "Name": "wolfi-keys", "Identifier": { "PURL": "pkg:apk/wolfi/wolfi-keys@1-r13?arch=x86_64\u0026distro=20230201", "UID": "6d83bacbf2f192de", "BOMRef": "pkg:apk/wolfi/wolfi-keys@1-r13?arch=x86_64\u0026distro=20230201" }, "Version": "1-r13", "Arch": "x86_64", "SrcName": "wolfi-keys", "SrcVersion": "1-r13", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:cdea145aa11554331de7d95b1834fd4f2a784fa573086475ff0d7c86d3abd020", "DiffID": "sha256:b8195249dcd92d2c0519946f0a9f9d9ec7b88e9a19b5f83bc156103a39d5ab50" }, "Digest": "sha1:c9e9f5b4a87785ae4aae9539e439d85b22c7390d" }, { "ID": "xz@5.8.2-r1", "Name": "xz", "Identifier": { "PURL": "pkg:apk/wolfi/xz@5.8.2-r1?arch=x86_64\u0026distro=20230201", "UID": "6bcdad14d9fac82e", "BOMRef": "pkg:apk/wolfi/xz@5.8.2-r1?arch=x86_64\u0026distro=20230201" }, "Version": "5.8.2-r1", "Arch": "x86_64", "SrcName": "xz", "SrcVersion": "5.8.2-r1", "Licenses": [ "GPL-3.0-or-later" ], "DependsOn": [ "glibc@2.43-r1", "ld-linux@2.43-r1" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "Digest": "sha1:a62ac8ca6b6fce65347163e705059c140c679433" }, { "ID": "zlib@1.3.2-r0", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/wolfi/zlib@1.3.2-r0?arch=x86_64\u0026distro=20230201", "UID": "bdf67a1cd00fe2", "BOMRef": "pkg:apk/wolfi/zlib@1.3.2-r0?arch=x86_64\u0026distro=20230201" }, "Version": "1.3.2-r0", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.2-r0", "Licenses": [ "MPL-2.0", "MIT" ], "DependsOn": [ "glibc@2.43-r1", "wolfi-baselayout@20230201-r27" ], "Layer": { "Digest": "sha256:83aaad0499db295fc3c418431dc48973d2ad0fc36b83ca041ca7ffd882f799dc", "DiffID": "sha256:09415f6704429bf538351a5149a730bf1f254708ab21586991db5bb27b8907bd" }, "Digest": "sha1:5374a82f6bd86f9b9bfca859ad3bbe6ebcd12c41" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-4437", "PkgID": "glibc@2.43-r1", "PkgName": "glibc", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/glibc@2.43-r1?arch=x86_64\u0026distro=20230201", "UID": "19fc32b613e931a6", "BOMRef": "pkg:apk/wolfi/glibc@2.43-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "2.43-r1", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4437", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:daae975797daacabc4ca16b81e8dbeb7632b6f5893e4fea408d559cad49d2507", "Title": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4437", "https://nvd.nist.gov/vuln/detail/CVE-2026-4437", "https://sourceware.org/bugzilla/show_bug.cgi?id=34014", "https://www.cve.org/CVERecord?id=CVE-2026-4437" ], "PublishedDate": "2026-03-20T20:16:49.477Z", "LastModifiedDate": "2026-03-23T16:16:51.537Z" }, { "VulnerabilityID": "CVE-2026-4438", "PkgID": "glibc@2.43-r1", "PkgName": "glibc", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/glibc@2.43-r1?arch=x86_64\u0026distro=20230201", "UID": "19fc32b613e931a6", "BOMRef": "pkg:apk/wolfi/glibc@2.43-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "2.43-r1", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4438", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:1db51814b727b6d5d8ec91663d48f17a4e3a9aff8cd9aa2ff32fb0af17159b58", "Title": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-88" ], "VendorSeverity": { "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4438", "https://nvd.nist.gov/vuln/detail/CVE-2026-4438", "https://sourceware.org/bugzilla/show_bug.cgi?id=34015", "https://www.cve.org/CVERecord?id=CVE-2026-4438" ], "PublishedDate": "2026-03-20T20:16:49.623Z", "LastModifiedDate": "2026-03-23T15:16:35.68Z" }, { "VulnerabilityID": "CVE-2026-4437", "PkgID": "glibc-locale-posix@2.43-r1", "PkgName": "glibc-locale-posix", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/glibc-locale-posix@2.43-r1?arch=x86_64\u0026distro=20230201", "UID": "5e241543b8fe7d0", "BOMRef": "pkg:apk/wolfi/glibc-locale-posix@2.43-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "2.43-r1", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4437", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:262b3737a2fb55233bf7941e572476c0308eb6b222363c41d0b2ae775b903717", "Title": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4437", "https://nvd.nist.gov/vuln/detail/CVE-2026-4437", "https://sourceware.org/bugzilla/show_bug.cgi?id=34014", "https://www.cve.org/CVERecord?id=CVE-2026-4437" ], "PublishedDate": "2026-03-20T20:16:49.477Z", "LastModifiedDate": "2026-03-23T16:16:51.537Z" }, { "VulnerabilityID": "CVE-2026-4438", "PkgID": "glibc-locale-posix@2.43-r1", "PkgName": "glibc-locale-posix", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/glibc-locale-posix@2.43-r1?arch=x86_64\u0026distro=20230201", "UID": "5e241543b8fe7d0", "BOMRef": "pkg:apk/wolfi/glibc-locale-posix@2.43-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "2.43-r1", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4438", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:7eb7f3d1cedb923232dd392175ac99c687ce2b7541f14d990e058d3192e29749", "Title": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-88" ], "VendorSeverity": { "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4438", "https://nvd.nist.gov/vuln/detail/CVE-2026-4438", "https://sourceware.org/bugzilla/show_bug.cgi?id=34015", "https://www.cve.org/CVERecord?id=CVE-2026-4438" ], "PublishedDate": "2026-03-20T20:16:49.623Z", "LastModifiedDate": "2026-03-23T15:16:35.68Z" }, { "VulnerabilityID": "CVE-2026-4437", "PkgID": "ld-linux@2.43-r1", "PkgName": "ld-linux", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/ld-linux@2.43-r1?arch=x86_64\u0026distro=20230201", "UID": "e85685852da579df", "BOMRef": "pkg:apk/wolfi/ld-linux@2.43-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "2.43-r1", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4437", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:a73ab2d29774f83d192290a9c58ce259c9264fa0304db654c9fab835cd715e3a", "Title": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4437", "https://nvd.nist.gov/vuln/detail/CVE-2026-4437", "https://sourceware.org/bugzilla/show_bug.cgi?id=34014", "https://www.cve.org/CVERecord?id=CVE-2026-4437" ], "PublishedDate": "2026-03-20T20:16:49.477Z", "LastModifiedDate": "2026-03-23T16:16:51.537Z" }, { "VulnerabilityID": "CVE-2026-4438", "PkgID": "ld-linux@2.43-r1", "PkgName": "ld-linux", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/ld-linux@2.43-r1?arch=x86_64\u0026distro=20230201", "UID": "e85685852da579df", "BOMRef": "pkg:apk/wolfi/ld-linux@2.43-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "2.43-r1", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4438", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:e67aeca733b7cf58a6fd283b009e599d726f27456844f9179e3c3079788dd807", "Title": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-88" ], "VendorSeverity": { "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4438", "https://nvd.nist.gov/vuln/detail/CVE-2026-4438", "https://sourceware.org/bugzilla/show_bug.cgi?id=34015", "https://www.cve.org/CVERecord?id=CVE-2026-4438" ], "PublishedDate": "2026-03-20T20:16:49.623Z", "LastModifiedDate": "2026-03-23T15:16:35.68Z" }, { "VulnerabilityID": "CVE-2026-4437", "PkgID": "libcrypt1@2.43-r1", "PkgName": "libcrypt1", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/libcrypt1@2.43-r1?arch=x86_64\u0026distro=20230201", "UID": "bf9f632e216bab3", "BOMRef": "pkg:apk/wolfi/libcrypt1@2.43-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "2.43-r1", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4437", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:ea95ba88385245a64961e53774b578762f8d9f30860d589ddfbb1b7cd83b833d", "Title": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4437", "https://nvd.nist.gov/vuln/detail/CVE-2026-4437", "https://sourceware.org/bugzilla/show_bug.cgi?id=34014", "https://www.cve.org/CVERecord?id=CVE-2026-4437" ], "PublishedDate": "2026-03-20T20:16:49.477Z", "LastModifiedDate": "2026-03-23T16:16:51.537Z" }, { "VulnerabilityID": "CVE-2026-4438", "PkgID": "libcrypt1@2.43-r1", "PkgName": "libcrypt1", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/libcrypt1@2.43-r1?arch=x86_64\u0026distro=20230201", "UID": "bf9f632e216bab3", "BOMRef": "pkg:apk/wolfi/libcrypt1@2.43-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "2.43-r1", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4438", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:b9e8c89982f00ad1414eead08644084fcfa5835d1af05e1185637ae0389ec7aa", "Title": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-88" ], "VendorSeverity": { "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4438", "https://nvd.nist.gov/vuln/detail/CVE-2026-4438", "https://sourceware.org/bugzilla/show_bug.cgi?id=34015", "https://www.cve.org/CVERecord?id=CVE-2026-4438" ], "PublishedDate": "2026-03-20T20:16:49.623Z", "LastModifiedDate": "2026-03-23T15:16:35.68Z" }, { "VulnerabilityID": "CVE-2026-2673", "PkgID": "libcrypto3@3.6.1-r1", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/libcrypto3@3.6.1-r1?arch=x86_64\u0026distro=20230201", "UID": "85aab75953abd74", "BOMRef": "pkg:apk/wolfi/libcrypto3@3.6.1-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.6.1-r1", "FixedVersion": "3.6.1-r3", "Status": "fixed", "Layer": { "Digest": "sha256:02fc55a9c757fa6bcfe11d95fb21dbe82723d434ab5cb91cfedf674fb3eb8267", "DiffID": "sha256:2d64e69fa70c9611b9326f3de269d8fb379f944951ca8087d6558c92263697c0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:01199d9d2be1948080804e2810b8adffaa6a8ad6a43c400506986324339a777b", "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "Severity": "LOW", "CweIDs": [ "CWE-757" ], "VendorSeverity": { "amazon": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://access.redhat.com/security/cve/CVE-2026-2673", "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "https://openssl-library.org/news/secadv/20260313.txt", "https://www.cve.org/CVERecord?id=CVE-2026-2673" ], "PublishedDate": "2026-03-13T19:54:34.033Z", "LastModifiedDate": "2026-03-17T18:16:15.6Z" }, { "VulnerabilityID": "CVE-2026-2673", "PkgID": "libssl3@3.6.1-r1", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/libssl3@3.6.1-r1?arch=x86_64\u0026distro=20230201", "UID": "2737a9b43318bb67", "BOMRef": "pkg:apk/wolfi/libssl3@3.6.1-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.6.1-r1", "FixedVersion": "3.6.1-r3", "Status": "fixed", "Layer": { "Digest": "sha256:02fc55a9c757fa6bcfe11d95fb21dbe82723d434ab5cb91cfedf674fb3eb8267", "DiffID": "sha256:2d64e69fa70c9611b9326f3de269d8fb379f944951ca8087d6558c92263697c0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:e464be0027863873441749785d44b7aadb4e00a36ab5fd107a283bfa3db018c4", "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "Severity": "LOW", "CweIDs": [ "CWE-757" ], "VendorSeverity": { "amazon": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://access.redhat.com/security/cve/CVE-2026-2673", "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "https://openssl-library.org/news/secadv/20260313.txt", "https://www.cve.org/CVERecord?id=CVE-2026-2673" ], "PublishedDate": "2026-03-13T19:54:34.033Z", "LastModifiedDate": "2026-03-17T18:16:15.6Z" }, { "VulnerabilityID": "CVE-2026-27903", "PkgID": "npm@11.10.1-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.10.1-r0?arch=x86_64\u0026distro=20230201", "UID": "f2a032bc132b5ea0", "BOMRef": "pkg:apk/wolfi/npm@11.10.1-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "11.10.1-r0", "FixedVersion": "11.11.0-r1", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:7276cab2d159e7e2b81fd909cc086d9037fda9adb5c3285a7dc4f4fe7e552722", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "PkgID": "npm@11.10.1-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.10.1-r0?arch=x86_64\u0026distro=20230201", "UID": "f2a032bc132b5ea0", "BOMRef": "pkg:apk/wolfi/npm@11.10.1-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "11.10.1-r0", "FixedVersion": "11.11.0-r1", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:13aab447ec802ea9a7066094ab145311ba5bed6e10c956f4d7c4c1d25d82e02a", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-29786", "PkgID": "npm@11.10.1-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.10.1-r0?arch=x86_64\u0026distro=20230201", "UID": "f2a032bc132b5ea0", "BOMRef": "pkg:apk/wolfi/npm@11.10.1-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "11.10.1-r0", "FixedVersion": "11.11.0-r2", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:a2f15ffc14e1137b198d0f61ccc92591189b8a17c330fd213ddc6f63e5bf5ddb", "Title": "node-tar: hardlink path traversal via drive-relative linkpath", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", "Severity": "MEDIUM", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29786", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", "https://www.cve.org/CVERecord?id=CVE-2026-29786" ], "PublishedDate": "2026-03-07T16:15:55.587Z", "LastModifiedDate": "2026-03-11T21:50:01.91Z" }, { "VulnerabilityID": "CVE-2026-33671", "PkgID": "npm@11.10.1-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.10.1-r0?arch=x86_64\u0026distro=20230201", "UID": "f2a032bc132b5ea0", "BOMRef": "pkg:apk/wolfi/npm@11.10.1-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "11.10.1-r0", "FixedVersion": "11.12.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:e3b7b6a2bf56cd39b115571a17d2c21e785cbddd26ce4f99c1875e9e057423f3", "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33671", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", "https://www.cve.org/CVERecord?id=CVE-2026-33671" ], "PublishedDate": "2026-03-26T22:16:30.21Z", "LastModifiedDate": "2026-04-01T13:45:11.687Z" }, { "VulnerabilityID": "CVE-2026-33672", "PkgID": "npm@11.10.1-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.10.1-r0?arch=x86_64\u0026distro=20230201", "UID": "f2a032bc132b5ea0", "BOMRef": "pkg:apk/wolfi/npm@11.10.1-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "11.10.1-r0", "FixedVersion": "11.12.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:51890df34a1b66ff64819868ffad9df1d1bfc84532857fb67bc9c203edc63b19", "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33672", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", "https://www.cve.org/CVERecord?id=CVE-2026-33672" ], "PublishedDate": "2026-03-26T22:16:30.387Z", "LastModifiedDate": "2026-04-01T13:44:53.397Z" }, { "VulnerabilityID": "CVE-2026-33750", "PkgID": "npm@11.10.1-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.10.1-r0?arch=x86_64\u0026distro=20230201", "UID": "f2a032bc132b5ea0", "BOMRef": "pkg:apk/wolfi/npm@11.10.1-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "11.10.1-r0", "FixedVersion": "11.12.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:0f327274fd3bc97444cb9c7b407de847e9a1b740f6e35552c31982f17945b005", "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33750", "https://github.com/juliangruber/brace-expansion", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", "https://github.com/juliangruber/brace-expansion/issues/98", "https://github.com/juliangruber/brace-expansion/pull/95", "https://github.com/juliangruber/brace-expansion/pull/96", "https://github.com/juliangruber/brace-expansion/pull/97", "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", "https://www.cve.org/CVERecord?id=CVE-2026-33750" ], "PublishedDate": "2026-03-27T15:16:57.297Z", "LastModifiedDate": "2026-03-30T13:26:29.793Z" }, { "VulnerabilityID": "CVE-2026-2673", "PkgID": "openssl@3.6.1-r1", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/openssl@3.6.1-r1?arch=x86_64\u0026distro=20230201", "UID": "cc9a33a241878db4", "BOMRef": "pkg:apk/wolfi/openssl@3.6.1-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.6.1-r1", "FixedVersion": "3.6.1-r3", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:7059ef0592b0533b0c5f07b518f67be8b5a8f9e97f973db829565ff3cfb92740", "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "Severity": "LOW", "CweIDs": [ "CWE-757" ], "VendorSeverity": { "amazon": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://access.redhat.com/security/cve/CVE-2026-2673", "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "https://openssl-library.org/news/secadv/20260313.txt", "https://www.cve.org/CVERecord?id=CVE-2026-2673" ], "PublishedDate": "2026-03-13T19:54:34.033Z", "LastModifiedDate": "2026-03-17T18:16:15.6Z" }, { "VulnerabilityID": "CVE-2026-4519", "PkgID": "python-3.13@3.13.12-r1", "PkgName": "python-3.13", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=20230201", "UID": "90c717d9d9fdb144", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r1", "FixedVersion": "3.13.12-r5", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4519", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:e9f307221f8f85c09559a230fa7e992b5ab6fa53797accc2feb226215b078cce", "Title": "python: Python: Command-line option injection in webbrowser.open() via crafted URLs", "Description": "The webbrowser.open() API would accept leading dashes in the URL which \ncould be handled as command line options for certain web browsers. New \nbehavior rejects leading dashes. Users are recommended to sanitize URLs \nprior to passing to webbrowser.open().", "Severity": "HIGH", "CweIDs": [ "CWE-20" ], "VendorSeverity": { "alma": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "V3Score": 7.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/20/1", "https://access.redhat.com/errata/RHSA-2026:6286", "https://access.redhat.com/security/cve/CVE-2026-4519", "https://bugzilla.redhat.com/2449649", "https://errata.almalinux.org/9/ALSA-2026-6286.html", "https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866", "https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b", "https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76", "https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5", "https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48", "https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03", "https://github.com/python/cpython/issues/143930", "https://github.com/python/cpython/pull/143931", "https://linux.oracle.com/cve/CVE-2026-4519.html", "https://linux.oracle.com/errata/ELSA-2026-6473.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/", "https://nvd.nist.gov/vuln/detail/CVE-2026-4519", "https://www.cve.org/CVERecord?id=CVE-2026-4519" ], "PublishedDate": "2026-03-20T15:16:24.057Z", "LastModifiedDate": "2026-03-25T18:16:33.073Z" }, { "VulnerabilityID": "CVE-2026-3644", "PkgID": "python-3.13@3.13.12-r1", "PkgName": "python-3.13", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=20230201", "UID": "90c717d9d9fdb144", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r1", "FixedVersion": "3.13.12-r7", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3644", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:edf01cad2ee542ca13a7f773cf255d58c48cbd4339cff3c8225cc195231fd646", "Title": "cpython: Incomplete control character validation in http.cookies", "Description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-116" ], "VendorSeverity": { "amazon": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-3644", "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4", "https://github.com/python/cpython/commit/62ceb396fcbe69da1ded3702de586f4072b590dd", "https://github.com/python/cpython/commit/d16ecc6c3626f0e2cc8f08c309c83934e8a979dd", "https://github.com/python/cpython/issues/145599", "https://github.com/python/cpython/pull/145600", "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/", "https://nvd.nist.gov/vuln/detail/CVE-2026-3644", "https://www.cve.org/CVERecord?id=CVE-2026-3644" ], "PublishedDate": "2026-03-16T18:16:09.907Z", "LastModifiedDate": "2026-03-17T14:20:01.67Z" }, { "VulnerabilityID": "CVE-2026-4224", "PkgID": "python-3.13@3.13.12-r1", "PkgName": "python-3.13", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=20230201", "UID": "90c717d9d9fdb144", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r1", "FixedVersion": "3.13.12-r7", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4224", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:49b124731f3b8feb16d56ea3c6b0baf5e296300c6615eb0296387214a6b67ce9", "Title": "cpython: Stack overflow parsing XML with deeply nested DTD content models", "Description": "When an Expat parser with a registered ElementDeclHandler parses an inline\ndocument type definition containing a deeply nested content model a C stack\noverflow occurs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/16/4", "https://access.redhat.com/security/cve/CVE-2026-4224", "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a", "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3", "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768", "https://github.com/python/cpython/issues/145986", "https://github.com/python/cpython/pull/145987", "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/", "https://nvd.nist.gov/vuln/detail/CVE-2026-4224", "https://www.cve.org/CVERecord?id=CVE-2026-4224" ], "PublishedDate": "2026-03-16T18:16:10.07Z", "LastModifiedDate": "2026-03-17T14:20:01.67Z" }, { "VulnerabilityID": "CVE-2026-2297", "PkgID": "python-3.13@3.13.12-r1", "PkgName": "python-3.13", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=20230201", "UID": "90c717d9d9fdb144", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r1", "FixedVersion": "3.13.12-r3", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2297", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:e72ffae1972d0400b424df31b4dafdb02bf7743f98c8358c07b2452ebecc5197", "Title": "cpython: CPython: Logging Bypass in Legacy .pyc File Handling", "Description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "Severity": "LOW", "CweIDs": [ "CWE-668" ], "VendorSeverity": { "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/05/6", "https://access.redhat.com/security/cve/CVE-2026-2297", "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e", "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e", "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86", "https://github.com/python/cpython/issues/145506", "https://github.com/python/cpython/pull/145507", "https://nvd.nist.gov/vuln/detail/CVE-2026-2297", "https://www.cve.org/CVERecord?id=CVE-2026-2297" ], "PublishedDate": "2026-03-04T23:16:10.757Z", "LastModifiedDate": "2026-03-12T15:16:27.957Z" }, { "VulnerabilityID": "CVE-2026-4519", "PkgID": "python-3.13-base@3.13.12-r1", "PkgName": "python-3.13-base", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13-base@3.13.12-r1?arch=x86_64\u0026distro=20230201", "UID": "464d44cc1c4d2a38", "BOMRef": "pkg:apk/wolfi/python-3.13-base@3.13.12-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r1", "FixedVersion": "3.13.12-r5", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4519", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:31a5188df4e74b4f2b9481f846dbef941a30a1e0a4d530ab032b47e4327cc496", "Title": "python: Python: Command-line option injection in webbrowser.open() via crafted URLs", "Description": "The webbrowser.open() API would accept leading dashes in the URL which \ncould be handled as command line options for certain web browsers. New \nbehavior rejects leading dashes. Users are recommended to sanitize URLs \nprior to passing to webbrowser.open().", "Severity": "HIGH", "CweIDs": [ "CWE-20" ], "VendorSeverity": { "alma": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "V3Score": 7.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/20/1", "https://access.redhat.com/errata/RHSA-2026:6286", "https://access.redhat.com/security/cve/CVE-2026-4519", "https://bugzilla.redhat.com/2449649", "https://errata.almalinux.org/9/ALSA-2026-6286.html", "https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866", "https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b", "https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76", "https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5", "https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48", "https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03", "https://github.com/python/cpython/issues/143930", "https://github.com/python/cpython/pull/143931", "https://linux.oracle.com/cve/CVE-2026-4519.html", "https://linux.oracle.com/errata/ELSA-2026-6473.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/", "https://nvd.nist.gov/vuln/detail/CVE-2026-4519", "https://www.cve.org/CVERecord?id=CVE-2026-4519" ], "PublishedDate": "2026-03-20T15:16:24.057Z", "LastModifiedDate": "2026-03-25T18:16:33.073Z" }, { "VulnerabilityID": "CVE-2026-3644", "PkgID": "python-3.13-base@3.13.12-r1", "PkgName": "python-3.13-base", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13-base@3.13.12-r1?arch=x86_64\u0026distro=20230201", "UID": "464d44cc1c4d2a38", "BOMRef": "pkg:apk/wolfi/python-3.13-base@3.13.12-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r1", "FixedVersion": "3.13.12-r7", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3644", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:f7cf44fcef2a106474b9b9e1acf4cf3a8f127d876694b576f6304dd2d16c9ac7", "Title": "cpython: Incomplete control character validation in http.cookies", "Description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-116" ], "VendorSeverity": { "amazon": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-3644", "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4", "https://github.com/python/cpython/commit/62ceb396fcbe69da1ded3702de586f4072b590dd", "https://github.com/python/cpython/commit/d16ecc6c3626f0e2cc8f08c309c83934e8a979dd", "https://github.com/python/cpython/issues/145599", "https://github.com/python/cpython/pull/145600", "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/", "https://nvd.nist.gov/vuln/detail/CVE-2026-3644", "https://www.cve.org/CVERecord?id=CVE-2026-3644" ], "PublishedDate": "2026-03-16T18:16:09.907Z", "LastModifiedDate": "2026-03-17T14:20:01.67Z" }, { "VulnerabilityID": "CVE-2026-4224", "PkgID": "python-3.13-base@3.13.12-r1", "PkgName": "python-3.13-base", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13-base@3.13.12-r1?arch=x86_64\u0026distro=20230201", "UID": "464d44cc1c4d2a38", "BOMRef": "pkg:apk/wolfi/python-3.13-base@3.13.12-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r1", "FixedVersion": "3.13.12-r7", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4224", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:bb8e021b7c58f556db986f779898e53b525daa599fb04f5a5a4f99c4a8bb4ae1", "Title": "cpython: Stack overflow parsing XML with deeply nested DTD content models", "Description": "When an Expat parser with a registered ElementDeclHandler parses an inline\ndocument type definition containing a deeply nested content model a C stack\noverflow occurs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/16/4", "https://access.redhat.com/security/cve/CVE-2026-4224", "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a", "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3", "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768", "https://github.com/python/cpython/issues/145986", "https://github.com/python/cpython/pull/145987", "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/", "https://nvd.nist.gov/vuln/detail/CVE-2026-4224", "https://www.cve.org/CVERecord?id=CVE-2026-4224" ], "PublishedDate": "2026-03-16T18:16:10.07Z", "LastModifiedDate": "2026-03-17T14:20:01.67Z" }, { "VulnerabilityID": "CVE-2026-2297", "PkgID": "python-3.13-base@3.13.12-r1", "PkgName": "python-3.13-base", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13-base@3.13.12-r1?arch=x86_64\u0026distro=20230201", "UID": "464d44cc1c4d2a38", "BOMRef": "pkg:apk/wolfi/python-3.13-base@3.13.12-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r1", "FixedVersion": "3.13.12-r3", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2297", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:3066b8004cc27fd62f99dff5109424cf8e8d1cb77d7c7d5d6ce64aa1ca4a60bf", "Title": "cpython: CPython: Logging Bypass in Legacy .pyc File Handling", "Description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "Severity": "LOW", "CweIDs": [ "CWE-668" ], "VendorSeverity": { "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/05/6", "https://access.redhat.com/security/cve/CVE-2026-2297", "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e", "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e", "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86", "https://github.com/python/cpython/issues/145506", "https://github.com/python/cpython/pull/145507", "https://nvd.nist.gov/vuln/detail/CVE-2026-2297", "https://www.cve.org/CVERecord?id=CVE-2026-2297" ], "PublishedDate": "2026-03-04T23:16:10.757Z", "LastModifiedDate": "2026-03-12T15:16:27.957Z" } ] }, { "Target": "Node.js", "Class": "lang-pkgs", "Type": "node-pkg", "Packages": [ { "ID": "@isaacs/balanced-match@4.0.1", "Name": "@isaacs/balanced-match", "Identifier": { "PURL": "pkg:npm/%40isaacs/balanced-match@4.0.1", "UID": "7dc77ee9c5bc6e34", "BOMRef": "6eea8a86-49d9-40ce-9413-da3f7c2336f7" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/balanced-match/package.json", "Digest": "sha1:17c25730c5cb82e1d4ee1c212f2b2588dd5a3781" }, { "ID": "@isaacs/balanced-match@4.0.1", "Name": "@isaacs/balanced-match", "Identifier": { "PURL": "pkg:npm/%40isaacs/balanced-match@4.0.1", "UID": "3477d8947610a55c", "BOMRef": "7e03d835-8be5-4ffd-90d4-1918f6e334dc" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/brace-expansion/node_modules/@isaacs/balanced-match/package.json", "Digest": "sha1:17c25730c5cb82e1d4ee1c212f2b2588dd5a3781" }, { "ID": "@isaacs/balanced-match@4.0.1", "Name": "@isaacs/balanced-match", "Identifier": { "PURL": "pkg:npm/%40isaacs/balanced-match@4.0.1", "UID": "bc96a348e18e8ee", "BOMRef": "7664f59a-a7ac-42dc-bcfe-db370d8911aa" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/@isaacs/brace-expansion/node_modules/@isaacs/balanced-match/package.json", "Digest": "sha1:17c25730c5cb82e1d4ee1c212f2b2588dd5a3781" }, { "ID": "@isaacs/brace-expansion@5.0.1", "Name": "@isaacs/brace-expansion", "Identifier": { "PURL": "pkg:npm/%40isaacs/brace-expansion@5.0.1", "UID": "e04bd3a4ef8848ce", "BOMRef": "c41222e5-7e10-4572-ae7d-c62c43d89bc5" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/brace-expansion/package.json", "Digest": "sha1:582e89e8912ed72319d3768c79b15781164e5594" }, { "ID": "@isaacs/brace-expansion@5.0.1", "Name": "@isaacs/brace-expansion", "Identifier": { "PURL": "pkg:npm/%40isaacs/brace-expansion@5.0.1", "UID": "d47ee34f2d53df43", "BOMRef": "50e027ad-78f0-4330-a983-262cac00c5d6" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/@isaacs/brace-expansion/package.json", "Digest": "sha1:582e89e8912ed72319d3768c79b15781164e5594" }, { "ID": "@isaacs/cliui@8.0.2", "Name": "@isaacs/cliui", "Identifier": { "PURL": "pkg:npm/%40isaacs/cliui@8.0.2", "UID": "5be358a8a1cfe791", "BOMRef": "pkg:npm/%40isaacs/cliui@8.0.2" }, "Version": "8.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/cliui/package.json", "Digest": "sha1:5f8f4c1e3bf1144f3a52c51bf040d843bb2a8b90" }, { "ID": "@isaacs/cliui@9.0.0", "Name": "@isaacs/cliui", "Identifier": { "PURL": "pkg:npm/%40isaacs/cliui@9.0.0", "UID": "d62f3df5232d8d96", "BOMRef": "a6f4cf1a-858b-4eda-8aa6-44cc2f108102" }, "Version": "9.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/@isaacs/cliui/package.json", "Digest": "sha1:1ce0188abd4792f8dbcd6fede4f6bfc508a2e3fe" }, { "ID": "@isaacs/cliui@9.0.0", "Name": "@isaacs/cliui", "Identifier": { "PURL": "pkg:npm/%40isaacs/cliui@9.0.0", "UID": "6ae80b0ab51a18a0", "BOMRef": "900b1d32-1898-4c05-858a-283fc26c6bf9" }, "Version": "9.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/@isaacs/cliui/package.json", "Digest": "sha1:1ce0188abd4792f8dbcd6fede4f6bfc508a2e3fe" }, { "ID": "@isaacs/cliui@9.0.0", "Name": "@isaacs/cliui", "Identifier": { "PURL": "pkg:npm/%40isaacs/cliui@9.0.0", "UID": "fc928b192ceacd4c", "BOMRef": "6c4b371d-ce76-49ee-8ad1-b70e1a09ad34" }, "Version": "9.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/node_modules/@isaacs/cliui/package.json", "Digest": "sha1:1ce0188abd4792f8dbcd6fede4f6bfc508a2e3fe" }, { "ID": "@isaacs/cliui@9.0.0", "Name": "@isaacs/cliui", "Identifier": { "PURL": "pkg:npm/%40isaacs/cliui@9.0.0", "UID": "d806f5839bedbfe5", "BOMRef": "6c25100f-694f-4a5e-8d41-81820861206f" }, "Version": "9.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/@isaacs/cliui/package.json", "Digest": "sha1:1ce0188abd4792f8dbcd6fede4f6bfc508a2e3fe" }, { "ID": "@isaacs/fs-minipass@4.0.1", "Name": "@isaacs/fs-minipass", "Identifier": { "PURL": "pkg:npm/%40isaacs/fs-minipass@4.0.1", "UID": "97a36e581543a4cf", "BOMRef": "b576d0f2-3892-4c78-9d5f-2d87f380bcf5" }, "Version": "4.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/fs-minipass/package.json", "Digest": "sha1:504edba0a95630e08edf150335c2fe914825fc5a" }, { "ID": "@isaacs/fs-minipass@4.0.1", "Name": "@isaacs/fs-minipass", "Identifier": { "PURL": "pkg:npm/%40isaacs/fs-minipass@4.0.1", "UID": "a5c613a36a5da9a3", "BOMRef": "78bf1af7-77d2-42e3-b3ee-21f0dc106140" }, "Version": "4.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/node_modules/@isaacs/fs-minipass/package.json", "Digest": "sha1:504edba0a95630e08edf150335c2fe914825fc5a" }, { "ID": "@isaacs/fs-minipass@4.0.1", "Name": "@isaacs/fs-minipass", "Identifier": { "PURL": "pkg:npm/%40isaacs/fs-minipass@4.0.1", "UID": "5cdb4d3351c4ebcf", "BOMRef": "17751460-e413-40d2-b287-d6a4051430f5" }, "Version": "4.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@isaacs/fs-minipass/package.json", "Digest": "sha1:504edba0a95630e08edf150335c2fe914825fc5a" }, { "ID": "@isaacs/fs-minipass@4.0.1", "Name": "@isaacs/fs-minipass", "Identifier": { "PURL": "pkg:npm/%40isaacs/fs-minipass@4.0.1", "UID": "1087296e9d05f6c6", "BOMRef": "07bd41da-cdbe-48dc-94fe-96f168d63397" }, "Version": "4.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tar/node_modules/@isaacs/fs-minipass/package.json", "Digest": "sha1:504edba0a95630e08edf150335c2fe914825fc5a" }, { "ID": "@isaacs/fs-minipass@4.0.1", "Name": "@isaacs/fs-minipass", "Identifier": { "PURL": "pkg:npm/%40isaacs/fs-minipass@4.0.1", "UID": "18a7f358c47f181b", "BOMRef": "e926861e-277b-4d83-bc38-dc3b45e29af0" }, "Version": "4.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/tar/node_modules/@isaacs/fs-minipass/package.json", "Digest": "sha1:504edba0a95630e08edf150335c2fe914825fc5a" }, { "ID": "@isaacs/string-locale-compare@1.1.0", "Name": "@isaacs/string-locale-compare", "Identifier": { "PURL": "pkg:npm/%40isaacs/string-locale-compare@1.1.0", "UID": "f6385e72d9460eb4", "BOMRef": "97ebf79c-a856-40a3-80c2-a154a076256f" }, "Version": "1.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/string-locale-compare/package.json", "Digest": "sha1:9dc38644ea6f125e3b06825ff04df5ea22f56094" }, { "ID": "@isaacs/string-locale-compare@1.1.0", "Name": "@isaacs/string-locale-compare", "Identifier": { "PURL": "pkg:npm/%40isaacs/string-locale-compare@1.1.0", "UID": "5967d66274d69e7f", "BOMRef": "caad82f1-c31f-419e-a2c5-2ec9f004627d" }, "Version": "1.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@isaacs/string-locale-compare/package.json", "Digest": "sha1:9dc38644ea6f125e3b06825ff04df5ea22f56094" }, { "ID": "@npmcli/agent@3.0.0", "Name": "@npmcli/agent", "Identifier": { "PURL": "pkg:npm/%40npmcli/agent@3.0.0", "UID": "9e2a598418a96ad5", "BOMRef": "pkg:npm/%40npmcli/agent@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/@npmcli/agent/package.json", "Digest": "sha1:ca472993ec88d2b98a488f843d480575f24092f7" }, { "ID": "@npmcli/agent@4.0.0", "Name": "@npmcli/agent", "Identifier": { "PURL": "pkg:npm/%40npmcli/agent@4.0.0", "UID": "516dcf3d03f617ca", "BOMRef": "5cb81dbc-4da7-4eba-a7d0-7eccfe1a2248" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/agent/package.json", "Digest": "sha1:48e34f21103faf00d9c60756e62dee09494be465" }, { "ID": "@npmcli/agent@4.0.0", "Name": "@npmcli/agent", "Identifier": { "PURL": "pkg:npm/%40npmcli/agent@4.0.0", "UID": "cb2a31448e17de82", "BOMRef": "ecd16ec0-da37-497a-9c56-69a5ba66f8e6" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/agent/package.json", "Digest": "sha1:48e34f21103faf00d9c60756e62dee09494be465" }, { "ID": "@npmcli/arborist@9.1.6", "Name": "@npmcli/arborist", "Identifier": { "PURL": "pkg:npm/%40npmcli/arborist@9.1.6", "UID": "d2fa0a6e80bf97a5", "BOMRef": "pkg:npm/%40npmcli/arborist@9.1.6" }, "Version": "9.1.6", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/arborist/package.json", "Digest": "sha1:f33c67da757406439e5a8bb3b39996fa87d27dbf" }, { "ID": "@npmcli/arborist@9.3.1", "Name": "@npmcli/arborist", "Identifier": { "PURL": "pkg:npm/%40npmcli/arborist@9.3.1", "UID": "5aed58bb450b38b1", "BOMRef": "pkg:npm/%40npmcli/arborist@9.3.1" }, "Version": "9.3.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/arborist/package.json", "Digest": "sha1:aeb22b2f8ead01dd06c2c2829909ba5ff492f3d2" }, { "ID": "@npmcli/config@10.4.2", "Name": "@npmcli/config", "Identifier": { "PURL": "pkg:npm/%40npmcli/config@10.4.2", "UID": "42a858310215ad62", "BOMRef": "pkg:npm/%40npmcli/config@10.4.2" }, "Version": "10.4.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/config/package.json", "Digest": "sha1:194b60a9b2b1b7d9c55bbde6f002e6f407c29753" }, { "ID": "@npmcli/config@10.7.1", "Name": "@npmcli/config", "Identifier": { "PURL": "pkg:npm/%40npmcli/config@10.7.1", "UID": "d6b18e6a145266ba", "BOMRef": "pkg:npm/%40npmcli/config@10.7.1" }, "Version": "10.7.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/config/package.json", "Digest": "sha1:779af7712d5765f5b69dc3f99ae8dfb2d6600e1c" }, { "ID": "@npmcli/fs@4.0.0", "Name": "@npmcli/fs", "Identifier": { "PURL": "pkg:npm/%40npmcli/fs@4.0.0", "UID": "5ea1ee01f9ba7d32", "BOMRef": "pkg:npm/%40npmcli/fs@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/fs/package.json", "Digest": "sha1:cf0302511d637d6a1f8b5e49b3d9b42210c7b8f0" }, { "ID": "@npmcli/fs@5.0.0", "Name": "@npmcli/fs", "Identifier": { "PURL": "pkg:npm/%40npmcli/fs@5.0.0", "UID": "3a968590a1f56bbe", "BOMRef": "pkg:npm/%40npmcli/fs@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/fs/package.json", "Digest": "sha1:3a4053128a62fd9581012b83ef531b95397167e3" }, { "ID": "@npmcli/git@7.0.0", "Name": "@npmcli/git", "Identifier": { "PURL": "pkg:npm/%40npmcli/git@7.0.0", "UID": "d6c65eacd28f9ba1", "BOMRef": "pkg:npm/%40npmcli/git@7.0.0" }, "Version": "7.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/git/package.json", "Digest": "sha1:89602e9193afacae84abb1ceab33721b03fa29c6" }, { "ID": "@npmcli/git@7.0.1", "Name": "@npmcli/git", "Identifier": { "PURL": "pkg:npm/%40npmcli/git@7.0.1", "UID": "6b0893929969f091", "BOMRef": "pkg:npm/%40npmcli/git@7.0.1" }, "Version": "7.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/git/package.json", "Digest": "sha1:d74915bdb0a742b4c720d33fff12917072da12ab" }, { "ID": "@npmcli/installed-package-contents@3.0.0", "Name": "@npmcli/installed-package-contents", "Identifier": { "PURL": "pkg:npm/%40npmcli/installed-package-contents@3.0.0", "UID": "48df1c0ddb74a867", "BOMRef": "pkg:npm/%40npmcli/installed-package-contents@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/installed-package-contents/package.json", "Digest": "sha1:eb7509c6d4a24822861ce30d6906b6bba7ea40c1" }, { "ID": "@npmcli/installed-package-contents@4.0.0", "Name": "@npmcli/installed-package-contents", "Identifier": { "PURL": "pkg:npm/%40npmcli/installed-package-contents@4.0.0", "UID": "ab1b91e7179a90fd", "BOMRef": "pkg:npm/%40npmcli/installed-package-contents@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/installed-package-contents/package.json", "Digest": "sha1:189051543dd09896a1c31f80390afe0b5306d4c0" }, { "ID": "@npmcli/map-workspaces@5.0.0", "Name": "@npmcli/map-workspaces", "Identifier": { "PURL": "pkg:npm/%40npmcli/map-workspaces@5.0.0", "UID": "908c9cb53d3281c7", "BOMRef": "pkg:npm/%40npmcli/map-workspaces@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/map-workspaces/package.json", "Digest": "sha1:7af92b48b9fde0f645832109b03656a17c015dc5" }, { "ID": "@npmcli/map-workspaces@5.0.3", "Name": "@npmcli/map-workspaces", "Identifier": { "PURL": "pkg:npm/%40npmcli/map-workspaces@5.0.3", "UID": "eeeb90478134e0b8", "BOMRef": "pkg:npm/%40npmcli/map-workspaces@5.0.3" }, "Version": "5.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/map-workspaces/package.json", "Digest": "sha1:9b2b024266bb8c342ed0bfbefb1c48a7d9b0c015" }, { "ID": "@npmcli/metavuln-calculator@9.0.2", "Name": "@npmcli/metavuln-calculator", "Identifier": { "PURL": "pkg:npm/%40npmcli/metavuln-calculator@9.0.2", "UID": "4622a692c3e33c99", "BOMRef": "pkg:npm/%40npmcli/metavuln-calculator@9.0.2" }, "Version": "9.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/package.json", "Digest": "sha1:8d3811d7a2b96bdeaccde89048f54f01885506ba" }, { "ID": "@npmcli/metavuln-calculator@9.0.3", "Name": "@npmcli/metavuln-calculator", "Identifier": { "PURL": "pkg:npm/%40npmcli/metavuln-calculator@9.0.3", "UID": "800d634678d6fdc1", "BOMRef": "pkg:npm/%40npmcli/metavuln-calculator@9.0.3" }, "Version": "9.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/package.json", "Digest": "sha1:ef331816f66b624d692f45b26c2e6a910767656c" }, { "ID": "@npmcli/name-from-folder@3.0.0", "Name": "@npmcli/name-from-folder", "Identifier": { "PURL": "pkg:npm/%40npmcli/name-from-folder@3.0.0", "UID": "cf57e5da4ff495d6", "BOMRef": "pkg:npm/%40npmcli/name-from-folder@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/name-from-folder/package.json", "Digest": "sha1:2b6a54a8d10c9125e653dbe6f740e380324b61ba" }, { "ID": "@npmcli/name-from-folder@4.0.0", "Name": "@npmcli/name-from-folder", "Identifier": { "PURL": "pkg:npm/%40npmcli/name-from-folder@4.0.0", "UID": "91ea62a4b4c4db7a", "BOMRef": "pkg:npm/%40npmcli/name-from-folder@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/name-from-folder/package.json", "Digest": "sha1:4d3174b80cc1b257fa96b098c95e27ffaff5b659" }, { "ID": "@npmcli/node-gyp@4.0.0", "Name": "@npmcli/node-gyp", "Identifier": { "PURL": "pkg:npm/%40npmcli/node-gyp@4.0.0", "UID": "2fb6690dede9f577", "BOMRef": "pkg:npm/%40npmcli/node-gyp@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/node-gyp/package.json", "Digest": "sha1:a91f3ca2b970fb8453035a15ea7ae5a2c68859c1" }, { "ID": "@npmcli/node-gyp@5.0.0", "Name": "@npmcli/node-gyp", "Identifier": { "PURL": "pkg:npm/%40npmcli/node-gyp@5.0.0", "UID": "c0bf97058082e107", "BOMRef": "pkg:npm/%40npmcli/node-gyp@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/node-gyp/package.json", "Digest": "sha1:c2549c9809a38abb866596530702d0de2c0cdc44" }, { "ID": "@npmcli/package-json@7.0.1", "Name": "@npmcli/package-json", "Identifier": { "PURL": "pkg:npm/%40npmcli/package-json@7.0.1", "UID": "efd8ea7c2f58f509", "BOMRef": "pkg:npm/%40npmcli/package-json@7.0.1" }, "Version": "7.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/package-json/package.json", "Digest": "sha1:8dfa60053aeca0de1403eb7c517dafc86e7e3611" }, { "ID": "@npmcli/package-json@7.0.5", "Name": "@npmcli/package-json", "Identifier": { "PURL": "pkg:npm/%40npmcli/package-json@7.0.5", "UID": "b8f31ff849ea5245", "BOMRef": "pkg:npm/%40npmcli/package-json@7.0.5" }, "Version": "7.0.5", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/package-json/package.json", "Digest": "sha1:6f10f890a1dd14676d61faee4d379c06ec93502e" }, { "ID": "@npmcli/promise-spawn@8.0.3", "Name": "@npmcli/promise-spawn", "Identifier": { "PURL": "pkg:npm/%40npmcli/promise-spawn@8.0.3", "UID": "e11eef8a232dda33", "BOMRef": "pkg:npm/%40npmcli/promise-spawn@8.0.3" }, "Version": "8.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/promise-spawn/package.json", "Digest": "sha1:5101b25f91ee7af2103b68a59b43b116bc4aaaad" }, { "ID": "@npmcli/promise-spawn@9.0.1", "Name": "@npmcli/promise-spawn", "Identifier": { "PURL": "pkg:npm/%40npmcli/promise-spawn@9.0.1", "UID": "31aa12bffd72fb43", "BOMRef": "pkg:npm/%40npmcli/promise-spawn@9.0.1" }, "Version": "9.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/promise-spawn/package.json", "Digest": "sha1:8cc9163ac59ee91de9240a11723d8701fa80317e" }, { "ID": "@npmcli/query@4.0.1", "Name": "@npmcli/query", "Identifier": { "PURL": "pkg:npm/%40npmcli/query@4.0.1", "UID": "e5c0928a174cf081", "BOMRef": "pkg:npm/%40npmcli/query@4.0.1" }, "Version": "4.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/query/package.json", "Digest": "sha1:71d09c79da76d695099a90a592415e9c1440c5a1" }, { "ID": "@npmcli/query@5.0.0", "Name": "@npmcli/query", "Identifier": { "PURL": "pkg:npm/%40npmcli/query@5.0.0", "UID": "4f7ef9eec6be716a", "BOMRef": "pkg:npm/%40npmcli/query@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/query/package.json", "Digest": "sha1:f56866b082e0015fbbe60b12d303c71b778af0e1" }, { "ID": "@npmcli/redact@3.2.2", "Name": "@npmcli/redact", "Identifier": { "PURL": "pkg:npm/%40npmcli/redact@3.2.2", "UID": "ff75828547f8ff9e", "BOMRef": "pkg:npm/%40npmcli/redact@3.2.2" }, "Version": "3.2.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/redact/package.json", "Digest": "sha1:6f100bba733fae433b3156bd6a8a90249ffc5ecb" }, { "ID": "@npmcli/redact@4.0.0", "Name": "@npmcli/redact", "Identifier": { "PURL": "pkg:npm/%40npmcli/redact@4.0.0", "UID": "74dde1c43387bfee", "BOMRef": "pkg:npm/%40npmcli/redact@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/redact/package.json", "Digest": "sha1:e81d178ea5aac085222f1c853a9b42fb0cc96a46" }, { "ID": "@npmcli/run-script@10.0.0", "Name": "@npmcli/run-script", "Identifier": { "PURL": "pkg:npm/%40npmcli/run-script@10.0.0", "UID": "d3ad98788374ef21", "BOMRef": "pkg:npm/%40npmcli/run-script@10.0.0" }, "Version": "10.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/run-script/package.json", "Digest": "sha1:cdedbbbcbd429e634685f7c67d7069c6593b8006" }, { "ID": "@npmcli/run-script@10.0.3", "Name": "@npmcli/run-script", "Identifier": { "PURL": "pkg:npm/%40npmcli/run-script@10.0.3", "UID": "4c991aee89969376", "BOMRef": "pkg:npm/%40npmcli/run-script@10.0.3" }, "Version": "10.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/run-script/package.json", "Digest": "sha1:d9a49385f1a06449642c48bcb52f9600898eb65f" }, { "ID": "@pkgjs/parseargs@0.11.0", "Name": "@pkgjs/parseargs", "Identifier": { "PURL": "pkg:npm/%40pkgjs/parseargs@0.11.0", "UID": "698b1cadf3fc0bc5", "BOMRef": "pkg:npm/%40pkgjs/parseargs@0.11.0" }, "Version": "0.11.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@pkgjs/parseargs/package.json", "Digest": "sha1:0dd3949ab9157869b8d3387f50a149bca2638d73" }, { "ID": "@prisma/client@5.4.2", "Name": "@prisma/client", "Identifier": { "PURL": "pkg:npm/%40prisma/client@5.4.2", "UID": "1bacffc470f641c7", "BOMRef": "pkg:npm/%40prisma/client@5.4.2" }, "Version": "5.4.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:1eb2d32748f0e81c7e1f9f73af574d521190fa57efbe232b51105e1bf12b3fd0", "DiffID": "sha256:309d2790ec4690a4b077992d4a88f61006612dfd119905c02e3147a42a7af8a3" }, "FilePath": "root/.cache/prisma-python/binaries/5.4.2/ac9d7041ed77bcc8a8dbd2ab6616b39013829574/node_modules/prisma/prisma-client/package.json", "Digest": "sha1:067a3cf4b08bb66df88691a278bd21a778474e60" }, { "ID": "@prisma/engines@5.4.2", "Name": "@prisma/engines", "Identifier": { "PURL": "pkg:npm/%40prisma/engines@5.4.2", "UID": "599e6621acbc1467", "BOMRef": "pkg:npm/%40prisma/engines@5.4.2" }, "Version": "5.4.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:1eb2d32748f0e81c7e1f9f73af574d521190fa57efbe232b51105e1bf12b3fd0", "DiffID": "sha256:309d2790ec4690a4b077992d4a88f61006612dfd119905c02e3147a42a7af8a3" }, "FilePath": "root/.cache/prisma-python/binaries/5.4.2/ac9d7041ed77bcc8a8dbd2ab6616b39013829574/node_modules/@prisma/engines/package.json", "Digest": "sha1:27f640d9b356e0726de8c28f78eb8ad1c8bf1dd9" }, { "ID": "@sigstore/bundle@4.0.0", "Name": "@sigstore/bundle", "Identifier": { "PURL": "pkg:npm/%40sigstore/bundle@4.0.0", "UID": "e9fc038007af823e", "BOMRef": "5659f8a8-4190-44f7-a4fb-498bf14346c7" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/bundle/package.json", "Digest": "sha1:1d6ca2f018ec884e6df5424d8d7fc6818d64c3b4" }, { "ID": "@sigstore/bundle@4.0.0", "Name": "@sigstore/bundle", "Identifier": { "PURL": "pkg:npm/%40sigstore/bundle@4.0.0", "UID": "a3d76ab10db5d4b4", "BOMRef": "20d0407d-5b14-490d-8f8e-3abc60c4210a" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@sigstore/bundle/package.json", "Digest": "sha1:1d6ca2f018ec884e6df5424d8d7fc6818d64c3b4" }, { "ID": "@sigstore/core@3.0.0", "Name": "@sigstore/core", "Identifier": { "PURL": "pkg:npm/%40sigstore/core@3.0.0", "UID": "e42c4a271b0f59d", "BOMRef": "pkg:npm/%40sigstore/core@3.0.0" }, "Version": "3.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/core/package.json", "Digest": "sha1:a3582aa64bea04fc99d1275aba7ebc582925a2c8" }, { "ID": "@sigstore/core@3.1.0", "Name": "@sigstore/core", "Identifier": { "PURL": "pkg:npm/%40sigstore/core@3.1.0", "UID": "4a09d29c542357f", "BOMRef": "pkg:npm/%40sigstore/core@3.1.0" }, "Version": "3.1.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@sigstore/core/package.json", "Digest": "sha1:1b171001ef4ffeaaab9d24334adcb37c669acb60" }, { "ID": "@sigstore/protobuf-specs@0.5.0", "Name": "@sigstore/protobuf-specs", "Identifier": { "PURL": "pkg:npm/%40sigstore/protobuf-specs@0.5.0", "UID": "98029084e33af851", "BOMRef": "cb17dea2-65f9-4246-8e4a-86da36216a91" }, "Version": "0.5.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/protobuf-specs/package.json", "Digest": "sha1:883da1dcb03a5b8e4ba41bd5e8db239c9c17392b" }, { "ID": "@sigstore/protobuf-specs@0.5.0", "Name": "@sigstore/protobuf-specs", "Identifier": { "PURL": "pkg:npm/%40sigstore/protobuf-specs@0.5.0", "UID": "2785afa0d3d8b99e", "BOMRef": "14f1dc3b-6118-45a4-a037-d9f4258cb297" }, "Version": "0.5.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@sigstore/protobuf-specs/package.json", "Digest": "sha1:883da1dcb03a5b8e4ba41bd5e8db239c9c17392b" }, { "ID": "@sigstore/sign@4.0.1", "Name": "@sigstore/sign", "Identifier": { "PURL": "pkg:npm/%40sigstore/sign@4.0.1", "UID": "79b0618dd33b0065", "BOMRef": "pkg:npm/%40sigstore/sign@4.0.1" }, "Version": "4.0.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/sign/package.json", "Digest": "sha1:4bec0011dd3d4f58a729b1a9e0e8e9592416f4b2" }, { "ID": "@sigstore/sign@4.1.0", "Name": "@sigstore/sign", "Identifier": { "PURL": "pkg:npm/%40sigstore/sign@4.1.0", "UID": "42852f2664ca5fd1", "BOMRef": "pkg:npm/%40sigstore/sign@4.1.0" }, "Version": "4.1.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@sigstore/sign/package.json", "Digest": "sha1:191dce764e0717fa6f8ae2e214e69421c6fd5797" }, { "ID": "@sigstore/tuf@4.0.0", "Name": "@sigstore/tuf", "Identifier": { "PURL": "pkg:npm/%40sigstore/tuf@4.0.0", "UID": "97503152511a0e8a", "BOMRef": "pkg:npm/%40sigstore/tuf@4.0.0" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/tuf/package.json", "Digest": "sha1:3a59a8c16182f65f8cabbf98fee333c9eaa394f6" }, { "ID": "@sigstore/tuf@4.0.1", "Name": "@sigstore/tuf", "Identifier": { "PURL": "pkg:npm/%40sigstore/tuf@4.0.1", "UID": "e8eccb28f976141", "BOMRef": "pkg:npm/%40sigstore/tuf@4.0.1" }, "Version": "4.0.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@sigstore/tuf/package.json", "Digest": "sha1:6e166263107e702af9d17595f800a6e6498a7726" }, { "ID": "@sigstore/verify@3.0.0", "Name": "@sigstore/verify", "Identifier": { "PURL": "pkg:npm/%40sigstore/verify@3.0.0", "UID": "b9679a19db2ca3b5", "BOMRef": "pkg:npm/%40sigstore/verify@3.0.0" }, "Version": "3.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/verify/package.json", "Digest": "sha1:fb4180fd0c6f2de9386fa2ef9929f4c1a6f00562" }, { "ID": "@sigstore/verify@3.1.0", "Name": "@sigstore/verify", "Identifier": { "PURL": "pkg:npm/%40sigstore/verify@3.1.0", "UID": "b042619afc2e5142", "BOMRef": "pkg:npm/%40sigstore/verify@3.1.0" }, "Version": "3.1.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@sigstore/verify/package.json", "Digest": "sha1:4523305db384269754d0fab04bacf31ca05ad1be" }, { "ID": "@tufjs/canonical-json@2.0.0", "Name": "@tufjs/canonical-json", "Identifier": { "PURL": "pkg:npm/%40tufjs/canonical-json@2.0.0", "UID": "a1baabacf8d78834", "BOMRef": "932510c3-6166-4dc8-a6a6-61905f36fbdd" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/canonical-json/package.json", "Digest": "sha1:5af11d14b15be3f1dc8a1195100ea60de40325c9" }, { "ID": "@tufjs/canonical-json@2.0.0", "Name": "@tufjs/canonical-json", "Identifier": { "PURL": "pkg:npm/%40tufjs/canonical-json@2.0.0", "UID": "49369a8937382459", "BOMRef": "f0ba2b1c-9e86-45ac-95fa-80351990f5f5" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@tufjs/canonical-json/package.json", "Digest": "sha1:5af11d14b15be3f1dc8a1195100ea60de40325c9" }, { "ID": "@tufjs/models@4.0.0", "Name": "@tufjs/models", "Identifier": { "PURL": "pkg:npm/%40tufjs/models@4.0.0", "UID": "e9f60f580bd5fd92", "BOMRef": "pkg:npm/%40tufjs/models@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/models/package.json", "Digest": "sha1:1630e9d321e28e965386e30f9d855f05b6278fa9" }, { "ID": "@tufjs/models@4.1.0", "Name": "@tufjs/models", "Identifier": { "PURL": "pkg:npm/%40tufjs/models@4.1.0", "UID": "d2e0dff522fc2a7a", "BOMRef": "pkg:npm/%40tufjs/models@4.1.0" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@tufjs/models/package.json", "Digest": "sha1:2ac6b88622c667e4c6582d32bbb21276b6781c61" }, { "ID": "abbrev@3.0.1", "Name": "abbrev", "Identifier": { "PURL": "pkg:npm/abbrev@3.0.1", "UID": "eeb95c085399a6c8", "BOMRef": "pkg:npm/abbrev@3.0.1" }, "Version": "3.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/abbrev/package.json", "Digest": "sha1:58ff9d74c88270726b05e383ba4d2641a18438f3" }, { "ID": "abbrev@4.0.0", "Name": "abbrev", "Identifier": { "PURL": "pkg:npm/abbrev@4.0.0", "UID": "4c2f489326ea0f65", "BOMRef": "pkg:npm/abbrev@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/abbrev/package.json", "Digest": "sha1:6869bc2da89cbb7aba0c148aefa7e8fc43456128" }, { "ID": "agent-base@7.1.4", "Name": "agent-base", "Identifier": { "PURL": "pkg:npm/agent-base@7.1.4", "UID": "f00269734a735fca", "BOMRef": "74974ec6-68f3-498c-9985-c2ed44a0459c" }, "Version": "7.1.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/agent-base/package.json", "Digest": "sha1:126adbedcff6faa6826eca63c75e9193237ab10b" }, { "ID": "agent-base@7.1.4", "Name": "agent-base", "Identifier": { "PURL": "pkg:npm/agent-base@7.1.4", "UID": "107cca39077d373b", "BOMRef": "53565b60-cd7e-4431-8de4-6292de53e864" }, "Version": "7.1.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/agent-base/package.json", "Digest": "sha1:126adbedcff6faa6826eca63c75e9193237ab10b" }, { "ID": "ansi-regex@5.0.1", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@5.0.1", "UID": "e18d86e0d5a1827c", "BOMRef": "pkg:npm/ansi-regex@5.0.1" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ansi-regex/package.json", "Digest": "sha1:f1b78e043012e1ab5689d57377093e88f1400677" }, { "ID": "ansi-regex@6.2.2", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@6.2.2", "UID": "c71f12ee331c1a19", "BOMRef": "9089cd66-69e8-4bff-856b-8da27e5e4626" }, "Version": "6.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex/package.json", "Digest": "sha1:ce200865f7a4839de6213072c7986484139c50b1" }, { "ID": "ansi-regex@6.2.2", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@6.2.2", "UID": "1de1947e86482e83", "BOMRef": "d46bec62-c647-45c4-b71c-b5b6c384f183" }, "Version": "6.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi/node_modules/ansi-regex/package.json", "Digest": "sha1:ce200865f7a4839de6213072c7986484139c50b1" }, { "ID": "ansi-styles@4.3.0", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@4.3.0", "UID": "e2a8962846c95d0f", "BOMRef": "pkg:npm/ansi-styles@4.3.0" }, "Version": "4.3.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-styles/package.json", "Digest": "sha1:3c9ef7bd0a1c3d805814c654c457cc315c48c116" }, { "ID": "ansi-styles@6.2.3", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@6.2.3", "UID": "8d89d4d06876d8f1", "BOMRef": "pkg:npm/ansi-styles@6.2.3" }, "Version": "6.2.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ansi-styles/package.json", "Digest": "sha1:adb4944aaa807d2d90a6d54e220759c3081c10d2" }, { "ID": "aproba@2.1.0", "Name": "aproba", "Identifier": { "PURL": "pkg:npm/aproba@2.1.0", "UID": "c8d03a4814ce331d", "BOMRef": "27154340-13c0-4ae6-8903-3ac55a0b7e16" }, "Version": "2.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/aproba/package.json", "Digest": "sha1:1cc57d456b29f580ef93bb2fee5566d3e3285009" }, { "ID": "aproba@2.1.0", "Name": "aproba", "Identifier": { "PURL": "pkg:npm/aproba@2.1.0", "UID": "b6dd9c6eefa50b72", "BOMRef": "812aa8f7-7a09-42cd-8e21-7abea006b33b" }, "Version": "2.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/aproba/package.json", "Digest": "sha1:1cc57d456b29f580ef93bb2fee5566d3e3285009" }, { "ID": "archy@1.0.0", "Name": "archy", "Identifier": { "PURL": "pkg:npm/archy@1.0.0", "UID": "670bcc87a71bd97e", "BOMRef": "64ad5a7f-870b-424e-9b8e-73e551d4f5b9" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/archy/package.json", "Digest": "sha1:3bd81e8f9d8e79057497b7473c6eac4f3d519149" }, { "ID": "archy@1.0.0", "Name": "archy", "Identifier": { "PURL": "pkg:npm/archy@1.0.0", "UID": "5f10a34d389e7047", "BOMRef": "e0f51314-3cd8-4db9-86ca-cdf14d4e4ca6" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/archy/package.json", "Digest": "sha1:3bd81e8f9d8e79057497b7473c6eac4f3d519149" }, { "ID": "balanced-match@1.0.2", "Name": "balanced-match", "Identifier": { "PURL": "pkg:npm/balanced-match@1.0.2", "UID": "a64a2ffb303feae6", "BOMRef": "pkg:npm/balanced-match@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/balanced-match/package.json", "Digest": "sha1:ef0a0d2fd68c3396309ab54ab08c5f8d362436ea" }, { "ID": "balanced-match@4.0.3", "Name": "balanced-match", "Identifier": { "PURL": "pkg:npm/balanced-match@4.0.3", "UID": "f8f7e91883437802", "BOMRef": "ae8488d5-60ad-4572-aac3-1a032a006126" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/balanced-match/package.json", "Digest": "sha1:fb009f4317830900dec690eb02028199685eed3a" }, { "ID": "balanced-match@4.0.3", "Name": "balanced-match", "Identifier": { "PURL": "pkg:npm/balanced-match@4.0.3", "UID": "263bfd5c5f650781", "BOMRef": "ef144688-da2f-4740-935d-370c2fb589ae" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/balanced-match/package.json", "Digest": "sha1:fb009f4317830900dec690eb02028199685eed3a" }, { "ID": "balanced-match@4.0.3", "Name": "balanced-match", "Identifier": { "PURL": "pkg:npm/balanced-match@4.0.3", "UID": "992dc68670737c61", "BOMRef": "efd92d6a-3248-404f-bde7-8394c011f51e" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/node_modules/balanced-match/package.json", "Digest": "sha1:fb009f4317830900dec690eb02028199685eed3a" }, { "ID": "balanced-match@4.0.3", "Name": "balanced-match", "Identifier": { "PURL": "pkg:npm/balanced-match@4.0.3", "UID": "2dc47591116166b0", "BOMRef": "a5d7406b-8d0d-4b54-bf2d-632c7cf66d2e" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/balanced-match/package.json", "Digest": "sha1:fb009f4317830900dec690eb02028199685eed3a" }, { "ID": "balanced-match@4.0.3", "Name": "balanced-match", "Identifier": { "PURL": "pkg:npm/balanced-match@4.0.3", "UID": "18aafe43dee87897", "BOMRef": "f6f47bbc-df50-43be-8070-2100d61c1bff" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/balanced-match/package.json", "Digest": "sha1:fb009f4317830900dec690eb02028199685eed3a" }, { "ID": "bin-links@5.0.0", "Name": "bin-links", "Identifier": { "PURL": "pkg:npm/bin-links@5.0.0", "UID": "eb8142327abaf504", "BOMRef": "pkg:npm/bin-links@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/bin-links/package.json", "Digest": "sha1:7d183a1e12f89adf8e1b38038a8b34f9be897f40" }, { "ID": "bin-links@6.0.0", "Name": "bin-links", "Identifier": { "PURL": "pkg:npm/bin-links@6.0.0", "UID": "be8201db89486926", "BOMRef": "pkg:npm/bin-links@6.0.0" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/bin-links/package.json", "Digest": "sha1:93d3777b34117955d6d5e16ab5342b65b8a21d46" }, { "ID": "binary-extensions@3.1.0", "Name": "binary-extensions", "Identifier": { "PURL": "pkg:npm/binary-extensions@3.1.0", "UID": "6cf87f29c69270c2", "BOMRef": "4444c5da-5e1f-4f8e-914b-6a6c0f4bd19d" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/binary-extensions/package.json", "Digest": "sha1:fd41784d905c4769ecd7a2045234bf3336b20240" }, { "ID": "binary-extensions@3.1.0", "Name": "binary-extensions", "Identifier": { "PURL": "pkg:npm/binary-extensions@3.1.0", "UID": "ee28414d4ff4ba2c", "BOMRef": "a4d643d2-ba49-4a6f-a2cb-89779fc1439f" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/binary-extensions/package.json", "Digest": "sha1:fd41784d905c4769ecd7a2045234bf3336b20240" }, { "ID": "brace-expansion@2.0.2", "Name": "brace-expansion", "Identifier": { "PURL": "pkg:npm/brace-expansion@2.0.2", "UID": "51360c077ec60cc8", "BOMRef": "pkg:npm/brace-expansion@2.0.2" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/brace-expansion/package.json", "Digest": "sha1:c2e8d8ccf674a808b63453e8432ae0f696375fbd" }, { "ID": "brace-expansion@5.0.2", "Name": "brace-expansion", "Identifier": { "PURL": "pkg:npm/brace-expansion@5.0.2", "UID": "f03840e2e7d35d2e", "BOMRef": "67aab44d-3660-4bed-a209-50e0c2e0ced6" }, "Version": "5.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/brace-expansion/package.json", "Digest": "sha1:c3c67d2688ba153c51e1a7bf161af9e306499cdf" }, { "ID": "brace-expansion@5.0.2", "Name": "brace-expansion", "Identifier": { "PURL": "pkg:npm/brace-expansion@5.0.2", "UID": "93f8f2d909c1f962", "BOMRef": "97098168-bdc6-41c2-98b6-5027a485d40f" }, "Version": "5.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/brace-expansion/package.json", "Digest": "sha1:c3c67d2688ba153c51e1a7bf161af9e306499cdf" }, { "ID": "brace-expansion@5.0.2", "Name": "brace-expansion", "Identifier": { "PURL": "pkg:npm/brace-expansion@5.0.2", "UID": "79a12c5d30fb35eb", "BOMRef": "99144d4b-5c98-4765-a062-7b867ae45d49" }, "Version": "5.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/node_modules/brace-expansion/package.json", "Digest": "sha1:c3c67d2688ba153c51e1a7bf161af9e306499cdf" }, { "ID": "brace-expansion@5.0.2", "Name": "brace-expansion", "Identifier": { "PURL": "pkg:npm/brace-expansion@5.0.2", "UID": "e419d45a9b193bbf", "BOMRef": "be779907-b76d-4913-879e-bdb4565c3ea9" }, "Version": "5.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/brace-expansion/package.json", "Digest": "sha1:c3c67d2688ba153c51e1a7bf161af9e306499cdf" }, { "ID": "brace-expansion@5.0.2", "Name": "brace-expansion", "Identifier": { "PURL": "pkg:npm/brace-expansion@5.0.2", "UID": "c5e2c0dbf894aa2e", "BOMRef": "a5067bdf-01d6-4c19-a98c-2c3b1af34520" }, "Version": "5.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/brace-expansion/package.json", "Digest": "sha1:c3c67d2688ba153c51e1a7bf161af9e306499cdf" }, { "ID": "cacache@19.0.1", "Name": "cacache", "Identifier": { "PURL": "pkg:npm/cacache@19.0.1", "UID": "207e1859a56d5730", "BOMRef": "pkg:npm/cacache@19.0.1" }, "Version": "19.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/cacache/package.json", "Digest": "sha1:4bfa58e7ac62a86d0f86b54faa34f063f3344a61" }, { "ID": "cacache@20.0.1", "Name": "cacache", "Identifier": { "PURL": "pkg:npm/cacache@20.0.1", "UID": "9f0358a2bfcad2c", "BOMRef": "pkg:npm/cacache@20.0.1" }, "Version": "20.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cacache/package.json", "Digest": "sha1:1680c258e907f8a5844f3ddfd9334de3825ebf84" }, { "ID": "cacache@20.0.3", "Name": "cacache", "Identifier": { "PURL": "pkg:npm/cacache@20.0.3", "UID": "d28af4c12125e4ea", "BOMRef": "pkg:npm/cacache@20.0.3" }, "Version": "20.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/cacache/package.json", "Digest": "sha1:794ddf6857b8e0a3ab5e8b853a874fedd196d468" }, { "ID": "chalk@5.6.2", "Name": "chalk", "Identifier": { "PURL": "pkg:npm/chalk@5.6.2", "UID": "d258515dfe860b4b", "BOMRef": "c2a19883-39cd-40d2-973a-096c3c45afb6" }, "Version": "5.6.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/chalk/package.json", "Digest": "sha1:468d2997b68c367664e82a1d1b8bc344c65a52f6" }, { "ID": "chalk@5.6.2", "Name": "chalk", "Identifier": { "PURL": "pkg:npm/chalk@5.6.2", "UID": "b1b8936a740f687a", "BOMRef": "c9e0a54a-c9f2-4a71-a4b8-a2147e0638f3" }, "Version": "5.6.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/chalk/package.json", "Digest": "sha1:468d2997b68c367664e82a1d1b8bc344c65a52f6" }, { "ID": "chownr@3.0.0", "Name": "chownr", "Identifier": { "PURL": "pkg:npm/chownr@3.0.0", "UID": "7b7f745de2b75147", "BOMRef": "ce0d73a8-d1a5-4cea-81c4-71bc1921ae0e" }, "Version": "3.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/chownr/package.json", "Digest": "sha1:fc7d452c2e7e9b57f311b04f8b5826656ccc8e1b" }, { "ID": "chownr@3.0.0", "Name": "chownr", "Identifier": { "PURL": "pkg:npm/chownr@3.0.0", "UID": "af00061184dd1ee6", "BOMRef": "e9b14593-5f74-4693-ba91-b4786aa8a89f" }, "Version": "3.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/node_modules/chownr/package.json", "Digest": "sha1:fc7d452c2e7e9b57f311b04f8b5826656ccc8e1b" }, { "ID": "chownr@3.0.0", "Name": "chownr", "Identifier": { "PURL": "pkg:npm/chownr@3.0.0", "UID": "22f0d9ba0be14ea4", "BOMRef": "eb15f63b-d3dc-445a-91e2-e26cdea327bd" }, "Version": "3.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/chownr/package.json", "Digest": "sha1:fc7d452c2e7e9b57f311b04f8b5826656ccc8e1b" }, { "ID": "chownr@3.0.0", "Name": "chownr", "Identifier": { "PURL": "pkg:npm/chownr@3.0.0", "UID": "11ac1b98abbba067", "BOMRef": "0d5135de-ae5d-496d-82bc-448b1e852c45" }, "Version": "3.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tar/node_modules/chownr/package.json", "Digest": "sha1:fc7d452c2e7e9b57f311b04f8b5826656ccc8e1b" }, { "ID": "chownr@3.0.0", "Name": "chownr", "Identifier": { "PURL": "pkg:npm/chownr@3.0.0", "UID": "bb87fb001bf563ff", "BOMRef": "0c5ad90f-12e2-440e-ab3b-57a164a948bf" }, "Version": "3.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/tar/node_modules/chownr/package.json", "Digest": "sha1:fc7d452c2e7e9b57f311b04f8b5826656ccc8e1b" }, { "ID": "ci-info@4.3.1", "Name": "ci-info", "Identifier": { "PURL": "pkg:npm/ci-info@4.3.1", "UID": "2999db8233aa2a71", "BOMRef": "pkg:npm/ci-info@4.3.1" }, "Version": "4.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ci-info/package.json", "Digest": "sha1:6b3b12a5534f6e76cb13a851250efc1bb7e5ff21" }, { "ID": "ci-info@4.4.0", "Name": "ci-info", "Identifier": { "PURL": "pkg:npm/ci-info@4.4.0", "UID": "dae6e7469f3a3055", "BOMRef": "pkg:npm/ci-info@4.4.0" }, "Version": "4.4.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/ci-info/package.json", "Digest": "sha1:e2623b66b993dca3177e444bd44a85376724c11d" }, { "ID": "cidr-regex@5.0.1", "Name": "cidr-regex", "Identifier": { "PURL": "pkg:npm/cidr-regex@5.0.1", "UID": "dc8ece5d02d20061", "BOMRef": "pkg:npm/cidr-regex@5.0.1" }, "Version": "5.0.1", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cidr-regex/package.json", "Digest": "sha1:472161dcb9eaebd9f280a0b36172ba21f93a9b86" }, { "ID": "cidr-regex@5.0.3", "Name": "cidr-regex", "Identifier": { "PURL": "pkg:npm/cidr-regex@5.0.3", "UID": "c8a06b41d6f4bb16", "BOMRef": "pkg:npm/cidr-regex@5.0.3" }, "Version": "5.0.3", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/cidr-regex/package.json", "Digest": "sha1:e6f201f195a92eda4aa01dca4b73641ac79e1d89" }, { "ID": "cli-columns@4.0.0", "Name": "cli-columns", "Identifier": { "PURL": "pkg:npm/cli-columns@4.0.0", "UID": "ff37652a48aab60f", "BOMRef": "pkg:npm/cli-columns@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cli-columns/package.json", "Digest": "sha1:06c7ce3d82ba512eafa34bab2566bcce77d4beb9" }, { "ID": "cmd-shim@7.0.0", "Name": "cmd-shim", "Identifier": { "PURL": "pkg:npm/cmd-shim@7.0.0", "UID": "383200eb2ff6ac1b", "BOMRef": "pkg:npm/cmd-shim@7.0.0" }, "Version": "7.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cmd-shim/package.json", "Digest": "sha1:31d3d08612d9deeb670d074f68fd539f1bc62080" }, { "ID": "cmd-shim@8.0.0", "Name": "cmd-shim", "Identifier": { "PURL": "pkg:npm/cmd-shim@8.0.0", "UID": "7789479b537d800d", "BOMRef": "pkg:npm/cmd-shim@8.0.0" }, "Version": "8.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/cmd-shim/package.json", "Digest": "sha1:bd1a460fd1e14f3dd73e03a0b21fc6e8bb60bfff" }, { "ID": "color-convert@2.0.1", "Name": "color-convert", "Identifier": { "PURL": "pkg:npm/color-convert@2.0.1", "UID": "248a08a9cfeec878", "BOMRef": "pkg:npm/color-convert@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/color-convert/package.json", "Digest": "sha1:03f26ab8597e0117b7ad15bcfa9f0b31c8375ea9" }, { "ID": "color-name@1.1.4", "Name": "color-name", "Identifier": { "PURL": "pkg:npm/color-name@1.1.4", "UID": "9b3e35b6f5b82add", "BOMRef": "pkg:npm/color-name@1.1.4" }, "Version": "1.1.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/color-name/package.json", "Digest": "sha1:411d7c87d5b1dec0d479aa13e3406b5c38ac34f5" }, { "ID": "common-ancestor-path@1.0.1", "Name": "common-ancestor-path", "Identifier": { "PURL": "pkg:npm/common-ancestor-path@1.0.1", "UID": "b5c09ab52a16a409", "BOMRef": "pkg:npm/common-ancestor-path@1.0.1" }, "Version": "1.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/common-ancestor-path/package.json", "Digest": "sha1:164a1acbc7cc3127c78c5da7b26667bf93b8b8c3" }, { "ID": "common-ancestor-path@2.0.0", "Name": "common-ancestor-path", "Identifier": { "PURL": "pkg:npm/common-ancestor-path@2.0.0", "UID": "5f00b5466ba9eee9", "BOMRef": "pkg:npm/common-ancestor-path@2.0.0" }, "Version": "2.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/common-ancestor-path/package.json", "Digest": "sha1:8036c99c2d18b8840dc4aa274be9fbe844e9e16f" }, { "ID": "corepack@0.34.5", "Name": "corepack", "Identifier": { "PURL": "pkg:npm/corepack@0.34.5", "UID": "c1c2ffd72fd44417", "BOMRef": "pkg:npm/corepack@0.34.5" }, "Version": "0.34.5", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/corepack/package.json", "Digest": "sha1:2c59efe8aa565dc3e10f82c7ab2d248e5d3e711f" }, { "ID": "cross-spawn@7.0.6", "Name": "cross-spawn", "Identifier": { "PURL": "pkg:npm/cross-spawn@7.0.6", "UID": "d789382a3771cf9e", "BOMRef": "ace851ec-e6dd-4320-90dc-1cd46f723738" }, "Version": "7.0.6", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cross-spawn/package.json", "Digest": "sha1:9becaa8ecb51ad9b303dd62369423cb9f287163a" }, { "ID": "cross-spawn@7.0.6", "Name": "cross-spawn", "Identifier": { "PURL": "pkg:npm/cross-spawn@7.0.6", "UID": "a2ed2c54e4782e4", "BOMRef": "85df6642-205a-4e77-ba74-976395a62c78" }, "Version": "7.0.6", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/cross-spawn/package.json", "Digest": "sha1:9becaa8ecb51ad9b303dd62369423cb9f287163a" }, { "ID": "cross-spawn@7.0.6", "Name": "cross-spawn", "Identifier": { "PURL": "pkg:npm/cross-spawn@7.0.6", "UID": "441db36f69598af1", "BOMRef": "6db04d18-5356-4418-a91c-e34608b259a7" }, "Version": "7.0.6", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/cross-spawn/package.json", "Digest": "sha1:9becaa8ecb51ad9b303dd62369423cb9f287163a" }, { "ID": "cross-spawn@7.0.6", "Name": "cross-spawn", "Identifier": { "PURL": "pkg:npm/cross-spawn@7.0.6", "UID": "ac92043d6051fc00", "BOMRef": "b68ed3a0-52fe-4525-bf35-011c0548bfb0" }, "Version": "7.0.6", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/node_modules/cross-spawn/package.json", "Digest": "sha1:9becaa8ecb51ad9b303dd62369423cb9f287163a" }, { "ID": "cross-spawn@7.0.6", "Name": "cross-spawn", "Identifier": { "PURL": "pkg:npm/cross-spawn@7.0.6", "UID": "a542245d977ac7ca", "BOMRef": "a10533ca-8bf4-447a-92c3-cf454bc1347d" }, "Version": "7.0.6", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/cross-spawn/package.json", "Digest": "sha1:9becaa8ecb51ad9b303dd62369423cb9f287163a" }, { "ID": "cssesc@3.0.0", "Name": "cssesc", "Identifier": { "PURL": "pkg:npm/cssesc@3.0.0", "UID": "77950fa5ce5f18b9", "BOMRef": "c1b16d01-c61f-4a9e-a14c-8e2b134884b7" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cssesc/package.json", "Digest": "sha1:3a37cece4f715e91ef0aed027baea0039bb20087" }, { "ID": "cssesc@3.0.0", "Name": "cssesc", "Identifier": { "PURL": "pkg:npm/cssesc@3.0.0", "UID": "4eccc87db2fd952f", "BOMRef": "bbcdd1ae-b97f-4e89-a802-fd3003ba1d7e" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/cssesc/package.json", "Digest": "sha1:3a37cece4f715e91ef0aed027baea0039bb20087" }, { "ID": "debug@4.4.3", "Name": "debug", "Identifier": { "PURL": "pkg:npm/debug@4.4.3", "UID": "ecfd005c8ab1665", "BOMRef": "25011a86-b4ba-4668-b5a1-595c40477812" }, "Version": "4.4.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/debug/package.json", "Digest": "sha1:f1c3de400f61581ce6d6d43f9ec4c456cb8017f7" }, { "ID": "debug@4.4.3", "Name": "debug", "Identifier": { "PURL": "pkg:npm/debug@4.4.3", "UID": "e171cf4146a771b5", "BOMRef": "7dbe74f6-f08f-4ec0-b4ed-268fa240bfdc" }, "Version": "4.4.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/debug/package.json", "Digest": "sha1:f1c3de400f61581ce6d6d43f9ec4c456cb8017f7" }, { "ID": "diff@8.0.2", "Name": "diff", "Identifier": { "PURL": "pkg:npm/diff@8.0.2", "UID": "4e61212ff3ef82a7", "BOMRef": "pkg:npm/diff@8.0.2" }, "Version": "8.0.2", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/diff/package.json", "Digest": "sha1:719cc8a399073fae18f522fc26e7058f2048cd43" }, { "ID": "diff@8.0.3", "Name": "diff", "Identifier": { "PURL": "pkg:npm/diff@8.0.3", "UID": "3f00e4ae78ecfe2f", "BOMRef": "pkg:npm/diff@8.0.3" }, "Version": "8.0.3", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/diff/package.json", "Digest": "sha1:ee7acad3ce516cc674e0a88afbb6964bb88e355d" }, { "ID": "eastasianwidth@0.2.0", "Name": "eastasianwidth", "Identifier": { "PURL": "pkg:npm/eastasianwidth@0.2.0", "UID": "afdbdd426631acb4", "BOMRef": "pkg:npm/eastasianwidth@0.2.0" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/eastasianwidth/package.json", "Digest": "sha1:c3bff6d91fcbc648b17edd5f8e37bac1f47485a4" }, { "ID": "emoji-regex@8.0.0", "Name": "emoji-regex", "Identifier": { "PURL": "pkg:npm/emoji-regex@8.0.0", "UID": "5bc5a17d6c54fd30", "BOMRef": "pkg:npm/emoji-regex@8.0.0" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/emoji-regex/package.json", "Digest": "sha1:c26fe90da5886724a2676b8e3d5890beeacaad20" }, { "ID": "emoji-regex@9.2.2", "Name": "emoji-regex", "Identifier": { "PURL": "pkg:npm/emoji-regex@9.2.2", "UID": "a96db3d5f6686343", "BOMRef": "c40fc8ff-570f-4d64-ae5a-d7d436e7b4aa" }, "Version": "9.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/cliui/node_modules/emoji-regex/package.json", "Digest": "sha1:238c48183550d02ab5c0dd37e13d57006dce640a" }, { "ID": "emoji-regex@9.2.2", "Name": "emoji-regex", "Identifier": { "PURL": "pkg:npm/emoji-regex@9.2.2", "UID": "8e84249ba5a71d6", "BOMRef": "4d251e73-8708-420a-8b68-ee8b8950362a" }, "Version": "9.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi/node_modules/emoji-regex/package.json", "Digest": "sha1:238c48183550d02ab5c0dd37e13d57006dce640a" }, { "ID": "encoding@0.1.13", "Name": "encoding", "Identifier": { "PURL": "pkg:npm/encoding@0.1.13", "UID": "c7ea55b3c1569fe9", "BOMRef": "bbc25bd7-4e8c-42f2-852d-51d365902de7" }, "Version": "0.1.13", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/encoding/package.json", "Digest": "sha1:52b117f2bc3113970224b9dc97b7fc18f7df30ab" }, { "ID": "encoding@0.1.13", "Name": "encoding", "Identifier": { "PURL": "pkg:npm/encoding@0.1.13", "UID": "e8a3939307ccfb17", "BOMRef": "0d850c76-99c2-4999-90d0-cfdf25348dee" }, "Version": "0.1.13", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/encoding/package.json", "Digest": "sha1:52b117f2bc3113970224b9dc97b7fc18f7df30ab" }, { "ID": "env-paths@2.2.1", "Name": "env-paths", "Identifier": { "PURL": "pkg:npm/env-paths@2.2.1", "UID": "3881de7fcb5ad711", "BOMRef": "7e89155e-284c-46d6-b6bd-11eae439cb1b" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/env-paths/package.json", "Digest": "sha1:b5b570f41c1d3e8f251fd06d075cefea4a3449a9" }, { "ID": "env-paths@2.2.1", "Name": "env-paths", "Identifier": { "PURL": "pkg:npm/env-paths@2.2.1", "UID": "af0bd61f2aaa786e", "BOMRef": "4ddcf97e-7948-4efc-bc7d-df747958ba94" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/env-paths/package.json", "Digest": "sha1:b5b570f41c1d3e8f251fd06d075cefea4a3449a9" }, { "ID": "err-code@2.0.3", "Name": "err-code", "Identifier": { "PURL": "pkg:npm/err-code@2.0.3", "UID": "c1cb8a877a0c8721", "BOMRef": "fbd95ce0-f43e-499b-ac68-9310645f84c8" }, "Version": "2.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/err-code/package.json", "Digest": "sha1:5c7bc63340bc312d1563bb2b369e333e1165ab04" }, { "ID": "err-code@2.0.3", "Name": "err-code", "Identifier": { "PURL": "pkg:npm/err-code@2.0.3", "UID": "133915a96d4658b9", "BOMRef": "788c8366-f4d9-45fc-b87b-be88aa26e685" }, "Version": "2.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/err-code/package.json", "Digest": "sha1:5c7bc63340bc312d1563bb2b369e333e1165ab04" }, { "ID": "exponential-backoff@3.1.2", "Name": "exponential-backoff", "Identifier": { "PURL": "pkg:npm/exponential-backoff@3.1.2", "UID": "a1fe6362f3e682d4", "BOMRef": "pkg:npm/exponential-backoff@3.1.2" }, "Version": "3.1.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/exponential-backoff/package.json", "Digest": "sha1:af54bb38a82b5a0d058c722fac83b3bf91fff3f5" }, { "ID": "exponential-backoff@3.1.3", "Name": "exponential-backoff", "Identifier": { "PURL": "pkg:npm/exponential-backoff@3.1.3", "UID": "ada31b630f01310", "BOMRef": "pkg:npm/exponential-backoff@3.1.3" }, "Version": "3.1.3", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/exponential-backoff/package.json", "Digest": "sha1:ad6dedac96b4754817f15c7f62c6b1d72fa249fe" }, { "ID": "fastest-levenshtein@1.0.16", "Name": "fastest-levenshtein", "Identifier": { "PURL": "pkg:npm/fastest-levenshtein@1.0.16", "UID": "669fc67a6fb9c2c5", "BOMRef": "c5cff7ec-0bbe-45cf-b016-b2309d93f242" }, "Version": "1.0.16", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/fastest-levenshtein/package.json", "Digest": "sha1:3aca1160ba8ff112a40cdfd2c860a5d6cd689391" }, { "ID": "fastest-levenshtein@1.0.16", "Name": "fastest-levenshtein", "Identifier": { "PURL": "pkg:npm/fastest-levenshtein@1.0.16", "UID": "f0471982ce554c6c", "BOMRef": "18eadfa5-cbab-4c46-b65e-6fece8fbcdfe" }, "Version": "1.0.16", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/fastest-levenshtein/package.json", "Digest": "sha1:3aca1160ba8ff112a40cdfd2c860a5d6cd689391" }, { "ID": "fdir@6.5.0", "Name": "fdir", "Identifier": { "PURL": "pkg:npm/fdir@6.5.0", "UID": "66eafc45e8c78f62", "BOMRef": "20680e44-e10e-4c77-a698-76ec5ec89eeb" }, "Version": "6.5.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tinyglobby/node_modules/fdir/package.json", "Digest": "sha1:87c30edff77dd2a0847ac92b0a76837682d64eb2" }, { "ID": "fdir@6.5.0", "Name": "fdir", "Identifier": { "PURL": "pkg:npm/fdir@6.5.0", "UID": "5de2775f3596a265", "BOMRef": "28714db9-0e05-4fb3-86a4-2db236c1ba05" }, "Version": "6.5.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tinyglobby/node_modules/fdir/package.json", "Digest": "sha1:87c30edff77dd2a0847ac92b0a76837682d64eb2" }, { "ID": "foreground-child@3.3.1", "Name": "foreground-child", "Identifier": { "PURL": "pkg:npm/foreground-child@3.3.1", "UID": "887faba0ec47facd", "BOMRef": "07d25931-2409-4096-9ce9-1d5e1e3604d6" }, "Version": "3.3.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/foreground-child/package.json", "Digest": "sha1:ca2af14071df0e6084e5797f9fbcf179d51f9e5d" }, { "ID": "foreground-child@3.3.1", "Name": "foreground-child", "Identifier": { "PURL": "pkg:npm/foreground-child@3.3.1", "UID": "3c12b50b9c1dfc57", "BOMRef": "4bdea3d8-a5a8-4a4d-8e18-bd74aaabd5a3" }, "Version": "3.3.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/foreground-child/package.json", "Digest": "sha1:ca2af14071df0e6084e5797f9fbcf179d51f9e5d" }, { "ID": "foreground-child@3.3.1", "Name": "foreground-child", "Identifier": { "PURL": "pkg:npm/foreground-child@3.3.1", "UID": "9712370beebe4955", "BOMRef": "58057075-750c-4df1-a55c-4aa42f483111" }, "Version": "3.3.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/foreground-child/package.json", "Digest": "sha1:ca2af14071df0e6084e5797f9fbcf179d51f9e5d" }, { "ID": "foreground-child@3.3.1", "Name": "foreground-child", "Identifier": { "PURL": "pkg:npm/foreground-child@3.3.1", "UID": "7f0b5c6c8fd65f83", "BOMRef": "5f2f581c-a538-423d-96aa-5c986ce89713" }, "Version": "3.3.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/node_modules/foreground-child/package.json", "Digest": "sha1:ca2af14071df0e6084e5797f9fbcf179d51f9e5d" }, { "ID": "foreground-child@3.3.1", "Name": "foreground-child", "Identifier": { "PURL": "pkg:npm/foreground-child@3.3.1", "UID": "1596729a672f4cd5", "BOMRef": "9ee92457-d763-4a14-a9fc-5f34f1d650b7" }, "Version": "3.3.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/foreground-child/package.json", "Digest": "sha1:ca2af14071df0e6084e5797f9fbcf179d51f9e5d" }, { "ID": "fs-minipass@3.0.3", "Name": "fs-minipass", "Identifier": { "PURL": "pkg:npm/fs-minipass@3.0.3", "UID": "e026a3e51da025e3", "BOMRef": "53af1422-7301-483c-a004-daca9f845f4b" }, "Version": "3.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/fs-minipass/package.json", "Digest": "sha1:2e472ead48322dd560133d10f39db20ee5e3fae1" }, { "ID": "fs-minipass@3.0.3", "Name": "fs-minipass", "Identifier": { "PURL": "pkg:npm/fs-minipass@3.0.3", "UID": "6f9096ec0d88b54b", "BOMRef": "1d994fcd-adfd-4a08-b4d9-bb850cbbcb08" }, "Version": "3.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/fs-minipass/package.json", "Digest": "sha1:2e472ead48322dd560133d10f39db20ee5e3fae1" }, { "ID": "glob@11.1.0", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@11.1.0", "UID": "178aea04b81a133", "BOMRef": "b9a30b3d-d153-4119-b1f8-ce7bd295d05c" }, "Version": "11.1.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/package.json", "Digest": "sha1:9ce880ebacb6a4fc8ce706b0c4e165a74a4810a6" }, { "ID": "glob@11.1.0", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@11.1.0", "UID": "fe3bceede65c5e29", "BOMRef": "4a74f1e6-f8ef-45b2-83e8-fea275c1f161" }, "Version": "11.1.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/package.json", "Digest": "sha1:9ce880ebacb6a4fc8ce706b0c4e165a74a4810a6" }, { "ID": "glob@11.1.0", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@11.1.0", "UID": "4e44fb5b899b6e8e", "BOMRef": "bf82cf8e-0c58-46bd-9d34-79db35ad526a" }, "Version": "11.1.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/package.json", "Digest": "sha1:9ce880ebacb6a4fc8ce706b0c4e165a74a4810a6" }, { "ID": "glob@11.1.0", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@11.1.0", "UID": "8ac118442d3e4e23", "BOMRef": "cba00af1-81f1-4977-90aa-77ad6440ccd1" }, "Version": "11.1.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/package.json", "Digest": "sha1:9ce880ebacb6a4fc8ce706b0c4e165a74a4810a6" }, { "ID": "graceful-fs@4.2.11", "Name": "graceful-fs", "Identifier": { "PURL": "pkg:npm/graceful-fs@4.2.11", "UID": "fefe48b9ada2e803", "BOMRef": "b6de713d-4800-4403-a0f8-a4bc461037cf" }, "Version": "4.2.11", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/graceful-fs/package.json", "Digest": "sha1:21a733b3f7e2ee153041de90fb03d5596934f346" }, { "ID": "graceful-fs@4.2.11", "Name": "graceful-fs", "Identifier": { "PURL": "pkg:npm/graceful-fs@4.2.11", "UID": "e57d62cc361e7078", "BOMRef": "cf72c09e-ba2d-40d4-8562-61ef8c1274f6" }, "Version": "4.2.11", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/graceful-fs/package.json", "Digest": "sha1:21a733b3f7e2ee153041de90fb03d5596934f346" }, { "ID": "hosted-git-info@9.0.2", "Name": "hosted-git-info", "Identifier": { "PURL": "pkg:npm/hosted-git-info@9.0.2", "UID": "b99b7f3afdea36bf", "BOMRef": "9ff3d67a-37d9-4855-bd85-3c835c5f08a9" }, "Version": "9.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/hosted-git-info/package.json", "Digest": "sha1:bd2953244687bfff7fdc74a3798a66119f64428e" }, { "ID": "hosted-git-info@9.0.2", "Name": "hosted-git-info", "Identifier": { "PURL": "pkg:npm/hosted-git-info@9.0.2", "UID": "4116d5bc7b3e1e0a", "BOMRef": "99533b56-6526-47b5-b49b-3e1d5f55c1c3" }, "Version": "9.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/hosted-git-info/package.json", "Digest": "sha1:bd2953244687bfff7fdc74a3798a66119f64428e" }, { "ID": "http-cache-semantics@4.2.0", "Name": "http-cache-semantics", "Identifier": { "PURL": "pkg:npm/http-cache-semantics@4.2.0", "UID": "74144b7ff105a2ef", "BOMRef": "77534d28-39e0-4e9f-8e88-9e9da2f03cdb" }, "Version": "4.2.0", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/http-cache-semantics/package.json", "Digest": "sha1:563b0d8af1a9641083e8f6cefbf4259fa845e7ca" }, { "ID": "http-cache-semantics@4.2.0", "Name": "http-cache-semantics", "Identifier": { "PURL": "pkg:npm/http-cache-semantics@4.2.0", "UID": "61cb452f71eab34f", "BOMRef": "6d1aafa9-cbfe-4144-a497-0e20a5929088" }, "Version": "4.2.0", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/http-cache-semantics/package.json", "Digest": "sha1:563b0d8af1a9641083e8f6cefbf4259fa845e7ca" }, { "ID": "http-proxy-agent@7.0.2", "Name": "http-proxy-agent", "Identifier": { "PURL": "pkg:npm/http-proxy-agent@7.0.2", "UID": "cbd8ae04d4e5c809", "BOMRef": "9b88ca63-1890-416f-b264-109a0c006cf4" }, "Version": "7.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/http-proxy-agent/package.json", "Digest": "sha1:f8b2b2bf2f3e2f8491496f9efe80b96442a803a9" }, { "ID": "http-proxy-agent@7.0.2", "Name": "http-proxy-agent", "Identifier": { "PURL": "pkg:npm/http-proxy-agent@7.0.2", "UID": "e47e2a01b04db429", "BOMRef": "17c8feb3-c25c-4b9f-ad96-8d520aa60dae" }, "Version": "7.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/http-proxy-agent/package.json", "Digest": "sha1:f8b2b2bf2f3e2f8491496f9efe80b96442a803a9" }, { "ID": "https-proxy-agent@7.0.6", "Name": "https-proxy-agent", "Identifier": { "PURL": "pkg:npm/https-proxy-agent@7.0.6", "UID": "d4ca17683c28c866", "BOMRef": "6a4d934c-62ea-4990-9efb-f416675631bd" }, "Version": "7.0.6", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/https-proxy-agent/package.json", "Digest": "sha1:17ea193ab8be5c579a2d10e9a13bff389858f7e8" }, { "ID": "https-proxy-agent@7.0.6", "Name": "https-proxy-agent", "Identifier": { "PURL": "pkg:npm/https-proxy-agent@7.0.6", "UID": "56eb295af23c5373", "BOMRef": "66d00c30-882d-45cb-9782-4fc89be15047" }, "Version": "7.0.6", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/https-proxy-agent/package.json", "Digest": "sha1:17ea193ab8be5c579a2d10e9a13bff389858f7e8" }, { "ID": "iconv-lite@0.6.3", "Name": "iconv-lite", "Identifier": { "PURL": "pkg:npm/iconv-lite@0.6.3", "UID": "b1dbcfaef465a25e", "BOMRef": "c3bda6cb-eba6-4118-bcf0-b72dd7591cae" }, "Version": "0.6.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/iconv-lite/package.json", "Digest": "sha1:a3d90badf75db503f5dd3ff3fb76d120d1424978" }, { "ID": "iconv-lite@0.6.3", "Name": "iconv-lite", "Identifier": { "PURL": "pkg:npm/iconv-lite@0.6.3", "UID": "2dcf1afa6b883cdb", "BOMRef": "ae83b706-ccaf-44f4-83c6-fa1a4ca36eb5" }, "Version": "0.6.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/iconv-lite/package.json", "Digest": "sha1:a3d90badf75db503f5dd3ff3fb76d120d1424978" }, { "ID": "ignore-walk@8.0.0", "Name": "ignore-walk", "Identifier": { "PURL": "pkg:npm/ignore-walk@8.0.0", "UID": "fb51b2f67f5789a8", "BOMRef": "86110bc7-d846-41c1-8293-84f27c53436c" }, "Version": "8.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ignore-walk/package.json", "Digest": "sha1:48b090250976a784406de6d243cb8221ac357a08" }, { "ID": "ignore-walk@8.0.0", "Name": "ignore-walk", "Identifier": { "PURL": "pkg:npm/ignore-walk@8.0.0", "UID": "ab675c6c0d17526b", "BOMRef": "09a68764-1e9b-4bf9-89d3-a2d4634e2882" }, "Version": "8.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/ignore-walk/package.json", "Digest": "sha1:48b090250976a784406de6d243cb8221ac357a08" }, { "ID": "imurmurhash@0.1.4", "Name": "imurmurhash", "Identifier": { "PURL": "pkg:npm/imurmurhash@0.1.4", "UID": "38aac82a1a34907b", "BOMRef": "74a636c4-5928-4a06-96ba-2c51d6faf6dd" }, "Version": "0.1.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/imurmurhash/package.json", "Digest": "sha1:a28f2b413385af4188c4fc0ad1e0c38c2cd03cf4" }, { "ID": "imurmurhash@0.1.4", "Name": "imurmurhash", "Identifier": { "PURL": "pkg:npm/imurmurhash@0.1.4", "UID": "52fbf9fd5b0bdef8", "BOMRef": "83de4530-8c37-4e4a-9775-b0b6f274d7e3" }, "Version": "0.1.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/imurmurhash/package.json", "Digest": "sha1:a28f2b413385af4188c4fc0ad1e0c38c2cd03cf4" }, { "ID": "ini@5.0.0", "Name": "ini", "Identifier": { "PURL": "pkg:npm/ini@5.0.0", "UID": "27db5fc36013ef39", "BOMRef": "pkg:npm/ini@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ini/package.json", "Digest": "sha1:6f82de9e6ee727a4e745446e6687d6dc4a13bc0f" }, { "ID": "ini@6.0.0", "Name": "ini", "Identifier": { "PURL": "pkg:npm/ini@6.0.0", "UID": "931b21ee6ce5ac85", "BOMRef": "pkg:npm/ini@6.0.0" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/ini/package.json", "Digest": "sha1:5edfb581604a00537da0213d0168236a05a49bf5" }, { "ID": "init-package-json@8.2.2", "Name": "init-package-json", "Identifier": { "PURL": "pkg:npm/init-package-json@8.2.2", "UID": "efdb8f936b15a045", "BOMRef": "pkg:npm/init-package-json@8.2.2" }, "Version": "8.2.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/init-package-json/package.json", "Digest": "sha1:fd90752e9caf5c625bc4f238dd7498c6e759f0a8" }, { "ID": "init-package-json@8.2.5", "Name": "init-package-json", "Identifier": { "PURL": "pkg:npm/init-package-json@8.2.5", "UID": "228f3005830b46ad", "BOMRef": "pkg:npm/init-package-json@8.2.5" }, "Version": "8.2.5", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/init-package-json/package.json", "Digest": "sha1:135bdc6d9e7c3b4f96681fa03c2de7f644275cae" }, { "ID": "ip-address@10.0.1", "Name": "ip-address", "Identifier": { "PURL": "pkg:npm/ip-address@10.0.1", "UID": "9cc396bb5d8b5769", "BOMRef": "pkg:npm/ip-address@10.0.1" }, "Version": "10.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ip-address/package.json", "Digest": "sha1:c08d23fa891935fb24a5e1a07334197e8974138a" }, { "ID": "ip-address@10.1.0", "Name": "ip-address", "Identifier": { "PURL": "pkg:npm/ip-address@10.1.0", "UID": "a112eb13e025016b", "BOMRef": "pkg:npm/ip-address@10.1.0" }, "Version": "10.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/ip-address/package.json", "Digest": "sha1:191d8a246dac65b7bb2707c1b08770812e9024e6" }, { "ID": "ip-regex@5.0.0", "Name": "ip-regex", "Identifier": { "PURL": "pkg:npm/ip-regex@5.0.0", "UID": "9c9eccd5148051f0", "BOMRef": "pkg:npm/ip-regex@5.0.0" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ip-regex/package.json", "Digest": "sha1:e3ebe61a5855188e86da90f29b0ea8c44793b9f0" }, { "ID": "is-cidr@6.0.1", "Name": "is-cidr", "Identifier": { "PURL": "pkg:npm/is-cidr@6.0.1", "UID": "809d979af784ea8", "BOMRef": "pkg:npm/is-cidr@6.0.1" }, "Version": "6.0.1", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/is-cidr/package.json", "Digest": "sha1:7ae4aacf966b4f49bd609909796a7700fd8e877d" }, { "ID": "is-cidr@6.0.3", "Name": "is-cidr", "Identifier": { "PURL": "pkg:npm/is-cidr@6.0.3", "UID": "724985bee38f5606", "BOMRef": "pkg:npm/is-cidr@6.0.3" }, "Version": "6.0.3", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/is-cidr/package.json", "Digest": "sha1:1542d8b025df8f5b8246fdc01f4fe37c5a065a31" }, { "ID": "is-fullwidth-code-point@3.0.0", "Name": "is-fullwidth-code-point", "Identifier": { "PURL": "pkg:npm/is-fullwidth-code-point@3.0.0", "UID": "10da83ef5ce8972a", "BOMRef": "pkg:npm/is-fullwidth-code-point@3.0.0" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/is-fullwidth-code-point/package.json", "Digest": "sha1:49dbcba3eb3e3cba5b97bce28eb6194775d23c88" }, { "ID": "isexe@2.0.0", "Name": "isexe", "Identifier": { "PURL": "pkg:npm/isexe@2.0.0", "UID": "931c969f79af8296", "BOMRef": "8c2aadb9-cce1-496f-bbc6-affdf7cf971e" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cross-spawn/node_modules/isexe/package.json", "Digest": "sha1:3b3eab80c4ffd08eef6b3381b98de7be3649d06b" }, { "ID": "isexe@2.0.0", "Name": "isexe", "Identifier": { "PURL": "pkg:npm/isexe@2.0.0", "UID": "4b017e5245d174fe", "BOMRef": "2faa0bb7-834d-4a58-b595-ea00c9febc5c" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/isexe/package.json", "Digest": "sha1:3b3eab80c4ffd08eef6b3381b98de7be3649d06b" }, { "ID": "isexe@2.0.0", "Name": "isexe", "Identifier": { "PURL": "pkg:npm/isexe@2.0.0", "UID": "614fa3af40e9f2a8", "BOMRef": "fbd4f459-6ebc-43b7-997b-410ed1185fb2" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/isexe/package.json", "Digest": "sha1:3b3eab80c4ffd08eef6b3381b98de7be3649d06b" }, { "ID": "isexe@2.0.0", "Name": "isexe", "Identifier": { "PURL": "pkg:npm/isexe@2.0.0", "UID": "dc23d616649a60e2", "BOMRef": "68b6b80e-41b7-494c-9814-5b2793443dfa" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/node_modules/isexe/package.json", "Digest": "sha1:3b3eab80c4ffd08eef6b3381b98de7be3649d06b" }, { "ID": "isexe@2.0.0", "Name": "isexe", "Identifier": { "PURL": "pkg:npm/isexe@2.0.0", "UID": "432b1c7a7a12aeb1", "BOMRef": "439fb6e7-30cd-4bd7-9601-c2e5d964b6b3" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/isexe/package.json", "Digest": "sha1:3b3eab80c4ffd08eef6b3381b98de7be3649d06b" }, { "ID": "isexe@3.1.1", "Name": "isexe", "Identifier": { "PURL": "pkg:npm/isexe@3.1.1", "UID": "206883cca1b7976b", "BOMRef": "pkg:npm/isexe@3.1.1" }, "Version": "3.1.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/isexe/package.json", "Digest": "sha1:33fc88b1f05370bb6518291c601cf96cfcafdc3b" }, { "ID": "isexe@4.0.0", "Name": "isexe", "Identifier": { "PURL": "pkg:npm/isexe@4.0.0", "UID": "c3444edfd210ca7c", "BOMRef": "pkg:npm/isexe@4.0.0" }, "Version": "4.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/isexe/package.json", "Digest": "sha1:66620ebb413146985b58e32e2fb7007a46903867" }, { "ID": "jackspeak@3.4.3", "Name": "jackspeak", "Identifier": { "PURL": "pkg:npm/jackspeak@3.4.3", "UID": "e7c234debe9ff3cd", "BOMRef": "pkg:npm/jackspeak@3.4.3" }, "Version": "3.4.3", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/jackspeak/package.json", "Digest": "sha1:15e15f7f7565d0a355be813b2e68eb35e65102a5" }, { "ID": "jackspeak@4.1.1", "Name": "jackspeak", "Identifier": { "PURL": "pkg:npm/jackspeak@4.1.1", "UID": "ffad96261e7979e6", "BOMRef": "pkg:npm/jackspeak@4.1.1" }, "Version": "4.1.1", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/jackspeak/package.json", "Digest": "sha1:8997e3643b1400526da8981a9f1ed0bc41a60261" }, { "ID": "jackspeak@4.2.3", "Name": "jackspeak", "Identifier": { "PURL": "pkg:npm/jackspeak@4.2.3", "UID": "bbbf79a47deb4da5", "BOMRef": "c84a6c22-18fd-461d-97a1-1e0663ffb0cf" }, "Version": "4.2.3", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/jackspeak/package.json", "Digest": "sha1:45d9816050ff7a6de553a418f4a0038a406fe991" }, { "ID": "jackspeak@4.2.3", "Name": "jackspeak", "Identifier": { "PURL": "pkg:npm/jackspeak@4.2.3", "UID": "613760170789f2aa", "BOMRef": "69f32fb4-8a31-4dc8-9caa-2e6048e88234" }, "Version": "4.2.3", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/jackspeak/package.json", "Digest": "sha1:45d9816050ff7a6de553a418f4a0038a406fe991" }, { "ID": "jackspeak@4.2.3", "Name": "jackspeak", "Identifier": { "PURL": "pkg:npm/jackspeak@4.2.3", "UID": "6398cdeaf6233e8", "BOMRef": "b4f93308-2cdd-4407-ba9a-c4a5f88cfa74" }, "Version": "4.2.3", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/node_modules/jackspeak/package.json", "Digest": "sha1:45d9816050ff7a6de553a418f4a0038a406fe991" }, { "ID": "jackspeak@4.2.3", "Name": "jackspeak", "Identifier": { "PURL": "pkg:npm/jackspeak@4.2.3", "UID": "59eba819451a53c", "BOMRef": "977ff2d8-572c-4e0f-8a1c-3ca0d9849d4f" }, "Version": "4.2.3", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/jackspeak/package.json", "Digest": "sha1:45d9816050ff7a6de553a418f4a0038a406fe991" }, { "ID": "json-parse-even-better-errors@4.0.0", "Name": "json-parse-even-better-errors", "Identifier": { "PURL": "pkg:npm/json-parse-even-better-errors@4.0.0", "UID": "46f5d0554e894193", "BOMRef": "pkg:npm/json-parse-even-better-errors@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/json-parse-even-better-errors/package.json", "Digest": "sha1:6fb81ff6b422e2dd97dbd03d6095016aa7a4317e" }, { "ID": "json-parse-even-better-errors@5.0.0", "Name": "json-parse-even-better-errors", "Identifier": { "PURL": "pkg:npm/json-parse-even-better-errors@5.0.0", "UID": "cdb4de5e0c4ae960", "BOMRef": "pkg:npm/json-parse-even-better-errors@5.0.0" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/json-parse-even-better-errors/package.json", "Digest": "sha1:27231975ccc2498cb184ae3e74122f2427ba1a5a" }, { "ID": "json-stringify-nice@1.1.4", "Name": "json-stringify-nice", "Identifier": { "PURL": "pkg:npm/json-stringify-nice@1.1.4", "UID": "ba29828b9ff80f88", "BOMRef": "d07b07ad-5337-43b8-bc85-4971f0589984" }, "Version": "1.1.4", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/json-stringify-nice/package.json", "Digest": "sha1:adef02a4345a493535ccb990b09f850508ae516f" }, { "ID": "json-stringify-nice@1.1.4", "Name": "json-stringify-nice", "Identifier": { "PURL": "pkg:npm/json-stringify-nice@1.1.4", "UID": "cebe51af132cee34", "BOMRef": "12cf0020-d3e5-40dd-9e3d-71fb66a77583" }, "Version": "1.1.4", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/json-stringify-nice/package.json", "Digest": "sha1:adef02a4345a493535ccb990b09f850508ae516f" }, { "ID": "jsonparse@1.3.1", "Name": "jsonparse", "Identifier": { "PURL": "pkg:npm/jsonparse@1.3.1", "UID": "22f773e54905be1e", "BOMRef": "c3f2c49b-b250-4594-8f71-7cf9b29c4be1" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/jsonparse/package.json", "Digest": "sha1:ec0bb766bf32ebd53d835393da006bb834a663fd" }, { "ID": "jsonparse@1.3.1", "Name": "jsonparse", "Identifier": { "PURL": "pkg:npm/jsonparse@1.3.1", "UID": "3d26931640f2fff2", "BOMRef": "e4007f71-1e2b-4aee-b464-e90c3a323780" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/jsonparse/package.json", "Digest": "sha1:ec0bb766bf32ebd53d835393da006bb834a663fd" }, { "ID": "just-diff@6.0.2", "Name": "just-diff", "Identifier": { "PURL": "pkg:npm/just-diff@6.0.2", "UID": "9b0dd54d08abdde0", "BOMRef": "19c0046c-1a32-4c6f-8e2b-d5477996f19a" }, "Version": "6.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/just-diff/package.json", "Digest": "sha1:396a274e87b3ad6a3704a76cf18fbb2a9dd45ada" }, { "ID": "just-diff@6.0.2", "Name": "just-diff", "Identifier": { "PURL": "pkg:npm/just-diff@6.0.2", "UID": "3c24bfd43644e7d0", "BOMRef": "90f4eef9-e375-4fb5-8f42-c0b5de1f745d" }, "Version": "6.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/just-diff/package.json", "Digest": "sha1:396a274e87b3ad6a3704a76cf18fbb2a9dd45ada" }, { "ID": "just-diff-apply@5.5.0", "Name": "just-diff-apply", "Identifier": { "PURL": "pkg:npm/just-diff-apply@5.5.0", "UID": "30e33411a23feca0", "BOMRef": "fff0f00b-c49a-45a2-a865-a1878261c961" }, "Version": "5.5.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/just-diff-apply/package.json", "Digest": "sha1:26d39d00f0fc1ddfe4974dbe69691f9c09ad9036" }, { "ID": "just-diff-apply@5.5.0", "Name": "just-diff-apply", "Identifier": { "PURL": "pkg:npm/just-diff-apply@5.5.0", "UID": "2c225931718491c8", "BOMRef": "f8fc57ab-5885-4488-b4a7-9c0044b33a1f" }, "Version": "5.5.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/just-diff-apply/package.json", "Digest": "sha1:26d39d00f0fc1ddfe4974dbe69691f9c09ad9036" }, { "ID": "libnpmaccess@10.0.3", "Name": "libnpmaccess", "Identifier": { "PURL": "pkg:npm/libnpmaccess@10.0.3", "UID": "b33a830f5972154c", "BOMRef": "7b1b2bcc-23d7-47c0-bfc6-35613134ddf5" }, "Version": "10.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmaccess/package.json", "Digest": "sha1:c1d01036aa963e18b715c0bf3ec1bdad5d39d0be" }, { "ID": "libnpmaccess@10.0.3", "Name": "libnpmaccess", "Identifier": { "PURL": "pkg:npm/libnpmaccess@10.0.3", "UID": "875b534bf3cebaac", "BOMRef": "ec6db325-1b0b-431e-a958-106f66dae1a5" }, "Version": "10.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmaccess/package.json", "Digest": "sha1:88716dc0d2d84c458e7f30e99f7e99188bef59b2" }, { "ID": "libnpmdiff@8.0.9", "Name": "libnpmdiff", "Identifier": { "PURL": "pkg:npm/libnpmdiff@8.0.9", "UID": "5589ab8d82848d63", "BOMRef": "pkg:npm/libnpmdiff@8.0.9" }, "Version": "8.0.9", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmdiff/package.json", "Digest": "sha1:08529ea2d28cea59a474b7a9b8d07dfd33842d72" }, { "ID": "libnpmdiff@8.1.2", "Name": "libnpmdiff", "Identifier": { "PURL": "pkg:npm/libnpmdiff@8.1.2", "UID": "b2bf8d1172b991ac", "BOMRef": "pkg:npm/libnpmdiff@8.1.2" }, "Version": "8.1.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmdiff/package.json", "Digest": "sha1:e5a1410ce471565a672e7f521579c83f17e21351" }, { "ID": "libnpmexec@10.1.8", "Name": "libnpmexec", "Identifier": { "PURL": "pkg:npm/libnpmexec@10.1.8", "UID": "32a861e7fad69fc2", "BOMRef": "pkg:npm/libnpmexec@10.1.8" }, "Version": "10.1.8", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmexec/package.json", "Digest": "sha1:42067a230f8087be6622933bc2204beb43c65053" }, { "ID": "libnpmexec@10.2.2", "Name": "libnpmexec", "Identifier": { "PURL": "pkg:npm/libnpmexec@10.2.2", "UID": "fd65c90a6ac67cd6", "BOMRef": "pkg:npm/libnpmexec@10.2.2" }, "Version": "10.2.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmexec/package.json", "Digest": "sha1:250299c9d3d8f74555c54a57e6652cfacc5d3e1b" }, { "ID": "libnpmfund@7.0.16", "Name": "libnpmfund", "Identifier": { "PURL": "pkg:npm/libnpmfund@7.0.16", "UID": "da6192723a2f3cad", "BOMRef": "pkg:npm/libnpmfund@7.0.16" }, "Version": "7.0.16", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmfund/package.json", "Digest": "sha1:82c50e4a666a7dd247100245ff2cc33cc74a69f6" }, { "ID": "libnpmfund@7.0.9", "Name": "libnpmfund", "Identifier": { "PURL": "pkg:npm/libnpmfund@7.0.9", "UID": "bb55f9971598bc9", "BOMRef": "pkg:npm/libnpmfund@7.0.9" }, "Version": "7.0.9", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmfund/package.json", "Digest": "sha1:1906251db79b7a437239f95aa0df79c7c554619e" }, { "ID": "libnpmorg@8.0.1", "Name": "libnpmorg", "Identifier": { "PURL": "pkg:npm/libnpmorg@8.0.1", "UID": "8f8b865410215be", "BOMRef": "33529226-4508-4128-adbe-a030414bf44d" }, "Version": "8.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmorg/package.json", "Digest": "sha1:bb751a1dee75e700037086efe488eaadcf29345f" }, { "ID": "libnpmorg@8.0.1", "Name": "libnpmorg", "Identifier": { "PURL": "pkg:npm/libnpmorg@8.0.1", "UID": "d709745f46994e9c", "BOMRef": "4308bd3e-b3c3-4900-8775-1de0bd35e433" }, "Version": "8.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmorg/package.json", "Digest": "sha1:71644ece4c1f7182783fe2ea542ab4a851465845" }, { "ID": "libnpmpack@9.0.9", "Name": "libnpmpack", "Identifier": { "PURL": "pkg:npm/libnpmpack@9.0.9", "UID": "ec4a125749d05420", "BOMRef": "pkg:npm/libnpmpack@9.0.9" }, "Version": "9.0.9", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmpack/package.json", "Digest": "sha1:9946d06d2edee965070b52064492a9f7bc63194e" }, { "ID": "libnpmpack@9.1.2", "Name": "libnpmpack", "Identifier": { "PURL": "pkg:npm/libnpmpack@9.1.2", "UID": "444b2b6996592b85", "BOMRef": "pkg:npm/libnpmpack@9.1.2" }, "Version": "9.1.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmpack/package.json", "Digest": "sha1:afb44d41bca87cdf61e88717afa6151646439580" }, { "ID": "libnpmpublish@11.1.2", "Name": "libnpmpublish", "Identifier": { "PURL": "pkg:npm/libnpmpublish@11.1.2", "UID": "c056a18e2e5d8dd6", "BOMRef": "pkg:npm/libnpmpublish@11.1.2" }, "Version": "11.1.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmpublish/package.json", "Digest": "sha1:cee9c37cf9421b071b038e99b83e2d60f355d7f1" }, { "ID": "libnpmpublish@11.1.3", "Name": "libnpmpublish", "Identifier": { "PURL": "pkg:npm/libnpmpublish@11.1.3", "UID": "159a5b78ea7b0b31", "BOMRef": "pkg:npm/libnpmpublish@11.1.3" }, "Version": "11.1.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmpublish/package.json", "Digest": "sha1:f79157562e8ad15b97e33362c5e104f49358c209" }, { "ID": "libnpmsearch@9.0.1", "Name": "libnpmsearch", "Identifier": { "PURL": "pkg:npm/libnpmsearch@9.0.1", "UID": "d35baa8421ea7e2a", "BOMRef": "f4354c31-a604-45ff-8d9f-ce15a556a67a" }, "Version": "9.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmsearch/package.json", "Digest": "sha1:839c733ea34fee24f8639d9514b827f20634aa47" }, { "ID": "libnpmsearch@9.0.1", "Name": "libnpmsearch", "Identifier": { "PURL": "pkg:npm/libnpmsearch@9.0.1", "UID": "82db7fd06e4178f2", "BOMRef": "5580eb6d-f12c-4063-9fe3-bc7e7d0c47b6" }, "Version": "9.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmsearch/package.json", "Digest": "sha1:51c93baa72fc8c35a3195194d066536a133e26d5" }, { "ID": "libnpmteam@8.0.2", "Name": "libnpmteam", "Identifier": { "PURL": "pkg:npm/libnpmteam@8.0.2", "UID": "10b51bf2ec45f1f0", "BOMRef": "9968d247-3a36-4662-b235-0d443b6db45d" }, "Version": "8.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmteam/package.json", "Digest": "sha1:4638228278157df58223fce221f2b21e99a43351" }, { "ID": "libnpmteam@8.0.2", "Name": "libnpmteam", "Identifier": { "PURL": "pkg:npm/libnpmteam@8.0.2", "UID": "168ae570d41b9802", "BOMRef": "769e5f4c-e094-48d9-bedc-9ec848cd1961" }, "Version": "8.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmteam/package.json", "Digest": "sha1:c57610dfde38cf9e325c1cb64f6dcced3ee8af6d" }, { "ID": "libnpmversion@8.0.2", "Name": "libnpmversion", "Identifier": { "PURL": "pkg:npm/libnpmversion@8.0.2", "UID": "8413229d02d08ee5", "BOMRef": "pkg:npm/libnpmversion@8.0.2" }, "Version": "8.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmversion/package.json", "Digest": "sha1:6508dfbbc8b9d0b7f7c4c0310fcb0a4b6c244754" }, { "ID": "libnpmversion@8.0.3", "Name": "libnpmversion", "Identifier": { "PURL": "pkg:npm/libnpmversion@8.0.3", "UID": "40372c7e44eda535", "BOMRef": "pkg:npm/libnpmversion@8.0.3" }, "Version": "8.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmversion/package.json", "Digest": "sha1:0526d61c11a1dc3cfdf3014dd303e35be0df0907" }, { "ID": "litellm-dashboard@0.1.0", "Name": "litellm-dashboard", "Identifier": { "PURL": "pkg:npm/litellm-dashboard@0.1.0", "UID": "449ce4eff1550121", "BOMRef": "pkg:npm/litellm-dashboard@0.1.0" }, "Version": "0.1.0", "Layer": { "Digest": "sha256:6dace3219773a8dc95b155a5b4844c10137b2ddaf2e06463c2ff14872f2d3d25", "DiffID": "sha256:8b1e4c652510eebe9bc9b168926f12d9794e5418eec1d2e90ce143ec3dbd8f3e" }, "FilePath": "app/ui/litellm-dashboard/package.json", "Digest": "sha1:b9d195bb7f015881e741254a6ceeab78d78765d3" }, { "ID": "lru-cache@10.4.3", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@10.4.3", "UID": "44efdb6f044ce397", "BOMRef": "pkg:npm/lru-cache@10.4.3" }, "Version": "10.4.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/lru-cache/package.json", "Digest": "sha1:eba45f816c43b1e505440b7a7f8392e38ba11306" }, { "ID": "lru-cache@11.2.2", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@11.2.2", "UID": "144081493c645afe", "BOMRef": "pkg:npm/lru-cache@11.2.2" }, "Version": "11.2.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/lru-cache/package.json", "Digest": "sha1:6dd2a4249041a81465f9774e129f7b29c27a6f80" }, { "ID": "lru-cache@11.2.6", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@11.2.6", "UID": "cc9ee51ab7ee53b0", "BOMRef": "f0cd5321-a7d1-49a8-acc4-5f7442be19c4" }, "Version": "11.2.6", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/lru-cache/package.json", "Digest": "sha1:d27773298a20e2414297de880c090a1a8a626c97" }, { "ID": "lru-cache@11.2.6", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@11.2.6", "UID": "1c52ab9f25d7a932", "BOMRef": "8a042b12-786d-499c-aeaf-b2c4eb56b3ab" }, "Version": "11.2.6", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/lru-cache/package.json", "Digest": "sha1:d27773298a20e2414297de880c090a1a8a626c97" }, { "ID": "lru-cache@11.2.6", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@11.2.6", "UID": "bd7a896fdef66832", "BOMRef": "50ba7021-0990-4818-b0d7-9b2d6f2fb642" }, "Version": "11.2.6", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/node_modules/lru-cache/package.json", "Digest": "sha1:d27773298a20e2414297de880c090a1a8a626c97" }, { "ID": "lru-cache@11.2.6", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@11.2.6", "UID": "7e0385b42f677ac4", "BOMRef": "743f33d5-2e1a-4457-b38f-6ce4bb627cad" }, "Version": "11.2.6", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/lru-cache/package.json", "Digest": "sha1:d27773298a20e2414297de880c090a1a8a626c97" }, { "ID": "lru-cache@11.2.6", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@11.2.6", "UID": "9f45023e134ae3c5", "BOMRef": "7a92108a-eee3-4268-b09f-986e6922adee" }, "Version": "11.2.6", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/lru-cache/package.json", "Digest": "sha1:d27773298a20e2414297de880c090a1a8a626c97" }, { "ID": "make-fetch-happen@14.0.3", "Name": "make-fetch-happen", "Identifier": { "PURL": "pkg:npm/make-fetch-happen@14.0.3", "UID": "2ea805fc0f21e54d", "BOMRef": "pkg:npm/make-fetch-happen@14.0.3" }, "Version": "14.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/make-fetch-happen/package.json", "Digest": "sha1:4e321611ef7ad4a60c9b8db56a8e49c35f4624f5" }, { "ID": "make-fetch-happen@15.0.2", "Name": "make-fetch-happen", "Identifier": { "PURL": "pkg:npm/make-fetch-happen@15.0.2", "UID": "2181e5a99172752e", "BOMRef": "pkg:npm/make-fetch-happen@15.0.2" }, "Version": "15.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/make-fetch-happen/package.json", "Digest": "sha1:da7290a1f11c33952730308c1a35b3031addcbea" }, { "ID": "make-fetch-happen@15.0.3", "Name": "make-fetch-happen", "Identifier": { "PURL": "pkg:npm/make-fetch-happen@15.0.3", "UID": "c091d7688f0a229c", "BOMRef": "pkg:npm/make-fetch-happen@15.0.3" }, "Version": "15.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/make-fetch-happen/package.json", "Digest": "sha1:06b8dc0e17bf93a970739a0ac6845fa168884e8a" }, { "ID": "minimatch@10.0.3", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "f54552a3275e2770", "BOMRef": "pkg:npm/minimatch@10.0.3" }, "Version": "10.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minimatch/package.json", "Digest": "sha1:052b0b10a498caa8cff3370cf90554d3b8be575c" }, { "ID": "minimatch@10.2.2", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@10.2.2", "UID": "bca8671b52ff7843", "BOMRef": "7a6cb20e-2a84-425d-b807-e940a7510a5c" }, "Version": "10.2.2", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/minimatch/package.json", "Digest": "sha1:aee538d3353c6055b9304cad738c56f8b6e0a223" }, { "ID": "minimatch@10.2.2", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@10.2.2", "UID": "965c58ad1cda7758", "BOMRef": "c03c668a-1b28-47db-adc6-8eaa4073e680" }, "Version": "10.2.2", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/minimatch/package.json", "Digest": "sha1:aee538d3353c6055b9304cad738c56f8b6e0a223" }, { "ID": "minimatch@10.2.2", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@10.2.2", "UID": "f64b16400ac6e482", "BOMRef": "42d9ca3c-6f59-47ab-9262-0f3d1f3f9189" }, "Version": "10.2.2", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/node_modules/minimatch/package.json", "Digest": "sha1:aee538d3353c6055b9304cad738c56f8b6e0a223" }, { "ID": "minimatch@10.2.2", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@10.2.2", "UID": "5224cb15669dcfa0", "BOMRef": "50ac1116-6ec2-4aa7-997c-e020c60022d9" }, "Version": "10.2.2", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/minimatch/package.json", "Digest": "sha1:aee538d3353c6055b9304cad738c56f8b6e0a223" }, { "ID": "minimatch@10.2.2", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@10.2.2", "UID": "f26e3a50cde96202", "BOMRef": "e1482b60-c894-48a5-a64c-a5bb172f1d39" }, "Version": "10.2.2", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minimatch/package.json", "Digest": "sha1:aee538d3353c6055b9304cad738c56f8b6e0a223" }, { "ID": "minimatch@9.0.5", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "bd2b63e4e1baf3d2", "BOMRef": "364d80f1-d07e-430e-a833-15ebddbefa9c" }, "Version": "9.0.5", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/models/node_modules/minimatch/package.json", "Digest": "sha1:fad71756ee05319a797b6ec51669df8e01e76379" }, { "ID": "minimatch@9.0.5", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "51c465aced14da5c", "BOMRef": "aab2fdff-65ea-4125-ac27-8a039079dabc" }, "Version": "9.0.5", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/minimatch/package.json", "Digest": "sha1:fad71756ee05319a797b6ec51669df8e01e76379" }, { "ID": "minipass@3.3.6", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@3.3.6", "UID": "26e0d7dc82c5d8e5", "BOMRef": "b20a59fb-fbfd-4dbf-9789-e545188b6c9a" }, "Version": "3.3.6", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-flush/node_modules/minipass/package.json", "Digest": "sha1:fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c" }, { "ID": "minipass@3.3.6", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@3.3.6", "UID": "8b9964626f797bb2", "BOMRef": "ad16c60b-f3d3-48d1-be96-57742376bb94" }, "Version": "3.3.6", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-pipeline/node_modules/minipass/package.json", "Digest": "sha1:fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c" }, { "ID": "minipass@3.3.6", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@3.3.6", "UID": "e13dbad825528ef6", "BOMRef": "8d568def-03ef-4d86-abdb-239d93e699df" }, "Version": "3.3.6", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-sized/node_modules/minipass/package.json", "Digest": "sha1:fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c" }, { "ID": "minipass@3.3.6", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@3.3.6", "UID": "dcbe06cdad899703", "BOMRef": "d95f3a0c-55ea-46a7-b50d-f6c982b58aed" }, "Version": "3.3.6", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass-flush/node_modules/minipass/package.json", "Digest": "sha1:fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c" }, { "ID": "minipass@3.3.6", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@3.3.6", "UID": "68e3ea8e18c6f48b", "BOMRef": "4fa13daa-17ec-4aac-b2c8-807b25893056" }, "Version": "3.3.6", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass-pipeline/node_modules/minipass/package.json", "Digest": "sha1:fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c" }, { "ID": "minipass@7.1.2", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@7.1.2", "UID": "767f0d4d9b492322", "BOMRef": "pkg:npm/minipass@7.1.2" }, "Version": "7.1.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass/package.json", "Digest": "sha1:798df22ae1185484c372b4da30c4d75a0e7ea572" }, { "ID": "minipass@7.1.3", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@7.1.3", "UID": "6b65b721e8d8a8c", "BOMRef": "0b077105-44aa-40b3-b899-2911dcd1a8df" }, "Version": "7.1.3", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/minipass/package.json", "Digest": "sha1:61235e7e9cfd09deb1ed8a00c522c6bbbcdef750" }, { "ID": "minipass@7.1.3", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@7.1.3", "UID": "b3d02a403a82dce4", "BOMRef": "4eb3ef8a-0117-468a-96a7-c138d4213985" }, "Version": "7.1.3", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/minipass/package.json", "Digest": "sha1:61235e7e9cfd09deb1ed8a00c522c6bbbcdef750" }, { "ID": "minipass@7.1.3", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@7.1.3", "UID": "19de7ae7f1ac6031", "BOMRef": "5732b80b-0f54-4580-bf54-649a1c45de45" }, "Version": "7.1.3", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/node_modules/minipass/package.json", "Digest": "sha1:61235e7e9cfd09deb1ed8a00c522c6bbbcdef750" }, { "ID": "minipass@7.1.3", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@7.1.3", "UID": "a0a7375cc20a7810", "BOMRef": "ad7b2c08-a695-4629-89e8-3f87e60af16e" }, "Version": "7.1.3", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/node_modules/minipass/package.json", "Digest": "sha1:61235e7e9cfd09deb1ed8a00c522c6bbbcdef750" }, { "ID": "minipass@7.1.3", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@7.1.3", "UID": "319c13fa57284bc9", "BOMRef": "707d4e5e-ca40-4253-94e5-f9107f9b6631" }, "Version": "7.1.3", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/minipass/package.json", "Digest": "sha1:61235e7e9cfd09deb1ed8a00c522c6bbbcdef750" }, { "ID": "minipass@7.1.3", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@7.1.3", "UID": "be905cadc4eff17b", "BOMRef": "efb75784-af49-4d07-9a55-b65b23d950ce" }, "Version": "7.1.3", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass/package.json", "Digest": "sha1:61235e7e9cfd09deb1ed8a00c522c6bbbcdef750" }, { "ID": "minipass@7.1.3", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@7.1.3", "UID": "44577d162dbc1655", "BOMRef": "3e0c75bc-553f-4138-ae37-197e49b026f4" }, "Version": "7.1.3", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tar/node_modules/minipass/package.json", "Digest": "sha1:61235e7e9cfd09deb1ed8a00c522c6bbbcdef750" }, { "ID": "minipass@7.1.3", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@7.1.3", "UID": "d6e110ac403afe5b", "BOMRef": "62389a4d-60e5-48ae-95b3-e3b21b445cf6" }, "Version": "7.1.3", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/tar/node_modules/minipass/package.json", "Digest": "sha1:61235e7e9cfd09deb1ed8a00c522c6bbbcdef750" }, { "ID": "minipass-collect@2.0.1", "Name": "minipass-collect", "Identifier": { "PURL": "pkg:npm/minipass-collect@2.0.1", "UID": "cc68f2aafe89fe82", "BOMRef": "933b49f6-a62f-4acd-888b-286584aac485" }, "Version": "2.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-collect/package.json", "Digest": "sha1:7ca3a77ca7b795148ecee5d9ebbe96e968dddb15" }, { "ID": "minipass-collect@2.0.1", "Name": "minipass-collect", "Identifier": { "PURL": "pkg:npm/minipass-collect@2.0.1", "UID": "f5ad11212a7f2ab0", "BOMRef": "045ca113-904d-461f-8dd2-7c471519bca3" }, "Version": "2.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass-collect/package.json", "Digest": "sha1:7ca3a77ca7b795148ecee5d9ebbe96e968dddb15" }, { "ID": "minipass-fetch@4.0.1", "Name": "minipass-fetch", "Identifier": { "PURL": "pkg:npm/minipass-fetch@4.0.1", "UID": "23c7a1cdeab304a1", "BOMRef": "pkg:npm/minipass-fetch@4.0.1" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-fetch/package.json", "Digest": "sha1:20a8b7cdd0d9df659a448aef3a4589ca2a95d39e" }, { "ID": "minipass-fetch@5.0.1", "Name": "minipass-fetch", "Identifier": { "PURL": "pkg:npm/minipass-fetch@5.0.1", "UID": "15866e8287893101", "BOMRef": "pkg:npm/minipass-fetch@5.0.1" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass-fetch/package.json", "Digest": "sha1:158d6645fb9a0b82ee2e1dd1d0491b53e31ee6e0" }, { "ID": "minipass-flush@1.0.5", "Name": "minipass-flush", "Identifier": { "PURL": "pkg:npm/minipass-flush@1.0.5", "UID": "b1428456b11e2d7c", "BOMRef": "c2bccd13-91d3-440b-9ccd-7cb5f3faa456" }, "Version": "1.0.5", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-flush/package.json", "Digest": "sha1:c89612a2a9c68141b8271bbc94bcc88067c29790" }, { "ID": "minipass-flush@1.0.5", "Name": "minipass-flush", "Identifier": { "PURL": "pkg:npm/minipass-flush@1.0.5", "UID": "4edbeaa26874625b", "BOMRef": "2c93d650-768e-44e2-a143-b36cb0375475" }, "Version": "1.0.5", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass-flush/package.json", "Digest": "sha1:c89612a2a9c68141b8271bbc94bcc88067c29790" }, { "ID": "minipass-pipeline@1.2.4", "Name": "minipass-pipeline", "Identifier": { "PURL": "pkg:npm/minipass-pipeline@1.2.4", "UID": "35849149a001bdeb", "BOMRef": "2fa71d10-48ac-4977-96f2-321564b3d596" }, "Version": "1.2.4", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-pipeline/package.json", "Digest": "sha1:e30c58465801deaceb4b81898e531c75679563b1" }, { "ID": "minipass-pipeline@1.2.4", "Name": "minipass-pipeline", "Identifier": { "PURL": "pkg:npm/minipass-pipeline@1.2.4", "UID": "30aea2fdf7adf3d8", "BOMRef": "01ca9ece-7897-458a-b948-ba5b07903bb8" }, "Version": "1.2.4", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass-pipeline/package.json", "Digest": "sha1:e30c58465801deaceb4b81898e531c75679563b1" }, { "ID": "minipass-sized@1.0.3", "Name": "minipass-sized", "Identifier": { "PURL": "pkg:npm/minipass-sized@1.0.3", "UID": "c56039b731dae169", "BOMRef": "pkg:npm/minipass-sized@1.0.3" }, "Version": "1.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-sized/package.json", "Digest": "sha1:615e0e93dfdbc65b217029380591abc9e9b64136" }, { "ID": "minipass-sized@2.0.0", "Name": "minipass-sized", "Identifier": { "PURL": "pkg:npm/minipass-sized@2.0.0", "UID": "d853b729f0169cdb", "BOMRef": "pkg:npm/minipass-sized@2.0.0" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass-sized/package.json", "Digest": "sha1:c0e70d0d99106c4391afde2f25524f3cb876a1dd" }, { "ID": "minizlib@3.1.0", "Name": "minizlib", "Identifier": { "PURL": "pkg:npm/minizlib@3.1.0", "UID": "74c6db4f4acbe9d1", "BOMRef": "6540cef8-e928-4b3f-a7a9-76efd4206f42" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minizlib/package.json", "Digest": "sha1:ecda8f42a2256be6ae9bba8a268ae3964683fe09" }, { "ID": "minizlib@3.1.0", "Name": "minizlib", "Identifier": { "PURL": "pkg:npm/minizlib@3.1.0", "UID": "6bb2a49e45c83da2", "BOMRef": "909e9913-521c-4dbf-9d39-0810a968c05f" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/node_modules/minizlib/package.json", "Digest": "sha1:ecda8f42a2256be6ae9bba8a268ae3964683fe09" }, { "ID": "minizlib@3.1.0", "Name": "minizlib", "Identifier": { "PURL": "pkg:npm/minizlib@3.1.0", "UID": "99ed5c2e9a1eb44d", "BOMRef": "ff3c7e3a-24ca-4c10-8a6c-60fefe93734c" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minizlib/package.json", "Digest": "sha1:ecda8f42a2256be6ae9bba8a268ae3964683fe09" }, { "ID": "minizlib@3.1.0", "Name": "minizlib", "Identifier": { "PURL": "pkg:npm/minizlib@3.1.0", "UID": "c87b718a3133a981", "BOMRef": "76d1ae60-0149-44f6-893f-dc84e6deba4c" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tar/node_modules/minizlib/package.json", "Digest": "sha1:ecda8f42a2256be6ae9bba8a268ae3964683fe09" }, { "ID": "minizlib@3.1.0", "Name": "minizlib", "Identifier": { "PURL": "pkg:npm/minizlib@3.1.0", "UID": "911e1cefcc3d66b7", "BOMRef": "74e7ceff-fe43-4a66-8753-f42126f23896" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/tar/node_modules/minizlib/package.json", "Digest": "sha1:ecda8f42a2256be6ae9bba8a268ae3964683fe09" }, { "ID": "ms@2.1.3", "Name": "ms", "Identifier": { "PURL": "pkg:npm/ms@2.1.3", "UID": "6c0a7af348a5e2b9", "BOMRef": "4bffa948-6320-44bd-977e-ed623a265995" }, "Version": "2.1.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ms/package.json", "Digest": "sha1:c290eb97736177176d071da4ac855ab995685c97" }, { "ID": "ms@2.1.3", "Name": "ms", "Identifier": { "PURL": "pkg:npm/ms@2.1.3", "UID": "528d3c59ec13e331", "BOMRef": "10bdde76-99b8-4e8e-b199-8c88880aa428" }, "Version": "2.1.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/ms/package.json", "Digest": "sha1:c290eb97736177176d071da4ac855ab995685c97" }, { "ID": "mute-stream@2.0.0", "Name": "mute-stream", "Identifier": { "PURL": "pkg:npm/mute-stream@2.0.0", "UID": "b67a2cb85c845b13", "BOMRef": "pkg:npm/mute-stream@2.0.0" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/mute-stream/package.json", "Digest": "sha1:7f9eff4bc99d6d99dfa22506626bf4d2ec36530c" }, { "ID": "mute-stream@3.0.0", "Name": "mute-stream", "Identifier": { "PURL": "pkg:npm/mute-stream@3.0.0", "UID": "2871c8da63060ee8", "BOMRef": "pkg:npm/mute-stream@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/mute-stream/package.json", "Digest": "sha1:170b20aad820bb2d67cdb50fe6714c3030eb6961" }, { "ID": "negotiator@1.0.0", "Name": "negotiator", "Identifier": { "PURL": "pkg:npm/negotiator@1.0.0", "UID": "34ca24df1609298b", "BOMRef": "d9b65c5f-3f4f-4c0a-a432-a48d5bd6b059" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/negotiator/package.json", "Digest": "sha1:046524b23a7aefb2b0cfd3ebbd0fd84c0f7df3f6" }, { "ID": "negotiator@1.0.0", "Name": "negotiator", "Identifier": { "PURL": "pkg:npm/negotiator@1.0.0", "UID": "a858aeb130543c32", "BOMRef": "aefc327c-2e95-47fc-a514-4e9360c64784" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/negotiator/package.json", "Digest": "sha1:046524b23a7aefb2b0cfd3ebbd0fd84c0f7df3f6" }, { "ID": "node-gyp@11.4.2", "Name": "node-gyp", "Identifier": { "PURL": "pkg:npm/node-gyp@11.4.2", "UID": "47578159ff8e9cf7", "BOMRef": "pkg:npm/node-gyp@11.4.2" }, "Version": "11.4.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/package.json", "Digest": "sha1:ccf15dc1a8d1d80613e27c704d1776222cc81229" }, { "ID": "node-gyp@12.2.0", "Name": "node-gyp", "Identifier": { "PURL": "pkg:npm/node-gyp@12.2.0", "UID": "f027529148fd347", "BOMRef": "pkg:npm/node-gyp@12.2.0" }, "Version": "12.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/node-gyp/package.json", "Digest": "sha1:94024c2f80031bfd4736e8cfc7b7e32b6b83e2d3" }, { "ID": "nopt@8.1.0", "Name": "nopt", "Identifier": { "PURL": "pkg:npm/nopt@8.1.0", "UID": "88c72328b25db266", "BOMRef": "pkg:npm/nopt@8.1.0" }, "Version": "8.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/nopt/package.json", "Digest": "sha1:317e51d1f350fa28d851280d460bebcd9154acca" }, { "ID": "nopt@9.0.0", "Name": "nopt", "Identifier": { "PURL": "pkg:npm/nopt@9.0.0", "UID": "6f78bb819ef79786", "BOMRef": "pkg:npm/nopt@9.0.0" }, "Version": "9.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/nopt/package.json", "Digest": "sha1:44fa7f32a18abb1dde67088e347d8f7c2bfed87f" }, { "ID": "npm@11.10.1", "Name": "npm", "Identifier": { "PURL": "pkg:npm/npm@11.10.1", "UID": "472c0e28685bab37", "BOMRef": "pkg:npm/npm@11.10.1" }, "Version": "11.10.1", "Licenses": [ "Artistic-2.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/package.json", "Digest": "sha1:7f176e7e6fa1609c55e6ab3df67efcdf2a1a4769" }, { "ID": "npm@11.6.2", "Name": "npm", "Identifier": { "PURL": "pkg:npm/npm@11.6.2", "UID": "d531221e43de5456", "BOMRef": "pkg:npm/npm@11.6.2" }, "Version": "11.6.2", "Licenses": [ "Artistic-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/package.json", "Digest": "sha1:d6bc9f75c73d458b7b308a38ee9a9391fbd83b04" }, { "ID": "npm-audit-report@6.0.0", "Name": "npm-audit-report", "Identifier": { "PURL": "pkg:npm/npm-audit-report@6.0.0", "UID": "fd49ccaf8d23549f", "BOMRef": "pkg:npm/npm-audit-report@6.0.0" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-audit-report/package.json", "Digest": "sha1:c6d99ebde23570472f511de67beedd2a9c0a21fb" }, { "ID": "npm-audit-report@7.0.0", "Name": "npm-audit-report", "Identifier": { "PURL": "pkg:npm/npm-audit-report@7.0.0", "UID": "b03fe15f49b237a5", "BOMRef": "pkg:npm/npm-audit-report@7.0.0" }, "Version": "7.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-audit-report/package.json", "Digest": "sha1:040167501ae6b37c24bfdfbbd67fcf467d37bdc0" }, { "ID": "npm-bundled@4.0.0", "Name": "npm-bundled", "Identifier": { "PURL": "pkg:npm/npm-bundled@4.0.0", "UID": "bd6d59bbe5b59a17", "BOMRef": "pkg:npm/npm-bundled@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-bundled/package.json", "Digest": "sha1:12ea20fbce124e65be448ec472b370cd1a4e4e9a" }, { "ID": "npm-bundled@5.0.0", "Name": "npm-bundled", "Identifier": { "PURL": "pkg:npm/npm-bundled@5.0.0", "UID": "12e2b63ede2ec937", "BOMRef": "pkg:npm/npm-bundled@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-bundled/package.json", "Digest": "sha1:9dfb03e07a30a5e91c2d051690fec605e0cad435" }, { "ID": "npm-install-checks@7.1.2", "Name": "npm-install-checks", "Identifier": { "PURL": "pkg:npm/npm-install-checks@7.1.2", "UID": "32e4d02023f78425", "BOMRef": "pkg:npm/npm-install-checks@7.1.2" }, "Version": "7.1.2", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-install-checks/package.json", "Digest": "sha1:52ed94975a6a5114ded7355615eecbca003fa139" }, { "ID": "npm-install-checks@8.0.0", "Name": "npm-install-checks", "Identifier": { "PURL": "pkg:npm/npm-install-checks@8.0.0", "UID": "a0f51a0370b20bec", "BOMRef": "pkg:npm/npm-install-checks@8.0.0" }, "Version": "8.0.0", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-install-checks/package.json", "Digest": "sha1:407654a587e45ad83b936081f22670ebcaec1bc9" }, { "ID": "npm-normalize-package-bin@4.0.0", "Name": "npm-normalize-package-bin", "Identifier": { "PURL": "pkg:npm/npm-normalize-package-bin@4.0.0", "UID": "aa603aca0d38f0fe", "BOMRef": "pkg:npm/npm-normalize-package-bin@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-normalize-package-bin/package.json", "Digest": "sha1:fd34d45c247025dea9a507fb9db4586afa05c732" }, { "ID": "npm-normalize-package-bin@5.0.0", "Name": "npm-normalize-package-bin", "Identifier": { "PURL": "pkg:npm/npm-normalize-package-bin@5.0.0", "UID": "fadcf0b35aab1f1c", "BOMRef": "pkg:npm/npm-normalize-package-bin@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-normalize-package-bin/package.json", "Digest": "sha1:e525037807bb400a135f7e1be77c8dc97d78bb96" }, { "ID": "npm-package-arg@13.0.1", "Name": "npm-package-arg", "Identifier": { "PURL": "pkg:npm/npm-package-arg@13.0.1", "UID": "1fbe36b2e103886", "BOMRef": "pkg:npm/npm-package-arg@13.0.1" }, "Version": "13.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-package-arg/package.json", "Digest": "sha1:a381d17d55aaf006600639a375b790c73d8e4f7e" }, { "ID": "npm-package-arg@13.0.2", "Name": "npm-package-arg", "Identifier": { "PURL": "pkg:npm/npm-package-arg@13.0.2", "UID": "87fef57a0b4b3191", "BOMRef": "pkg:npm/npm-package-arg@13.0.2" }, "Version": "13.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-package-arg/package.json", "Digest": "sha1:68938fd68043d217f6ca9b6fb63c8a5470a3a589" }, { "ID": "npm-packlist@10.0.2", "Name": "npm-packlist", "Identifier": { "PURL": "pkg:npm/npm-packlist@10.0.2", "UID": "bc52c8044223401c", "BOMRef": "pkg:npm/npm-packlist@10.0.2" }, "Version": "10.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-packlist/package.json", "Digest": "sha1:79c1cf949293a2c40b820bb705fb33d6a20d249d" }, { "ID": "npm-packlist@10.0.3", "Name": "npm-packlist", "Identifier": { "PURL": "pkg:npm/npm-packlist@10.0.3", "UID": "34fe62a50a5be6b7", "BOMRef": "pkg:npm/npm-packlist@10.0.3" }, "Version": "10.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-packlist/package.json", "Digest": "sha1:6a3cdda6728c40e4b1b1173cb1d0a53a222807f0" }, { "ID": "npm-pick-manifest@11.0.1", "Name": "npm-pick-manifest", "Identifier": { "PURL": "pkg:npm/npm-pick-manifest@11.0.1", "UID": "84f85386e3d93515", "BOMRef": "pkg:npm/npm-pick-manifest@11.0.1" }, "Version": "11.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-pick-manifest/package.json", "Digest": "sha1:a798b711f9e66c3134e245bee2c549634583713f" }, { "ID": "npm-pick-manifest@11.0.3", "Name": "npm-pick-manifest", "Identifier": { "PURL": "pkg:npm/npm-pick-manifest@11.0.3", "UID": "a64a2481176c8128", "BOMRef": "pkg:npm/npm-pick-manifest@11.0.3" }, "Version": "11.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-pick-manifest/package.json", "Digest": "sha1:da8b96c28cd5be842555739920b3574061b88b89" }, { "ID": "npm-profile@12.0.0", "Name": "npm-profile", "Identifier": { "PURL": "pkg:npm/npm-profile@12.0.0", "UID": "2aaabab1623d0f3b", "BOMRef": "pkg:npm/npm-profile@12.0.0" }, "Version": "12.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-profile/package.json", "Digest": "sha1:7155fdd4afd5c21a85e5dc3053223cabc74adbe3" }, { "ID": "npm-profile@12.0.1", "Name": "npm-profile", "Identifier": { "PURL": "pkg:npm/npm-profile@12.0.1", "UID": "95549918c8debbee", "BOMRef": "pkg:npm/npm-profile@12.0.1" }, "Version": "12.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-profile/package.json", "Digest": "sha1:5097ede462b66fae69c6420d7f1812d9ecc24d93" }, { "ID": "npm-registry-fetch@19.0.0", "Name": "npm-registry-fetch", "Identifier": { "PURL": "pkg:npm/npm-registry-fetch@19.0.0", "UID": "a8da3bf0691fb7df", "BOMRef": "pkg:npm/npm-registry-fetch@19.0.0" }, "Version": "19.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-registry-fetch/package.json", "Digest": "sha1:0edbb1a41148f0056036fa3ebc0677a5bc70c323" }, { "ID": "npm-registry-fetch@19.1.1", "Name": "npm-registry-fetch", "Identifier": { "PURL": "pkg:npm/npm-registry-fetch@19.1.1", "UID": "e28e9c6136d31452", "BOMRef": "pkg:npm/npm-registry-fetch@19.1.1" }, "Version": "19.1.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-registry-fetch/package.json", "Digest": "sha1:26d6a380dc0d9bf4e36329d53b453d4258834999" }, { "ID": "npm-user-validate@3.0.0", "Name": "npm-user-validate", "Identifier": { "PURL": "pkg:npm/npm-user-validate@3.0.0", "UID": "7fbe15fe762f9dc9", "BOMRef": "pkg:npm/npm-user-validate@3.0.0" }, "Version": "3.0.0", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-user-validate/package.json", "Digest": "sha1:cfea52638093ceccf3bea4e6f09bd9370943e8de" }, { "ID": "npm-user-validate@4.0.0", "Name": "npm-user-validate", "Identifier": { "PURL": "pkg:npm/npm-user-validate@4.0.0", "UID": "25a434fa207cb2f6", "BOMRef": "pkg:npm/npm-user-validate@4.0.0" }, "Version": "4.0.0", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-user-validate/package.json", "Digest": "sha1:55bda8b4785869e477f5f02d1e9b0134bd86267f" }, { "ID": "p-map@7.0.3", "Name": "p-map", "Identifier": { "PURL": "pkg:npm/p-map@7.0.3", "UID": "4fbe24af138ad517", "BOMRef": "pkg:npm/p-map@7.0.3" }, "Version": "7.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/p-map/package.json", "Digest": "sha1:95eec87c2f7ed9f31ccd295eb97b9ce9d98c58ed" }, { "ID": "p-map@7.0.4", "Name": "p-map", "Identifier": { "PURL": "pkg:npm/p-map@7.0.4", "UID": "36a57db0ae22fd90", "BOMRef": "pkg:npm/p-map@7.0.4" }, "Version": "7.0.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/p-map/package.json", "Digest": "sha1:f7afd4bd0f710b2b0c099a22a646cda6fb927688" }, { "ID": "package-json-from-dist@1.0.1", "Name": "package-json-from-dist", "Identifier": { "PURL": "pkg:npm/package-json-from-dist@1.0.1", "UID": "e3167ee367367d35", "BOMRef": "ece7c432-7cb4-4efa-9540-9b938aa96d55" }, "Version": "1.0.1", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/package-json-from-dist/package.json", "Digest": "sha1:d93947bd52021bb5f785613249e0e198a3b48025" }, { "ID": "package-json-from-dist@1.0.1", "Name": "package-json-from-dist", "Identifier": { "PURL": "pkg:npm/package-json-from-dist@1.0.1", "UID": "e6e14d00c3ffdc8c", "BOMRef": "208ccc55-78fc-4d5e-ae87-6a2a4928c8a4" }, "Version": "1.0.1", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/package-json-from-dist/package.json", "Digest": "sha1:d93947bd52021bb5f785613249e0e198a3b48025" }, { "ID": "package-json-from-dist@1.0.1", "Name": "package-json-from-dist", "Identifier": { "PURL": "pkg:npm/package-json-from-dist@1.0.1", "UID": "dd0e12e5bb7bd81", "BOMRef": "d4b47c78-a338-4b40-8faa-1bb0890e96fc" }, "Version": "1.0.1", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/package-json-from-dist/package.json", "Digest": "sha1:d93947bd52021bb5f785613249e0e198a3b48025" }, { "ID": "package-json-from-dist@1.0.1", "Name": "package-json-from-dist", "Identifier": { "PURL": "pkg:npm/package-json-from-dist@1.0.1", "UID": "cd4ade7a411200a", "BOMRef": "fda4932f-427c-46b5-9dda-dd53ac5cdc68" }, "Version": "1.0.1", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/node_modules/package-json-from-dist/package.json", "Digest": "sha1:d93947bd52021bb5f785613249e0e198a3b48025" }, { "ID": "package-json-from-dist@1.0.1", "Name": "package-json-from-dist", "Identifier": { "PURL": "pkg:npm/package-json-from-dist@1.0.1", "UID": "28fae796bdbaa5b7", "BOMRef": "7e700863-8ebe-4476-affb-bc07ab25cf2d" }, "Version": "1.0.1", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/package-json-from-dist/package.json", "Digest": "sha1:d93947bd52021bb5f785613249e0e198a3b48025" }, { "ID": "pacote@21.0.3", "Name": "pacote", "Identifier": { "PURL": "pkg:npm/pacote@21.0.3", "UID": "c627e9ab4277925a", "BOMRef": "pkg:npm/pacote@21.0.3" }, "Version": "21.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/pacote/package.json", "Digest": "sha1:f4552e8ac648d87bd73028f236910019c6ff9436" }, { "ID": "pacote@21.3.1", "Name": "pacote", "Identifier": { "PURL": "pkg:npm/pacote@21.3.1", "UID": "d0c54900c1790cb7", "BOMRef": "pkg:npm/pacote@21.3.1" }, "Version": "21.3.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/pacote/package.json", "Digest": "sha1:e6e7a519776b7db88ebe1360d1f23340492a4ab5" }, { "ID": "parse-conflict-json@4.0.0", "Name": "parse-conflict-json", "Identifier": { "PURL": "pkg:npm/parse-conflict-json@4.0.0", "UID": "31622262f9d481c5", "BOMRef": "pkg:npm/parse-conflict-json@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/parse-conflict-json/package.json", "Digest": "sha1:8113361744ef993fc1945a13ab153adfe70513f8" }, { "ID": "parse-conflict-json@5.0.1", "Name": "parse-conflict-json", "Identifier": { "PURL": "pkg:npm/parse-conflict-json@5.0.1", "UID": "6fdee99ebb1904c", "BOMRef": "pkg:npm/parse-conflict-json@5.0.1" }, "Version": "5.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/parse-conflict-json/package.json", "Digest": "sha1:9665d46107a1ad4846912f83ee204314dfe18f6a" }, { "ID": "path-key@3.1.1", "Name": "path-key", "Identifier": { "PURL": "pkg:npm/path-key@3.1.1", "UID": "e9e8a75fa7dc17c7", "BOMRef": "0595715f-7759-40a6-b8d5-3cbfc4b95d82" }, "Version": "3.1.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/path-key/package.json", "Digest": "sha1:f330c46f59dbdd92dddf8a2cfc2c1569b469bdd2" }, { "ID": "path-key@3.1.1", "Name": "path-key", "Identifier": { "PURL": "pkg:npm/path-key@3.1.1", "UID": "9234448f2b139cb9", "BOMRef": "21cb3c4d-8550-4c68-89f9-652ad421bb94" }, "Version": "3.1.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/path-key/package.json", "Digest": "sha1:f330c46f59dbdd92dddf8a2cfc2c1569b469bdd2" }, { "ID": "path-key@3.1.1", "Name": "path-key", "Identifier": { "PURL": "pkg:npm/path-key@3.1.1", "UID": "ae3d11aa0053e9c0", "BOMRef": "057ccef8-8448-43bb-a054-e03407ae86e5" }, "Version": "3.1.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/path-key/package.json", "Digest": "sha1:f330c46f59dbdd92dddf8a2cfc2c1569b469bdd2" }, { "ID": "path-key@3.1.1", "Name": "path-key", "Identifier": { "PURL": "pkg:npm/path-key@3.1.1", "UID": "a2901800753ac456", "BOMRef": "f75abfd0-efec-45c6-a79d-ba67139d3bd2" }, "Version": "3.1.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/node_modules/path-key/package.json", "Digest": "sha1:f330c46f59dbdd92dddf8a2cfc2c1569b469bdd2" }, { "ID": "path-key@3.1.1", "Name": "path-key", "Identifier": { "PURL": "pkg:npm/path-key@3.1.1", "UID": "addd27050bf2b02d", "BOMRef": "dd70f9cf-c956-4524-9767-4513eb010b4c" }, "Version": "3.1.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/path-key/package.json", "Digest": "sha1:f330c46f59dbdd92dddf8a2cfc2c1569b469bdd2" }, { "ID": "path-scurry@1.11.1", "Name": "path-scurry", "Identifier": { "PURL": "pkg:npm/path-scurry@1.11.1", "UID": "a2ecbf527fe99e86", "BOMRef": "pkg:npm/path-scurry@1.11.1" }, "Version": "1.11.1", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/path-scurry/package.json", "Digest": "sha1:57ceeacc9d50abbd7e370e6a697520cc0784baa6" }, { "ID": "path-scurry@2.0.0", "Name": "path-scurry", "Identifier": { "PURL": "pkg:npm/path-scurry@2.0.0", "UID": "1668799562508709", "BOMRef": "pkg:npm/path-scurry@2.0.0" }, "Version": "2.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/path-scurry/package.json", "Digest": "sha1:1c1e6249d24017c9e0c2791a82542960476a565d" }, { "ID": "path-scurry@2.0.2", "Name": "path-scurry", "Identifier": { "PURL": "pkg:npm/path-scurry@2.0.2", "UID": "9294e8e253bca860", "BOMRef": "aaa607c6-1c6d-4bb3-8e86-defce2ff74ea" }, "Version": "2.0.2", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/path-scurry/package.json", "Digest": "sha1:6799d0755e607ad667faf000d9ff843270fb9fce" }, { "ID": "path-scurry@2.0.2", "Name": "path-scurry", "Identifier": { "PURL": "pkg:npm/path-scurry@2.0.2", "UID": "a44f5d07ee6bdd6d", "BOMRef": "633474f3-3061-40f5-a6cf-014444ad1204" }, "Version": "2.0.2", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/path-scurry/package.json", "Digest": "sha1:6799d0755e607ad667faf000d9ff843270fb9fce" }, { "ID": "path-scurry@2.0.2", "Name": "path-scurry", "Identifier": { "PURL": "pkg:npm/path-scurry@2.0.2", "UID": "28440cfa68c2f03d", "BOMRef": "b2141dfd-d570-45ea-8eb6-4df9f02bf150" }, "Version": "2.0.2", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/node_modules/path-scurry/package.json", "Digest": "sha1:6799d0755e607ad667faf000d9ff843270fb9fce" }, { "ID": "path-scurry@2.0.2", "Name": "path-scurry", "Identifier": { "PURL": "pkg:npm/path-scurry@2.0.2", "UID": "f2f8c4e7bb17cff8", "BOMRef": "1d26206a-f859-4110-935a-c2b485bd97b2" }, "Version": "2.0.2", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/path-scurry/package.json", "Digest": "sha1:6799d0755e607ad667faf000d9ff843270fb9fce" }, { "ID": "path-scurry@2.0.2", "Name": "path-scurry", "Identifier": { "PURL": "pkg:npm/path-scurry@2.0.2", "UID": "d4c0a9820728d09e", "BOMRef": "7d841089-661c-4144-9510-0ad55887ffa6" }, "Version": "2.0.2", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/path-scurry/package.json", "Digest": "sha1:6799d0755e607ad667faf000d9ff843270fb9fce" }, { "ID": "picomatch@4.0.3", "Name": "picomatch", "Identifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "851180aaab3bc025", "BOMRef": "b7a01d3d-c364-4fd1-b7cc-c95b092593c0" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tinyglobby/node_modules/picomatch/package.json", "Digest": "sha1:d5b57c1efc38eb0545dbf3eaffe857ba94597f07" }, { "ID": "picomatch@4.0.3", "Name": "picomatch", "Identifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "7707d750ae38b468", "BOMRef": "5361791a-1edd-4cdc-b31b-c4348c4cc432" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tinyglobby/node_modules/picomatch/package.json", "Digest": "sha1:d5b57c1efc38eb0545dbf3eaffe857ba94597f07" }, { "ID": "postcss-selector-parser@7.1.0", "Name": "postcss-selector-parser", "Identifier": { "PURL": "pkg:npm/postcss-selector-parser@7.1.0", "UID": "47eb57e853799ad5", "BOMRef": "pkg:npm/postcss-selector-parser@7.1.0" }, "Version": "7.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/postcss-selector-parser/package.json", "Digest": "sha1:f3dd4406c5202c089400fad7c71a0694fc8e85dc" }, { "ID": "postcss-selector-parser@7.1.1", "Name": "postcss-selector-parser", "Identifier": { "PURL": "pkg:npm/postcss-selector-parser@7.1.1", "UID": "707dbe3da80e30e6", "BOMRef": "pkg:npm/postcss-selector-parser@7.1.1" }, "Version": "7.1.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/postcss-selector-parser/package.json", "Digest": "sha1:97ad05d49550a0c52b32de253cc8fe8e6241b987" }, { "ID": "prisma@5.4.2", "Name": "prisma", "Identifier": { "PURL": "pkg:npm/prisma@5.4.2", "UID": "6aa3528fabe8208e", "BOMRef": "pkg:npm/prisma@5.4.2" }, "Version": "5.4.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:1eb2d32748f0e81c7e1f9f73af574d521190fa57efbe232b51105e1bf12b3fd0", "DiffID": "sha256:309d2790ec4690a4b077992d4a88f61006612dfd119905c02e3147a42a7af8a3" }, "FilePath": "root/.cache/prisma-python/binaries/5.4.2/ac9d7041ed77bcc8a8dbd2ab6616b39013829574/node_modules/prisma/package.json", "Digest": "sha1:233149234d81830aa27b624c884739e1f8c7498b" }, { "ID": "prisma-binaries@1.0.0", "Name": "prisma-binaries", "Identifier": { "PURL": "pkg:npm/prisma-binaries@1.0.0", "UID": "af14c91929334e5c", "BOMRef": "pkg:npm/prisma-binaries@1.0.0" }, "Version": "1.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:1eb2d32748f0e81c7e1f9f73af574d521190fa57efbe232b51105e1bf12b3fd0", "DiffID": "sha256:309d2790ec4690a4b077992d4a88f61006612dfd119905c02e3147a42a7af8a3" }, "FilePath": "root/.cache/prisma-python/binaries/5.4.2/ac9d7041ed77bcc8a8dbd2ab6616b39013829574/package.json", "Digest": "sha1:13da9e1561789f778831c4ebefed1268d740601d" }, { "ID": "proc-log@5.0.0", "Name": "proc-log", "Identifier": { "PURL": "pkg:npm/proc-log@5.0.0", "UID": "646e23cb01a9678d", "BOMRef": "pkg:npm/proc-log@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/proc-log/package.json", "Digest": "sha1:ef77e00bb180e2d474ef8ec427d3ddb2dffe8b60" }, { "ID": "proc-log@6.1.0", "Name": "proc-log", "Identifier": { "PURL": "pkg:npm/proc-log@6.1.0", "UID": "6a2cc7b36674177c", "BOMRef": "pkg:npm/proc-log@6.1.0" }, "Version": "6.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/proc-log/package.json", "Digest": "sha1:1be791ec94791bad88368bd320e09768d19af950" }, { "ID": "proggy@3.0.0", "Name": "proggy", "Identifier": { "PURL": "pkg:npm/proggy@3.0.0", "UID": "5304cb9a5fc85be", "BOMRef": "pkg:npm/proggy@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/proggy/package.json", "Digest": "sha1:6760b8196686e9576f1031286d5dcfda786943bd" }, { "ID": "proggy@4.0.0", "Name": "proggy", "Identifier": { "PURL": "pkg:npm/proggy@4.0.0", "UID": "cdbbe9ae95f844d2", "BOMRef": "pkg:npm/proggy@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/proggy/package.json", "Digest": "sha1:6561cfc6f2b76082d0bd2e5d7c63b4ef20fe8578" }, { "ID": "promise-all-reject-late@1.0.1", "Name": "promise-all-reject-late", "Identifier": { "PURL": "pkg:npm/promise-all-reject-late@1.0.1", "UID": "8b62309d653d991a", "BOMRef": "1ca08465-a12c-46d6-80ec-aeb5540045f0" }, "Version": "1.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/promise-all-reject-late/package.json", "Digest": "sha1:c88aa929d83fb2bbf326f7c62103da6b8c48c4df" }, { "ID": "promise-all-reject-late@1.0.1", "Name": "promise-all-reject-late", "Identifier": { "PURL": "pkg:npm/promise-all-reject-late@1.0.1", "UID": "62c11878873bfa5d", "BOMRef": "761aadb8-0610-45cb-9143-a4f4704aec8b" }, "Version": "1.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/promise-all-reject-late/package.json", "Digest": "sha1:c88aa929d83fb2bbf326f7c62103da6b8c48c4df" }, { "ID": "promise-call-limit@3.0.2", "Name": "promise-call-limit", "Identifier": { "PURL": "pkg:npm/promise-call-limit@3.0.2", "UID": "237f4f88ec184f07", "BOMRef": "510bfa02-d5ea-4779-ac49-bb516f705ad2" }, "Version": "3.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/promise-call-limit/package.json", "Digest": "sha1:27f3261a15e6ace571c3ad192e878cec1d9358c9" }, { "ID": "promise-call-limit@3.0.2", "Name": "promise-call-limit", "Identifier": { "PURL": "pkg:npm/promise-call-limit@3.0.2", "UID": "f81c4dbea220b4ec", "BOMRef": "aabd968a-a3af-4ea7-8c58-b2d886f403bf" }, "Version": "3.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/promise-call-limit/package.json", "Digest": "sha1:27f3261a15e6ace571c3ad192e878cec1d9358c9" }, { "ID": "promise-retry@2.0.1", "Name": "promise-retry", "Identifier": { "PURL": "pkg:npm/promise-retry@2.0.1", "UID": "eeaf0c112f863837", "BOMRef": "76f3ad61-ab15-44cd-9432-28c3d1e1ba1d" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/promise-retry/package.json", "Digest": "sha1:fc649cbedea73287db37a431e5761e9c0b4abca9" }, { "ID": "promise-retry@2.0.1", "Name": "promise-retry", "Identifier": { "PURL": "pkg:npm/promise-retry@2.0.1", "UID": "d22ac888293e7b62", "BOMRef": "8f6e2104-81cd-4617-ab68-c544c18d60fa" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/promise-retry/package.json", "Digest": "sha1:fc649cbedea73287db37a431e5761e9c0b4abca9" }, { "ID": "promzard@2.0.0", "Name": "promzard", "Identifier": { "PURL": "pkg:npm/promzard@2.0.0", "UID": "b9dbfec5286b5611", "BOMRef": "pkg:npm/promzard@2.0.0" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/promzard/package.json", "Digest": "sha1:0907f5a36bfb56f2e11b39ed343ca6296e7a514d" }, { "ID": "promzard@3.0.1", "Name": "promzard", "Identifier": { "PURL": "pkg:npm/promzard@3.0.1", "UID": "a6bf216cd07a8ce3", "BOMRef": "pkg:npm/promzard@3.0.1" }, "Version": "3.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/promzard/package.json", "Digest": "sha1:cf40b5b5f6e3f70b866ca5d7fe08e00aae1bc33c" }, { "ID": "qrcode-terminal@0.12.0", "Name": "qrcode-terminal", "Identifier": { "PURL": "pkg:npm/qrcode-terminal@0.12.0", "UID": "7c2d4c57b647545f", "BOMRef": "261688c6-5832-4749-bb42-92be889efecd" }, "Version": "0.12.0", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/qrcode-terminal/package.json", "Digest": "sha1:4a84ac3decfe9f31da851b98dedd698f935b83bc" }, { "ID": "qrcode-terminal@0.12.0", "Name": "qrcode-terminal", "Identifier": { "PURL": "pkg:npm/qrcode-terminal@0.12.0", "UID": "1dff81d0a192b906", "BOMRef": "2a7d595e-8849-4c81-bcfc-ce69aa971262" }, "Version": "0.12.0", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/qrcode-terminal/package.json", "Digest": "sha1:4a84ac3decfe9f31da851b98dedd698f935b83bc" }, { "ID": "read@4.1.0", "Name": "read", "Identifier": { "PURL": "pkg:npm/read@4.1.0", "UID": "e9f3e4c359614b74", "BOMRef": "pkg:npm/read@4.1.0" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/read/package.json", "Digest": "sha1:537319f6c0eeaf2b59bae777fbda32e5bbce89ff" }, { "ID": "read@5.0.1", "Name": "read", "Identifier": { "PURL": "pkg:npm/read@5.0.1", "UID": "5bbddd442a805acd", "BOMRef": "pkg:npm/read@5.0.1" }, "Version": "5.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/read/package.json", "Digest": "sha1:202675a6008d164feb9732ab21970a1977d40693" }, { "ID": "read-cmd-shim@5.0.0", "Name": "read-cmd-shim", "Identifier": { "PURL": "pkg:npm/read-cmd-shim@5.0.0", "UID": "ac72959f18c88768", "BOMRef": "pkg:npm/read-cmd-shim@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/read-cmd-shim/package.json", "Digest": "sha1:3ad7a2af8954f4df2e9ee3e8af8897fb9a49e894" }, { "ID": "read-cmd-shim@6.0.0", "Name": "read-cmd-shim", "Identifier": { "PURL": "pkg:npm/read-cmd-shim@6.0.0", "UID": "aaf102315cfa3197", "BOMRef": "pkg:npm/read-cmd-shim@6.0.0" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/read-cmd-shim/package.json", "Digest": "sha1:bb22c7694960e98b244d220ac92c31f556b9a454" }, { "ID": "retry@0.12.0", "Name": "retry", "Identifier": { "PURL": "pkg:npm/retry@0.12.0", "UID": "ed150fd43616f4f6", "BOMRef": "fa830c68-f26b-4569-8ddc-3f752caaa55a" }, "Version": "0.12.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/retry/package.json", "Digest": "sha1:10dd0941e4e65c436c4f7111efdb1679c966c478" }, { "ID": "retry@0.12.0", "Name": "retry", "Identifier": { "PURL": "pkg:npm/retry@0.12.0", "UID": "ec98ef42c0c7dce3", "BOMRef": "30147745-c585-400a-8f55-d3797de5030f" }, "Version": "0.12.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/retry/package.json", "Digest": "sha1:10dd0941e4e65c436c4f7111efdb1679c966c478" }, { "ID": "safer-buffer@2.1.2", "Name": "safer-buffer", "Identifier": { "PURL": "pkg:npm/safer-buffer@2.1.2", "UID": "15f0ef929fc1ffdb", "BOMRef": "ed4ed336-9b15-45a0-85ea-5fede5e23882" }, "Version": "2.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/safer-buffer/package.json", "Digest": "sha1:5ed0fab8e5cac53e4d072acbd82fca9be08f5e67" }, { "ID": "safer-buffer@2.1.2", "Name": "safer-buffer", "Identifier": { "PURL": "pkg:npm/safer-buffer@2.1.2", "UID": "8160ef851c0e2ffc", "BOMRef": "03f6640e-830b-4382-87d1-a030d95d0c56" }, "Version": "2.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/safer-buffer/package.json", "Digest": "sha1:5ed0fab8e5cac53e4d072acbd82fca9be08f5e67" }, { "ID": "semver@7.7.3", "Name": "semver", "Identifier": { "PURL": "pkg:npm/semver@7.7.3", "UID": "ac02500c8c483558", "BOMRef": "pkg:npm/semver@7.7.3" }, "Version": "7.7.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/semver/package.json", "Digest": "sha1:8b79d46abe6fc320567c34edb59ab3f88ed2f581" }, { "ID": "semver@7.7.4", "Name": "semver", "Identifier": { "PURL": "pkg:npm/semver@7.7.4", "UID": "c8930dd13f58d88", "BOMRef": "pkg:npm/semver@7.7.4" }, "Version": "7.7.4", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/semver/package.json", "Digest": "sha1:d9596b0dfd52092ec49e20d3e586feaeb5d47ffb" }, { "ID": "shebang-command@2.0.0", "Name": "shebang-command", "Identifier": { "PURL": "pkg:npm/shebang-command@2.0.0", "UID": "ad429c004cc5c405", "BOMRef": "150fb8fc-b34d-4f4e-b8e2-f28e0de449e8" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/shebang-command/package.json", "Digest": "sha1:2e2395a2e489846382e5cefdf011dcd7cacb82a5" }, { "ID": "shebang-command@2.0.0", "Name": "shebang-command", "Identifier": { "PURL": "pkg:npm/shebang-command@2.0.0", "UID": "4bb432f514e4e039", "BOMRef": "2aa15b97-48a4-4673-8985-9af60123c3ea" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/shebang-command/package.json", "Digest": "sha1:2e2395a2e489846382e5cefdf011dcd7cacb82a5" }, { "ID": "shebang-command@2.0.0", "Name": "shebang-command", "Identifier": { "PURL": "pkg:npm/shebang-command@2.0.0", "UID": "e99aa8f0907b5464", "BOMRef": "2ce63d4b-cf69-47ee-8a6b-3c77f1fbf343" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/shebang-command/package.json", "Digest": "sha1:2e2395a2e489846382e5cefdf011dcd7cacb82a5" }, { "ID": "shebang-command@2.0.0", "Name": "shebang-command", "Identifier": { "PURL": "pkg:npm/shebang-command@2.0.0", "UID": "8447ce3c565ee19", "BOMRef": "0dadafbe-712e-4db7-b93e-cb7893ebeadc" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/node_modules/shebang-command/package.json", "Digest": "sha1:2e2395a2e489846382e5cefdf011dcd7cacb82a5" }, { "ID": "shebang-command@2.0.0", "Name": "shebang-command", "Identifier": { "PURL": "pkg:npm/shebang-command@2.0.0", "UID": "a3cc72944141283e", "BOMRef": "b102dbeb-350d-4142-946d-499d9a0f5b45" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/shebang-command/package.json", "Digest": "sha1:2e2395a2e489846382e5cefdf011dcd7cacb82a5" }, { "ID": "shebang-regex@3.0.0", "Name": "shebang-regex", "Identifier": { "PURL": "pkg:npm/shebang-regex@3.0.0", "UID": "d8617b0a20b9d0d5", "BOMRef": "10558eef-1352-45f3-a448-3a0949d115fc" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/shebang-regex/package.json", "Digest": "sha1:4c10640951d12ad418aa40c29b550fdfe3d2567a" }, { "ID": "shebang-regex@3.0.0", "Name": "shebang-regex", "Identifier": { "PURL": "pkg:npm/shebang-regex@3.0.0", "UID": "fe28b8896ee7a5dd", "BOMRef": "ed085fa9-f6bf-4d2e-b3f2-3d39fae94f7f" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/shebang-regex/package.json", "Digest": "sha1:4c10640951d12ad418aa40c29b550fdfe3d2567a" }, { "ID": "shebang-regex@3.0.0", "Name": "shebang-regex", "Identifier": { "PURL": "pkg:npm/shebang-regex@3.0.0", "UID": "56c841438c5fe7b9", "BOMRef": "05353375-682e-495e-b625-7514174c23ea" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/shebang-regex/package.json", "Digest": "sha1:4c10640951d12ad418aa40c29b550fdfe3d2567a" }, { "ID": "shebang-regex@3.0.0", "Name": "shebang-regex", "Identifier": { "PURL": "pkg:npm/shebang-regex@3.0.0", "UID": "798a6873b4bed1b7", "BOMRef": "b9f4a84d-027a-4681-9fa4-ab67c138e439" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/node_modules/shebang-regex/package.json", "Digest": "sha1:4c10640951d12ad418aa40c29b550fdfe3d2567a" }, { "ID": "shebang-regex@3.0.0", "Name": "shebang-regex", "Identifier": { "PURL": "pkg:npm/shebang-regex@3.0.0", "UID": "c69a065e918bc240", "BOMRef": "0dbb2f70-53ab-4fb7-a026-80e9aacda516" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/shebang-regex/package.json", "Digest": "sha1:4c10640951d12ad418aa40c29b550fdfe3d2567a" }, { "ID": "signal-exit@4.1.0", "Name": "signal-exit", "Identifier": { "PURL": "pkg:npm/signal-exit@4.1.0", "UID": "907a023313dc4e15", "BOMRef": "8a4c08e5-5675-4927-af45-8d6ece61bd1b" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/signal-exit/package.json", "Digest": "sha1:7ed47a76d7f1a65c0920cbf3d9f09c4adb9cc961" }, { "ID": "signal-exit@4.1.0", "Name": "signal-exit", "Identifier": { "PURL": "pkg:npm/signal-exit@4.1.0", "UID": "18c31b8713a5ed23", "BOMRef": "4dd3ce10-aa7f-49cb-ba43-14796cfe8d9a" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/signal-exit/package.json", "Digest": "sha1:7ed47a76d7f1a65c0920cbf3d9f09c4adb9cc961" }, { "ID": "signal-exit@4.1.0", "Name": "signal-exit", "Identifier": { "PURL": "pkg:npm/signal-exit@4.1.0", "UID": "6b7473e7142f5853", "BOMRef": "7c4a2316-98f1-4f6d-a07e-c9bd11404755" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/signal-exit/package.json", "Digest": "sha1:7ed47a76d7f1a65c0920cbf3d9f09c4adb9cc961" }, { "ID": "signal-exit@4.1.0", "Name": "signal-exit", "Identifier": { "PURL": "pkg:npm/signal-exit@4.1.0", "UID": "536dac508de82bda", "BOMRef": "05c2a37e-7208-476d-ba65-5ff655d21194" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/node_modules/signal-exit/package.json", "Digest": "sha1:7ed47a76d7f1a65c0920cbf3d9f09c4adb9cc961" }, { "ID": "signal-exit@4.1.0", "Name": "signal-exit", "Identifier": { "PURL": "pkg:npm/signal-exit@4.1.0", "UID": "f3e5963ab3f69d01", "BOMRef": "c354148a-5367-4e7e-a615-800c6f4e1169" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/signal-exit/package.json", "Digest": "sha1:7ed47a76d7f1a65c0920cbf3d9f09c4adb9cc961" }, { "ID": "signal-exit@4.1.0", "Name": "signal-exit", "Identifier": { "PURL": "pkg:npm/signal-exit@4.1.0", "UID": "c09584f90d654e9b", "BOMRef": "67e7d441-c948-41bc-b853-7fd22f3caedc" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/signal-exit/package.json", "Digest": "sha1:7ed47a76d7f1a65c0920cbf3d9f09c4adb9cc961" }, { "ID": "sigstore@4.0.0", "Name": "sigstore", "Identifier": { "PURL": "pkg:npm/sigstore@4.0.0", "UID": "cbd5ae0fd2c7459a", "BOMRef": "pkg:npm/sigstore@4.0.0" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/sigstore/package.json", "Digest": "sha1:1c44f720163162fc2718c509f7d62ffb85c37f04" }, { "ID": "sigstore@4.1.0", "Name": "sigstore", "Identifier": { "PURL": "pkg:npm/sigstore@4.1.0", "UID": "2b602bebb2df876a", "BOMRef": "pkg:npm/sigstore@4.1.0" }, "Version": "4.1.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/sigstore/package.json", "Digest": "sha1:a0a695a5c6df89e050ae2802dad080b0dd66e986" }, { "ID": "smart-buffer@4.2.0", "Name": "smart-buffer", "Identifier": { "PURL": "pkg:npm/smart-buffer@4.2.0", "UID": "e36e83451d801179", "BOMRef": "721ca6ba-3d9a-4a1d-826c-a4d35b356b80" }, "Version": "4.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/smart-buffer/package.json", "Digest": "sha1:a9db89be9421029bd73baf8199042a08253a0b59" }, { "ID": "smart-buffer@4.2.0", "Name": "smart-buffer", "Identifier": { "PURL": "pkg:npm/smart-buffer@4.2.0", "UID": "35854df0bd1297d", "BOMRef": "abfc71b1-70e4-4298-93be-6d0d7d3b6287" }, "Version": "4.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/smart-buffer/package.json", "Digest": "sha1:a9db89be9421029bd73baf8199042a08253a0b59" }, { "ID": "socks@2.8.7", "Name": "socks", "Identifier": { "PURL": "pkg:npm/socks@2.8.7", "UID": "1b4e755fc160c3b1", "BOMRef": "b982f829-bd24-4504-84db-edea0f304b96" }, "Version": "2.8.7", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/socks/package.json", "Digest": "sha1:c92d113f3614e8c725fc4de50c3312bdcde18258" }, { "ID": "socks@2.8.7", "Name": "socks", "Identifier": { "PURL": "pkg:npm/socks@2.8.7", "UID": "9001f6bddb3c66f6", "BOMRef": "6b4f05ef-0298-44bd-bc99-1c2952961f83" }, "Version": "2.8.7", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/socks/package.json", "Digest": "sha1:c92d113f3614e8c725fc4de50c3312bdcde18258" }, { "ID": "socks-proxy-agent@8.0.5", "Name": "socks-proxy-agent", "Identifier": { "PURL": "pkg:npm/socks-proxy-agent@8.0.5", "UID": "93f41128355f8963", "BOMRef": "d9b50a39-7b14-48a7-9094-810e5bc6ac75" }, "Version": "8.0.5", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/socks-proxy-agent/package.json", "Digest": "sha1:a52f0cff949fd82f9e42d4214d2917964d7a9bdb" }, { "ID": "socks-proxy-agent@8.0.5", "Name": "socks-proxy-agent", "Identifier": { "PURL": "pkg:npm/socks-proxy-agent@8.0.5", "UID": "be5cfe26dc60a437", "BOMRef": "679665f0-bf85-4061-a7b6-a2e8dc513c51" }, "Version": "8.0.5", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/socks-proxy-agent/package.json", "Digest": "sha1:a52f0cff949fd82f9e42d4214d2917964d7a9bdb" }, { "ID": "spdx-correct@3.2.0", "Name": "spdx-correct", "Identifier": { "PURL": "pkg:npm/spdx-correct@3.2.0", "UID": "ed34587e4660a220", "BOMRef": "pkg:npm/spdx-correct@3.2.0" }, "Version": "3.2.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/spdx-correct/package.json", "Digest": "sha1:a7a8f7467469c676a88934b972d08c03c9a4b7b4" }, { "ID": "spdx-exceptions@2.5.0", "Name": "spdx-exceptions", "Identifier": { "PURL": "pkg:npm/spdx-exceptions@2.5.0", "UID": "4215d5fd4318732a", "BOMRef": "48e66dcc-0496-4659-b8a1-064186f7c312" }, "Version": "2.5.0", "Licenses": [ "CC-BY-3.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/spdx-exceptions/package.json", "Digest": "sha1:0f731ec5551fde840e6213e20cd9fbdc53468290" }, { "ID": "spdx-exceptions@2.5.0", "Name": "spdx-exceptions", "Identifier": { "PURL": "pkg:npm/spdx-exceptions@2.5.0", "UID": "26af31d046d224f1", "BOMRef": "cb366b55-3b13-4bec-b0ed-0cbd3ea475ca" }, "Version": "2.5.0", "Licenses": [ "CC-BY-3.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/spdx-exceptions/package.json", "Digest": "sha1:0f731ec5551fde840e6213e20cd9fbdc53468290" }, { "ID": "spdx-expression-parse@3.0.1", "Name": "spdx-expression-parse", "Identifier": { "PURL": "pkg:npm/spdx-expression-parse@3.0.1", "UID": "63060fd6ccf5a800", "BOMRef": "d8c39424-dfd6-4251-b7bd-03af01686351" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/spdx-correct/node_modules/spdx-expression-parse/package.json", "Digest": "sha1:72082a3e9d4efe5a06c914b7ffa738f35b550ffb" }, { "ID": "spdx-expression-parse@3.0.1", "Name": "spdx-expression-parse", "Identifier": { "PURL": "pkg:npm/spdx-expression-parse@3.0.1", "UID": "4ea383d6b3aca931", "BOMRef": "6f7f0aae-be4b-4849-8982-bebc98798e32" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/package.json", "Digest": "sha1:72082a3e9d4efe5a06c914b7ffa738f35b550ffb" }, { "ID": "spdx-expression-parse@4.0.0", "Name": "spdx-expression-parse", "Identifier": { "PURL": "pkg:npm/spdx-expression-parse@4.0.0", "UID": "ba115c48b7a6e33f", "BOMRef": "a069720b-270b-46c3-ad1f-780666c3ac88" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/spdx-expression-parse/package.json", "Digest": "sha1:3f1b1059652d04327b6b0513080e242935399c30" }, { "ID": "spdx-expression-parse@4.0.0", "Name": "spdx-expression-parse", "Identifier": { "PURL": "pkg:npm/spdx-expression-parse@4.0.0", "UID": "27581629f10743d8", "BOMRef": "21959621-826d-4379-8c5e-1befa2956e07" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/spdx-expression-parse/package.json", "Digest": "sha1:3f1b1059652d04327b6b0513080e242935399c30" }, { "ID": "spdx-license-ids@3.0.22", "Name": "spdx-license-ids", "Identifier": { "PURL": "pkg:npm/spdx-license-ids@3.0.22", "UID": "926ebdd8580176f7", "BOMRef": "794d16e5-33fb-4155-94f9-9cec561a314c" }, "Version": "3.0.22", "Licenses": [ "CC0-1.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/spdx-license-ids/package.json", "Digest": "sha1:0c921a3dffa4e1c2bcfdf3559a7c1713090b08f2" }, { "ID": "spdx-license-ids@3.0.22", "Name": "spdx-license-ids", "Identifier": { "PURL": "pkg:npm/spdx-license-ids@3.0.22", "UID": "4fd7512457922fa6", "BOMRef": "69897739-7489-4f83-a446-787857d5740f" }, "Version": "3.0.22", "Licenses": [ "CC0-1.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/spdx-license-ids/package.json", "Digest": "sha1:0c921a3dffa4e1c2bcfdf3559a7c1713090b08f2" }, { "ID": "ssri@12.0.0", "Name": "ssri", "Identifier": { "PURL": "pkg:npm/ssri@12.0.0", "UID": "34c914b473bd89fd", "BOMRef": "pkg:npm/ssri@12.0.0" }, "Version": "12.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ssri/package.json", "Digest": "sha1:203926d505f969e44375e6a40942ce43ae490f44" }, { "ID": "ssri@13.0.1", "Name": "ssri", "Identifier": { "PURL": "pkg:npm/ssri@13.0.1", "UID": "a66605dca07efe58", "BOMRef": "pkg:npm/ssri@13.0.1" }, "Version": "13.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/ssri/package.json", "Digest": "sha1:c91b5cd4329cb25896064409cb45f2428e32f239" }, { "ID": "string-width@4.2.3", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@4.2.3", "UID": "27d40c07924f4172", "BOMRef": "a8e1eda0-f4b0-476c-b475-1ce645da6178" }, "Version": "4.2.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/string-width-cjs/package.json", "Digest": "sha1:a5306c15bba6cb123d9f061ca85eb56576c6638f" }, { "ID": "string-width@4.2.3", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@4.2.3", "UID": "2076bc83a52d0fde", "BOMRef": "4432aab5-a792-4899-a774-6dad87782ee0" }, "Version": "4.2.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/string-width/package.json", "Digest": "sha1:a5306c15bba6cb123d9f061ca85eb56576c6638f" }, { "ID": "string-width@5.1.2", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@5.1.2", "UID": "9d490dc9a7a1e594", "BOMRef": "01b4a3fb-1071-4d6d-84a6-965ff0b48459" }, "Version": "5.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/cliui/node_modules/string-width/package.json", "Digest": "sha1:53ae7a1b3953e86624927fec8421d453d9c88e41" }, { "ID": "string-width@5.1.2", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@5.1.2", "UID": "36bcb5050cf38485", "BOMRef": "2c115b5b-55b7-44bf-88d9-29326adef4e2" }, "Version": "5.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi/node_modules/string-width/package.json", "Digest": "sha1:53ae7a1b3953e86624927fec8421d453d9c88e41" }, { "ID": "strip-ansi@6.0.1", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@6.0.1", "UID": "4b5fcd501409ce8e", "BOMRef": "71a278b2-89f5-46d9-8f1b-847edfbe52b4" }, "Version": "6.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/strip-ansi-cjs/package.json", "Digest": "sha1:892d549c672831716abe655f087946d2644f2852" }, { "ID": "strip-ansi@6.0.1", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@6.0.1", "UID": "c1a65a325bfc969f", "BOMRef": "3570e3f0-9802-447d-9d2f-13e828d4814a" }, "Version": "6.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/strip-ansi/package.json", "Digest": "sha1:892d549c672831716abe655f087946d2644f2852" }, { "ID": "strip-ansi@7.1.2", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@7.1.2", "UID": "4e02dbb17b19c9ce", "BOMRef": "c8fdd446-7d5f-49cc-ad7e-3b261c93a5f2" }, "Version": "7.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi/package.json", "Digest": "sha1:89245990c45fdb9b9621796ada7340fff927507a" }, { "ID": "strip-ansi@7.1.2", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@7.1.2", "UID": "4405b3ffe180e095", "BOMRef": "2b5a948c-fe15-4a5d-87c2-d3e3786aabdf" }, "Version": "7.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi/node_modules/strip-ansi/package.json", "Digest": "sha1:89245990c45fdb9b9621796ada7340fff927507a" }, { "ID": "supports-color@10.2.2", "Name": "supports-color", "Identifier": { "PURL": "pkg:npm/supports-color@10.2.2", "UID": "3cf48d7cac108eea", "BOMRef": "ae51a8e0-ea5d-486f-9797-1af49bb567ec" }, "Version": "10.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/supports-color/package.json", "Digest": "sha1:ba4fdcabc29b4cd931da15c51981f96731bd1b1e" }, { "ID": "supports-color@10.2.2", "Name": "supports-color", "Identifier": { "PURL": "pkg:npm/supports-color@10.2.2", "UID": "e4a09156e1b7bb40", "BOMRef": "5c72b7d0-d374-4d52-8db5-bb95d2e286fb" }, "Version": "10.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/supports-color/package.json", "Digest": "sha1:ba4fdcabc29b4cd931da15c51981f96731bd1b1e" }, { "ID": "tar@7.5.7", "Name": "tar", "Identifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "814e03c6b8c18e81", "BOMRef": "911b16a9-74cb-4ac9-9d33-17917b41d679" }, "Version": "7.5.7", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "Digest": "sha1:2a5efd7b31120ccdaedae4ddbdc00b38cbd7295b" }, { "ID": "tar@7.5.7", "Name": "tar", "Identifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "4c27583363a37953", "BOMRef": "a18b70fc-e0cd-49da-b3cd-99feccaa63da" }, "Version": "7.5.7", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tar/package.json", "Digest": "sha1:2a5efd7b31120ccdaedae4ddbdc00b38cbd7295b" }, { "ID": "tar@7.5.7", "Name": "tar", "Identifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "c876bcf0a9290b5c", "BOMRef": "6607b329-4f70-4fed-bffd-c2a56b0d95b1" }, "Version": "7.5.7", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/tar/package.json", "Digest": "sha1:2a5efd7b31120ccdaedae4ddbdc00b38cbd7295b" }, { "ID": "text-table@0.2.0", "Name": "text-table", "Identifier": { "PURL": "pkg:npm/text-table@0.2.0", "UID": "ea90ad500b445e15", "BOMRef": "795a8d82-bf46-4a42-8c62-9b9450711a64" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/text-table/package.json", "Digest": "sha1:f63faee888ad065881dff49fc3e3de8ac57b2ae2" }, { "ID": "text-table@0.2.0", "Name": "text-table", "Identifier": { "PURL": "pkg:npm/text-table@0.2.0", "UID": "d707e58fed4eb8e3", "BOMRef": "f49f715b-fbaf-4a8c-84ee-7411c0d80e29" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/text-table/package.json", "Digest": "sha1:f63faee888ad065881dff49fc3e3de8ac57b2ae2" }, { "ID": "tiny-relative-date@2.0.2", "Name": "tiny-relative-date", "Identifier": { "PURL": "pkg:npm/tiny-relative-date@2.0.2", "UID": "52a5559cea880f6c", "BOMRef": "9f8ca1e6-b992-421d-abf4-d19245e07b6c" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tiny-relative-date/package.json", "Digest": "sha1:120561f313d4901b1dc03b2594ecc45cfe2ad550" }, { "ID": "tiny-relative-date@2.0.2", "Name": "tiny-relative-date", "Identifier": { "PURL": "pkg:npm/tiny-relative-date@2.0.2", "UID": "362b6d65ed2e03bb", "BOMRef": "904b509c-061d-4de2-b717-bc3893a5a456" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tiny-relative-date/package.json", "Digest": "sha1:120561f313d4901b1dc03b2594ecc45cfe2ad550" }, { "ID": "tinyglobby@0.2.15", "Name": "tinyglobby", "Identifier": { "PURL": "pkg:npm/tinyglobby@0.2.15", "UID": "cacdbd1102c88420", "BOMRef": "8a7f6f24-d176-4876-b434-679a4a1af71c" }, "Version": "0.2.15", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tinyglobby/package.json", "Digest": "sha1:811354c5cc4a6c4f64899ed3fcd9f91a7a36e857" }, { "ID": "tinyglobby@0.2.15", "Name": "tinyglobby", "Identifier": { "PURL": "pkg:npm/tinyglobby@0.2.15", "UID": "d8995c671a3ff0f7", "BOMRef": "a1366a27-9e8c-44a7-8798-916840ed6ef9" }, "Version": "0.2.15", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tinyglobby/package.json", "Digest": "sha1:811354c5cc4a6c4f64899ed3fcd9f91a7a36e857" }, { "ID": "treeverse@3.0.0", "Name": "treeverse", "Identifier": { "PURL": "pkg:npm/treeverse@3.0.0", "UID": "f270c09f1be3bb51", "BOMRef": "bce17700-a199-4d5f-9368-8f09a4831440" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/treeverse/package.json", "Digest": "sha1:83653dcf5b0c581f485febcbeb9152176632bed0" }, { "ID": "treeverse@3.0.0", "Name": "treeverse", "Identifier": { "PURL": "pkg:npm/treeverse@3.0.0", "UID": "c7516c8742536a11", "BOMRef": "c8090684-3e4a-4476-995a-bc1e0cfcb620" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/treeverse/package.json", "Digest": "sha1:83653dcf5b0c581f485febcbeb9152176632bed0" }, { "ID": "tuf-js@4.0.0", "Name": "tuf-js", "Identifier": { "PURL": "pkg:npm/tuf-js@4.0.0", "UID": "3435d1338e256ce4", "BOMRef": "pkg:npm/tuf-js@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tuf-js/package.json", "Digest": "sha1:74435c57b1bedbd99b226ec5e271676d2301e4a7" }, { "ID": "tuf-js@4.1.0", "Name": "tuf-js", "Identifier": { "PURL": "pkg:npm/tuf-js@4.1.0", "UID": "dd5822388be7a3d6", "BOMRef": "pkg:npm/tuf-js@4.1.0" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tuf-js/package.json", "Digest": "sha1:43aa062b744de4a123e714337d05adaa483ceed1" }, { "ID": "unique-filename@4.0.0", "Name": "unique-filename", "Identifier": { "PURL": "pkg:npm/unique-filename@4.0.0", "UID": "6b312ea657cb0f31", "BOMRef": "pkg:npm/unique-filename@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/unique-filename/package.json", "Digest": "sha1:7ab7ef7fed369084e86d0800e1861115c3ff1bcd" }, { "ID": "unique-filename@5.0.0", "Name": "unique-filename", "Identifier": { "PURL": "pkg:npm/unique-filename@5.0.0", "UID": "21f136ccdc3083c7", "BOMRef": "pkg:npm/unique-filename@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/unique-filename/package.json", "Digest": "sha1:6450c655c66643d252cdc98fc3c413fda26dfeee" }, { "ID": "unique-slug@5.0.0", "Name": "unique-slug", "Identifier": { "PURL": "pkg:npm/unique-slug@5.0.0", "UID": "5d2f53d911824550", "BOMRef": "pkg:npm/unique-slug@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/unique-slug/package.json", "Digest": "sha1:6bfb7b3e3ad92a208217828bc65a87369999d06f" }, { "ID": "unique-slug@6.0.0", "Name": "unique-slug", "Identifier": { "PURL": "pkg:npm/unique-slug@6.0.0", "UID": "cc2b0a7eca941ce1", "BOMRef": "pkg:npm/unique-slug@6.0.0" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/unique-slug/package.json", "Digest": "sha1:8e5c78d6e2c33153024c55a1d4d1730592e3915c" }, { "ID": "util-deprecate@1.0.2", "Name": "util-deprecate", "Identifier": { "PURL": "pkg:npm/util-deprecate@1.0.2", "UID": "919f0833a6173bac", "BOMRef": "62aaefb6-4191-4c41-b97d-0ab1e751feb1" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/util-deprecate/package.json", "Digest": "sha1:2e69081e7bab6e09d3dcfd680716fdeea577431d" }, { "ID": "util-deprecate@1.0.2", "Name": "util-deprecate", "Identifier": { "PURL": "pkg:npm/util-deprecate@1.0.2", "UID": "346a5007dbe1770c", "BOMRef": "af35ce76-f91e-4041-bd54-fffa3f6f0e9f" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/util-deprecate/package.json", "Digest": "sha1:2e69081e7bab6e09d3dcfd680716fdeea577431d" }, { "ID": "validate-npm-package-license@3.0.4", "Name": "validate-npm-package-license", "Identifier": { "PURL": "pkg:npm/validate-npm-package-license@3.0.4", "UID": "65f18d7d59b3c65b", "BOMRef": "pkg:npm/validate-npm-package-license@3.0.4" }, "Version": "3.0.4", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/validate-npm-package-license/package.json", "Digest": "sha1:a938b65349aed1eb3852d98dc1a8431209faf99f" }, { "ID": "validate-npm-package-name@6.0.2", "Name": "validate-npm-package-name", "Identifier": { "PURL": "pkg:npm/validate-npm-package-name@6.0.2", "UID": "96a39f0276552d64", "BOMRef": "pkg:npm/validate-npm-package-name@6.0.2" }, "Version": "6.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/validate-npm-package-name/package.json", "Digest": "sha1:ed64b84be51c4d073f850831c7f9eaf3f0de6de6" }, { "ID": "validate-npm-package-name@7.0.2", "Name": "validate-npm-package-name", "Identifier": { "PURL": "pkg:npm/validate-npm-package-name@7.0.2", "UID": "f4f2f28c56e308b5", "BOMRef": "pkg:npm/validate-npm-package-name@7.0.2" }, "Version": "7.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/validate-npm-package-name/package.json", "Digest": "sha1:38514b39ec296f38677d2be6f15d799756de778e" }, { "ID": "walk-up-path@4.0.0", "Name": "walk-up-path", "Identifier": { "PURL": "pkg:npm/walk-up-path@4.0.0", "UID": "2208c87659bc024e", "BOMRef": "a6d12a9d-e2e8-4f5e-b868-b9c5c7140e33" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/walk-up-path/package.json", "Digest": "sha1:5d1d771c0f7a60316cd0d039f38a9e6ce3b08b44" }, { "ID": "walk-up-path@4.0.0", "Name": "walk-up-path", "Identifier": { "PURL": "pkg:npm/walk-up-path@4.0.0", "UID": "75d231d7ba692b89", "BOMRef": "7d9f2eec-026b-4837-aea9-328cb2786e66" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/walk-up-path/package.json", "Digest": "sha1:5d1d771c0f7a60316cd0d039f38a9e6ce3b08b44" }, { "ID": "which@2.0.2", "Name": "which", "Identifier": { "PURL": "pkg:npm/which@2.0.2", "UID": "a0402efad40e00e5", "BOMRef": "4d8e4f6b-92ca-4793-b0f5-01c5dc2246aa" }, "Version": "2.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cross-spawn/node_modules/which/package.json", "Digest": "sha1:402837c5ba60f95b309957adc4657b8fe4fb1f05" }, { "ID": "which@2.0.2", "Name": "which", "Identifier": { "PURL": "pkg:npm/which@2.0.2", "UID": "440035b1fef83f6", "BOMRef": "157af8e6-58c7-4bde-b9f7-073798256220" }, "Version": "2.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/which/package.json", "Digest": "sha1:402837c5ba60f95b309957adc4657b8fe4fb1f05" }, { "ID": "which@2.0.2", "Name": "which", "Identifier": { "PURL": "pkg:npm/which@2.0.2", "UID": "b70dc90bb2ae84f8", "BOMRef": "2f2453ed-f52b-4707-bd2f-a459b00c2dcd" }, "Version": "2.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/which/package.json", "Digest": "sha1:402837c5ba60f95b309957adc4657b8fe4fb1f05" }, { "ID": "which@2.0.2", "Name": "which", "Identifier": { "PURL": "pkg:npm/which@2.0.2", "UID": "81f4dadd233ffa4d", "BOMRef": "c7b247a4-11b8-45ac-9bc3-60fd309b1c22" }, "Version": "2.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/glob/node_modules/which/package.json", "Digest": "sha1:402837c5ba60f95b309957adc4657b8fe4fb1f05" }, { "ID": "which@2.0.2", "Name": "which", "Identifier": { "PURL": "pkg:npm/which@2.0.2", "UID": "d9a284c120fff7aa", "BOMRef": "e8169f70-8bc7-4bc9-a8af-6289d9e2cdbc" }, "Version": "2.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/which/package.json", "Digest": "sha1:402837c5ba60f95b309957adc4657b8fe4fb1f05" }, { "ID": "which@5.0.0", "Name": "which", "Identifier": { "PURL": "pkg:npm/which@5.0.0", "UID": "93a4a63611ee914e", "BOMRef": "pkg:npm/which@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/which/package.json", "Digest": "sha1:519f542417e96085fb8a1ad8d7a0f913155b5e56" }, { "ID": "which@6.0.1", "Name": "which", "Identifier": { "PURL": "pkg:npm/which@6.0.1", "UID": "ab942235e74108f4", "BOMRef": "pkg:npm/which@6.0.1" }, "Version": "6.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/which/package.json", "Digest": "sha1:a4c4ac6aa9af226fc930104916a5f7cfd26f230c" }, { "ID": "wrap-ansi@7.0.0", "Name": "wrap-ansi", "Identifier": { "PURL": "pkg:npm/wrap-ansi@7.0.0", "UID": "8d2dbab382011ba1", "BOMRef": "pkg:npm/wrap-ansi@7.0.0" }, "Version": "7.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi-cjs/package.json", "Digest": "sha1:3442b7381f1b431861a986d8cdf144ced299db29" }, { "ID": "wrap-ansi@8.1.0", "Name": "wrap-ansi", "Identifier": { "PURL": "pkg:npm/wrap-ansi@8.1.0", "UID": "60616f8cfaf457bb", "BOMRef": "pkg:npm/wrap-ansi@8.1.0" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi/package.json", "Digest": "sha1:c14f366cb2c71b662f7edb2dcf7370a513fc641f" }, { "ID": "write-file-atomic@6.0.0", "Name": "write-file-atomic", "Identifier": { "PURL": "pkg:npm/write-file-atomic@6.0.0", "UID": "bf2d984d0de10a3d", "BOMRef": "pkg:npm/write-file-atomic@6.0.0" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/write-file-atomic/package.json", "Digest": "sha1:46f2584772ee8056a9e471fdec44718b3645c7f4" }, { "ID": "write-file-atomic@7.0.0", "Name": "write-file-atomic", "Identifier": { "PURL": "pkg:npm/write-file-atomic@7.0.0", "UID": "8a3f4f459ac6a1c2", "BOMRef": "pkg:npm/write-file-atomic@7.0.0" }, "Version": "7.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/write-file-atomic/package.json", "Digest": "sha1:a38060379c27d419714e1e0d4f9397aa3ca9a238" }, { "ID": "yallist@4.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@4.0.0", "UID": "1ed6255942f67a99", "BOMRef": "d09428a2-de36-4c08-b024-7fd1785c7bae" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/yallist/package.json", "Digest": "sha1:d6a16b480cbd582f969b3d0ed89a157316268d10" }, { "ID": "yallist@4.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@4.0.0", "UID": "2a1bc4a58c9bcf00", "BOMRef": "b31e1788-1a5b-4320-af99-49c1cacbc8fe" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass-flush/node_modules/yallist/package.json", "Digest": "sha1:d6a16b480cbd582f969b3d0ed89a157316268d10" }, { "ID": "yallist@4.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@4.0.0", "UID": "e24c080fd23f78cb", "BOMRef": "7574add0-7ec9-49a4-b778-4c26843045ab" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass-pipeline/node_modules/yallist/package.json", "Digest": "sha1:d6a16b480cbd582f969b3d0ed89a157316268d10" }, { "ID": "yallist@5.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@5.0.0", "UID": "48bfd4dffafedd58", "BOMRef": "fdf32837-ad3f-45ad-ad9b-5b2fdbfab5f2" }, "Version": "5.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/node_modules/yallist/package.json", "Digest": "sha1:4eaebb818148fd3bcc27e1aef2d88497999f675e" }, { "ID": "yallist@5.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@5.0.0", "UID": "4d53ac5c4ec215a4", "BOMRef": "4fed1663-40fb-4e0f-97e5-7947798e8ba1" }, "Version": "5.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tar/node_modules/yallist/package.json", "Digest": "sha1:4eaebb818148fd3bcc27e1aef2d88497999f675e" }, { "ID": "yallist@5.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@5.0.0", "UID": "f5e3457bd70eb5ce", "BOMRef": "17499fd5-30b6-437e-ad27-0237181eac43" }, "Version": "5.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/yallist/package.json", "Digest": "sha1:4eaebb818148fd3bcc27e1aef2d88497999f675e" }, { "ID": "yallist@5.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@5.0.0", "UID": "95ddc663a167ac5e", "BOMRef": "315cbee7-2495-4c4a-9b68-23582d11de17" }, "Version": "5.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "FilePath": "usr/local/lib/node_modules/tar/node_modules/yallist/package.json", "Digest": "sha1:4eaebb818148fd3bcc27e1aef2d88497999f675e" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-33750", "VendorIDs": [ "GHSA-f886-m6hf-6m8v" ], "PkgID": "brace-expansion@2.0.2", "PkgName": "brace-expansion", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/brace-expansion/package.json", "PkgIdentifier": { "PURL": "pkg:npm/brace-expansion@2.0.2", "UID": "51360c077ec60cc8", "BOMRef": "pkg:npm/brace-expansion@2.0.2" }, "InstalledVersion": "2.0.2", "FixedVersion": "5.0.5, 3.0.2, 2.0.3, 1.1.13", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:bb96fe6940d56fdb797dc6566d5087686f0466d17fe4ea325b0d64c25245a237", "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33750", "https://github.com/juliangruber/brace-expansion", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", "https://github.com/juliangruber/brace-expansion/issues/98", "https://github.com/juliangruber/brace-expansion/pull/95", "https://github.com/juliangruber/brace-expansion/pull/96", "https://github.com/juliangruber/brace-expansion/pull/97", "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", "https://www.cve.org/CVERecord?id=CVE-2026-33750" ], "PublishedDate": "2026-03-27T15:16:57.297Z", "LastModifiedDate": "2026-03-30T13:26:29.793Z" }, { "VulnerabilityID": "CVE-2026-33750", "VendorIDs": [ "GHSA-f886-m6hf-6m8v" ], "PkgID": "brace-expansion@5.0.2", "PkgName": "brace-expansion", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/brace-expansion/package.json", "PkgIdentifier": { "PURL": "pkg:npm/brace-expansion@5.0.2", "UID": "f03840e2e7d35d2e", "BOMRef": "67aab44d-3660-4bed-a209-50e0c2e0ced6" }, "InstalledVersion": "5.0.2", "FixedVersion": "5.0.5, 3.0.2, 2.0.3, 1.1.13", "Status": "fixed", "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:815ebae91c65055c068330309b0e9cba28ce53f832502f1b4d4afbc4c90022f1", "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33750", "https://github.com/juliangruber/brace-expansion", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", "https://github.com/juliangruber/brace-expansion/issues/98", "https://github.com/juliangruber/brace-expansion/pull/95", "https://github.com/juliangruber/brace-expansion/pull/96", "https://github.com/juliangruber/brace-expansion/pull/97", "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", "https://www.cve.org/CVERecord?id=CVE-2026-33750" ], "PublishedDate": "2026-03-27T15:16:57.297Z", "LastModifiedDate": "2026-03-30T13:26:29.793Z" }, { "VulnerabilityID": "CVE-2026-33750", "VendorIDs": [ "GHSA-f886-m6hf-6m8v" ], "PkgID": "brace-expansion@5.0.2", "PkgName": "brace-expansion", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/brace-expansion/package.json", "PkgIdentifier": { "PURL": "pkg:npm/brace-expansion@5.0.2", "UID": "93f8f2d909c1f962", "BOMRef": "97098168-bdc6-41c2-98b6-5027a485d40f" }, "InstalledVersion": "5.0.2", "FixedVersion": "5.0.5, 3.0.2, 2.0.3, 1.1.13", "Status": "fixed", "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:815ebae91c65055c068330309b0e9cba28ce53f832502f1b4d4afbc4c90022f1", "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33750", "https://github.com/juliangruber/brace-expansion", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", "https://github.com/juliangruber/brace-expansion/issues/98", "https://github.com/juliangruber/brace-expansion/pull/95", "https://github.com/juliangruber/brace-expansion/pull/96", "https://github.com/juliangruber/brace-expansion/pull/97", "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", "https://www.cve.org/CVERecord?id=CVE-2026-33750" ], "PublishedDate": "2026-03-27T15:16:57.297Z", "LastModifiedDate": "2026-03-30T13:26:29.793Z" }, { "VulnerabilityID": "CVE-2026-33750", "VendorIDs": [ "GHSA-f886-m6hf-6m8v" ], "PkgID": "brace-expansion@5.0.2", "PkgName": "brace-expansion", "PkgPath": "usr/local/lib/node_modules/glob/node_modules/brace-expansion/package.json", "PkgIdentifier": { "PURL": "pkg:npm/brace-expansion@5.0.2", "UID": "79a12c5d30fb35eb", "BOMRef": "99144d4b-5c98-4765-a062-7b867ae45d49" }, "InstalledVersion": "5.0.2", "FixedVersion": "5.0.5, 3.0.2, 2.0.3, 1.1.13", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:815ebae91c65055c068330309b0e9cba28ce53f832502f1b4d4afbc4c90022f1", "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33750", "https://github.com/juliangruber/brace-expansion", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", "https://github.com/juliangruber/brace-expansion/issues/98", "https://github.com/juliangruber/brace-expansion/pull/95", "https://github.com/juliangruber/brace-expansion/pull/96", "https://github.com/juliangruber/brace-expansion/pull/97", "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", "https://www.cve.org/CVERecord?id=CVE-2026-33750" ], "PublishedDate": "2026-03-27T15:16:57.297Z", "LastModifiedDate": "2026-03-30T13:26:29.793Z" }, { "VulnerabilityID": "CVE-2026-33750", "VendorIDs": [ "GHSA-f886-m6hf-6m8v" ], "PkgID": "brace-expansion@5.0.2", "PkgName": "brace-expansion", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/brace-expansion/package.json", "PkgIdentifier": { "PURL": "pkg:npm/brace-expansion@5.0.2", "UID": "e419d45a9b193bbf", "BOMRef": "be779907-b76d-4913-879e-bdb4565c3ea9" }, "InstalledVersion": "5.0.2", "FixedVersion": "5.0.5, 3.0.2, 2.0.3, 1.1.13", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:815ebae91c65055c068330309b0e9cba28ce53f832502f1b4d4afbc4c90022f1", "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33750", "https://github.com/juliangruber/brace-expansion", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", "https://github.com/juliangruber/brace-expansion/issues/98", "https://github.com/juliangruber/brace-expansion/pull/95", "https://github.com/juliangruber/brace-expansion/pull/96", "https://github.com/juliangruber/brace-expansion/pull/97", "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", "https://www.cve.org/CVERecord?id=CVE-2026-33750" ], "PublishedDate": "2026-03-27T15:16:57.297Z", "LastModifiedDate": "2026-03-30T13:26:29.793Z" }, { "VulnerabilityID": "CVE-2026-33750", "VendorIDs": [ "GHSA-f886-m6hf-6m8v" ], "PkgID": "brace-expansion@5.0.2", "PkgName": "brace-expansion", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/brace-expansion/package.json", "PkgIdentifier": { "PURL": "pkg:npm/brace-expansion@5.0.2", "UID": "c5e2c0dbf894aa2e", "BOMRef": "a5067bdf-01d6-4c19-a98c-2c3b1af34520" }, "InstalledVersion": "5.0.2", "FixedVersion": "5.0.5, 3.0.2, 2.0.3, 1.1.13", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:815ebae91c65055c068330309b0e9cba28ce53f832502f1b4d4afbc4c90022f1", "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33750", "https://github.com/juliangruber/brace-expansion", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", "https://github.com/juliangruber/brace-expansion/issues/98", "https://github.com/juliangruber/brace-expansion/pull/95", "https://github.com/juliangruber/brace-expansion/pull/96", "https://github.com/juliangruber/brace-expansion/pull/97", "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", "https://www.cve.org/CVERecord?id=CVE-2026-33750" ], "PublishedDate": "2026-03-27T15:16:57.297Z", "LastModifiedDate": "2026-03-30T13:26:29.793Z" }, { "VulnerabilityID": "CVE-2026-24001", "VendorIDs": [ "GHSA-73rr-hh4g-fpgx" ], "PkgID": "diff@8.0.2", "PkgName": "diff", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/diff/package.json", "PkgIdentifier": { "PURL": "pkg:npm/diff@8.0.2", "UID": "4e61212ff3ef82a7", "BOMRef": "pkg:npm/diff@8.0.2" }, "InstalledVersion": "8.0.2", "FixedVersion": "8.0.3, 5.2.2, 4.0.4, 3.5.1", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24001", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:b662062a3b909e87aa664ee2c4c2de0aecf19512c1c2e39b1fa53bd4152df149", "Title": "jsdiff: denial of service vulnerability in parsePatch and applyPatch", "Description": "jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters `\\r`, `\\u2028`, or `\\u2029` can cause the `parsePatch` method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore likely to be vulnerable to a denial-of-service attack if they call `parsePatch` with a user-provided patch as input. A large payload is not needed to trigger the vulnerability, so size limits on user input do not provide any protection. Furthermore, some applications may be vulnerable even when calling `parsePatch` on a patch generated by the application itself if the user is nonetheless able to control the filename headers (e.g. by directly providing the filenames of the files to be diffed). The `applyPatch` method is similarly affected if (and only if) called with a string representation of a patch as an argument, since under the hood it parses that string using `parsePatch`. Other methods of the library are unaffected. Finally, a second and lesser interdependent bug - a ReDOS - also exhibits when those same line break characters are present in a patch's *patch* header (also known as its \"leading garbage\"). A maliciously-crafted patch header of length *n* can take `parsePatch` O(*n*³) time to parse. Versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1 contain a fix. As a workaround, do not attempt to parse patches that contain any of these characters: `\\r`, `\\u2028`, or `\\u2029`.", "Severity": "LOW", "CweIDs": [ "CWE-400", "CWE-1333" ], "VendorSeverity": { "ghsa": 1, "nvd": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-24001", "https://github.com/kpdecker/jsdiff", "https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5", "https://github.com/kpdecker/jsdiff/issues/653", "https://github.com/kpdecker/jsdiff/pull/649", "https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx", "https://nvd.nist.gov/vuln/detail/CVE-2026-24001", "https://www.cve.org/CVERecord?id=CVE-2026-24001" ], "PublishedDate": "2026-01-22T03:15:47.627Z", "LastModifiedDate": "2026-03-04T15:23:41.347Z" }, { "VulnerabilityID": "CVE-2026-26996", "VendorIDs": [ "GHSA-3ppc-4f35-3m26" ], "PkgID": "minimatch@10.0.3", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "f54552a3275e2770", "BOMRef": "pkg:npm/minimatch@10.0.3" }, "InstalledVersion": "10.0.3", "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:3ef77044ef1ebb43807fc4d40f34b89a4a1f630ff2e90692c96c2396de7b8204", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26996", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@10.0.3", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "f54552a3275e2770", "BOMRef": "pkg:npm/minimatch@10.0.3" }, "InstalledVersion": "10.0.3", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:e3a059c7f994f4fc2d7980a6e36460c4e4c192ba3705c8a84f65eed60be2fc38", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@10.0.3", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "f54552a3275e2770", "BOMRef": "pkg:npm/minimatch@10.0.3" }, "InstalledVersion": "10.0.3", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:de88e8f014e0341fb8850f0074b4cddc03a308b9fe2abe1c7ed512590bf0cfe5", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@10.2.2", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.2.2", "UID": "bca8671b52ff7843", "BOMRef": "7a6cb20e-2a84-425d-b807-e940a7510a5c" }, "InstalledVersion": "10.2.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:fc43c18ce09dc55ed9640a452bc74b4a6c64957b80440637ab3b5e7c84252787", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@10.2.2", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.2.2", "UID": "965c58ad1cda7758", "BOMRef": "c03c668a-1b28-47db-adc6-8eaa4073e680" }, "InstalledVersion": "10.2.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:fc43c18ce09dc55ed9640a452bc74b4a6c64957b80440637ab3b5e7c84252787", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@10.2.2", "PkgName": "minimatch", "PkgPath": "usr/local/lib/node_modules/glob/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.2.2", "UID": "f64b16400ac6e482", "BOMRef": "42d9ca3c-6f59-47ab-9262-0f3d1f3f9189" }, "InstalledVersion": "10.2.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:fc43c18ce09dc55ed9640a452bc74b4a6c64957b80440637ab3b5e7c84252787", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@10.2.2", "PkgName": "minimatch", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.2.2", "UID": "5224cb15669dcfa0", "BOMRef": "50ac1116-6ec2-4aa7-997c-e020c60022d9" }, "InstalledVersion": "10.2.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:fc43c18ce09dc55ed9640a452bc74b4a6c64957b80440637ab3b5e7c84252787", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@10.2.2", "PkgName": "minimatch", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.2.2", "UID": "f26e3a50cde96202", "BOMRef": "e1482b60-c894-48a5-a64c-a5bb172f1d39" }, "InstalledVersion": "10.2.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:fc43c18ce09dc55ed9640a452bc74b4a6c64957b80440637ab3b5e7c84252787", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@10.2.2", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.2.2", "UID": "bca8671b52ff7843", "BOMRef": "7a6cb20e-2a84-425d-b807-e940a7510a5c" }, "InstalledVersion": "10.2.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:ce9b21661d094589da81f38474240c6b7cc785249c2ecaad9ee0b0bdf11f64be", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@10.2.2", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.2.2", "UID": "965c58ad1cda7758", "BOMRef": "c03c668a-1b28-47db-adc6-8eaa4073e680" }, "InstalledVersion": "10.2.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:ce9b21661d094589da81f38474240c6b7cc785249c2ecaad9ee0b0bdf11f64be", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@10.2.2", "PkgName": "minimatch", "PkgPath": "usr/local/lib/node_modules/glob/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.2.2", "UID": "f64b16400ac6e482", "BOMRef": "42d9ca3c-6f59-47ab-9262-0f3d1f3f9189" }, "InstalledVersion": "10.2.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:ce9b21661d094589da81f38474240c6b7cc785249c2ecaad9ee0b0bdf11f64be", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@10.2.2", "PkgName": "minimatch", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/glob/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.2.2", "UID": "5224cb15669dcfa0", "BOMRef": "50ac1116-6ec2-4aa7-997c-e020c60022d9" }, "InstalledVersion": "10.2.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:ce9b21661d094589da81f38474240c6b7cc785249c2ecaad9ee0b0bdf11f64be", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@10.2.2", "PkgName": "minimatch", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.2.2", "UID": "f26e3a50cde96202", "BOMRef": "e1482b60-c894-48a5-a64c-a5bb172f1d39" }, "InstalledVersion": "10.2.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:ce9b21661d094589da81f38474240c6b7cc785249c2ecaad9ee0b0bdf11f64be", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-26996", "VendorIDs": [ "GHSA-3ppc-4f35-3m26" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/models/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "bd2b63e4e1baf3d2", "BOMRef": "364d80f1-d07e-430e-a833-15ebddbefa9c" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:4df08e247b98ff0a129d69ca18fbecb5c041eea6d01ac05d4c75b5de6eb22ed6", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26996", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-26996", "VendorIDs": [ "GHSA-3ppc-4f35-3m26" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "51c465aced14da5c", "BOMRef": "aab2fdff-65ea-4125-ac27-8a039079dabc" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:4df08e247b98ff0a129d69ca18fbecb5c041eea6d01ac05d4c75b5de6eb22ed6", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26996", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/models/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "bd2b63e4e1baf3d2", "BOMRef": "364d80f1-d07e-430e-a833-15ebddbefa9c" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:22a353d99994d52ec4014598361d191bc910dd717159ef5460b4c5feda536b4e", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "51c465aced14da5c", "BOMRef": "aab2fdff-65ea-4125-ac27-8a039079dabc" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:22a353d99994d52ec4014598361d191bc910dd717159ef5460b4c5feda536b4e", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/models/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "bd2b63e4e1baf3d2", "BOMRef": "364d80f1-d07e-430e-a833-15ebddbefa9c" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:f7712b66150c2da11f017da8c8581d69ea0c522439dabde11c46cbbe01244389", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "51c465aced14da5c", "BOMRef": "aab2fdff-65ea-4125-ac27-8a039079dabc" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:f7712b66150c2da11f017da8c8581d69ea0c522439dabde11c46cbbe01244389", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-33671", "VendorIDs": [ "GHSA-c2c7-rcm5-vvqj" ], "PkgID": "picomatch@4.0.3", "PkgName": "picomatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tinyglobby/node_modules/picomatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "851180aaab3bc025", "BOMRef": "b7a01d3d-c364-4fd1-b7cc-c95b092593c0" }, "InstalledVersion": "4.0.3", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:207ad269915973ca2f23d010cda47be6c0642612083c33e920cc47d603f2821d", "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33671", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", "https://www.cve.org/CVERecord?id=CVE-2026-33671" ], "PublishedDate": "2026-03-26T22:16:30.21Z", "LastModifiedDate": "2026-04-01T13:45:11.687Z" }, { "VulnerabilityID": "CVE-2026-33671", "VendorIDs": [ "GHSA-c2c7-rcm5-vvqj" ], "PkgID": "picomatch@4.0.3", "PkgName": "picomatch", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/tinyglobby/node_modules/picomatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "7707d750ae38b468", "BOMRef": "5361791a-1edd-4cdc-b31b-c4348c4cc432" }, "InstalledVersion": "4.0.3", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:207ad269915973ca2f23d010cda47be6c0642612083c33e920cc47d603f2821d", "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33671", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", "https://www.cve.org/CVERecord?id=CVE-2026-33671" ], "PublishedDate": "2026-03-26T22:16:30.21Z", "LastModifiedDate": "2026-04-01T13:45:11.687Z" }, { "VulnerabilityID": "CVE-2026-33672", "VendorIDs": [ "GHSA-3v7f-55p6-f55p" ], "PkgID": "picomatch@4.0.3", "PkgName": "picomatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tinyglobby/node_modules/picomatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "851180aaab3bc025", "BOMRef": "b7a01d3d-c364-4fd1-b7cc-c95b092593c0" }, "InstalledVersion": "4.0.3", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:2f6677f54143717bdb7617fbb22baa2470965a5f811541d2db8e4696d970e0cc", "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33672", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", "https://www.cve.org/CVERecord?id=CVE-2026-33672" ], "PublishedDate": "2026-03-26T22:16:30.387Z", "LastModifiedDate": "2026-04-01T13:44:53.397Z" }, { "VulnerabilityID": "CVE-2026-33672", "VendorIDs": [ "GHSA-3v7f-55p6-f55p" ], "PkgID": "picomatch@4.0.3", "PkgName": "picomatch", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/tinyglobby/node_modules/picomatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "7707d750ae38b468", "BOMRef": "5361791a-1edd-4cdc-b31b-c4348c4cc432" }, "InstalledVersion": "4.0.3", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:2f6677f54143717bdb7617fbb22baa2470965a5f811541d2db8e4696d970e0cc", "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33672", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", "https://www.cve.org/CVERecord?id=CVE-2026-33672" ], "PublishedDate": "2026-03-26T22:16:30.387Z", "LastModifiedDate": "2026-04-01T13:44:53.397Z" }, { "VulnerabilityID": "CVE-2026-26960", "VendorIDs": [ "GHSA-83g3-92jg-28cx" ], "PkgID": "tar@7.5.7", "PkgName": "tar", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "814e03c6b8c18e81", "BOMRef": "911b16a9-74cb-4ac9-9d33-17917b41d679" }, "InstalledVersion": "7.5.7", "FixedVersion": "7.5.8", "Status": "fixed", "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:c5aa02f8289e92a57b14ac85f1982b37721b67cda5af12979a02ce65918ad8a2", "Title": "tar: node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26960", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", "https://www.cve.org/CVERecord?id=CVE-2026-26960" ], "PublishedDate": "2026-02-20T02:16:53.883Z", "LastModifiedDate": "2026-02-20T19:24:16.537Z" }, { "VulnerabilityID": "CVE-2026-26960", "VendorIDs": [ "GHSA-83g3-92jg-28cx" ], "PkgID": "tar@7.5.7", "PkgName": "tar", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "4c27583363a37953", "BOMRef": "a18b70fc-e0cd-49da-b3cd-99feccaa63da" }, "InstalledVersion": "7.5.7", "FixedVersion": "7.5.8", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:c5aa02f8289e92a57b14ac85f1982b37721b67cda5af12979a02ce65918ad8a2", "Title": "tar: node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26960", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", "https://www.cve.org/CVERecord?id=CVE-2026-26960" ], "PublishedDate": "2026-02-20T02:16:53.883Z", "LastModifiedDate": "2026-02-20T19:24:16.537Z" }, { "VulnerabilityID": "CVE-2026-26960", "VendorIDs": [ "GHSA-83g3-92jg-28cx" ], "PkgID": "tar@7.5.7", "PkgName": "tar", "PkgPath": "usr/local/lib/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "c876bcf0a9290b5c", "BOMRef": "6607b329-4f70-4fed-bffd-c2a56b0d95b1" }, "InstalledVersion": "7.5.7", "FixedVersion": "7.5.8", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:c5aa02f8289e92a57b14ac85f1982b37721b67cda5af12979a02ce65918ad8a2", "Title": "tar: node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26960", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", "https://www.cve.org/CVERecord?id=CVE-2026-26960" ], "PublishedDate": "2026-02-20T02:16:53.883Z", "LastModifiedDate": "2026-02-20T19:24:16.537Z" }, { "VulnerabilityID": "CVE-2026-29786", "VendorIDs": [ "GHSA-qffp-2rhf-9h96" ], "PkgID": "tar@7.5.7", "PkgName": "tar", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "814e03c6b8c18e81", "BOMRef": "911b16a9-74cb-4ac9-9d33-17917b41d679" }, "InstalledVersion": "7.5.7", "FixedVersion": "7.5.10", "Status": "fixed", "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:bed433fab1760aa538cc5bf1095beff3dbcc487baa825e0523e252d5e707816e", "Title": "node-tar: hardlink path traversal via drive-relative linkpath", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29786", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", "https://www.cve.org/CVERecord?id=CVE-2026-29786" ], "PublishedDate": "2026-03-07T16:15:55.587Z", "LastModifiedDate": "2026-03-11T21:50:01.91Z" }, { "VulnerabilityID": "CVE-2026-29786", "VendorIDs": [ "GHSA-qffp-2rhf-9h96" ], "PkgID": "tar@7.5.7", "PkgName": "tar", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "4c27583363a37953", "BOMRef": "a18b70fc-e0cd-49da-b3cd-99feccaa63da" }, "InstalledVersion": "7.5.7", "FixedVersion": "7.5.10", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:bed433fab1760aa538cc5bf1095beff3dbcc487baa825e0523e252d5e707816e", "Title": "node-tar: hardlink path traversal via drive-relative linkpath", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29786", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", "https://www.cve.org/CVERecord?id=CVE-2026-29786" ], "PublishedDate": "2026-03-07T16:15:55.587Z", "LastModifiedDate": "2026-03-11T21:50:01.91Z" }, { "VulnerabilityID": "CVE-2026-29786", "VendorIDs": [ "GHSA-qffp-2rhf-9h96" ], "PkgID": "tar@7.5.7", "PkgName": "tar", "PkgPath": "usr/local/lib/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "c876bcf0a9290b5c", "BOMRef": "6607b329-4f70-4fed-bffd-c2a56b0d95b1" }, "InstalledVersion": "7.5.7", "FixedVersion": "7.5.10", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:bed433fab1760aa538cc5bf1095beff3dbcc487baa825e0523e252d5e707816e", "Title": "node-tar: hardlink path traversal via drive-relative linkpath", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29786", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", "https://www.cve.org/CVERecord?id=CVE-2026-29786" ], "PublishedDate": "2026-03-07T16:15:55.587Z", "LastModifiedDate": "2026-03-11T21:50:01.91Z" }, { "VulnerabilityID": "CVE-2026-31802", "VendorIDs": [ "GHSA-9ppj-qmqm-q256" ], "PkgID": "tar@7.5.7", "PkgName": "tar", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "814e03c6b8c18e81", "BOMRef": "911b16a9-74cb-4ac9-9d33-17917b41d679" }, "InstalledVersion": "7.5.7", "FixedVersion": "7.5.11", "Status": "fixed", "Layer": { "Digest": "sha256:1f871db8ed9b8f86fb3b2a3492e64e33a84ce95b1100a0dc7930e111a131a414", "DiffID": "sha256:aae42a3af3d8a08548e2a75e71ce3e894be0ea76f6d2a18004a674049bc1c413" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31802", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:cd23fde44f95b6dc78cb3da0979cec915c73f81c9cb21f5e49e3d861dff7e8d2", "Title": "tar: tar: File overwrite via drive-relative symlink traversal", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "ghsa": 3, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31802", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad", "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256", "https://nvd.nist.gov/vuln/detail/CVE-2026-31802", "https://www.cve.org/CVERecord?id=CVE-2026-31802" ], "PublishedDate": "2026-03-10T07:44:58.02Z", "LastModifiedDate": "2026-03-18T18:13:34.703Z" }, { "VulnerabilityID": "CVE-2026-31802", "VendorIDs": [ "GHSA-9ppj-qmqm-q256" ], "PkgID": "tar@7.5.7", "PkgName": "tar", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "4c27583363a37953", "BOMRef": "a18b70fc-e0cd-49da-b3cd-99feccaa63da" }, "InstalledVersion": "7.5.7", "FixedVersion": "7.5.11", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31802", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:cd23fde44f95b6dc78cb3da0979cec915c73f81c9cb21f5e49e3d861dff7e8d2", "Title": "tar: tar: File overwrite via drive-relative symlink traversal", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "ghsa": 3, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31802", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad", "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256", "https://nvd.nist.gov/vuln/detail/CVE-2026-31802", "https://www.cve.org/CVERecord?id=CVE-2026-31802" ], "PublishedDate": "2026-03-10T07:44:58.02Z", "LastModifiedDate": "2026-03-18T18:13:34.703Z" }, { "VulnerabilityID": "CVE-2026-31802", "VendorIDs": [ "GHSA-9ppj-qmqm-q256" ], "PkgID": "tar@7.5.7", "PkgName": "tar", "PkgPath": "usr/local/lib/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "c876bcf0a9290b5c", "BOMRef": "6607b329-4f70-4fed-bffd-c2a56b0d95b1" }, "InstalledVersion": "7.5.7", "FixedVersion": "7.5.11", "Status": "fixed", "Layer": { "Digest": "sha256:f6532b044b7e9800c264c3881c42aed30a4a5532e05aa8b63f9a2f97b18dc16b", "DiffID": "sha256:cd06607555b2850e34f61b8581dda7ed76e13fc08994cbbf7dadab3e80d75463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31802", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:cd23fde44f95b6dc78cb3da0979cec915c73f81c9cb21f5e49e3d861dff7e8d2", "Title": "tar: tar: File overwrite via drive-relative symlink traversal", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "ghsa": 3, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31802", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad", "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256", "https://nvd.nist.gov/vuln/detail/CVE-2026-31802", "https://www.cve.org/CVERecord?id=CVE-2026-31802" ], "PublishedDate": "2026-03-10T07:44:58.02Z", "LastModifiedDate": "2026-03-18T18:13:34.703Z" } ] }, { "Target": "Python", "Class": "lang-pkgs", "Type": "python-pkg", "Packages": [ { "ID": "APScheduler@3.10.4", "Name": "APScheduler", "Identifier": { "PURL": "pkg:pypi/apscheduler@3.10.4", "UID": "71e2604d34d12b11", "BOMRef": "pkg:pypi/apscheduler@3.10.4" }, "Version": "3.10.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/APScheduler-3.10.4.dist-info/METADATA", "Digest": "sha1:3c645283c329748c21fee30a0a21ea492988d52f" }, { "ID": "Deprecated@1.3.1", "Name": "Deprecated", "Identifier": { "PURL": "pkg:pypi/deprecated@1.3.1", "UID": "14007f3694a2782e", "BOMRef": "pkg:pypi/deprecated@1.3.1" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/deprecated-1.3.1.dist-info/METADATA", "Digest": "sha1:109990e0106e9872d6bf3486d1fa574730d1c717" }, { "ID": "Jinja2@3.1.6", "Name": "Jinja2", "Identifier": { "PURL": "pkg:pypi/jinja2@3.1.6", "UID": "b96a71cb57090fe5", "BOMRef": "pkg:pypi/jinja2@3.1.6" }, "Version": "3.1.6", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/jinja2-3.1.6.dist-info/METADATA", "Digest": "sha1:01c4dcfd579104dd8f5b937e1511e9371b4367d3" }, { "ID": "MarkupSafe@3.0.3", "Name": "MarkupSafe", "Identifier": { "PURL": "pkg:pypi/markupsafe@3.0.3", "UID": "ad66772cbf13b716", "BOMRef": "pkg:pypi/markupsafe@3.0.3" }, "Version": "3.0.3", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/markupsafe-3.0.3.dist-info/METADATA", "Digest": "sha1:8ada20dd783a9961d87701f2cd25b0880f23993e" }, { "ID": "PyJWT@2.9.0", "Name": "PyJWT", "Identifier": { "PURL": "pkg:pypi/pyjwt@2.9.0", "UID": "c74092a617cc1cb6", "BOMRef": "pkg:pypi/pyjwt@2.9.0" }, "Version": "2.9.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:d5be1d45c7399995acc4b68911943356bb688092254d9a5bcdbf990e8dc33494", "DiffID": "sha256:4c3d1b778c7b9dc9a2737fe74d15535496ba7a69d746b0f0b4b89164d85dfcc2" }, "FilePath": "usr/lib/python3.13/site-packages/PyJWT-2.9.0.dist-info/METADATA", "Digest": "sha1:e0c7615c40e2db2aa26d42a9cedcb8ba8b7376a5" }, { "ID": "PyNaCl@1.6.2", "Name": "PyNaCl", "Identifier": { "PURL": "pkg:pypi/pynacl@1.6.2", "UID": "fe25b2e28d208fc7", "BOMRef": "pkg:pypi/pynacl@1.6.2" }, "Version": "1.6.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/pynacl-1.6.2.dist-info/METADATA", "Digest": "sha1:51eed4f0f5e4d39bc532c4157c5a3982308b842c" }, { "ID": "PyYAML@6.0.2", "Name": "PyYAML", "Identifier": { "PURL": "pkg:pypi/pyyaml@6.0.2", "UID": "364d7da86991af1a", "BOMRef": "pkg:pypi/pyyaml@6.0.2" }, "Version": "6.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/PyYAML-6.0.2.dist-info/METADATA", "Digest": "sha1:019874e22eba3861f59a9ab72f17f58e8b504cf4" }, { "ID": "Pygments@2.19.2", "Name": "Pygments", "Identifier": { "PURL": "pkg:pypi/pygments@2.19.2", "UID": "6e9778d40ba9b4", "BOMRef": "pkg:pypi/pygments@2.19.2" }, "Version": "2.19.2", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/pygments-2.19.2.dist-info/METADATA", "Digest": "sha1:afee6b8cae57db32719d0559389750d7923f0605" }, { "ID": "Werkzeug@3.1.6", "Name": "Werkzeug", "Identifier": { "PURL": "pkg:pypi/werkzeug@3.1.6", "UID": "88dc6c8010ad13b5", "BOMRef": "pkg:pypi/werkzeug@3.1.6" }, "Version": "3.1.6", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/werkzeug-3.1.6.dist-info/METADATA", "Digest": "sha1:009a319320a3a8823025adcbb66babf581a30e3e" }, { "ID": "a2a-sdk@0.3.24", "Name": "a2a-sdk", "Identifier": { "PURL": "pkg:pypi/a2a-sdk@0.3.24", "UID": "5d130e997ba238f2", "BOMRef": "pkg:pypi/a2a-sdk@0.3.24" }, "Version": "0.3.24", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/a2a_sdk-0.3.24.dist-info/METADATA", "Digest": "sha1:84b66f1657f33e3448649e936ca3d127225232bf" }, { "ID": "aioboto3@15.5.0", "Name": "aioboto3", "Identifier": { "PURL": "pkg:pypi/aioboto3@15.5.0", "UID": "66b774b412c1a8c2", "BOMRef": "pkg:pypi/aioboto3@15.5.0" }, "Version": "15.5.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/aioboto3-15.5.0.dist-info/METADATA", "Digest": "sha1:ffd08838a16b51a1cb1807dde93c8b0f990244f5" }, { "ID": "aiobotocore@2.25.1", "Name": "aiobotocore", "Identifier": { "PURL": "pkg:pypi/aiobotocore@2.25.1", "UID": "b75c291c8adce47", "BOMRef": "pkg:pypi/aiobotocore@2.25.1" }, "Version": "2.25.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/aiobotocore-2.25.1.dist-info/METADATA", "Digest": "sha1:ba7a88ae15a977227d960e17f3cbdb740f04fbfe" }, { "ID": "aiofiles@24.1.0", "Name": "aiofiles", "Identifier": { "PURL": "pkg:pypi/aiofiles@24.1.0", "UID": "6a4410141b08556e", "BOMRef": "pkg:pypi/aiofiles@24.1.0" }, "Version": "24.1.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:84e1d9451ac775307dfc54270f11af4c5966d7061f1bdc3ee978d7dcd67da94a", "DiffID": "sha256:835cf21d218d6b0e080162f453686b5c0e24b109874e66d8794efedd918cebc1" }, "FilePath": "usr/lib/python3.13/site-packages/aiofiles-24.1.0.dist-info/METADATA", "Digest": "sha1:1fee4c4fef706c9737b9ce8e245bbd8dae4e4d16" }, { "ID": "aiohappyeyeballs@2.6.1", "Name": "aiohappyeyeballs", "Identifier": { "PURL": "pkg:pypi/aiohappyeyeballs@2.6.1", "UID": "edd5196af3328f45", "BOMRef": "pkg:pypi/aiohappyeyeballs@2.6.1" }, "Version": "2.6.1", "Licenses": [ "Python-Software-Foundation-License" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/aiohappyeyeballs-2.6.1.dist-info/METADATA", "Digest": "sha1:01343f4e8b1584084c09e049bd83675272d9e757" }, { "ID": "aiohttp@3.13.3", "Name": "aiohttp", "Identifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "2d0df7a607f6cb23", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "Version": "3.13.3", "Licenses": [ "Apache-2.0 AND MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "Digest": "sha1:63d65762ed8ded0c65362a1b04e4245d6ab9f170" }, { "ID": "aioitertools@0.13.0", "Name": "aioitertools", "Identifier": { "PURL": "pkg:pypi/aioitertools@0.13.0", "UID": "5111634c0b8c25e9", "BOMRef": "pkg:pypi/aioitertools@0.13.0" }, "Version": "0.13.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/aioitertools-0.13.0.dist-info/METADATA", "Digest": "sha1:110d571c90f132b20fc32b46c28c3c95b1c7aa94" }, { "ID": "aiosignal@1.4.0", "Name": "aiosignal", "Identifier": { "PURL": "pkg:pypi/aiosignal@1.4.0", "UID": "c8ca2626a7c71c03", "BOMRef": "pkg:pypi/aiosignal@1.4.0" }, "Version": "1.4.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/aiosignal-1.4.0.dist-info/METADATA", "Digest": "sha1:8752e41cfbbc924405ef6bf9a9ff761cb9a6dbe3" }, { "ID": "annotated-doc@0.0.4", "Name": "annotated-doc", "Identifier": { "PURL": "pkg:pypi/annotated-doc@0.0.4", "UID": "213510fa0d3b310e", "BOMRef": "pkg:pypi/annotated-doc@0.0.4" }, "Version": "0.0.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/annotated_doc-0.0.4.dist-info/METADATA", "Digest": "sha1:24d32962e4742a901653d9fe5563c40221ddc6fa" }, { "ID": "annotated-types@0.7.0", "Name": "annotated-types", "Identifier": { "PURL": "pkg:pypi/annotated-types@0.7.0", "UID": "d21678ab1c4af7a5", "BOMRef": "pkg:pypi/annotated-types@0.7.0" }, "Version": "0.7.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/annotated_types-0.7.0.dist-info/METADATA", "Digest": "sha1:b11011181822ac765c9f66c8aa42c26952de6a96" }, { "ID": "anthropic@0.54.0", "Name": "anthropic", "Identifier": { "PURL": "pkg:pypi/anthropic@0.54.0", "UID": "2afd33ca782ae1e1", "BOMRef": "pkg:pypi/anthropic@0.54.0" }, "Version": "0.54.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/anthropic-0.54.0.dist-info/METADATA", "Digest": "sha1:7f700d1b4730958f468871fb28a2f4d416f8ed20" }, { "ID": "anyio@4.8.0", "Name": "anyio", "Identifier": { "PURL": "pkg:pypi/anyio@4.8.0", "UID": "92698e91909957e6", "BOMRef": "pkg:pypi/anyio@4.8.0" }, "Version": "4.8.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/anyio-4.8.0.dist-info/METADATA", "Digest": "sha1:12b3a6bb5ce68bac1fe5abd01d80d367c0688db2" }, { "ID": "async-generator@1.10", "Name": "async-generator", "Identifier": { "PURL": "pkg:pypi/async-generator@1.10", "UID": "5f8a6b5c7b83605a", "BOMRef": "pkg:pypi/async-generator@1.10" }, "Version": "1.10", "Licenses": [ "MIT", "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/async_generator-1.10.dist-info/METADATA", "Digest": "sha1:f4fa19d3f3bef3e3604acc54b00e8b8c50ad31c0" }, { "ID": "attrs@25.4.0", "Name": "attrs", "Identifier": { "PURL": "pkg:pypi/attrs@25.4.0", "UID": "f345ed3c22a91c8c", "BOMRef": "pkg:pypi/attrs@25.4.0" }, "Version": "25.4.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/attrs-25.4.0.dist-info/METADATA", "Digest": "sha1:9e593ab8f12d14d819a81ca9c41b9df0b4864a59" }, { "ID": "aurelio-sdk@0.0.19", "Name": "aurelio-sdk", "Identifier": { "PURL": "pkg:pypi/aurelio-sdk@0.0.19", "UID": "cb759b0b39d5e81d", "BOMRef": "pkg:pypi/aurelio-sdk@0.0.19" }, "Version": "0.0.19", "Layer": { "Digest": "sha256:84e1d9451ac775307dfc54270f11af4c5966d7061f1bdc3ee978d7dcd67da94a", "DiffID": "sha256:835cf21d218d6b0e080162f453686b5c0e24b109874e66d8794efedd918cebc1" }, "FilePath": "usr/lib/python3.13/site-packages/aurelio_sdk-0.0.19.dist-info/METADATA", "Digest": "sha1:bfe4c91a1633b0aa53f4fd1c5bd9f0e22eedfb7a" }, { "ID": "azure-ai-contentsafety@1.0.0", "Name": "azure-ai-contentsafety", "Identifier": { "PURL": "pkg:pypi/azure-ai-contentsafety@1.0.0", "UID": "e1e7bd26ea47fef2", "BOMRef": "pkg:pypi/azure-ai-contentsafety@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/azure_ai_contentsafety-1.0.0.dist-info/METADATA", "Digest": "sha1:45cc94c9f0a17e313b00a13f7b0f9682654e0feb" }, { "ID": "azure-core@1.38.2", "Name": "azure-core", "Identifier": { "PURL": "pkg:pypi/azure-core@1.38.2", "UID": "5e7066bba2e1c7d2", "BOMRef": "pkg:pypi/azure-core@1.38.2" }, "Version": "1.38.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/azure_core-1.38.2.dist-info/METADATA", "Digest": "sha1:ed537c8e4239709c13f2010e79c9e95dfa85046b" }, { "ID": "azure-identity@1.16.1", "Name": "azure-identity", "Identifier": { "PURL": "pkg:pypi/azure-identity@1.16.1", "UID": "6375474f829d32ae", "BOMRef": "pkg:pypi/azure-identity@1.16.1" }, "Version": "1.16.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/azure_identity-1.16.1.dist-info/METADATA", "Digest": "sha1:68fdde1864f6c107e1306f736d9b5fefa2acf3a1" }, { "ID": "azure-keyvault@4.2.0", "Name": "azure-keyvault", "Identifier": { "PURL": "pkg:pypi/azure-keyvault@4.2.0", "UID": "7928f1640820326f", "BOMRef": "pkg:pypi/azure-keyvault@4.2.0" }, "Version": "4.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/azure_keyvault-4.2.0.dist-info/METADATA", "Digest": "sha1:5da0d813613844740604dfa0c820222a54853a3a" }, { "ID": "azure-keyvault-certificates@4.10.0", "Name": "azure-keyvault-certificates", "Identifier": { "PURL": "pkg:pypi/azure-keyvault-certificates@4.10.0", "UID": "f1559dbf3f396bf3", "BOMRef": "pkg:pypi/azure-keyvault-certificates@4.10.0" }, "Version": "4.10.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/azure_keyvault_certificates-4.10.0.dist-info/METADATA", "Digest": "sha1:8227ff63178e8f5a07e66f234d8c296b189f855b" }, { "ID": "azure-keyvault-keys@4.11.0", "Name": "azure-keyvault-keys", "Identifier": { "PURL": "pkg:pypi/azure-keyvault-keys@4.11.0", "UID": "822b2e1fc5c8c3b4", "BOMRef": "pkg:pypi/azure-keyvault-keys@4.11.0" }, "Version": "4.11.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/azure_keyvault_keys-4.11.0.dist-info/METADATA", "Digest": "sha1:61e25dca1cb98e731337b756f4e1bb129413c496" }, { "ID": "azure-keyvault-secrets@4.10.0", "Name": "azure-keyvault-secrets", "Identifier": { "PURL": "pkg:pypi/azure-keyvault-secrets@4.10.0", "UID": "4626f3a6e9a41aa0", "BOMRef": "pkg:pypi/azure-keyvault-secrets@4.10.0" }, "Version": "4.10.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/azure_keyvault_secrets-4.10.0.dist-info/METADATA", "Digest": "sha1:5a8061494c1c50c49fa47eace47c117fe193a0b4" }, { "ID": "azure-storage-blob@12.28.0", "Name": "azure-storage-blob", "Identifier": { "PURL": "pkg:pypi/azure-storage-blob@12.28.0", "UID": "f3ae1701f608b8fe", "BOMRef": "pkg:pypi/azure-storage-blob@12.28.0" }, "Version": "12.28.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/azure_storage_blob-12.28.0.dist-info/METADATA", "Digest": "sha1:20e7abbd2536ed3374cf440f144cf9ca5c0fb098" }, { "ID": "azure-storage-file-datalake@12.20.0", "Name": "azure-storage-file-datalake", "Identifier": { "PURL": "pkg:pypi/azure-storage-file-datalake@12.20.0", "UID": "f283ca9215a947c5", "BOMRef": "pkg:pypi/azure-storage-file-datalake@12.20.0" }, "Version": "12.20.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/azure_storage_file_datalake-12.20.0.dist-info/METADATA", "Digest": "sha1:cc8ebe204539019788e04a26f2510c35575928c2" }, { "ID": "backoff@2.2.1", "Name": "backoff", "Identifier": { "PURL": "pkg:pypi/backoff@2.2.1", "UID": "346331c1676f4640", "BOMRef": "pkg:pypi/backoff@2.2.1" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/backoff-2.2.1.dist-info/METADATA", "Digest": "sha1:ea8b96e2947c9fed16b9c4075c30113fe09fac98" }, { "ID": "boto3@1.40.53", "Name": "boto3", "Identifier": { "PURL": "pkg:pypi/boto3@1.40.53", "UID": "1b653a037f3d03ec", "BOMRef": "pkg:pypi/boto3@1.40.53" }, "Version": "1.40.53", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/boto3-1.40.53.dist-info/METADATA", "Digest": "sha1:c3cd02ceff510cd405a1b3690f7bf4d54939faf8" }, { "ID": "botocore@1.40.61", "Name": "botocore", "Identifier": { "PURL": "pkg:pypi/botocore@1.40.61", "UID": "794c0bfea8e686e", "BOMRef": "pkg:pypi/botocore@1.40.61" }, "Version": "1.40.61", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/botocore-1.40.61.dist-info/METADATA", "Digest": "sha1:c384355d82af3168472f016558ed2f2e1c77cb85" }, { "ID": "bytecode@0.17.0", "Name": "bytecode", "Identifier": { "PURL": "pkg:pypi/bytecode@0.17.0", "UID": "792a0e6ae155a765", "BOMRef": "pkg:pypi/bytecode@0.17.0" }, "Version": "0.17.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/bytecode-0.17.0.dist-info/METADATA", "Digest": "sha1:65fc4772a46510a0f6186e951e866f5e306a8122" }, { "ID": "certifi@2026.1.4", "Name": "certifi", "Identifier": { "PURL": "pkg:pypi/certifi@2026.1.4", "UID": "f9379ac776a7635b", "BOMRef": "pkg:pypi/certifi@2026.1.4" }, "Version": "2026.1.4", "Licenses": [ "MPL-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/certifi-2026.1.4.dist-info/METADATA", "Digest": "sha1:fac3d36143e733dcfc1d3255e3321dd98f4376cc" }, { "ID": "cffi@2.0.0", "Name": "cffi", "Identifier": { "PURL": "pkg:pypi/cffi@2.0.0", "UID": "8a393739762b0ce0", "BOMRef": "pkg:pypi/cffi@2.0.0" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/cffi-2.0.0.dist-info/METADATA", "Digest": "sha1:87e9c9d276c4f4c31f5a314d6a5472f45655674c" }, { "ID": "charset-normalizer@3.4.4", "Name": "charset-normalizer", "Identifier": { "PURL": "pkg:pypi/charset-normalizer@3.4.4", "UID": "54fd4bb9a5f5e0c2", "BOMRef": "pkg:pypi/charset-normalizer@3.4.4" }, "Version": "3.4.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/charset_normalizer-3.4.4.dist-info/METADATA", "Digest": "sha1:b4512da50486c7909da3992f8d8b67052b9fc03e" }, { "ID": "click@8.1.7", "Name": "click", "Identifier": { "PURL": "pkg:pypi/click@8.1.7", "UID": "57d541ef86a3b934", "BOMRef": "pkg:pypi/click@8.1.7" }, "Version": "8.1.7", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/click-8.1.7.dist-info/METADATA", "Digest": "sha1:5c33361d71534572b6d2d3edd15ac9bad78b59c6" }, { "ID": "coloredlogs@15.0.1", "Name": "coloredlogs", "Identifier": { "PURL": "pkg:pypi/coloredlogs@15.0.1", "UID": "3e4c942f08dafd24", "BOMRef": "pkg:pypi/coloredlogs@15.0.1" }, "Version": "15.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/coloredlogs-15.0.1.dist-info/METADATA", "Digest": "sha1:79d72bae2e23b677e384dedda06c6e922912aac1" }, { "ID": "colorlog@6.10.1", "Name": "colorlog", "Identifier": { "PURL": "pkg:pypi/colorlog@6.10.1", "UID": "23f37b3bd33e4bce", "BOMRef": "pkg:pypi/colorlog@6.10.1" }, "Version": "6.10.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:84e1d9451ac775307dfc54270f11af4c5966d7061f1bdc3ee978d7dcd67da94a", "DiffID": "sha256:835cf21d218d6b0e080162f453686b5c0e24b109874e66d8794efedd918cebc1" }, "FilePath": "usr/lib/python3.13/site-packages/colorlog-6.10.1.dist-info/METADATA", "Digest": "sha1:1e483d118fd419ad747606c4077726b5c4eb324e" }, { "ID": "cryptography@46.0.5", "Name": "cryptography", "Identifier": { "PURL": "pkg:pypi/cryptography@46.0.5", "UID": "15ad7a115926c372", "BOMRef": "pkg:pypi/cryptography@46.0.5" }, "Version": "46.0.5", "Licenses": [ "Apache-2.0 OR BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/cryptography-46.0.5.dist-info/METADATA", "Digest": "sha1:bb40494ca8c495e6edf1214d419d44d57ad11f23" }, { "ID": "ddtrace@2.19.0", "Name": "ddtrace", "Identifier": { "PURL": "pkg:pypi/ddtrace@2.19.0", "UID": "34f2179f361f017a", "BOMRef": "pkg:pypi/ddtrace@2.19.0" }, "Version": "2.19.0", "Licenses": [ "LICENSE.BSD3" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/ddtrace-2.19.0.dist-info/METADATA", "Digest": "sha1:2ebcd7579775a117bf5f63f482aaee4629f69fe4" }, { "ID": "detect-secrets@1.5.0", "Name": "detect-secrets", "Identifier": { "PURL": "pkg:pypi/detect-secrets@1.5.0", "UID": "599e8f09f8251f73", "BOMRef": "pkg:pypi/detect-secrets@1.5.0" }, "Version": "1.5.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/detect_secrets-1.5.0.dist-info/METADATA", "Digest": "sha1:7d1969bbb2f0319f127b480fe77211aa27750fe0" }, { "ID": "distro@1.9.0", "Name": "distro", "Identifier": { "PURL": "pkg:pypi/distro@1.9.0", "UID": "59848b8fbd19c080", "BOMRef": "pkg:pypi/distro@1.9.0" }, "Version": "1.9.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/distro-1.9.0.dist-info/METADATA", "Digest": "sha1:ce14620cf14e15a64d2ff574796543f99619e7f3" }, { "ID": "dnspython@2.8.0", "Name": "dnspython", "Identifier": { "PURL": "pkg:pypi/dnspython@2.8.0", "UID": "1f8b6c73fb4fdeb8", "BOMRef": "pkg:pypi/dnspython@2.8.0" }, "Version": "2.8.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/dnspython-2.8.0.dist-info/METADATA", "Digest": "sha1:360d6b80b919fa0fc9e41d101229c937531c4eae" }, { "ID": "docstring_parser@0.17.0", "Name": "docstring_parser", "Identifier": { "PURL": "pkg:pypi/docstring-parser@0.17.0", "UID": "7795154f23cedbb1", "BOMRef": "pkg:pypi/docstring-parser@0.17.0" }, "Version": "0.17.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/docstring_parser-0.17.0.dist-info/METADATA", "Digest": "sha1:323acb9780928a71e223759cfc8be2793bec7072" }, { "ID": "email-validator@2.3.0", "Name": "email-validator", "Identifier": { "PURL": "pkg:pypi/email-validator@2.3.0", "UID": "353f4fcb707ffefa", "BOMRef": "pkg:pypi/email-validator@2.3.0" }, "Version": "2.3.0", "Licenses": [ "Unlicense" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/email_validator-2.3.0.dist-info/METADATA", "Digest": "sha1:8142c15247202bec284e8950c96b7f43b35ca5bc" }, { "ID": "envier@0.6.1", "Name": "envier", "Identifier": { "PURL": "pkg:pypi/envier@0.6.1", "UID": "c33a47bfec03610f", "BOMRef": "pkg:pypi/envier@0.6.1" }, "Version": "0.6.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/envier-0.6.1.dist-info/METADATA", "Digest": "sha1:ecb20fe2699b6e8934bacad17926b535edc4ec40" }, { "ID": "fastapi@0.120.1", "Name": "fastapi", "Identifier": { "PURL": "pkg:pypi/fastapi@0.120.1", "UID": "d7a702dc6eaa6579", "BOMRef": "pkg:pypi/fastapi@0.120.1" }, "Version": "0.120.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/fastapi-0.120.1.dist-info/METADATA", "Digest": "sha1:dea486b90696587ab48cbda958327ec048f93eb3" }, { "ID": "fastapi-sso@0.19.0", "Name": "fastapi-sso", "Identifier": { "PURL": "pkg:pypi/fastapi-sso@0.19.0", "UID": "71c41c1a54473d38", "BOMRef": "pkg:pypi/fastapi-sso@0.19.0" }, "Version": "0.19.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/fastapi_sso-0.19.0.dist-info/METADATA", "Digest": "sha1:f08f145ee8c7c5c113436e3ba3fb8f1081e8a6fc" }, { "ID": "fastuuid@0.13.5", "Name": "fastuuid", "Identifier": { "PURL": "pkg:pypi/fastuuid@0.13.5", "UID": "411bf72477ae4da6", "BOMRef": "pkg:pypi/fastuuid@0.13.5" }, "Version": "0.13.5", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/fastuuid-0.13.5.dist-info/METADATA", "Digest": "sha1:589a21152a88244902586741669f828037c88a4f" }, { "ID": "filelock@3.24.3", "Name": "filelock", "Identifier": { "PURL": "pkg:pypi/filelock@3.24.3", "UID": "2c50316c1a1b1d85", "BOMRef": "pkg:pypi/filelock@3.24.3" }, "Version": "3.24.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/filelock-3.24.3.dist-info/METADATA", "Digest": "sha1:6c9686f542a1ba8f10bad8e5ba9b13c5f18a97a7" }, { "ID": "frozenlist@1.8.0", "Name": "frozenlist", "Identifier": { "PURL": "pkg:pypi/frozenlist@1.8.0", "UID": "4e933d1aaf901e46", "BOMRef": "pkg:pypi/frozenlist@1.8.0" }, "Version": "1.8.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/frozenlist-1.8.0.dist-info/METADATA", "Digest": "sha1:4a37873aab1c5eaffcecd2aa93be12e9e4b2a19c" }, { "ID": "fsspec@2026.2.0", "Name": "fsspec", "Identifier": { "PURL": "pkg:pypi/fsspec@2026.2.0", "UID": "80406925f00b27d5", "BOMRef": "pkg:pypi/fsspec@2026.2.0" }, "Version": "2026.2.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/fsspec-2026.2.0.dist-info/METADATA", "Digest": "sha1:cd54bba9ec98bc422bda0b342e83ea43099aa174" }, { "ID": "google-api-core@2.30.0", "Name": "google-api-core", "Identifier": { "PURL": "pkg:pypi/google-api-core@2.30.0", "UID": "dace0e2b0c382542", "BOMRef": "pkg:pypi/google-api-core@2.30.0" }, "Version": "2.30.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/google_api_core-2.30.0.dist-info/METADATA", "Digest": "sha1:824f9344ce88f9566c9d9173847e9ea97143d293" }, { "ID": "google-auth@2.48.0", "Name": "google-auth", "Identifier": { "PURL": "pkg:pypi/google-auth@2.48.0", "UID": "4e1d9a05af449a0d", "BOMRef": "pkg:pypi/google-auth@2.48.0" }, "Version": "2.48.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/google_auth-2.48.0.dist-info/METADATA", "Digest": "sha1:fd3435e29361652b2f4e7fd3e2297c149025e051" }, { "ID": "google-cloud-aiplatform@1.133.0", "Name": "google-cloud-aiplatform", "Identifier": { "PURL": "pkg:pypi/google-cloud-aiplatform@1.133.0", "UID": "f219691b385cb8ba", "BOMRef": "pkg:pypi/google-cloud-aiplatform@1.133.0" }, "Version": "1.133.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_aiplatform-1.133.0.dist-info/METADATA", "Digest": "sha1:23483b425b0649936a17defd0158d0f6c03ca503" }, { "ID": "google-cloud-bigquery@3.40.1", "Name": "google-cloud-bigquery", "Identifier": { "PURL": "pkg:pypi/google-cloud-bigquery@3.40.1", "UID": "2acdce7767215bb0", "BOMRef": "pkg:pypi/google-cloud-bigquery@3.40.1" }, "Version": "3.40.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_bigquery-3.40.1.dist-info/METADATA", "Digest": "sha1:ce2316758a0520c903eb5522d5cf1f39c2c7aa0b" }, { "ID": "google-cloud-core@2.5.0", "Name": "google-cloud-core", "Identifier": { "PURL": "pkg:pypi/google-cloud-core@2.5.0", "UID": "5ec9492275b8c1f4", "BOMRef": "pkg:pypi/google-cloud-core@2.5.0" }, "Version": "2.5.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_core-2.5.0.dist-info/METADATA", "Digest": "sha1:2353786cf89c5a50fc3a68db6736b632754e1b76" }, { "ID": "google-cloud-iam@2.19.1", "Name": "google-cloud-iam", "Identifier": { "PURL": "pkg:pypi/google-cloud-iam@2.19.1", "UID": "2278516328b305e8", "BOMRef": "pkg:pypi/google-cloud-iam@2.19.1" }, "Version": "2.19.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_iam-2.19.1.dist-info/METADATA", "Digest": "sha1:28391d5c4dd89160b13ec2ef8c597d3164c4c91a" }, { "ID": "google-cloud-resource-manager@1.16.0", "Name": "google-cloud-resource-manager", "Identifier": { "PURL": "pkg:pypi/google-cloud-resource-manager@1.16.0", "UID": "5d9c9c81c9def2b3", "BOMRef": "pkg:pypi/google-cloud-resource-manager@1.16.0" }, "Version": "1.16.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_resource_manager-1.16.0.dist-info/METADATA", "Digest": "sha1:94bdb211cfd6933e89c9e8f1833e3fcb28caae26" }, { "ID": "google-cloud-storage@3.9.0", "Name": "google-cloud-storage", "Identifier": { "PURL": "pkg:pypi/google-cloud-storage@3.9.0", "UID": "2110a2f511ae0315", "BOMRef": "pkg:pypi/google-cloud-storage@3.9.0" }, "Version": "3.9.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_storage-3.9.0.dist-info/METADATA", "Digest": "sha1:08b50a67c834baff46cb246b9b9d9d6c90ad3a65" }, { "ID": "google-crc32c@1.8.0", "Name": "google-crc32c", "Identifier": { "PURL": "pkg:pypi/google-crc32c@1.8.0", "UID": "b6cf0a742dc5c182", "BOMRef": "pkg:pypi/google-crc32c@1.8.0" }, "Version": "1.8.0", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/google_crc32c-1.8.0.dist-info/METADATA", "Digest": "sha1:740ce2636255b7035fbcef210995df5b4484e1b3" }, { "ID": "google-genai@1.37.0", "Name": "google-genai", "Identifier": { "PURL": "pkg:pypi/google-genai@1.37.0", "UID": "84aa1d194d91d928", "BOMRef": "pkg:pypi/google-genai@1.37.0" }, "Version": "1.37.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/google_genai-1.37.0.dist-info/METADATA", "Digest": "sha1:3399706a56fa0d50853cb580a1e032f80a3d4654" }, { "ID": "google-resumable-media@2.8.0", "Name": "google-resumable-media", "Identifier": { "PURL": "pkg:pypi/google-resumable-media@2.8.0", "UID": "e65b4d28e823bc5b", "BOMRef": "pkg:pypi/google-resumable-media@2.8.0" }, "Version": "2.8.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/google_resumable_media-2.8.0.dist-info/METADATA", "Digest": "sha1:a0a8dc418f86589aa080bb59708ed5aee38faacc" }, { "ID": "googleapis-common-protos@1.72.0", "Name": "googleapis-common-protos", "Identifier": { "PURL": "pkg:pypi/googleapis-common-protos@1.72.0", "UID": "1f9f3be1e3a8a5dd", "BOMRef": "pkg:pypi/googleapis-common-protos@1.72.0" }, "Version": "1.72.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/googleapis_common_protos-1.72.0.dist-info/METADATA", "Digest": "sha1:78df7b249d5272b19c5adc5c8a9b3b2dee57311c" }, { "ID": "grpc-google-iam-v1@0.14.3", "Name": "grpc-google-iam-v1", "Identifier": { "PURL": "pkg:pypi/grpc-google-iam-v1@0.14.3", "UID": "a95717ae6c17e9b9", "BOMRef": "pkg:pypi/grpc-google-iam-v1@0.14.3" }, "Version": "0.14.3", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/grpc_google_iam_v1-0.14.3.dist-info/METADATA", "Digest": "sha1:98adc7e2fe504130f48db8ccb34db6820d396145" }, { "ID": "grpcio@1.78.1", "Name": "grpcio", "Identifier": { "PURL": "pkg:pypi/grpcio@1.78.1", "UID": "9a5fc9b3240e5996", "BOMRef": "pkg:pypi/grpcio@1.78.1" }, "Version": "1.78.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/grpcio-1.78.1.dist-info/METADATA", "Digest": "sha1:e9f3ec7472afdf9e994e454aa7519c24fb1ed336" }, { "ID": "grpcio-status@1.71.2", "Name": "grpcio-status", "Identifier": { "PURL": "pkg:pypi/grpcio-status@1.71.2", "UID": "baf63b5bf5162a49", "BOMRef": "pkg:pypi/grpcio-status@1.71.2" }, "Version": "1.71.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/grpcio_status-1.71.2.dist-info/METADATA", "Digest": "sha1:bd80c647a0df7d5b9bda31af73fa704ff4e50c9f" }, { "ID": "gunicorn@23.0.0", "Name": "gunicorn", "Identifier": { "PURL": "pkg:pypi/gunicorn@23.0.0", "UID": "a3adf57bc748076b", "BOMRef": "pkg:pypi/gunicorn@23.0.0" }, "Version": "23.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/gunicorn-23.0.0.dist-info/METADATA", "Digest": "sha1:8de2f53497d5444853a1df1f44ff417831194283" }, { "ID": "h11@0.16.0", "Name": "h11", "Identifier": { "PURL": "pkg:pypi/h11@0.16.0", "UID": "6de408d0eb74b44f", "BOMRef": "pkg:pypi/h11@0.16.0" }, "Version": "0.16.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/h11-0.16.0.dist-info/METADATA", "Digest": "sha1:5d41eddffefef5f6e8ff383a2537e81a38a37807" }, { "ID": "hf-xet@1.2.0", "Name": "hf-xet", "Identifier": { "PURL": "pkg:pypi/hf-xet@1.2.0", "UID": "39c7698554edd916", "BOMRef": "pkg:pypi/hf-xet@1.2.0" }, "Version": "1.2.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/hf_xet-1.2.0.dist-info/METADATA", "Digest": "sha1:c62213b030017c3a6179d95b00ac0b58fa58b6d8" }, { "ID": "httpcore@1.0.9", "Name": "httpcore", "Identifier": { "PURL": "pkg:pypi/httpcore@1.0.9", "UID": "915c2f9287006a8a", "BOMRef": "pkg:pypi/httpcore@1.0.9" }, "Version": "1.0.9", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/httpcore-1.0.9.dist-info/METADATA", "Digest": "sha1:2981d359ae33f31d339189a9680db85785339a56" }, { "ID": "httpx@0.28.1", "Name": "httpx", "Identifier": { "PURL": "pkg:pypi/httpx@0.28.1", "UID": "6503f3a48f1018a0", "BOMRef": "pkg:pypi/httpx@0.28.1" }, "Version": "0.28.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/httpx-0.28.1.dist-info/METADATA", "Digest": "sha1:537da7e4f29438278e124e10e02d1a500fe33bcc" }, { "ID": "httpx-sse@0.4.3", "Name": "httpx-sse", "Identifier": { "PURL": "pkg:pypi/httpx-sse@0.4.3", "UID": "1d6641a15190ccc4", "BOMRef": "pkg:pypi/httpx-sse@0.4.3" }, "Version": "0.4.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/httpx_sse-0.4.3.dist-info/METADATA", "Digest": "sha1:df05446be58f0a3a306e50c7ceebef24bb383a6d" }, { "ID": "huggingface_hub@0.36.2", "Name": "huggingface_hub", "Identifier": { "PURL": "pkg:pypi/huggingface-hub@0.36.2", "UID": "cadb3663a91ca07e", "BOMRef": "pkg:pypi/huggingface-hub@0.36.2" }, "Version": "0.36.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/huggingface_hub-0.36.2.dist-info/METADATA", "Digest": "sha1:c3fb68f58f110a4308ea41f02a48f890697481fe" }, { "ID": "humanfriendly@10.0", "Name": "humanfriendly", "Identifier": { "PURL": "pkg:pypi/humanfriendly@10.0", "UID": "ae991ffa518ebd55", "BOMRef": "pkg:pypi/humanfriendly@10.0" }, "Version": "10.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/humanfriendly-10.0.dist-info/METADATA", "Digest": "sha1:f29e22413e2b6ed83b0bd7935acd2dbb1d830f40" }, { "ID": "idna@3.11", "Name": "idna", "Identifier": { "PURL": "pkg:pypi/idna@3.11", "UID": "6abe7715f553a961", "BOMRef": "pkg:pypi/idna@3.11" }, "Version": "3.11", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/idna-3.11.dist-info/METADATA", "Digest": "sha1:5e73674d19cce0601253436a2e5544abe09b9bc3" }, { "ID": "importlib-metadata@6.8.0", "Name": "importlib-metadata", "Identifier": { "PURL": "pkg:pypi/importlib-metadata@6.8.0", "UID": "71f0ac2db0b0cf0e", "BOMRef": "pkg:pypi/importlib-metadata@6.8.0" }, "Version": "6.8.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/importlib_metadata-6.8.0.dist-info/METADATA", "Digest": "sha1:691851957e4c1cce8fa41d0f23cd83355dbb8756" }, { "ID": "isodate@0.7.2", "Name": "isodate", "Identifier": { "PURL": "pkg:pypi/isodate@0.7.2", "UID": "ddceff663c6d6ffc", "BOMRef": "pkg:pypi/isodate@0.7.2" }, "Version": "0.7.2", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/isodate-0.7.2.dist-info/METADATA", "Digest": "sha1:364399ca9e27df70628e3aff9c8b7b1da601f95d" }, { "ID": "jaraco.context@6.1.0", "Name": "jaraco.context", "Identifier": { "PURL": "pkg:pypi/jaraco.context@6.1.0", "UID": "5ebb18123dd694d7", "BOMRef": "pkg:pypi/jaraco.context@6.1.0" }, "Version": "6.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/jaraco_context-6.1.0.dist-info/METADATA", "Digest": "sha1:c1ba70653abadb34b0a0e792b9b7025b6a4d7b3e" }, { "ID": "jiter@0.13.0", "Name": "jiter", "Identifier": { "PURL": "pkg:pypi/jiter@0.13.0", "UID": "94813acf095e5a86", "BOMRef": "pkg:pypi/jiter@0.13.0" }, "Version": "0.13.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/jiter-0.13.0.dist-info/METADATA", "Digest": "sha1:2a9f923809d4a5bfa70b5c8d13e698904f4eca60" }, { "ID": "jmespath@1.1.0", "Name": "jmespath", "Identifier": { "PURL": "pkg:pypi/jmespath@1.1.0", "UID": "d8827a81b5cc826e", "BOMRef": "pkg:pypi/jmespath@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/jmespath-1.1.0.dist-info/METADATA", "Digest": "sha1:d3f297922cf04b0cc127a18994ad6e6b947f0cc7" }, { "ID": "jsonschema@4.26.0", "Name": "jsonschema", "Identifier": { "PURL": "pkg:pypi/jsonschema@4.26.0", "UID": "daf3a7b96d343ff0", "BOMRef": "pkg:pypi/jsonschema@4.26.0" }, "Version": "4.26.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/jsonschema-4.26.0.dist-info/METADATA", "Digest": "sha1:94b3d1a46cf55d74e42c401eaf4a4b71c76cee31" }, { "ID": "jsonschema-path@0.3.4", "Name": "jsonschema-path", "Identifier": { "PURL": "pkg:pypi/jsonschema-path@0.3.4", "UID": "655245be33531003", "BOMRef": "pkg:pypi/jsonschema-path@0.3.4" }, "Version": "0.3.4", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/jsonschema_path-0.3.4.dist-info/METADATA", "Digest": "sha1:48b69894bc45f3344dbe1daa7be14933b12db09a" }, { "ID": "jsonschema-specifications@2025.9.1", "Name": "jsonschema-specifications", "Identifier": { "PURL": "pkg:pypi/jsonschema-specifications@2025.9.1", "UID": "dbbd918be143f426", "BOMRef": "pkg:pypi/jsonschema-specifications@2025.9.1" }, "Version": "2025.9.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/jsonschema_specifications-2025.9.1.dist-info/METADATA", "Digest": "sha1:ac33f477be9d3336ae67bc454f68a9ff39c91cf3" }, { "ID": "langfuse@2.59.7", "Name": "langfuse", "Identifier": { "PURL": "pkg:pypi/langfuse@2.59.7", "UID": "4c4c615ce464e249", "BOMRef": "pkg:pypi/langfuse@2.59.7" }, "Version": "2.59.7", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/langfuse-2.59.7.dist-info/METADATA", "Digest": "sha1:64b00766ce586ee8bc229e1d1c519bbbaccf82af" }, { "ID": "lazy-object-proxy@1.12.0", "Name": "lazy-object-proxy", "Identifier": { "PURL": "pkg:pypi/lazy-object-proxy@1.12.0", "UID": "4f682e53c9b90ba2", "BOMRef": "pkg:pypi/lazy-object-proxy@1.12.0" }, "Version": "1.12.0", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/lazy_object_proxy-1.12.0.dist-info/METADATA", "Digest": "sha1:68e349fa87b22a25e3af674e29698bb08d37a074" }, { "ID": "legacy-cgi@2.6.4", "Name": "legacy-cgi", "Identifier": { "PURL": "pkg:pypi/legacy-cgi@2.6.4", "UID": "77b79bdd8220a0db", "BOMRef": "pkg:pypi/legacy-cgi@2.6.4" }, "Version": "2.6.4", "Licenses": [ "PSF-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/legacy_cgi-2.6.4.dist-info/METADATA", "Digest": "sha1:23159c15d8f7c3223df17c75f23eb2d59ef58128" }, { "ID": "litellm@1.81.12", "Name": "litellm", "Identifier": { "PURL": "pkg:pypi/litellm@1.81.12", "UID": "1e0fc3e03c4012e4", "BOMRef": "pkg:pypi/litellm@1.81.12" }, "Version": "1.81.12", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/litellm-1.81.12.dist-info/METADATA", "Digest": "sha1:f6ae8454badfef7e34739aac7f3cdc853639e12d" }, { "ID": "litellm-enterprise@0.1.32", "Name": "litellm-enterprise", "Identifier": { "PURL": "pkg:pypi/litellm-enterprise@0.1.32", "UID": "901ee1af09bd582d", "BOMRef": "pkg:pypi/litellm-enterprise@0.1.32" }, "Version": "0.1.32", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/litellm_enterprise-0.1.32.dist-info/METADATA", "Digest": "sha1:47149694cb58a89bda47e23c5c7a341e04c64bf1" }, { "ID": "litellm-proxy-extras@0.4.39", "Name": "litellm-proxy-extras", "Identifier": { "PURL": "pkg:pypi/litellm-proxy-extras@0.4.39", "UID": "1f6a30ffaa8e9358", "BOMRef": "pkg:pypi/litellm-proxy-extras@0.4.39" }, "Version": "0.4.39", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/litellm_proxy_extras-0.4.39.dist-info/METADATA", "Digest": "sha1:cd5042a775163ae3d41171a8b76ed745470228cd" }, { "ID": "llm-sandbox@0.3.31", "Name": "llm-sandbox", "Identifier": { "PURL": "pkg:pypi/llm-sandbox@0.3.31", "UID": "7d241ed2963c9278", "BOMRef": "pkg:pypi/llm-sandbox@0.3.31" }, "Version": "0.3.31", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/llm_sandbox-0.3.31.dist-info/METADATA", "Digest": "sha1:85bb0474aad9559dff054282fdd4b29a4f92a80e" }, { "ID": "mangum@0.17.0", "Name": "mangum", "Identifier": { "PURL": "pkg:pypi/mangum@0.17.0", "UID": "d1269900a21a7a23", "BOMRef": "pkg:pypi/mangum@0.17.0" }, "Version": "0.17.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/mangum-0.17.0.dist-info/METADATA", "Digest": "sha1:0957be909988180dffafaf9c6ef2301be9a0739b" }, { "ID": "markdown-it-py@4.0.0", "Name": "markdown-it-py", "Identifier": { "PURL": "pkg:pypi/markdown-it-py@4.0.0", "UID": "d5c749bafa49c34c", "BOMRef": "pkg:pypi/markdown-it-py@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/markdown_it_py-4.0.0.dist-info/METADATA", "Digest": "sha1:0cee543cadd1bdc67e8d1acd6fae8cc419523f4c" }, { "ID": "mcp@1.25.0", "Name": "mcp", "Identifier": { "PURL": "pkg:pypi/mcp@1.25.0", "UID": "c4a7a5763cbe7215", "BOMRef": "pkg:pypi/mcp@1.25.0" }, "Version": "1.25.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/mcp-1.25.0.dist-info/METADATA", "Digest": "sha1:c86fd9fb3b07f6b9cb4a3ade6abcc16c1c763399" }, { "ID": "mdurl@0.1.2", "Name": "mdurl", "Identifier": { "PURL": "pkg:pypi/mdurl@0.1.2", "UID": "e6be565dc0324aef", "BOMRef": "pkg:pypi/mdurl@0.1.2" }, "Version": "0.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/mdurl-0.1.2.dist-info/METADATA", "Digest": "sha1:cc9d84bf84be59dd90368ea2f5e3a9fae8f0f1b7" }, { "ID": "ml-dtypes@0.4.1", "Name": "ml-dtypes", "Identifier": { "PURL": "pkg:pypi/ml-dtypes@0.4.1", "UID": "388697d11e26c7ce", "BOMRef": "pkg:pypi/ml-dtypes@0.4.1" }, "Version": "0.4.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/ml_dtypes-0.4.1.dist-info/METADATA", "Digest": "sha1:28e53cadb8495b4a770c99d9392b1c79a14f4c8d" }, { "ID": "more-itertools@10.8.0", "Name": "more-itertools", "Identifier": { "PURL": "pkg:pypi/more-itertools@10.8.0", "UID": "ae030b2ecea17a0d", "BOMRef": "pkg:pypi/more-itertools@10.8.0" }, "Version": "10.8.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/more_itertools-10.8.0.dist-info/METADATA", "Digest": "sha1:55aef894a0f39f280471306f0c5ecf3730ff5863" }, { "ID": "msal@1.34.0", "Name": "msal", "Identifier": { "PURL": "pkg:pypi/msal@1.34.0", "UID": "e2e3e0c793672ccf", "BOMRef": "pkg:pypi/msal@1.34.0" }, "Version": "1.34.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/msal-1.34.0.dist-info/METADATA", "Digest": "sha1:9992cd494a1c8486b1a65e94cb1998d2ef320093" }, { "ID": "msal-extensions@1.3.1", "Name": "msal-extensions", "Identifier": { "PURL": "pkg:pypi/msal-extensions@1.3.1", "UID": "8a468472d66fe3b2", "BOMRef": "pkg:pypi/msal-extensions@1.3.1" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/msal_extensions-1.3.1.dist-info/METADATA", "Digest": "sha1:41015e491016a80539109491a22adb22f7c7dddd" }, { "ID": "multidict@6.7.1", "Name": "multidict", "Identifier": { "PURL": "pkg:pypi/multidict@6.7.1", "UID": "e5f4ce4dc622e55c", "BOMRef": "pkg:pypi/multidict@6.7.1" }, "Version": "6.7.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/multidict-6.7.1.dist-info/METADATA", "Digest": "sha1:216b572c03dd786e9e08cb0ed5e833a9ec0fd494" }, { "ID": "nodeenv@1.10.0", "Name": "nodeenv", "Identifier": { "PURL": "pkg:pypi/nodeenv@1.10.0", "UID": "bba25bfb71f4f36b", "BOMRef": "pkg:pypi/nodeenv@1.10.0" }, "Version": "1.10.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodeenv-1.10.0.dist-info/METADATA", "Digest": "sha1:1b29a746e209117735cc705714358dbf9e858eb4" }, { "ID": "nodejs-wheel-binaries@24.12.0", "Name": "nodejs-wheel-binaries", "Identifier": { "PURL": "pkg:pypi/nodejs-wheel-binaries@24.12.0", "UID": "288d0b6d27b9f8ec", "BOMRef": "pkg:pypi/nodejs-wheel-binaries@24.12.0" }, "Version": "24.12.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel_binaries-24.12.0.dist-info/METADATA", "Digest": "sha1:8a102cd330d17e7e42361b3326da94281c9b8427" }, { "ID": "numpy@2.4.2", "Name": "numpy", "Identifier": { "PURL": "pkg:pypi/numpy@2.4.2", "UID": "5d433a287241bb08", "BOMRef": "pkg:pypi/numpy@2.4.2" }, "Version": "2.4.2", "Licenses": [ "BSD-3-Clause AND 0BSD AND MIT AND Zlib AND CC0-1.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/numpy-2.4.2.dist-info/METADATA", "Digest": "sha1:f78437e3f7066f0441d6e9a7c34ce6f6a66871a5" }, { "ID": "oauthlib@3.3.1", "Name": "oauthlib", "Identifier": { "PURL": "pkg:pypi/oauthlib@3.3.1", "UID": "de24141a154eeff8", "BOMRef": "pkg:pypi/oauthlib@3.3.1" }, "Version": "3.3.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/oauthlib-3.3.1.dist-info/METADATA", "Digest": "sha1:9ba5229bceb66742065501d44c4e07f8b401d4c8" }, { "ID": "openai@2.9.0", "Name": "openai", "Identifier": { "PURL": "pkg:pypi/openai@2.9.0", "UID": "2c1542774a7672c", "BOMRef": "pkg:pypi/openai@2.9.0" }, "Version": "2.9.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/openai-2.9.0.dist-info/METADATA", "Digest": "sha1:3a50a52d05f9d1a9114c73731816df78928764c0" }, { "ID": "openapi-core@0.21.0", "Name": "openapi-core", "Identifier": { "PURL": "pkg:pypi/openapi-core@0.21.0", "UID": "c6f5ee79304f9b3b", "BOMRef": "pkg:pypi/openapi-core@0.21.0" }, "Version": "0.21.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/openapi_core-0.21.0.dist-info/METADATA", "Digest": "sha1:23d2501e93de078ce5136cd7b4e20a7463c210f4" }, { "ID": "openapi-schema-validator@0.6.3", "Name": "openapi-schema-validator", "Identifier": { "PURL": "pkg:pypi/openapi-schema-validator@0.6.3", "UID": "935fb8a0a894fe5e", "BOMRef": "pkg:pypi/openapi-schema-validator@0.6.3" }, "Version": "0.6.3", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/openapi_schema_validator-0.6.3.dist-info/METADATA", "Digest": "sha1:94ac2dfdccefaac1f8f6efc0ce4e4713274af79f" }, { "ID": "openapi-spec-validator@0.7.2", "Name": "openapi-spec-validator", "Identifier": { "PURL": "pkg:pypi/openapi-spec-validator@0.7.2", "UID": "91a24e61b8668881", "BOMRef": "pkg:pypi/openapi-spec-validator@0.7.2" }, "Version": "0.7.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/openapi_spec_validator-0.7.2.dist-info/METADATA", "Digest": "sha1:3b8226cdb965b31b940c1bfaba9d0b337cc0c8f8" }, { "ID": "opentelemetry-api@1.28.0", "Name": "opentelemetry-api", "Identifier": { "PURL": "pkg:pypi/opentelemetry-api@1.28.0", "UID": "cd64331631fc093d", "BOMRef": "pkg:pypi/opentelemetry-api@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_api-1.28.0.dist-info/METADATA", "Digest": "sha1:fa7a37347c7a77b570878666db0821d85e58a470" }, { "ID": "opentelemetry-exporter-otlp@1.28.0", "Name": "opentelemetry-exporter-otlp", "Identifier": { "PURL": "pkg:pypi/opentelemetry-exporter-otlp@1.28.0", "UID": "6ff0e9ed66ec39bc", "BOMRef": "pkg:pypi/opentelemetry-exporter-otlp@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_exporter_otlp-1.28.0.dist-info/METADATA", "Digest": "sha1:02d9d528c93b4a483c217803ff2b5b14dff509ef" }, { "ID": "opentelemetry-exporter-otlp-proto-common@1.28.0", "Name": "opentelemetry-exporter-otlp-proto-common", "Identifier": { "PURL": "pkg:pypi/opentelemetry-exporter-otlp-proto-common@1.28.0", "UID": "fa3eb71197477653", "BOMRef": "pkg:pypi/opentelemetry-exporter-otlp-proto-common@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_exporter_otlp_proto_common-1.28.0.dist-info/METADATA", "Digest": "sha1:9b898d5238fd7ac09e303fb6fddbe084603de874" }, { "ID": "opentelemetry-exporter-otlp-proto-grpc@1.28.0", "Name": "opentelemetry-exporter-otlp-proto-grpc", "Identifier": { "PURL": "pkg:pypi/opentelemetry-exporter-otlp-proto-grpc@1.28.0", "UID": "85161389b752b666", "BOMRef": "pkg:pypi/opentelemetry-exporter-otlp-proto-grpc@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_exporter_otlp_proto_grpc-1.28.0.dist-info/METADATA", "Digest": "sha1:4d2e1a9be4c683f90b3116732d154d789efb6de5" }, { "ID": "opentelemetry-exporter-otlp-proto-http@1.28.0", "Name": "opentelemetry-exporter-otlp-proto-http", "Identifier": { "PURL": "pkg:pypi/opentelemetry-exporter-otlp-proto-http@1.28.0", "UID": "dec011d2897800df", "BOMRef": "pkg:pypi/opentelemetry-exporter-otlp-proto-http@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_exporter_otlp_proto_http-1.28.0.dist-info/METADATA", "Digest": "sha1:f7029b101ac39ca429c16dfbfbd1f67d7da1e28c" }, { "ID": "opentelemetry-proto@1.28.0", "Name": "opentelemetry-proto", "Identifier": { "PURL": "pkg:pypi/opentelemetry-proto@1.28.0", "UID": "bcd0af2fe3996eaa", "BOMRef": "pkg:pypi/opentelemetry-proto@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_proto-1.28.0.dist-info/METADATA", "Digest": "sha1:2f4cc88e72c49fd14c43d3160427ec7631e420ba" }, { "ID": "opentelemetry-sdk@1.28.0", "Name": "opentelemetry-sdk", "Identifier": { "PURL": "pkg:pypi/opentelemetry-sdk@1.28.0", "UID": "3f23432f202faa8c", "BOMRef": "pkg:pypi/opentelemetry-sdk@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_sdk-1.28.0.dist-info/METADATA", "Digest": "sha1:ff78308a4de96861a2b9afbecc1745376f09d82b" }, { "ID": "opentelemetry-semantic-conventions@0.49b0", "Name": "opentelemetry-semantic-conventions", "Identifier": { "PURL": "pkg:pypi/opentelemetry-semantic-conventions@0.49b0", "UID": "13697b23d5d8e770", "BOMRef": "pkg:pypi/opentelemetry-semantic-conventions@0.49b0" }, "Version": "0.49b0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_semantic_conventions-0.49b0.dist-info/METADATA", "Digest": "sha1:2389733e201fd7a0ec508bbc2f1e32a23488c45e" }, { "ID": "orjson@3.11.7", "Name": "orjson", "Identifier": { "PURL": "pkg:pypi/orjson@3.11.7", "UID": "5767ca711c554cbd", "BOMRef": "pkg:pypi/orjson@3.11.7" }, "Version": "3.11.7", "Licenses": [ "MPL-2.0 AND (Apache-2.0 OR MIT)" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/orjson-3.11.7.dist-info/METADATA", "Digest": "sha1:2b55fc97cbe074ef19ee5b25d2ae0613276e259e" }, { "ID": "packaging@24.2", "Name": "packaging", "Identifier": { "PURL": "pkg:pypi/packaging@24.2", "UID": "1733f1de0de5d3a", "BOMRef": "pkg:pypi/packaging@24.2" }, "Version": "24.2", "Licenses": [ "Apache-2.0", "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/packaging-24.2.dist-info/METADATA", "Digest": "sha1:292b8d19cdc308e072817b6407cac3cb5175a060" }, { "ID": "pathable@0.4.4", "Name": "pathable", "Identifier": { "PURL": "pkg:pypi/pathable@0.4.4", "UID": "e075a25027aed79f", "BOMRef": "pkg:pypi/pathable@0.4.4" }, "Version": "0.4.4", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/pathable-0.4.4.dist-info/METADATA", "Digest": "sha1:866e61605d29a563f1cdd110899065ddb5f2f482" }, { "ID": "pillow@12.1.1", "Name": "pillow", "Identifier": { "PURL": "pkg:pypi/pillow@12.1.1?file_name=pillow-12.1.1-cp313-cp313-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", "UID": "cc73079fc1ab0765", "BOMRef": "pkg:pypi/pillow@12.1.1?file_name=pillow-12.1.1-cp313-cp313-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl" }, "Version": "12.1.1", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" } }, { "ID": "pillow@12.1.1", "Name": "pillow", "Identifier": { "PURL": "pkg:pypi/pillow@12.1.1?file_name=pillow-12.1.1-cp313-cp313-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", "UID": "cc73079fc1ab0765", "BOMRef": "pkg:pypi/pillow@12.1.1?file_name=pillow-12.1.1-cp313-cp313-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl" }, "Version": "12.1.1", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" } }, { "ID": "pillow@12.1.1", "Name": "pillow", "Identifier": { "PURL": "pkg:pypi/pillow@12.1.1", "UID": "ebc0b872d17042eb", "BOMRef": "pkg:pypi/pillow@12.1.1" }, "Version": "12.1.1", "Licenses": [ "MIT-CMU" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/pillow-12.1.1.dist-info/METADATA", "Digest": "sha1:8ede85617f65f1bcb1404d13c86a40e01897a9b1" }, { "ID": "polars@1.31.0", "Name": "polars", "Identifier": { "PURL": "pkg:pypi/polars@1.31.0", "UID": "6712bdde951b1e62", "BOMRef": "pkg:pypi/polars@1.31.0" }, "Version": "1.31.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/polars-1.31.0.dist-info/METADATA", "Digest": "sha1:9372c8d51ed35260721b244d0f1432df652171cf" }, { "ID": "prisma@0.11.0", "Name": "prisma", "Identifier": { "PURL": "pkg:pypi/prisma@0.11.0", "UID": "fea795bf56c3a0b2", "BOMRef": "pkg:pypi/prisma@0.11.0" }, "Version": "0.11.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/prisma-0.11.0.dist-info/METADATA", "Digest": "sha1:fad8c94f4fab264e96c18a22151e04c0cdf411b0" }, { "ID": "prometheus_client@0.20.0", "Name": "prometheus_client", "Identifier": { "PURL": "pkg:pypi/prometheus-client@0.20.0", "UID": "f2472fd35a046381", "BOMRef": "pkg:pypi/prometheus-client@0.20.0" }, "Version": "0.20.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/prometheus_client-0.20.0.dist-info/METADATA", "Digest": "sha1:ca9ab1f552aae8ed12e1084fd9c8347782cb1049" }, { "ID": "propcache@0.4.1", "Name": "propcache", "Identifier": { "PURL": "pkg:pypi/propcache@0.4.1", "UID": "619af1cd9bc42f0d", "BOMRef": "pkg:pypi/propcache@0.4.1" }, "Version": "0.4.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/propcache-0.4.1.dist-info/METADATA", "Digest": "sha1:9b2af7eeab4bcb9bad4ba6d407baa00869b8168c" }, { "ID": "proto-plus@1.27.1", "Name": "proto-plus", "Identifier": { "PURL": "pkg:pypi/proto-plus@1.27.1", "UID": "dc44d1f2cdc6fffc", "BOMRef": "pkg:pypi/proto-plus@1.27.1" }, "Version": "1.27.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/proto_plus-1.27.1.dist-info/METADATA", "Digest": "sha1:f256867207ef1543010030633cf2f7669c66591c" }, { "ID": "protobuf@5.29.6", "Name": "protobuf", "Identifier": { "PURL": "pkg:pypi/protobuf@5.29.6", "UID": "4d131bbc7bbeb515", "BOMRef": "pkg:pypi/protobuf@5.29.6" }, "Version": "5.29.6", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/protobuf-5.29.6.dist-info/METADATA", "Digest": "sha1:f6ba7e2f92bfad0493f3bdc530ecf2398f28d411" }, { "ID": "pyasn1@0.6.2", "Name": "pyasn1", "Identifier": { "PURL": "pkg:pypi/pyasn1@0.6.2", "UID": "70189d7bb6b50590", "BOMRef": "pkg:pypi/pyasn1@0.6.2" }, "Version": "0.6.2", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/pyasn1-0.6.2.dist-info/METADATA", "Digest": "sha1:9e49d4b851f49962151f61b10a5d9c65e5b8eade" }, { "ID": "pyasn1_modules@0.4.2", "Name": "pyasn1_modules", "Identifier": { "PURL": "pkg:pypi/pyasn1-modules@0.4.2", "UID": "2fec9ef7c2becbc2", "BOMRef": "pkg:pypi/pyasn1-modules@0.4.2" }, "Version": "0.4.2", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/pyasn1_modules-0.4.2.dist-info/METADATA", "Digest": "sha1:ff67c376a06e456e4caa8a256505a2298f5e7141" }, { "ID": "pycparser@3.0", "Name": "pycparser", "Identifier": { "PURL": "pkg:pypi/pycparser@3.0", "UID": "5325ff11d13e4d6e", "BOMRef": "pkg:pypi/pycparser@3.0" }, "Version": "3.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/pycparser-3.0.dist-info/METADATA", "Digest": "sha1:ec46323dcd4dd2f7742b74b09cc0b030e330e46f" }, { "ID": "pydantic@2.12.5", "Name": "pydantic", "Identifier": { "PURL": "pkg:pypi/pydantic@2.12.5", "UID": "b52e8a8c67d1f176", "BOMRef": "pkg:pypi/pydantic@2.12.5" }, "Version": "2.12.5", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/pydantic-2.12.5.dist-info/METADATA", "Digest": "sha1:83683052da3c86191d3ce41d60fa7f9780cf0478" }, { "ID": "pydantic-settings@2.13.1", "Name": "pydantic-settings", "Identifier": { "PURL": "pkg:pypi/pydantic-settings@2.13.1", "UID": "46df4416226e4125", "BOMRef": "pkg:pypi/pydantic-settings@2.13.1" }, "Version": "2.13.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/pydantic_settings-2.13.1.dist-info/METADATA", "Digest": "sha1:b20e7981819ecb354830015a55fa8bcb098c5687" }, { "ID": "pydantic_core@2.41.5", "Name": "pydantic_core", "Identifier": { "PURL": "pkg:pypi/pydantic-core@2.41.5", "UID": "5864608cf665bb69", "BOMRef": "pkg:pypi/pydantic-core@2.41.5" }, "Version": "2.41.5", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/pydantic_core-2.41.5.dist-info/METADATA", "Digest": "sha1:07d49fc75e0fd822fcc2719c0bbece0049fba67a" }, { "ID": "pypdf@6.7.1", "Name": "pypdf", "Identifier": { "PURL": "pkg:pypi/pypdf@6.7.1", "UID": "7bfbb6a2c8f165a8", "BOMRef": "pkg:pypi/pypdf@6.7.1" }, "Version": "6.7.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/pypdf-6.7.1.dist-info/METADATA", "Digest": "sha1:d5edda105e30aa42cc29510e1d4342ffdac26300" }, { "ID": "python-dateutil@2.9.0.post0", "Name": "python-dateutil", "Identifier": { "PURL": "pkg:pypi/python-dateutil@2.9.0.post0", "UID": "4a9e2f01ddbe701", "BOMRef": "pkg:pypi/python-dateutil@2.9.0.post0" }, "Version": "2.9.0.post0", "Licenses": [ "BSD-3-Clause", "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/python_dateutil-2.9.0.post0.dist-info/METADATA", "Digest": "sha1:7a3c35abd86cd96034d5afb0d4b241dc9e13e6f8" }, { "ID": "python-dotenv@1.0.1", "Name": "python-dotenv", "Identifier": { "PURL": "pkg:pypi/python-dotenv@1.0.1", "UID": "6fc423c441c7a267", "BOMRef": "pkg:pypi/python-dotenv@1.0.1" }, "Version": "1.0.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/python_dotenv-1.0.1.dist-info/METADATA", "Digest": "sha1:e0a2e23c662b53538eed76a837fb7ecc9327df7e" }, { "ID": "python-multipart@0.0.22", "Name": "python-multipart", "Identifier": { "PURL": "pkg:pypi/python-multipart@0.0.22", "UID": "a668b7b5e578080d", "BOMRef": "pkg:pypi/python-multipart@0.0.22" }, "Version": "0.0.22", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/python_multipart-0.0.22.dist-info/METADATA", "Digest": "sha1:f8bfd84700d227e7438d2377ff7c8585ac4e11cd" }, { "ID": "python-ulid@3.1.0", "Name": "python-ulid", "Identifier": { "PURL": "pkg:pypi/python-ulid@3.1.0", "UID": "8ca50d9e08aacbb1", "BOMRef": "pkg:pypi/python-ulid@3.1.0" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/python_ulid-3.1.0.dist-info/METADATA", "Digest": "sha1:4c8b8c9ccc57da11803c277c04fd19bccf8bbe4d" }, { "ID": "pytz@2025.2", "Name": "pytz", "Identifier": { "PURL": "pkg:pypi/pytz@2025.2", "UID": "13ff69127a63e56d", "BOMRef": "pkg:pypi/pytz@2025.2" }, "Version": "2025.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/pytz-2025.2.dist-info/METADATA", "Digest": "sha1:db28b063c13ef94fa0f89b36bdc6d66776fe5bd5" }, { "ID": "redis@5.2.1", "Name": "redis", "Identifier": { "PURL": "pkg:pypi/redis@5.2.1", "UID": "daf995f4291e395c", "BOMRef": "pkg:pypi/redis@5.2.1" }, "Version": "5.2.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/redis-5.2.1.dist-info/METADATA", "Digest": "sha1:27194d5ec4e7a9cda79f44d14513c056aff7d483" }, { "ID": "redisvl@0.4.1", "Name": "redisvl", "Identifier": { "PURL": "pkg:pypi/redisvl@0.4.1", "UID": "423bac8b1fdeb10c", "BOMRef": "pkg:pypi/redisvl@0.4.1" }, "Version": "0.4.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/redisvl-0.4.1.dist-info/METADATA", "Digest": "sha1:5907c76977fda13f87074bb069abf46d89f26435" }, { "ID": "referencing@0.36.2", "Name": "referencing", "Identifier": { "PURL": "pkg:pypi/referencing@0.36.2", "UID": "43a1ce24a8dadb34", "BOMRef": "pkg:pypi/referencing@0.36.2" }, "Version": "0.36.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/referencing-0.36.2.dist-info/METADATA", "Digest": "sha1:cf1208e207b8130e0abf63be5c1dac8598fb4049" }, { "ID": "regex@2026.2.19", "Name": "regex", "Identifier": { "PURL": "pkg:pypi/regex@2026.2.19", "UID": "8567911bb98a2570", "BOMRef": "pkg:pypi/regex@2026.2.19" }, "Version": "2026.2.19", "Licenses": [ "Apache-2.0 AND CNRI-Python" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/regex-2026.2.19.dist-info/METADATA", "Digest": "sha1:103e922a073b1f10b32833910020c7b672c805a7" }, { "ID": "requests@2.32.5", "Name": "requests", "Identifier": { "PURL": "pkg:pypi/requests@2.32.5", "UID": "523162b2531f2e3", "BOMRef": "pkg:pypi/requests@2.32.5" }, "Version": "2.32.5", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/requests-2.32.5.dist-info/METADATA", "Digest": "sha1:ca17920e69f3c7103322151275139cf487e4da08" }, { "ID": "requests-toolbelt@1.0.0", "Name": "requests-toolbelt", "Identifier": { "PURL": "pkg:pypi/requests-toolbelt@1.0.0", "UID": "5644e74530409251", "BOMRef": "pkg:pypi/requests-toolbelt@1.0.0" }, "Version": "1.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:84e1d9451ac775307dfc54270f11af4c5966d7061f1bdc3ee978d7dcd67da94a", "DiffID": "sha256:835cf21d218d6b0e080162f453686b5c0e24b109874e66d8794efedd918cebc1" }, "FilePath": "usr/lib/python3.13/site-packages/requests_toolbelt-1.0.0.dist-info/METADATA", "Digest": "sha1:171fbbc84e8b7216e237b702f3fda539ffb1e487" }, { "ID": "rfc3339-validator@0.1.4", "Name": "rfc3339-validator", "Identifier": { "PURL": "pkg:pypi/rfc3339-validator@0.1.4", "UID": "e8446e2dc1e29c6a", "BOMRef": "pkg:pypi/rfc3339-validator@0.1.4" }, "Version": "0.1.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/rfc3339_validator-0.1.4.dist-info/METADATA", "Digest": "sha1:b8cc2c804bf4cb64b4573a802305f3d0dc7e9a91" }, { "ID": "rich@13.7.1", "Name": "rich", "Identifier": { "PURL": "pkg:pypi/rich@13.7.1", "UID": "4778055eb72b7d3e", "BOMRef": "pkg:pypi/rich@13.7.1" }, "Version": "13.7.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/rich-13.7.1.dist-info/METADATA", "Digest": "sha1:bf3cca748ddf06213ddb6911d0b2d437f202533b" }, { "ID": "rpds-py@0.30.0", "Name": "rpds-py", "Identifier": { "PURL": "pkg:pypi/rpds-py@0.30.0", "UID": "548c7dc9507216f6", "BOMRef": "pkg:pypi/rpds-py@0.30.0" }, "Version": "0.30.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/rpds_py-0.30.0.dist-info/METADATA", "Digest": "sha1:9eef46c842a0ca6229680d7bfc1272958efdcc5a" }, { "ID": "rsa@4.9.1", "Name": "rsa", "Identifier": { "PURL": "pkg:pypi/rsa@4.9.1", "UID": "7352c51493ddc4d", "BOMRef": "pkg:pypi/rsa@4.9.1" }, "Version": "4.9.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/rsa-4.9.1.dist-info/METADATA", "Digest": "sha1:a2f68fc042a03952873edfefafda03c04787a56f" }, { "ID": "s3transfer@0.14.0", "Name": "s3transfer", "Identifier": { "PURL": "pkg:pypi/s3transfer@0.14.0", "UID": "4420898a49c5beaf", "BOMRef": "pkg:pypi/s3transfer@0.14.0" }, "Version": "0.14.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/s3transfer-0.14.0.dist-info/METADATA", "Digest": "sha1:dd9c4cd2d179b27942830646a152d8f484ca7800" }, { "ID": "semantic-router@0.1.11", "Name": "semantic-router", "Identifier": { "PURL": "pkg:pypi/semantic-router@0.1.11", "UID": "ac8ba0f3a0266094", "BOMRef": "pkg:pypi/semantic-router@0.1.11" }, "Version": "0.1.11", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:84e1d9451ac775307dfc54270f11af4c5966d7061f1bdc3ee978d7dcd67da94a", "DiffID": "sha256:835cf21d218d6b0e080162f453686b5c0e24b109874e66d8794efedd918cebc1" }, "FilePath": "usr/lib/python3.13/site-packages/semantic_router-0.1.11.dist-info/METADATA", "Digest": "sha1:7de93f4f62c6d698a4693fb0c0380fdf2d9456a3" }, { "ID": "sentry-sdk@2.21.0", "Name": "sentry-sdk", "Identifier": { "PURL": "pkg:pypi/sentry-sdk@2.21.0", "UID": "fc0538ab5e991633", "BOMRef": "pkg:pypi/sentry-sdk@2.21.0" }, "Version": "2.21.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/sentry_sdk-2.21.0.dist-info/METADATA", "Digest": "sha1:5af3250fb5606b6a97f62d83513d6010a0d3954f" }, { "ID": "six@1.17.0", "Name": "six", "Identifier": { "PURL": "pkg:pypi/six@1.17.0", "UID": "ac4b7efa55f14388", "BOMRef": "pkg:pypi/six@1.17.0" }, "Version": "1.17.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/six-1.17.0.dist-info/METADATA", "Digest": "sha1:483a26554261f6c839703c0e1183f3ef33ff97f1" }, { "ID": "sniffio@1.3.1", "Name": "sniffio", "Identifier": { "PURL": "pkg:pypi/sniffio@1.3.1", "UID": "690d47f5e0401951", "BOMRef": "pkg:pypi/sniffio@1.3.1" }, "Version": "1.3.1", "Licenses": [ "MIT", "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/sniffio-1.3.1.dist-info/METADATA", "Digest": "sha1:bc1d7aead770fe23c8d22666b84558edb3686da3" }, { "ID": "soundfile@0.12.1", "Name": "soundfile", "Identifier": { "PURL": "pkg:pypi/soundfile@0.12.1", "UID": "ef11e3dd550d8ad8", "BOMRef": "pkg:pypi/soundfile@0.12.1" }, "Version": "0.12.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/soundfile-0.12.1.dist-info/METADATA", "Digest": "sha1:b5ce3ad2ef849be1c4195d05ca730e0f7905e90b" }, { "ID": "sse-starlette@3.2.0", "Name": "sse-starlette", "Identifier": { "PURL": "pkg:pypi/sse-starlette@3.2.0", "UID": "f4863b9271e91362", "BOMRef": "pkg:pypi/sse-starlette@3.2.0" }, "Version": "3.2.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/sse_starlette-3.2.0.dist-info/METADATA", "Digest": "sha1:8a6175cd01d1e84f937287b9a9b0879cda2952f8" }, { "ID": "starlette@0.49.1", "Name": "starlette", "Identifier": { "PURL": "pkg:pypi/starlette@0.49.1", "UID": "14bdb83f4d6a4551", "BOMRef": "pkg:pypi/starlette@0.49.1" }, "Version": "0.49.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/starlette-0.49.1.dist-info/METADATA", "Digest": "sha1:d2dc5927de72d847252d292615f15065928238dc" }, { "ID": "tabulate@0.9.0", "Name": "tabulate", "Identifier": { "PURL": "pkg:pypi/tabulate@0.9.0", "UID": "d7a74eef4b4e5bd0", "BOMRef": "pkg:pypi/tabulate@0.9.0" }, "Version": "0.9.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/tabulate-0.9.0.dist-info/METADATA", "Digest": "sha1:046f2344c8bedde41b94133c1322ae928e80e738" }, { "ID": "tenacity@8.5.0", "Name": "tenacity", "Identifier": { "PURL": "pkg:pypi/tenacity@8.5.0", "UID": "b33f307e911f32b7", "BOMRef": "pkg:pypi/tenacity@8.5.0" }, "Version": "8.5.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/tenacity-8.5.0.dist-info/METADATA", "Digest": "sha1:67c962294c30afecad8066ac633a11bd658c5148" }, { "ID": "tiktoken@0.8.0", "Name": "tiktoken", "Identifier": { "PURL": "pkg:pypi/tiktoken@0.8.0", "UID": "893f057eca5bf568", "BOMRef": "pkg:pypi/tiktoken@0.8.0" }, "Version": "0.8.0", "Licenses": [ "MIT License Copyright (c) 2022 OpenAI, Shantanu Jain Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/tiktoken-0.8.0.dist-info/METADATA", "Digest": "sha1:9d84201eb7fb511e2757fbd00150263ff31577b8" }, { "ID": "tokenizers@0.20.2", "Name": "tokenizers", "Identifier": { "PURL": "pkg:pypi/tokenizers@0.20.2", "UID": "1b7847f410fbc0ea", "BOMRef": "pkg:pypi/tokenizers@0.20.2" }, "Version": "0.20.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/tokenizers-0.20.2.dist-info/METADATA", "Digest": "sha1:86c509fc1d122a9bba1c089e9d38ddd1c56d64cd" }, { "ID": "tomlkit@0.14.0", "Name": "tomlkit", "Identifier": { "PURL": "pkg:pypi/tomlkit@0.14.0", "UID": "8cc7210e420646f1", "BOMRef": "pkg:pypi/tomlkit@0.14.0" }, "Version": "0.14.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/tomlkit-0.14.0.dist-info/METADATA", "Digest": "sha1:7887d40449d9684788cfb76faacc540c0769cac8" }, { "ID": "tornado@6.5.4", "Name": "tornado", "Identifier": { "PURL": "pkg:pypi/tornado@6.5.4", "UID": "c9cf8ee629bb6d07", "BOMRef": "pkg:pypi/tornado@6.5.4" }, "Version": "6.5.4", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/tornado-6.5.4.dist-info/METADATA", "Digest": "sha1:a1e2393e5aa6c6bd7c26bfb9b68a31771d14a790" }, { "ID": "tqdm@4.67.3", "Name": "tqdm", "Identifier": { "PURL": "pkg:pypi/tqdm@4.67.3", "UID": "a360e0074b98955d", "BOMRef": "pkg:pypi/tqdm@4.67.3" }, "Version": "4.67.3", "Licenses": [ "MPL-2.0 AND MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/tqdm-4.67.3.dist-info/METADATA", "Digest": "sha1:0135af1981d2b0f1326020f991192d869693b873" }, { "ID": "typing-inspection@0.4.2", "Name": "typing-inspection", "Identifier": { "PURL": "pkg:pypi/typing-inspection@0.4.2", "UID": "54d4ca533dc7535b", "BOMRef": "pkg:pypi/typing-inspection@0.4.2" }, "Version": "0.4.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/typing_inspection-0.4.2.dist-info/METADATA", "Digest": "sha1:455fdb9c8e246ba02c2a28655287401b62028b60" }, { "ID": "typing_extensions@4.15.0", "Name": "typing_extensions", "Identifier": { "PURL": "pkg:pypi/typing-extensions@4.15.0", "UID": "11d7207abaac7307", "BOMRef": "pkg:pypi/typing-extensions@4.15.0" }, "Version": "4.15.0", "Licenses": [ "PSF-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/typing_extensions-4.15.0.dist-info/METADATA", "Digest": "sha1:c5c2ce18351f8f2ae0f4a6f7c84c523f342010ee" }, { "ID": "tzdata@2025.1", "Name": "tzdata", "Identifier": { "PURL": "pkg:pypi/tzdata@2025.1", "UID": "43f9c9fc2bc5a6a", "BOMRef": "pkg:pypi/tzdata@2025.1" }, "Version": "2025.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/tzdata-2025.1.dist-info/METADATA", "Digest": "sha1:6e57a2a6ed74712dd41842370b1c12bb8446d4b1" }, { "ID": "tzlocal@5.3.1", "Name": "tzlocal", "Identifier": { "PURL": "pkg:pypi/tzlocal@5.3.1", "UID": "28e1feeb6288ae95", "BOMRef": "pkg:pypi/tzlocal@5.3.1" }, "Version": "5.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/tzlocal-5.3.1.dist-info/METADATA", "Digest": "sha1:fa463c4a745ae9f56544484fb7724eb107786eb4" }, { "ID": "urllib3@2.6.3", "Name": "urllib3", "Identifier": { "PURL": "pkg:pypi/urllib3@2.6.3", "UID": "14f2073a370c21f0", "BOMRef": "pkg:pypi/urllib3@2.6.3" }, "Version": "2.6.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/urllib3-2.6.3.dist-info/METADATA", "Digest": "sha1:8e2cd7246c7dce09d4590affab6060ec527397c1" }, { "ID": "uvicorn@0.31.1", "Name": "uvicorn", "Identifier": { "PURL": "pkg:pypi/uvicorn@0.31.1", "UID": "4894722004af2e51", "BOMRef": "pkg:pypi/uvicorn@0.31.1" }, "Version": "0.31.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/uvicorn-0.31.1.dist-info/METADATA", "Digest": "sha1:d229686a1d0f8b25bbb3ca0ab3b5519a37abc2b2" }, { "ID": "uvloop@0.21.0", "Name": "uvloop", "Identifier": { "PURL": "pkg:pypi/uvloop@0.21.0", "UID": "f81f8fe07b5e47fa", "BOMRef": "pkg:pypi/uvloop@0.21.0" }, "Version": "0.21.0", "Licenses": [ "Apache-2.0", "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/uvloop-0.21.0.dist-info/METADATA", "Digest": "sha1:eecfee7932b6d8397d72414b9a42e8b34c4dcbe7" }, { "ID": "websockets@15.0.1", "Name": "websockets", "Identifier": { "PURL": "pkg:pypi/websockets@15.0.1", "UID": "4806cfa10faa93bb", "BOMRef": "pkg:pypi/websockets@15.0.1" }, "Version": "15.0.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/websockets-15.0.1.dist-info/METADATA", "Digest": "sha1:7bcef50b72ed117258a503c68d7f5dd194872067" }, { "ID": "wrapt@1.17.3", "Name": "wrapt", "Identifier": { "PURL": "pkg:pypi/wrapt@1.17.3", "UID": "793b0130b593cf14", "BOMRef": "pkg:pypi/wrapt@1.17.3" }, "Version": "1.17.3", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/wrapt-1.17.3.dist-info/METADATA", "Digest": "sha1:dbb2682fa0ce1b88bad298721b69b9263a689653" }, { "ID": "xmltodict@1.0.3", "Name": "xmltodict", "Identifier": { "PURL": "pkg:pypi/xmltodict@1.0.3", "UID": "252ca6d51438b396", "BOMRef": "pkg:pypi/xmltodict@1.0.3" }, "Version": "1.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/xmltodict-1.0.3.dist-info/METADATA", "Digest": "sha1:e74fe9d4e5bba874f0a8bc0632e517cc33e69caf" }, { "ID": "yarl@1.22.0", "Name": "yarl", "Identifier": { "PURL": "pkg:pypi/yarl@1.22.0", "UID": "6a34b33a5d610e8b", "BOMRef": "pkg:pypi/yarl@1.22.0" }, "Version": "1.22.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/yarl-1.22.0.dist-info/METADATA", "Digest": "sha1:f41ac3bd0464e5ad45fa596ed3de6fc69d98568d" }, { "ID": "zipp@3.23.0", "Name": "zipp", "Identifier": { "PURL": "pkg:pypi/zipp@3.23.0", "UID": "3dae444d8cbe779d", "BOMRef": "pkg:pypi/zipp@3.23.0" }, "Version": "3.23.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "FilePath": "usr/lib/python3.13/site-packages/zipp-3.23.0.dist-info/METADATA", "Digest": "sha1:d7974cc6cd5ace30ae2bf7e89ed458fc7e46a194" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-32597", "VendorIDs": [ "GHSA-752w-5fwx-jx9f" ], "PkgID": "PyJWT@2.9.0", "PkgName": "PyJWT", "PkgPath": "usr/lib/python3.13/site-packages/PyJWT-2.9.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pyjwt@2.9.0", "UID": "c74092a617cc1cb6", "BOMRef": "pkg:pypi/pyjwt@2.9.0" }, "InstalledVersion": "2.9.0", "FixedVersion": "2.12.0", "Status": "fixed", "Layer": { "Digest": "sha256:d5be1d45c7399995acc4b68911943356bb688092254d9a5bcdbf990e8dc33494", "DiffID": "sha256:4c3d1b778c7b9dc9a2737fe74d15535496ba7a69d746b0f0b4b89164d85dfcc2" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32597", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:d131734b884eb278bfd56b4e76f920a52392dde00f313e9ec778f4578dc2074a", "Title": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)", "Description": "PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.", "Severity": "HIGH", "CweIDs": [ "CWE-345", "CWE-863" ], "VendorSeverity": { "amazon": 2, "ghsa": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32597", "https://github.com/jpadilla/pyjwt", "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f", "https://nvd.nist.gov/vuln/detail/CVE-2026-32597", "https://ubuntu.com/security/notices/USN-8133-1", "https://www.cve.org/CVERecord?id=CVE-2026-32597" ], "PublishedDate": "2026-03-13T19:55:09.5Z", "LastModifiedDate": "2026-03-19T13:30:29.217Z" }, { "VulnerabilityID": "CVE-2026-4539", "VendorIDs": [ "GHSA-5239-wwwm-4pmq" ], "PkgID": "Pygments@2.19.2", "PkgName": "Pygments", "PkgPath": "usr/lib/python3.13/site-packages/pygments-2.19.2.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pygments@2.19.2", "UID": "6e9778d40ba9b4", "BOMRef": "pkg:pypi/pygments@2.19.2" }, "InstalledVersion": "2.19.2", "FixedVersion": "2.20.0", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4539", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:ebde05e4d8dcd73a17075046f3361dd78663645fafd33c8dceda93495fbf43d3", "Title": "pygments: Pygments: Denial of Service via inefficient regular expression processing in AdlLexer", "Description": "A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", "Severity": "LOW", "CweIDs": [ "CWE-400", "CWE-1333" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "V3Score": 3.3, "V40Score": 1.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4539", "https://github.com/pygments/pygments", "https://github.com/pygments/pygments/", "https://github.com/pygments/pygments/commit/24b8aa76c6cd6d70f39c6dd605cce319c98e2ccc", "https://github.com/pygments/pygments/issues/3058", "https://github.com/pygments/pygments/pull/3064", "https://github.com/pygments/pygments/releases/tag/2.20.0", "https://nvd.nist.gov/vuln/detail/CVE-2026-4539", "https://vuldb.com/?ctiid.352327", "https://vuldb.com/?id.352327", "https://vuldb.com/?submit.774685", "https://www.cve.org/CVERecord?id=CVE-2026-4539" ], "PublishedDate": "2026-03-22T06:16:20.913Z", "LastModifiedDate": "2026-03-23T14:31:37.267Z" }, { "VulnerabilityID": "CVE-2026-22815", "VendorIDs": [ "GHSA-w2fm-2cpv-w7v5" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "2d0df7a607f6cb23", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22815", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:e297cb5a8fd78db1e9ad3bb29c1a40a1df63eabccc96ee4b5deb56e6c856a4ab", "Title": "aiohttp: AIOHTTP: Denial of Service via insufficient header/trailer handling", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400", "CWE-770" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22815", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5", "https://nvd.nist.gov/vuln/detail/CVE-2026-22815", "https://www.cve.org/CVERecord?id=CVE-2026-22815" ], "PublishedDate": "2026-04-01T21:16:58.513Z", "LastModifiedDate": "2026-04-04T04:17:11.5Z" }, { "VulnerabilityID": "CVE-2026-34515", "VendorIDs": [ "GHSA-p998-jp59-783m" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "2d0df7a607f6cb23", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34515", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:aa0ff32af4423f451a9b5ca9ffda6e685d476c23cfcad9f23218d016963c6ee4", "Title": "aiohttp: AIOHTTP: Information disclosure via static resource handler on Windows", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-36", "CWE-918" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 6.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34515", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/0ae2aa076c84573df83fc1fdc39eec0f5862fe3d", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-p998-jp59-783m", "https://nvd.nist.gov/vuln/detail/CVE-2026-34515", "https://www.cve.org/CVERecord?id=CVE-2026-34515" ], "PublishedDate": "2026-04-01T21:16:59.57Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34516", "VendorIDs": [ "GHSA-m5qp-6w8w-w647" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "2d0df7a607f6cb23", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34516", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:866e8a4d5186c80beaf50090938ccce515a3aaa37fd8a0f3288f6eb882018131", "Title": "aiohttp: AIOHTTP: Denial of Service via excessive multipart headers", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", "V40Score": 6.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34516", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647", "https://nvd.nist.gov/vuln/detail/CVE-2026-34516", "https://www.cve.org/CVERecord?id=CVE-2026-34516" ], "PublishedDate": "2026-04-01T21:16:59.723Z", "LastModifiedDate": "2026-04-04T04:17:20.147Z" }, { "VulnerabilityID": "CVE-2026-34525", "VendorIDs": [ "GHSA-c427-h43c-vf67" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "2d0df7a607f6cb23", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34525", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:e84f570f991af8f81da0073310141adbbe376c44e2bb855e226ffeb8826b2695", "Title": "aiohttp: aiohttp: Security bypass via multiple Host headers", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-444" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N", "V40Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34525", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/53e2e6fc58b89c6185be7820bd2c9f40216b3000", "https://github.com/aio-libs/aiohttp/commit/e00ca3cca92c465c7913c4beb763a72da9ed8349", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-c427-h43c-vf67", "https://nvd.nist.gov/vuln/detail/CVE-2026-34525", "https://www.cve.org/CVERecord?id=CVE-2026-34525" ], "PublishedDate": "2026-04-01T21:17:00.49Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34513", "VendorIDs": [ "GHSA-hcc4-c3v8-rx92" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "2d0df7a607f6cb23", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34513", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:96526097b9e565fbcbf5ef8c916c84641b20edb5fca07d11d43577d13d9175e1", "Title": "aiohttp: AIOHTTP: Denial of Service due to unbounded DNS cache", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34513", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92", "https://nvd.nist.gov/vuln/detail/CVE-2026-34513", "https://www.cve.org/CVERecord?id=CVE-2026-34513" ], "PublishedDate": "2026-04-01T21:16:59.267Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34514", "VendorIDs": [ "GHSA-2vrm-gr82-f7m5" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "2d0df7a607f6cb23", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34514", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:e702c6a7f468a334f650f8b9550cb73a6231ea5b2f4a9cfd8d21e0428e1a106a", "Title": "aiohttp: AIOHTTP: Header Injection via content_type parameter manipulation", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the content_type parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-113" ], "VendorSeverity": { "ghsa": 1, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34514", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5", "https://nvd.nist.gov/vuln/detail/CVE-2026-34514", "https://www.cve.org/CVERecord?id=CVE-2026-34514" ], "PublishedDate": "2026-04-01T21:16:59.417Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34517", "VendorIDs": [ "GHSA-3wq7-rqq7-wx6j" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "2d0df7a607f6cb23", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34517", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:a54f789989605bca58808a5eb74e695bddcaf31106f6193215b12e8ab415dc30", "Title": "aiohttp: AIOHTTP: Denial of Service via large multipart form fields", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking client_max_size. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34517", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/cbb774f38330563422ca0c413a71021d7b944145", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-3wq7-rqq7-wx6j", "https://nvd.nist.gov/vuln/detail/CVE-2026-34517", "https://www.cve.org/CVERecord?id=CVE-2026-34517" ], "PublishedDate": "2026-04-01T21:16:59.87Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34518", "VendorIDs": [ "GHSA-966j-vmvw-g2g9" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "2d0df7a607f6cb23", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34518", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:17f8068b71428244ee87fc4bd501180d108baf2d9105f003b3bb86d35173ad70", "Title": "aiohttp: AIOHTTP: Information disclosure via retained Cookie and Proxy-Authorization headers during redirects", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34518", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/5351c980dcec7ad385730efdf4e1f4338b24fdb6", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-966j-vmvw-g2g9", "https://nvd.nist.gov/vuln/detail/CVE-2026-34518", "https://www.cve.org/CVERecord?id=CVE-2026-34518" ], "PublishedDate": "2026-04-01T21:17:00.02Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34519", "VendorIDs": [ "GHSA-mwh4-6h8g-pg8w" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "2d0df7a607f6cb23", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34519", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:c677ff157a1bb25fab314b79823db49eca07785b4ab4ea1dd8c7d70fb78e8fe3", "Title": "aiohttp: aiohttp: Header injection vulnerability via reason parameter", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-113" ], "VendorSeverity": { "ghsa": 1, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34519", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w", "https://nvd.nist.gov/vuln/detail/CVE-2026-34519", "https://www.cve.org/CVERecord?id=CVE-2026-34519" ], "PublishedDate": "2026-04-01T21:17:00.17Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34520", "VendorIDs": [ "GHSA-63hf-3vf5-4wqf" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "2d0df7a607f6cb23", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34520", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:0770c420fed18efd646b9b1025c31ad6b249ef4b7310b4e44012f102049b74b9", "Title": "aiohttp: AIOHTTP: Header injection vulnerability due to improper character handling", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-113" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34520", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/9370b9714a7a56003cacd31a9b4ae16eab109ba4", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hf-3vf5-4wqf", "https://nvd.nist.gov/vuln/detail/CVE-2026-34520", "https://www.cve.org/CVERecord?id=CVE-2026-34520" ], "PublishedDate": "2026-04-01T21:17:00.333Z", "LastModifiedDate": "2026-04-04T04:17:20.773Z" }, { "VulnerabilityID": "CVE-2026-34073", "VendorIDs": [ "GHSA-m959-cc7f-wv43" ], "PkgID": "cryptography@46.0.5", "PkgName": "cryptography", "PkgPath": "usr/lib/python3.13/site-packages/cryptography-46.0.5.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/cryptography@46.0.5", "UID": "15ad7a115926c372", "BOMRef": "pkg:pypi/cryptography@46.0.5" }, "InstalledVersion": "46.0.5", "FixedVersion": "46.0.6", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34073", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:a0a15bf12f7993f9515806d984f1ae6b5269b33fee66ade32b33b7c56ca46249", "Title": "cryptography: python: Cryptography: Security bypass due to improper DNS name constraint validation", "Description": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the \"peer name\" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.", "Severity": "LOW", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 1.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34073", "https://github.com/pyca/cryptography", "https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43", "https://nvd.nist.gov/vuln/detail/CVE-2026-34073", "https://www.cve.org/CVERecord?id=CVE-2026-34073" ], "PublishedDate": "2026-03-31T03:15:59.123Z", "LastModifiedDate": "2026-04-01T14:24:02.583Z" }, { "VulnerabilityID": "CVE-2026-35030", "VendorIDs": [ "GHSA-jjhc-v7c2-5hh6" ], "PkgID": "litellm@1.81.12", "PkgName": "litellm", "PkgPath": "usr/lib/python3.13/site-packages/litellm-1.81.12.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/litellm@1.81.12", "UID": "1e0fc3e03c4012e4", "BOMRef": "pkg:pypi/litellm@1.81.12" }, "InstalledVersion": "1.81.12", "FixedVersion": "1.83.0", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-35030", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:5363f29c5c7bf9abd7433cc9ee1d423d6946899d3cfb596229199386e95658d4", "Title": "LiteLLM: Authentication bypass via OIDC userinfo cache key collision", "Description": "### Impact\n\nWhen JWT authentication is enabled (`enable_jwt_auth: true`), the OIDC userinfo cache uses `token[:20]` as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters.\n\nThis configuration option is not enabled by default. **Most instances are not affected.**\n\nAn unauthenticated attacker can craft a token whose first 20 characters match a legitimate user's cached token. On cache hit, the attacker inherits the legitimate user's identity and permissions. This affects deployments with JWT/OIDC authentication enabled.\n\n### Patches\n\nFixed in v1.83.0. The cache key now uses the full hash of the JWT token.\n\n### Workarounds\n\nDisable OIDC userinfo caching by setting the cache TTL to 0, or disable JWT authentication entirely.", "Severity": "CRITICAL", "VendorSeverity": { "ghsa": 4 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N", "V40Score": 9.4 } }, "References": [ "https://github.com/BerriAI/litellm", "https://github.com/BerriAI/litellm/security/advisories/GHSA-jjhc-v7c2-5hh6" ] }, { "VulnerabilityID": "CVE-2026-35029", "VendorIDs": [ "GHSA-53mr-6c8q-9789" ], "PkgID": "litellm@1.81.12", "PkgName": "litellm", "PkgPath": "usr/lib/python3.13/site-packages/litellm-1.81.12.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/litellm@1.81.12", "UID": "1e0fc3e03c4012e4", "BOMRef": "pkg:pypi/litellm@1.81.12" }, "InstalledVersion": "1.81.12", "FixedVersion": "1.83.0", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-35029", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:e85c0aa7bafa111b19f6fbf419f8ba5f2b56c4df0a3ec1a016d6cf3b2e04a986", "Title": "LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint", "Description": "### Impact\n\nThe `/config/update endpoint` does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to do the following:\n\n - Modify proxy configuration and environment variables\n - Register custom pass-through endpoint handlers pointing to attacker-controlled Python code, achieving remote code execution\n - Read arbitrary server files by setting UI_LOGO_PATH and fetching via /get_image\n - Take over other priveleged accounts by overwriting UI_USERNAME and UI_PASSWORD environment variables\n\n### Patches\n\nFixed in v1.83.0. The endpoint now requires `proxy_admin` role.\n\n### Workarounds\n\nRestrict API key distribution. There is no configuration-level workaround.", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N", "V40Score": 8.7 } }, "References": [ "https://github.com/BerriAI/litellm", "https://github.com/BerriAI/litellm/security/advisories/GHSA-53mr-6c8q-9789" ] }, { "VulnerabilityID": "CVE-2026-30922", "VendorIDs": [ "GHSA-jr27-m4p2-rc6r" ], "PkgID": "pyasn1@0.6.2", "PkgName": "pyasn1", "PkgPath": "usr/lib/python3.13/site-packages/pyasn1-0.6.2.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pyasn1@0.6.2", "UID": "70189d7bb6b50590", "BOMRef": "pkg:pypi/pyasn1@0.6.2" }, "InstalledVersion": "0.6.2", "FixedVersion": "0.6.3", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-30922", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:c8b01b67777a21a211fe112adb623397adbfa193f38a4aca319365ee454edac6", "Title": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion", "Description": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 3, "ghsa": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/20/4", "https://access.redhat.com/security/cve/CVE-2026-30922", "https://github.com/pyasn1/pyasn1", "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0", "https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8", "https://github.com/pyasn1/pyasn1/releases/tag/v0.6.3", "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r", "https://nvd.nist.gov/vuln/detail/CVE-2026-30922", "https://ubuntu.com/security/notices/USN-8129-1", "https://ubuntu.com/security/notices/USN-8134-1", "https://www.cve.org/CVERecord?id=CVE-2026-30922" ], "PublishedDate": "2026-03-18T04:17:18.397Z", "LastModifiedDate": "2026-03-21T01:17:06.36Z" }, { "VulnerabilityID": "CVE-2026-27888", "VendorIDs": [ "GHSA-x7hp-r3qg-r3cj" ], "PkgID": "pypdf@6.7.1", "PkgName": "pypdf", "PkgPath": "usr/lib/python3.13/site-packages/pypdf-6.7.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pypdf@6.7.1", "UID": "7bfbb6a2c8f165a8", "BOMRef": "pkg:pypi/pypdf@6.7.1" }, "InstalledVersion": "6.7.1", "FixedVersion": "6.7.3", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27888", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:1c7e64d76623543872cf021322a94b9ccd291798975baffb6b21bb041ca186d2", "Title": "pypdf: pypdf: Denial of Service via crafted PDF", "Description": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader or writer and the corresponding stream being compressed using `/FlateDecode`. This has been fixed in pypdf 6.7.3. As a workaround, apply the patch manually.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", "V40Score": 6.6 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27888", "https://github.com/py-pdf/pypdf", "https://github.com/py-pdf/pypdf/commit/7a4c8246ed48d9d328fb596942271da47b6d109c", "https://github.com/py-pdf/pypdf/pull/3658", "https://github.com/py-pdf/pypdf/releases/tag/6.7.3", "https://github.com/py-pdf/pypdf/security/advisories/GHSA-x7hp-r3qg-r3cj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27888", "https://www.cve.org/CVERecord?id=CVE-2026-27888" ], "PublishedDate": "2026-02-26T01:16:25.47Z", "LastModifiedDate": "2026-02-27T17:26:35.363Z" }, { "VulnerabilityID": "CVE-2026-28351", "VendorIDs": [ "GHSA-f2v5-7jq9-h8cg" ], "PkgID": "pypdf@6.7.1", "PkgName": "pypdf", "PkgPath": "usr/lib/python3.13/site-packages/pypdf-6.7.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pypdf@6.7.1", "UID": "7bfbb6a2c8f165a8", "BOMRef": "pkg:pypi/pypdf@6.7.1" }, "InstalledVersion": "6.7.1", "FixedVersion": "6.7.4", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28351", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:1c289b54be1f606749fd041685d9bb00e0bd964bec344e962ae2b6facd4d9dbc", "Title": "pypdf: pypdf: Denial of Service via crafted PDF with RunLengthDecode filter", "Description": "pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaround, consider applying the changes from PR #3664.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28351", "https://github.com/py-pdf/pypdf", "https://github.com/py-pdf/pypdf/commit/f309c6003746414dc7b5048c19e6d879ff2dc858", "https://github.com/py-pdf/pypdf/pull/3664", "https://github.com/py-pdf/pypdf/releases/tag/6.7.4", "https://github.com/py-pdf/pypdf/security/advisories/GHSA-f2v5-7jq9-h8cg", "https://nvd.nist.gov/vuln/detail/CVE-2026-28351", "https://www.cve.org/CVERecord?id=CVE-2026-28351" ], "PublishedDate": "2026-02-27T21:16:19.177Z", "LastModifiedDate": "2026-03-03T18:36:06.29Z" }, { "VulnerabilityID": "CVE-2026-28804", "VendorIDs": [ "GHSA-9m86-7pmv-2852" ], "PkgID": "pypdf@6.7.1", "PkgName": "pypdf", "PkgPath": "usr/lib/python3.13/site-packages/pypdf-6.7.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pypdf@6.7.1", "UID": "7bfbb6a2c8f165a8", "BOMRef": "pkg:pypi/pypdf@6.7.1" }, "InstalledVersion": "6.7.1", "FixedVersion": "6.7.5", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28804", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:ed9e136878de47f2363a2d8324d3f5d49b417075b2681e9c096252b1775e8659", "Title": "pypdf: pypdf: Denial of Service via crafted PDF with ASCIIHexDecode filter", "Description": "pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28804", "https://github.com/py-pdf/pypdf", "https://github.com/py-pdf/pypdf/commit/648c627d2657447dfb1773412af05a0a5103b98f", "https://github.com/py-pdf/pypdf/pull/3666", "https://github.com/py-pdf/pypdf/releases/tag/6.7.5", "https://github.com/py-pdf/pypdf/security/advisories/GHSA-9m86-7pmv-2852", "https://nvd.nist.gov/vuln/detail/CVE-2026-28804", "https://www.cve.org/CVERecord?id=CVE-2026-28804" ], "PublishedDate": "2026-03-06T07:16:01.22Z", "LastModifiedDate": "2026-03-10T19:39:37.18Z" }, { "VulnerabilityID": "CVE-2026-31826", "VendorIDs": [ "GHSA-hqmh-ppp3-xvm7" ], "PkgID": "pypdf@6.7.1", "PkgName": "pypdf", "PkgPath": "usr/lib/python3.13/site-packages/pypdf-6.7.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pypdf@6.7.1", "UID": "7bfbb6a2c8f165a8", "BOMRef": "pkg:pypi/pypdf@6.7.1" }, "InstalledVersion": "6.7.1", "FixedVersion": "6.8.0", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31826", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:65133b9845f297331d7c328a61b4ec67607bd2a538f039b464d8da2f1fd69a28", "Title": "pypdf: pypdf: Denial of Service due to excessive memory consumption via crafted PDF", "Description": "pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. This vulnerability is fixed in 6.8.0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 6.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31826", "https://github.com/py-pdf/pypdf", "https://github.com/py-pdf/pypdf/commit/3c550b3196adeba1506a26e57c09c09fac75e9aa", "https://github.com/py-pdf/pypdf/pull/3675", "https://github.com/py-pdf/pypdf/releases/tag/6.8.0", "https://github.com/py-pdf/pypdf/security/advisories/GHSA-hqmh-ppp3-xvm7", "https://nvd.nist.gov/vuln/detail/CVE-2026-31826", "https://www.cve.org/CVERecord?id=CVE-2026-31826" ], "PublishedDate": "2026-03-10T22:16:20.483Z", "LastModifiedDate": "2026-03-17T20:52:08.673Z" }, { "VulnerabilityID": "CVE-2026-33123", "VendorIDs": [ "GHSA-qpxp-75px-xjcp" ], "PkgID": "pypdf@6.7.1", "PkgName": "pypdf", "PkgPath": "usr/lib/python3.13/site-packages/pypdf-6.7.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pypdf@6.7.1", "UID": "7bfbb6a2c8f165a8", "BOMRef": "pkg:pypi/pypdf@6.7.1" }, "InstalledVersion": "6.7.1", "FixedVersion": "6.9.1", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33123", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:bf9d248bdff415e5974ac752241719bb7da15c45fa58004d0b910d855c87361a", "Title": "pypdf: pypdf: Denial of Service due to excessive resource consumption from crafted PDF", "Description": "pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400", "CWE-407" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 5.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33123", "https://github.com/py-pdf/pypdf", "https://github.com/py-pdf/pypdf/pull/3686", "https://github.com/py-pdf/pypdf/releases/tag/6.9.1", "https://github.com/py-pdf/pypdf/security/advisories/GHSA-qpxp-75px-xjcp", "https://nvd.nist.gov/vuln/detail/CVE-2026-33123", "https://www.cve.org/CVERecord?id=CVE-2026-33123" ], "PublishedDate": "2026-03-20T10:16:18.717Z", "LastModifiedDate": "2026-03-23T15:48:01.007Z" }, { "VulnerabilityID": "CVE-2026-33699", "VendorIDs": [ "GHSA-87mj-5ggw-8qc3" ], "PkgID": "pypdf@6.7.1", "PkgName": "pypdf", "PkgPath": "usr/lib/python3.13/site-packages/pypdf-6.7.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pypdf@6.7.1", "UID": "7bfbb6a2c8f165a8", "BOMRef": "pkg:pypi/pypdf@6.7.1" }, "InstalledVersion": "6.7.1", "FixedVersion": "6.9.2", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33699", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:217066c259fd74f3790b083debd3c2bba4262e8c37ddb08784e1c1bffdc29894", "Title": "pypdf: pypdf: Denial of Service via crafted PDF in non-strict mode", "Description": "pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider applying the changes from the patch manually.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "ghsa": 2, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", "V40Score": 4.6 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33699", "https://github.com/py-pdf/pypdf", "https://github.com/py-pdf/pypdf/pull/3693", "https://github.com/py-pdf/pypdf/releases/tag/6.9.2", "https://github.com/py-pdf/pypdf/security/advisories/GHSA-87mj-5ggw-8qc3", "https://nvd.nist.gov/vuln/detail/CVE-2026-33699", "https://www.cve.org/CVERecord?id=CVE-2026-33699" ], "PublishedDate": "2026-03-27T01:16:19.147Z", "LastModifiedDate": "2026-04-01T16:01:35.88Z" }, { "VulnerabilityID": "CVE-2026-27628", "VendorIDs": [ "GHSA-2rw7-x74f-jg35" ], "PkgID": "pypdf@6.7.1", "PkgName": "pypdf", "PkgPath": "usr/lib/python3.13/site-packages/pypdf-6.7.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pypdf@6.7.1", "UID": "7bfbb6a2c8f165a8", "BOMRef": "pkg:pypi/pypdf@6.7.1" }, "InstalledVersion": "6.7.1", "FixedVersion": "6.7.2", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27628", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:f259283a9276d733c3479904b57ae30f6566a87403ee3eb2e8e1d7215b0ec2fd", "Title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams", "Description": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually.", "Severity": "LOW", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "ghsa": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", "V40Score": 1.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27628", "https://github.com/py-pdf/pypdf", "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f", "https://github.com/py-pdf/pypdf/commit/f0a462d36971cf077d74492a348d0d06fd60ea4d", "https://github.com/py-pdf/pypdf/issues/3654", "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35", "https://nvd.nist.gov/vuln/detail/CVE-2026-27628", "https://www.cve.org/CVERecord?id=CVE-2026-27628" ], "PublishedDate": "2026-02-25T03:16:06.513Z", "LastModifiedDate": "2026-02-27T20:21:38.617Z" }, { "VulnerabilityID": "CVE-2026-25645", "VendorIDs": [ "GHSA-gc5v-m9x4-r6x2" ], "PkgID": "requests@2.32.5", "PkgName": "requests", "PkgPath": "usr/lib/python3.13/site-packages/requests-2.32.5.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/requests@2.32.5", "UID": "523162b2531f2e3", "BOMRef": "pkg:pypi/requests@2.32.5" }, "InstalledVersion": "2.32.5", "FixedVersion": "2.33.0", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25645", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:2b3005b07dc5a6b7e5412ddcf35545abddc5483e79b217a7af964879fbbeb4d4", "Title": "requests: Requests: Security bypass due to predictable temporary file creation", "Description": "Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call `extract_zipped_paths()` directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set `TMPDIR` in their environment to a directory with restricted write access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-377" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-25645", "https://github.com/psf/requests", "https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7", "https://github.com/psf/requests/releases/tag/v2.33.0", "https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2", "https://nvd.nist.gov/vuln/detail/CVE-2026-25645", "https://www.cve.org/CVERecord?id=CVE-2026-25645" ], "PublishedDate": "2026-03-25T17:16:52.97Z", "LastModifiedDate": "2026-03-30T14:23:16.127Z" }, { "VulnerabilityID": "CVE-2026-31958", "VendorIDs": [ "GHSA-qjxf-f2mg-c6mc" ], "PkgID": "tornado@6.5.4", "PkgName": "tornado", "PkgPath": "usr/lib/python3.13/site-packages/tornado-6.5.4.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/tornado@6.5.4", "UID": "c9cf8ee629bb6d07", "BOMRef": "pkg:pypi/tornado@6.5.4" }, "InstalledVersion": "6.5.4", "FixedVersion": "6.5.5", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31958", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:10b5831ac0a0f1c5feae09fe9ece4ce967a81416be39c47bd967452119025f77", "Title": "tornado-python: Tornado: Denial of Service via large multipart bodies", "Description": "Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the max_body_size setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. This vulnerability is fixed in 6.5.5.", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31958", "https://github.com/tornadoweb/tornado", "https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839", "https://github.com/tornadoweb/tornado/releases/tag/v6.5.5", "https://github.com/tornadoweb/tornado/security/advisories/GHSA-qjxf-f2mg-c6mc", "https://lists.debian.org/debian-lts-announce/2026/04/msg00000.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-31958", "https://www.cve.org/CVERecord?id=CVE-2026-31958" ], "PublishedDate": "2026-03-11T20:16:16.617Z", "LastModifiedDate": "2026-04-01T15:23:00.217Z" }, { "VulnerabilityID": "GHSA-78cv-mqj4-43f7", "PkgID": "tornado@6.5.4", "PkgName": "tornado", "PkgPath": "usr/lib/python3.13/site-packages/tornado-6.5.4.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/tornado@6.5.4", "UID": "c9cf8ee629bb6d07", "BOMRef": "pkg:pypi/tornado@6.5.4" }, "InstalledVersion": "6.5.4", "FixedVersion": "6.5.5", "Status": "fixed", "Layer": { "Digest": "sha256:8a4d1c9789572ae29bb72b1bf55014a2bcc30fe71a2d0f54b413d2516d32d0b0", "DiffID": "sha256:6c1e058af5ca82d33519a616dcf0d163910fb55c4bca7c7896c76478a828c6d8" }, "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-78cv-mqj4-43f7", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:f1ac92fd089dcd90594868f05741f3d0f04d06b7805421f130ef6c9c03c5ab43", "Title": "Tornado has incomplete validation of cookie attributes", "Description": "Values passed to the `domain`, `path`, and `samesite` arguments of `RequestHandler.set_cookie` were not completely validated in versions of Tornado prior to 6.5.5. In particular, semicolons would be allowed, which could be used to inject attacker-controlled values for other cookie attributes.", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://github.com/tornadoweb/tornado", "https://github.com/tornadoweb/tornado/commit/24a2d96ea115f663b223887deb0060f13974c104", "https://github.com/tornadoweb/tornado/releases/tag/v6.5.5", "https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7" ], "PublishedDate": "2026-03-11T22:17:00Z", "LastModifiedDate": "2026-03-11T22:17:00Z" } ] } ] }