{ "SchemaVersion": 2, "Trivy": { "Version": "0.69.3" }, "ReportID": "019d57b3-4969-7c4c-8f56-e64a5d8e632f", "CreatedAt": "2026-04-04T08:54:20.777807376Z", "ArtifactName": "sboms/ai-containers-litellm-v1.81.9-stable-cyclonedx.json", "ArtifactType": "cyclonedx", "Metadata": { "OS": { "Family": "wolfi", "Name": "20230201" }, "ImageID": "sha256:302fcb64123e6be3db274be7b955f189874e7bee6afb673bb9b6c714165d8aea", "DiffIDs": [ "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530", "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa", "sha256:1f7b804e2e3b2ce78f108ce6ea8e3c5c42309860a59a5342e101ba77669d8a92", "sha256:232fac05d2b8dfdfd7624cf7965f93e3906d0410d116d54c2df42bc52f2d26ff", "sha256:2d64e69fa70c9611b9326f3de269d8fb379f944951ca8087d6558c92263697c0", "sha256:2e528d6b04f3a5e57f6078da786b8d0eb2cab58bdf11280fdfe32c327800a0c8", "sha256:47818c04b59f8108513a8edaf927c1387cab3d15a4ff3cecfd9de21022066143", "sha256:4faa46a986ba8a306b6fc45da64efe4dfbffaec1284503f249ff0dffd66a7f47", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:6562679d109c939489d457fcbd6d961c9d5f592f316cefcb2e62fa595199797a", "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453", "sha256:7da54c5babe49570b35c0c074dcea6b2016ca6ee0a44ff8c9bb71ae076b38597", "sha256:91376c520b52adcfbe3ad62a347b03554d4f198caaad10f5d98e1721ea3c48f7", "sha256:98481b16b5b7db2fe5071acddc9cb81c29411335c97e9ddeb35c7c800d9fb568", "sha256:ace84ac39d12e0e955bad1ce6df7b62f1e8e3a92bb2f3d2a8df609abca3da60a", "sha256:af1ea0e33c8e22c51b2e7d16e572107ea675110fb820a75d2193879e1702cd1b", "sha256:b6b512b9108959a393f94a860379497c2fb37e0ed270f661cc418c748808fc39", "sha256:b8195249dcd92d2c0519946f0a9f9d9ec7b88e9a19b5f83bc156103a39d5ab50", "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532", "sha256:d4eb42647d6e498ddde0bd8a58b126153aa4d0bebad463c61f2ded763d4594fe", "sha256:d6b8466f77eed68e7e912f4b440968351f96fcfefa7b648627dcae6d5e26d7ed", "sha256:da3fdd6f2204c517d55a5cd52f317651f46a8786ad86c35ec2bedbce7eb689c6", "sha256:e31821269ca592748bce84be5565fefa743c14ed03cab42f032c09a1113270b1", "sha256:fb6b3c1bf97389ceec866d518fa59321aa6d3c9f3bd3187133e9812222a8368f", "sha256:fbce99ae4659f714fbbc56bbeaaabe7ea7bcda5c11dde15ed62b9e7455350bb5" ], "RepoDigests": [ "registry.suse.com/ai/containers/litellm@sha256:36d9068a9c5d5565de48d5bdafd57141d7ae37e8fdc86af2a5f47d6f5fa3845d" ], "Reference": "registry.suse.com/ai/containers/litellm@sha256:36d9068a9c5d5565de48d5bdafd57141d7ae37e8fdc86af2a5f47d6f5fa3845d" }, "Results": [ { "Target": "sboms/ai-containers-litellm-v1.81.9-stable-cyclonedx.json (wolfi 20230201)", "Class": "os-pkgs", "Type": "wolfi", "Packages": [ { "ID": "alsa-lib@1.2.15.3-r1", "Name": "alsa-lib", "Identifier": { "PURL": "pkg:apk/wolfi/alsa-lib@1.2.15.3-r1?arch=x86_64\u0026distro=wolfi", "UID": "5b3e24d657a18510", "BOMRef": "pkg:apk/wolfi/alsa-lib@1.2.15.3-r1?arch=x86_64\u0026distro=wolfi" }, "Version": "1.2.15.3-r1", "Arch": "x86_64", "SrcName": "alsa-lib", "SrcVersion": "1.2.15.3-r1", "Licenses": [ "LGPL-2.1-or-later" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "apk-tools@2.14.10-r10", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/wolfi/apk-tools@2.14.10-r10?arch=x86_64\u0026origin=apk-tools", "UID": "6f03b49617f14f0c", "BOMRef": "pkg:apk/wolfi/apk-tools@2.14.10-r10?arch=x86_64\u0026origin=apk-tools" }, "Version": "2.14.10-r10", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.14.10-r10", "Licenses": [ "GPL-2.0-only" ], "Layer": { "Digest": "sha256:1d53393b78f00c417dbc484afee224f386ba037746127e62a4bc86b6ad11daa1", "DiffID": "sha256:6562679d109c939489d457fcbd6d961c9d5f592f316cefcb2e62fa595199797a" } }, { "ID": "bash@5.3-r5", "Name": "bash", "Identifier": { "PURL": "pkg:apk/wolfi/bash@5.3-r5?arch=x86_64\u0026distro=wolfi", "UID": "a6d206b6a476d286", "BOMRef": "pkg:apk/wolfi/bash@5.3-r5?arch=x86_64\u0026distro=wolfi" }, "Version": "5.3-r5", "Arch": "x86_64", "SrcName": "bash", "SrcVersion": "5.3-r5", "Licenses": [ "GPL-3.0-or-later" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "busybox@1.37.0-r54", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/wolfi/busybox@1.37.0-r54?arch=x86_64\u0026origin=busybox", "UID": "b96b3856f8cd5507", "BOMRef": "pkg:apk/wolfi/busybox@1.37.0-r54?arch=x86_64\u0026origin=busybox" }, "Version": "1.37.0-r54", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r54", "Licenses": [ "GPL-2.0-only" ], "Layer": { "Digest": "sha256:3f02fc482423f53d1d5bfdf6094776ebe0b7eba4617489f96d32e6c61ac92d92", "DiffID": "sha256:1f7b804e2e3b2ce78f108ce6ea8e3c5c42309860a59a5342e101ba77669d8a92" } }, { "ID": "c-ares@1.34.6-r0", "Name": "c-ares", "Identifier": { "PURL": "pkg:apk/wolfi/c-ares@1.34.6-r0?arch=x86_64\u0026distro=wolfi", "UID": "9be1afb938f9b117", "BOMRef": "pkg:apk/wolfi/c-ares@1.34.6-r0?arch=x86_64\u0026distro=wolfi" }, "Version": "1.34.6-r0", "Arch": "x86_64", "SrcName": "c-ares", "SrcVersion": "1.34.6-r0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "ca-certificates-bundle@20251003-r3", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/wolfi/ca-certificates-bundle@20251003-r3?arch=x86_64\u0026distro=wolfi", "UID": "67f249e9ed09c1c7", "BOMRef": "pkg:apk/wolfi/ca-certificates-bundle@20251003-r3?arch=x86_64\u0026distro=wolfi" }, "Version": "20251003-r3", "Arch": "x86_64", "SrcName": "ca-certificates-bundle", "SrcVersion": "20251003-r3", "Licenses": [ "MPL-2.0 AND MIT" ], "Layer": { "Digest": "sha256:2a4da0691147ee88d0960b8ac8bda5481f91b115a20a0dcb9f30481401d91d36", "DiffID": "sha256:98481b16b5b7db2fe5071acddc9cb81c29411335c97e9ddeb35c7c800d9fb568" } }, { "ID": "gdbm@1.26-r2", "Name": "gdbm", "Identifier": { "PURL": "pkg:apk/wolfi/gdbm@1.26-r2?arch=x86_64\u0026origin=gdbm", "UID": "1c88bf7341f22371", "BOMRef": "pkg:apk/wolfi/gdbm@1.26-r2?arch=x86_64\u0026origin=gdbm" }, "Version": "1.26-r2", "Arch": "x86_64", "SrcName": "gdbm", "SrcVersion": "1.26-r2", "Licenses": [ "GPL-3.0-or-later" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "glibc@2.43-r1", "Name": "glibc", "Identifier": { "PURL": "pkg:apk/wolfi/glibc@2.43-r1?arch=x86_64\u0026distro=wolfi", "UID": "9e06e8294fa965db", "BOMRef": "pkg:apk/wolfi/glibc@2.43-r1?arch=x86_64\u0026distro=wolfi" }, "Version": "2.43-r1", "Arch": "x86_64", "SrcName": "glibc", "SrcVersion": "2.43-r1", "Licenses": [ "LGPL-2.1-or-later" ], "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" } }, { "ID": "glibc-locale-posix@2.43-r1", "Name": "glibc-locale-posix", "Identifier": { "PURL": "pkg:apk/wolfi/glibc-locale-posix@2.43-r1?arch=x86_64\u0026origin=glibc", "UID": "c384a090f5b4cc68", "BOMRef": "pkg:apk/wolfi/glibc-locale-posix@2.43-r1?arch=x86_64\u0026origin=glibc" }, "Version": "2.43-r1", "Arch": "x86_64", "SrcName": "glibc-locale-posix", "SrcVersion": "2.43-r1", "Licenses": [ "LGPL-2.1-or-later" ], "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" } }, { "ID": "icu78-data-full@78.2-r0", "Name": "icu78-data-full", "Identifier": { "PURL": "pkg:apk/wolfi/icu78-data-full@78.2-r0?arch=x86_64\u0026distro=wolfi", "UID": "34d3642c7a3bfd1b", "BOMRef": "pkg:apk/wolfi/icu78-data-full@78.2-r0?arch=x86_64\u0026distro=wolfi" }, "Version": "78.2-r0", "Arch": "x86_64", "SrcName": "icu78-data-full", "SrcVersion": "78.2-r0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "ld-linux@2.43-r1", "Name": "ld-linux", "Identifier": { "PURL": "pkg:apk/wolfi/ld-linux@2.43-r1?arch=x86_64\u0026origin=glibc", "UID": "2e715b3946bfb2b2", "BOMRef": "pkg:apk/wolfi/ld-linux@2.43-r1?arch=x86_64\u0026origin=glibc" }, "Version": "2.43-r1", "Arch": "x86_64", "SrcName": "ld-linux", "SrcVersion": "2.43-r1", "Licenses": [ "LGPL-2.1-or-later" ], "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" } }, { "ID": "libbrotlicommon1@1.2.0-r1", "Name": "libbrotlicommon1", "Identifier": { "PURL": "pkg:apk/wolfi/libbrotlicommon1@1.2.0-r1?arch=x86_64\u0026distro=wolfi", "UID": "59ced1249daff330", "BOMRef": "pkg:apk/wolfi/libbrotlicommon1@1.2.0-r1?arch=x86_64\u0026distro=wolfi" }, "Version": "1.2.0-r1", "Arch": "x86_64", "SrcName": "libbrotlicommon1", "SrcVersion": "1.2.0-r1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "libbrotlidec1@1.2.0-r1", "Name": "libbrotlidec1", "Identifier": { "PURL": "pkg:apk/wolfi/libbrotlidec1@1.2.0-r1?arch=x86_64\u0026distro=wolfi", "UID": "ad41e77975c2138a", "BOMRef": "pkg:apk/wolfi/libbrotlidec1@1.2.0-r1?arch=x86_64\u0026distro=wolfi" }, "Version": "1.2.0-r1", "Arch": "x86_64", "SrcName": "libbrotlidec1", "SrcVersion": "1.2.0-r1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "libbrotlienc1@1.2.0-r1", "Name": "libbrotlienc1", "Identifier": { "PURL": "pkg:apk/wolfi/libbrotlienc1@1.2.0-r1?arch=x86_64\u0026distro=wolfi", "UID": "5872d9bdf933e47f", "BOMRef": "pkg:apk/wolfi/libbrotlienc1@1.2.0-r1?arch=x86_64\u0026distro=wolfi" }, "Version": "1.2.0-r1", "Arch": "x86_64", "SrcName": "libbrotlienc1", "SrcVersion": "1.2.0-r1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "libbz2-1@1.0.8-r22", "Name": "libbz2-1", "Identifier": { "PURL": "pkg:apk/wolfi/libbz2-1@1.0.8-r22?arch=x86_64\u0026origin=bzip2", "UID": "7d58395300723ace", "BOMRef": "pkg:apk/wolfi/libbz2-1@1.0.8-r22?arch=x86_64\u0026origin=bzip2" }, "Version": "1.0.8-r22", "Arch": "x86_64", "SrcName": "libbz2-1", "SrcVersion": "1.0.8-r22", "Licenses": [ "MPL-2.0 AND MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "libcrypt1@2.43-r1", "Name": "libcrypt1", "Identifier": { "PURL": "pkg:apk/wolfi/libcrypt1@2.43-r1?arch=x86_64\u0026origin=glibc", "UID": "9a76567280ab903e", "BOMRef": "pkg:apk/wolfi/libcrypt1@2.43-r1?arch=x86_64\u0026origin=glibc" }, "Version": "2.43-r1", "Arch": "x86_64", "SrcName": "libcrypt1", "SrcVersion": "2.43-r1", "Licenses": [ "LGPL-2.1-or-later" ], "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" } }, { "ID": "libcrypto3@3.6.1-r1", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/wolfi/libcrypto3@3.6.1-r1?arch=x86_64\u0026distro=wolfi", "UID": "2e12c04597b0492f", "BOMRef": "pkg:apk/wolfi/libcrypto3@3.6.1-r1?arch=x86_64\u0026distro=wolfi" }, "Version": "3.6.1-r1", "Arch": "x86_64", "SrcName": "libcrypto3", "SrcVersion": "3.6.1-r1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:02fc55a9c757fa6bcfe11d95fb21dbe82723d434ab5cb91cfedf674fb3eb8267", "DiffID": "sha256:2d64e69fa70c9611b9326f3de269d8fb379f944951ca8087d6558c92263697c0" } }, { "ID": "libexpat1@2.7.4-r1", "Name": "libexpat1", "Identifier": { "PURL": "pkg:apk/wolfi/libexpat1@2.7.4-r1?arch=x86_64\u0026distro=wolfi", "UID": "c701db024f19bbcf", "BOMRef": "pkg:apk/wolfi/libexpat1@2.7.4-r1?arch=x86_64\u0026distro=wolfi" }, "Version": "2.7.4-r1", "Arch": "x86_64", "SrcName": "libexpat1", "SrcVersion": "2.7.4-r1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "libffi@3.5.2-r1", "Name": "libffi", "Identifier": { "PURL": "pkg:apk/wolfi/libffi@3.5.2-r1?arch=x86_64\u0026distro=wolfi", "UID": "99386616e0f0f0a5", "BOMRef": "pkg:apk/wolfi/libffi@3.5.2-r1?arch=x86_64\u0026distro=wolfi" }, "Version": "3.5.2-r1", "Arch": "x86_64", "SrcName": "libffi", "SrcVersion": "3.5.2-r1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "libflac@1.4.3-r5", "Name": "libflac", "Identifier": { "PURL": "pkg:apk/wolfi/libflac@1.4.3-r5?arch=x86_64\u0026origin=flac", "UID": "b7abe0107d59d9ad", "BOMRef": "pkg:apk/wolfi/libflac@1.4.3-r5?arch=x86_64\u0026origin=flac" }, "Version": "1.4.3-r5", "Arch": "x86_64", "SrcName": "libflac", "SrcVersion": "1.4.3-r5", "Licenses": [ "BSD-3-Clause AND GPL-2.0-or-later" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "libgcc@15.2.0-r9", "Name": "libgcc", "Identifier": { "PURL": "pkg:apk/wolfi/libgcc@15.2.0-r9?arch=x86_64\u0026origin=gcc", "UID": "23509c29fb52ca29", "BOMRef": "pkg:apk/wolfi/libgcc@15.2.0-r9?arch=x86_64\u0026origin=gcc" }, "Version": "15.2.0-r9", "Arch": "x86_64", "SrcName": "libgcc", "SrcVersion": "15.2.0-r9", "Licenses": [ "GPL-3.0-or-later WITH GCC-exception-3.1" ], "Layer": { "Digest": "sha256:a45907cabfcb964d4109679f34e2aa5b1fda1d0069e136002f2594df87afa35e", "DiffID": "sha256:b6b512b9108959a393f94a860379497c2fb37e0ed270f661cc418c748808fc39" } }, { "ID": "libicu78@78.2-r0", "Name": "libicu78", "Identifier": { "PURL": "pkg:apk/wolfi/libicu78@78.2-r0?arch=x86_64\u0026distro=wolfi", "UID": "44c1efec511dbac4", "BOMRef": "pkg:apk/wolfi/libicu78@78.2-r0?arch=x86_64\u0026distro=wolfi" }, "Version": "78.2-r0", "Arch": "x86_64", "SrcName": "libicu78", "SrcVersion": "78.2-r0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "libnghttp2-14@1.68.0-r1", "Name": "libnghttp2-14", "Identifier": { "PURL": "pkg:apk/wolfi/libnghttp2-14@1.68.0-r1?arch=x86_64\u0026distro=wolfi", "UID": "bb01148ae3d904c3", "BOMRef": "pkg:apk/wolfi/libnghttp2-14@1.68.0-r1?arch=x86_64\u0026distro=wolfi" }, "Version": "1.68.0-r1", "Arch": "x86_64", "SrcName": "libnghttp2-14", "SrcVersion": "1.68.0-r1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "libogg@1.3.6-r3", "Name": "libogg", "Identifier": { "PURL": "pkg:apk/wolfi/libogg@1.3.6-r3?arch=x86_64\u0026distro=wolfi", "UID": "97cfa224a81276ca", "BOMRef": "pkg:apk/wolfi/libogg@1.3.6-r3?arch=x86_64\u0026distro=wolfi" }, "Version": "1.3.6-r3", "Arch": "x86_64", "SrcName": "libogg", "SrcVersion": "1.3.6-r3", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "libsndfile@1.2.2-r1", "Name": "libsndfile", "Identifier": { "PURL": "pkg:apk/wolfi/libsndfile@1.2.2-r1?arch=x86_64", "UID": "4d981f48b42221a6", "BOMRef": "pkg:apk/wolfi/libsndfile@1.2.2-r1?arch=x86_64" }, "Version": "1.2.2-r1", "Arch": "x86_64", "SrcName": "libsndfile", "SrcVersion": "1.2.2-r1", "Licenses": [ "LGPL-2.1-or-later" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "libssl3@3.6.1-r1", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/wolfi/libssl3@3.6.1-r1?arch=x86_64\u0026origin=openssl", "UID": "54a517b6d44a0d2d", "BOMRef": "pkg:apk/wolfi/libssl3@3.6.1-r1?arch=x86_64\u0026origin=openssl" }, "Version": "3.6.1-r1", "Arch": "x86_64", "SrcName": "libssl3", "SrcVersion": "3.6.1-r1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:02fc55a9c757fa6bcfe11d95fb21dbe82723d434ab5cb91cfedf674fb3eb8267", "DiffID": "sha256:2d64e69fa70c9611b9326f3de269d8fb379f944951ca8087d6558c92263697c0" } }, { "ID": "libstdc++@15.2.0-r9", "Name": "libstdc++", "Identifier": { "PURL": "pkg:apk/wolfi/libstdc%2B%2B@15.2.0-r9?arch=x86_64\u0026distro=wolfi", "UID": "4d6688d5e9786f48", "BOMRef": "pkg:apk/wolfi/libstdc%2B%2B@15.2.0-r9?arch=x86_64\u0026distro=wolfi" }, "Version": "15.2.0-r9", "Arch": "x86_64", "SrcName": "libstdc++", "SrcVersion": "15.2.0-r9", "Licenses": [ "GPL-3.0-or-later WITH GCC-exception-3.1" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "libuuid@2.41.3-r3", "Name": "libuuid", "Identifier": { "PURL": "pkg:apk/wolfi/libuuid@2.41.3-r3?arch=x86_64\u0026origin=util-linux", "UID": "b1117385c971a7a9", "BOMRef": "pkg:apk/wolfi/libuuid@2.41.3-r3?arch=x86_64\u0026origin=util-linux" }, "Version": "2.41.3-r3", "Arch": "x86_64", "SrcName": "libuuid", "SrcVersion": "2.41.3-r3", "Licenses": [ "GPL-3.0-or-later AND GPL-2.0-or-later AND GPL-2.0-only AND GPL-1.0-only AND LGPL-2.1-or-later AND BSD-1-Clause AND BSD-3-Clause AND BSD-4-Clause-UC AND MIT AND CC-PDDC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "libuv@1.52.0-r0", "Name": "libuv", "Identifier": { "PURL": "pkg:apk/wolfi/libuv@1.52.0-r0?arch=x86_64\u0026distro=wolfi", "UID": "c1a9cabf5c9c44c5", "BOMRef": "pkg:apk/wolfi/libuv@1.52.0-r0?arch=x86_64\u0026distro=wolfi" }, "Version": "1.52.0-r0", "Arch": "x86_64", "SrcName": "libuv", "SrcVersion": "1.52.0-r0", "Licenses": [ "MIT AND ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "libvorbis@1.3.7-r7", "Name": "libvorbis", "Identifier": { "PURL": "pkg:apk/wolfi/libvorbis@1.3.7-r7?arch=x86_64\u0026origin=libvorbis", "UID": "263625013402a72e", "BOMRef": "pkg:apk/wolfi/libvorbis@1.3.7-r7?arch=x86_64\u0026origin=libvorbis" }, "Version": "1.3.7-r7", "Arch": "x86_64", "SrcName": "libvorbis", "SrcVersion": "1.3.7-r7", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "libxcrypt@4.5.2-r2", "Name": "libxcrypt", "Identifier": { "PURL": "pkg:apk/wolfi/libxcrypt@4.5.2-r2?arch=x86_64\u0026origin=libxcrypt", "UID": "487e88ac29aa56a", "BOMRef": "pkg:apk/wolfi/libxcrypt@4.5.2-r2?arch=x86_64\u0026origin=libxcrypt" }, "Version": "4.5.2-r2", "Arch": "x86_64", "SrcName": "libxcrypt", "SrcVersion": "4.5.2-r2", "Licenses": [ "GPL-2.0-or-later AND LGPL-2.1-or-later" ], "Layer": { "Digest": "sha256:7c6e71c1fdfdf429844e25aad86441920641c0ba46466bc1d043556bfb81b24e", "DiffID": "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453" } }, { "ID": "mpdecimal@4.0.1-r3", "Name": "mpdecimal", "Identifier": { "PURL": "pkg:apk/wolfi/mpdecimal@4.0.1-r3?arch=x86_64", "UID": "7e6c204b3a931d27", "BOMRef": "pkg:apk/wolfi/mpdecimal@4.0.1-r3?arch=x86_64" }, "Version": "4.0.1-r3", "Arch": "x86_64", "SrcName": "mpdecimal", "SrcVersion": "4.0.1-r3", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "ncurses@6.6_p20251230-r1", "Name": "ncurses", "Identifier": { "PURL": "pkg:apk/wolfi/ncurses@6.6_p20251230-r1?arch=x86_64\u0026origin=ncurses", "UID": "94ae55e641967a7", "BOMRef": "pkg:apk/wolfi/ncurses@6.6_p20251230-r1?arch=x86_64\u0026origin=ncurses" }, "Version": "6.6_p20251230-r1", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.6_p20251230-r1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "ncurses-terminfo-base@6.6_p20251230-r1", "Name": "ncurses-terminfo-base", "Identifier": { "PURL": "pkg:apk/wolfi/ncurses-terminfo-base@6.6_p20251230-r1?arch=x86_64\u0026distro=wolfi", "UID": "e57880c6c848a5a1", "BOMRef": "pkg:apk/wolfi/ncurses-terminfo-base@6.6_p20251230-r1?arch=x86_64\u0026distro=wolfi" }, "Version": "6.6_p20251230-r1", "Arch": "x86_64", "SrcName": "ncurses-terminfo-base", "SrcVersion": "6.6_p20251230-r1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "nodejs-25@25.6.1-r0", "Name": "nodejs-25", "Identifier": { "PURL": "pkg:apk/wolfi/nodejs-25@25.6.1-r0?arch=x86_64\u0026origin=nodejs-25", "UID": "ffedbc26b76bd773", "BOMRef": "pkg:apk/wolfi/nodejs-25@25.6.1-r0?arch=x86_64\u0026origin=nodejs-25" }, "Version": "25.6.1-r0", "Arch": "x86_64", "SrcName": "nodejs-25", "SrcVersion": "25.6.1-r0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "npm@11.10.0-r0", "Name": "npm", "Identifier": { "PURL": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm", "UID": "16cb03dc50b16530", "BOMRef": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm" }, "Version": "11.10.0-r0", "Arch": "x86_64", "SrcName": "npm", "SrcVersion": "11.10.0-r0", "Licenses": [ "Artistic-2.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "openssl@3.6.1-r1", "Name": "openssl", "Identifier": { "PURL": "pkg:apk/wolfi/openssl@3.6.1-r1?arch=x86_64\u0026distro=wolfi", "UID": "77924e8870c4d884", "BOMRef": "pkg:apk/wolfi/openssl@3.6.1-r1?arch=x86_64\u0026distro=wolfi" }, "Version": "3.6.1-r1", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.6.1-r1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "opus@1.6.1-r0", "Name": "opus", "Identifier": { "PURL": "pkg:apk/wolfi/opus@1.6.1-r0?arch=x86_64\u0026origin=opus", "UID": "1752711a0aa2b474", "BOMRef": "pkg:apk/wolfi/opus@1.6.1-r0?arch=x86_64\u0026origin=opus" }, "Version": "1.6.1-r0", "Arch": "x86_64", "SrcName": "opus", "SrcVersion": "1.6.1-r0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "py3-pip-wheel@26.0.1-r0", "Name": "py3-pip-wheel", "Identifier": { "PURL": "pkg:apk/wolfi/py3-pip-wheel@26.0.1-r0?arch=x86_64\u0026distro=wolfi", "UID": "a3bf858be2fc6ba7", "BOMRef": "pkg:apk/wolfi/py3-pip-wheel@26.0.1-r0?arch=x86_64\u0026distro=wolfi" }, "Version": "26.0.1-r0", "Arch": "x86_64", "SrcName": "py3-pip-wheel", "SrcVersion": "26.0.1-r0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "py3.13-pip@26.0.1-r0", "Name": "py3.13-pip", "Identifier": { "PURL": "pkg:apk/wolfi/py3.13-pip@26.0.1-r0?arch=x86_64\u0026distro=wolfi", "UID": "766523656d10ea23", "BOMRef": "pkg:apk/wolfi/py3.13-pip@26.0.1-r0?arch=x86_64\u0026distro=wolfi" }, "Version": "26.0.1-r0", "Arch": "x86_64", "SrcName": "py3.13-pip", "SrcVersion": "26.0.1-r0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "py3.13-pip-base@26.0.1-r0", "Name": "py3.13-pip-base", "Identifier": { "PURL": "pkg:apk/wolfi/py3.13-pip-base@26.0.1-r0?arch=x86_64\u0026distro=wolfi", "UID": "253c69fc505338d2", "BOMRef": "pkg:apk/wolfi/py3.13-pip-base@26.0.1-r0?arch=x86_64\u0026distro=wolfi" }, "Version": "26.0.1-r0", "Arch": "x86_64", "SrcName": "py3.13-pip-base", "SrcVersion": "26.0.1-r0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "py3.13-setuptools@82.0.0-r0", "Name": "py3.13-setuptools", "Identifier": { "PURL": "pkg:apk/wolfi/py3.13-setuptools@82.0.0-r0?arch=x86_64\u0026origin=py3-setuptools", "UID": "16839047f1310d51", "BOMRef": "pkg:apk/wolfi/py3.13-setuptools@82.0.0-r0?arch=x86_64\u0026origin=py3-setuptools" }, "Version": "82.0.0-r0", "Arch": "x86_64", "SrcName": "py3.13-setuptools", "SrcVersion": "82.0.0-r0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "python-3.13@3.13.12-r1", "Name": "python-3.13", "Identifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=wolfi", "UID": "da8f384fc312ffe2", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=wolfi" }, "Version": "3.13.12-r1", "Arch": "x86_64", "SrcName": "python-3.13", "SrcVersion": "3.13.12-r1", "Licenses": [ "PSF-2.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "python-3.13-base@3.13.12-r1", "Name": "python-3.13-base", "Identifier": { "PURL": "pkg:apk/wolfi/python-3.13-base@3.13.12-r1?arch=x86_64\u0026distro=wolfi", "UID": "c6d9b3d60d4058b2", "BOMRef": "pkg:apk/wolfi/python-3.13-base@3.13.12-r1?arch=x86_64\u0026distro=wolfi" }, "Version": "3.13.12-r1", "Arch": "x86_64", "SrcName": "python-3.13-base", "SrcVersion": "3.13.12-r1", "Licenses": [ "PSF-2.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "readline@8.3-r1", "Name": "readline", "Identifier": { "PURL": "pkg:apk/wolfi/readline@8.3-r1?arch=x86_64", "UID": "72a0be9ea69d952b", "BOMRef": "pkg:apk/wolfi/readline@8.3-r1?arch=x86_64" }, "Version": "8.3-r1", "Arch": "x86_64", "SrcName": "readline", "SrcVersion": "8.3-r1", "Licenses": [ "GPL-3.0-or-later" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "sqlite-libs@3.51.1-r0", "Name": "sqlite-libs", "Identifier": { "PURL": "pkg:apk/wolfi/sqlite-libs@3.51.1-r0?arch=x86_64\u0026distro=wolfi", "UID": "35d9b5e13c795389", "BOMRef": "pkg:apk/wolfi/sqlite-libs@3.51.1-r0?arch=x86_64\u0026distro=wolfi" }, "Version": "3.51.1-r0", "Arch": "x86_64", "SrcName": "sqlite-libs", "SrcVersion": "3.51.1-r0", "Licenses": [ "blessing" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "supervisor@4.3.0-r0", "Name": "supervisor", "Identifier": { "PURL": "pkg:apk/wolfi/supervisor@4.3.0-r0?arch=x86_64\u0026distro=wolfi", "UID": "615c570859950656", "BOMRef": "pkg:apk/wolfi/supervisor@4.3.0-r0?arch=x86_64\u0026distro=wolfi" }, "Version": "4.3.0-r0", "Arch": "x86_64", "SrcName": "supervisor", "SrcVersion": "4.3.0-r0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:5ae6db315ab4a886af39f9074240011085e3d269c60df5d9c58f25c7b7373b73", "DiffID": "sha256:e31821269ca592748bce84be5565fefa743c14ed03cab42f032c09a1113270b1" } }, { "ID": "supervisor-config@4.3.0-r0", "Name": "supervisor-config", "Identifier": { "PURL": "pkg:apk/wolfi/supervisor-config@4.3.0-r0?arch=x86_64\u0026distro=wolfi", "UID": "2177e107af9e71f2", "BOMRef": "pkg:apk/wolfi/supervisor-config@4.3.0-r0?arch=x86_64\u0026distro=wolfi" }, "Version": "4.3.0-r0", "Arch": "x86_64", "SrcName": "supervisor-config", "SrcVersion": "4.3.0-r0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:5ae6db315ab4a886af39f9074240011085e3d269c60df5d9c58f25c7b7373b73", "DiffID": "sha256:e31821269ca592748bce84be5565fefa743c14ed03cab42f032c09a1113270b1" } }, { "ID": "tzdata@2025c-r0", "Name": "tzdata", "Identifier": { "PURL": "pkg:apk/wolfi/tzdata@2025c-r0?arch=x86_64\u0026distro=wolfi", "UID": "d9b3eb2910abbeb", "BOMRef": "pkg:apk/wolfi/tzdata@2025c-r0?arch=x86_64\u0026distro=wolfi" }, "Version": "2025c-r0", "Arch": "x86_64", "SrcName": "tzdata", "SrcVersion": "2025c-r0", "Licenses": [ "CC-PDDC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "wolfi-base@1-r7", "Name": "wolfi-base", "Identifier": { "PURL": "pkg:apk/wolfi/wolfi-base@1-r7?arch=x86_64", "UID": "180b6eef3545fe1a", "BOMRef": "pkg:apk/wolfi/wolfi-base@1-r7?arch=x86_64" }, "Version": "1-r7", "Arch": "x86_64", "SrcName": "wolfi-base", "SrcVersion": "1-r7", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:cdea145aa11554331de7d95b1834fd4f2a784fa573086475ff0d7c86d3abd020", "DiffID": "sha256:b8195249dcd92d2c0519946f0a9f9d9ec7b88e9a19b5f83bc156103a39d5ab50" } }, { "ID": "wolfi-baselayout@20230201-r26", "Name": "wolfi-baselayout", "Identifier": { "PURL": "pkg:apk/wolfi/wolfi-baselayout@20230201-r26?arch=x86_64\u0026distro=wolfi", "UID": "f404b9ea14924871", "BOMRef": "pkg:apk/wolfi/wolfi-baselayout@20230201-r26?arch=x86_64\u0026distro=wolfi" }, "Version": "20230201-r26", "Arch": "x86_64", "SrcName": "wolfi-baselayout", "SrcVersion": "20230201-r26", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:f8f83eb22e81bcfcbd43c5409aeaa6ef92528c8b8f28091c2563e47c2f98be5b", "DiffID": "sha256:af1ea0e33c8e22c51b2e7d16e572107ea675110fb820a75d2193879e1702cd1b" } }, { "ID": "wolfi-keys@1-r13", "Name": "wolfi-keys", "Identifier": { "PURL": "pkg:apk/wolfi/wolfi-keys@1-r13?arch=x86_64\u0026origin=wolfi-keys", "UID": "dba8cf2a90991bae", "BOMRef": "pkg:apk/wolfi/wolfi-keys@1-r13?arch=x86_64\u0026origin=wolfi-keys" }, "Version": "1-r13", "Arch": "x86_64", "SrcName": "wolfi-keys", "SrcVersion": "1-r13", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:cdea145aa11554331de7d95b1834fd4f2a784fa573086475ff0d7c86d3abd020", "DiffID": "sha256:b8195249dcd92d2c0519946f0a9f9d9ec7b88e9a19b5f83bc156103a39d5ab50" } }, { "ID": "xz@5.8.2-r1", "Name": "xz", "Identifier": { "PURL": "pkg:apk/wolfi/xz@5.8.2-r1?arch=x86_64\u0026origin=xz", "UID": "7bf92f4b3bf6eea", "BOMRef": "pkg:apk/wolfi/xz@5.8.2-r1?arch=x86_64\u0026origin=xz" }, "Version": "5.8.2-r1", "Arch": "x86_64", "SrcName": "xz", "SrcVersion": "5.8.2-r1", "Licenses": [ "GPL-3.0-or-later" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" } }, { "ID": "zlib@1.3.1.2-r3", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/wolfi/zlib@1.3.1.2-r3?arch=x86_64\u0026origin=zlib", "UID": "8687f30f3f7d8f69", "BOMRef": "pkg:apk/wolfi/zlib@1.3.1.2-r3?arch=x86_64\u0026origin=zlib" }, "Version": "1.3.1.2-r3", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.1.2-r3", "Licenses": [ "MPL-2.0 AND MIT" ], "Layer": { "Digest": "sha256:6cef7635548adc6b2e3bc2bb8ebe6fdcaa99b41ec83d600781fc5340b1098d29", "DiffID": "sha256:4faa46a986ba8a306b6fc45da64efe4dfbffaec1284503f249ff0dffd66a7f47" } } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-4437", "PkgID": "glibc@2.43-r1", "PkgName": "glibc", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/glibc@2.43-r1?arch=x86_64\u0026distro=wolfi", "UID": "9e06e8294fa965db", "BOMRef": "pkg:apk/wolfi/glibc@2.43-r1?arch=x86_64\u0026distro=wolfi" }, "InstalledVersion": "2.43-r1", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4437", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:4b521310858975f1a69acf0f8530cc798aee4e112b4a4068e2d1208e58bb58a6", "Title": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4437", "https://nvd.nist.gov/vuln/detail/CVE-2026-4437", "https://sourceware.org/bugzilla/show_bug.cgi?id=34014", "https://www.cve.org/CVERecord?id=CVE-2026-4437" ], "PublishedDate": "2026-03-20T20:16:49.477Z", "LastModifiedDate": "2026-03-23T16:16:51.537Z" }, { "VulnerabilityID": "CVE-2026-4438", "PkgID": "glibc@2.43-r1", "PkgName": "glibc", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/glibc@2.43-r1?arch=x86_64\u0026distro=wolfi", "UID": "9e06e8294fa965db", "BOMRef": "pkg:apk/wolfi/glibc@2.43-r1?arch=x86_64\u0026distro=wolfi" }, "InstalledVersion": "2.43-r1", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:174181e727b5b4c457e5295d38bfa5f3cec95ead6109576c1612ba7b8570d829", "DiffID": "sha256:0f6669b78ab4e8bdec96bce71f492f2432f03faca3983cc3d1b52b78b231d6fa" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4438", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:7a9f1bc62641660b5678ceb315e3c2faf3e0a0f269ae72370ef2acb86b48272a", "Title": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-88" ], "VendorSeverity": { "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4438", "https://nvd.nist.gov/vuln/detail/CVE-2026-4438", "https://sourceware.org/bugzilla/show_bug.cgi?id=34015", "https://www.cve.org/CVERecord?id=CVE-2026-4438" ], "PublishedDate": "2026-03-20T20:16:49.623Z", "LastModifiedDate": "2026-03-23T15:16:35.68Z" }, { "VulnerabilityID": "CVE-2026-26960", "PkgID": "npm@11.10.0-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm", "UID": "16cb03dc50b16530", "BOMRef": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm" }, "InstalledVersion": "11.10.0-r0", "FixedVersion": "11.10.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:1a48ff7b79a64fd00457b0bb453a21dd22c5ab7f1164a5d1b7fad02557a58249", "Title": "tar: node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26960", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", "https://www.cve.org/CVERecord?id=CVE-2026-26960" ], "PublishedDate": "2026-02-20T02:16:53.883Z", "LastModifiedDate": "2026-02-20T19:24:16.537Z" }, { "VulnerabilityID": "CVE-2026-26996", "PkgID": "npm@11.10.0-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm", "UID": "16cb03dc50b16530", "BOMRef": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm" }, "InstalledVersion": "11.10.0-r0", "FixedVersion": "11.10.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:06c09d6168ea7217fee685d0612bca299922635fb62e4759e82c2e684ef5e46c", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26996", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-27903", "PkgID": "npm@11.10.0-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm", "UID": "16cb03dc50b16530", "BOMRef": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm" }, "InstalledVersion": "11.10.0-r0", "FixedVersion": "11.11.0-r1", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:da410b0edc0d2905ab7bcf562bbd031beae4492079ea7c8b3c29b55bd4f5588e", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "PkgID": "npm@11.10.0-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm", "UID": "16cb03dc50b16530", "BOMRef": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm" }, "InstalledVersion": "11.10.0-r0", "FixedVersion": "11.11.0-r1", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:803c000e9532f5e79a6c342d65812731cde168eaa94e730e0b297eefb5ab3835", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-29786", "PkgID": "npm@11.10.0-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm", "UID": "16cb03dc50b16530", "BOMRef": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm" }, "InstalledVersion": "11.10.0-r0", "FixedVersion": "11.11.0-r2", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:a0289f7f679b52bf21ea06564f93e1165b531e59e93687556d9ebfba4fb08a2f", "Title": "node-tar: hardlink path traversal via drive-relative linkpath", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", "Severity": "MEDIUM", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29786", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", "https://www.cve.org/CVERecord?id=CVE-2026-29786" ], "PublishedDate": "2026-03-07T16:15:55.587Z", "LastModifiedDate": "2026-03-11T21:50:01.91Z" }, { "VulnerabilityID": "CVE-2026-33671", "PkgID": "npm@11.10.0-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm", "UID": "16cb03dc50b16530", "BOMRef": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm" }, "InstalledVersion": "11.10.0-r0", "FixedVersion": "11.12.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:edc5a9c775efd3c7aca352d78d5c52bb18723131ed188258a8e76c9741d121d7", "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33671", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", "https://www.cve.org/CVERecord?id=CVE-2026-33671" ], "PublishedDate": "2026-03-26T22:16:30.21Z", "LastModifiedDate": "2026-04-01T13:45:11.687Z" }, { "VulnerabilityID": "CVE-2026-33672", "PkgID": "npm@11.10.0-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm", "UID": "16cb03dc50b16530", "BOMRef": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm" }, "InstalledVersion": "11.10.0-r0", "FixedVersion": "11.12.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:92df6a8fdad0df769dc5424d384f322010c366ef8b01b7e6515f50dc53663f67", "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33672", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", "https://www.cve.org/CVERecord?id=CVE-2026-33672" ], "PublishedDate": "2026-03-26T22:16:30.387Z", "LastModifiedDate": "2026-04-01T13:44:53.397Z" }, { "VulnerabilityID": "CVE-2026-33750", "PkgID": "npm@11.10.0-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm", "UID": "16cb03dc50b16530", "BOMRef": "pkg:apk/wolfi/npm@11.10.0-r0?arch=x86_64\u0026origin=npm" }, "InstalledVersion": "11.10.0-r0", "FixedVersion": "11.12.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:6aee047a0f9712ccb1819e82bfdb221db7a20c8110bdd9afad351be554f897d3", "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33750", "https://github.com/juliangruber/brace-expansion", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", "https://github.com/juliangruber/brace-expansion/issues/98", "https://github.com/juliangruber/brace-expansion/pull/95", "https://github.com/juliangruber/brace-expansion/pull/96", "https://github.com/juliangruber/brace-expansion/pull/97", "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", "https://www.cve.org/CVERecord?id=CVE-2026-33750" ], "PublishedDate": "2026-03-27T15:16:57.297Z", "LastModifiedDate": "2026-03-30T13:26:29.793Z" }, { "VulnerabilityID": "CVE-2026-2673", "PkgID": "openssl@3.6.1-r1", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/openssl@3.6.1-r1?arch=x86_64\u0026distro=wolfi", "UID": "77924e8870c4d884", "BOMRef": "pkg:apk/wolfi/openssl@3.6.1-r1?arch=x86_64\u0026distro=wolfi" }, "InstalledVersion": "3.6.1-r1", "FixedVersion": "3.6.1-r3", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:b80f16a9a9cfcf5bf83b50ab4ae6ca216dde757d657dc677516c6bb8328f9d81", "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "Severity": "LOW", "CweIDs": [ "CWE-757" ], "VendorSeverity": { "amazon": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://access.redhat.com/security/cve/CVE-2026-2673", "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "https://openssl-library.org/news/secadv/20260313.txt", "https://www.cve.org/CVERecord?id=CVE-2026-2673" ], "PublishedDate": "2026-03-13T19:54:34.033Z", "LastModifiedDate": "2026-03-17T18:16:15.6Z" }, { "VulnerabilityID": "CVE-2026-4519", "PkgID": "python-3.13@3.13.12-r1", "PkgName": "python-3.13", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=wolfi", "UID": "da8f384fc312ffe2", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=wolfi" }, "InstalledVersion": "3.13.12-r1", "FixedVersion": "3.13.12-r5", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4519", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:e9647198fb21c3a164ca97c518bf4ddcead8f12777c85ac4077130d70b9168f9", "Title": "python: Python: Command-line option injection in webbrowser.open() via crafted URLs", "Description": "The webbrowser.open() API would accept leading dashes in the URL which \ncould be handled as command line options for certain web browsers. New \nbehavior rejects leading dashes. Users are recommended to sanitize URLs \nprior to passing to webbrowser.open().", "Severity": "HIGH", "CweIDs": [ "CWE-20" ], "VendorSeverity": { "alma": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "V3Score": 7.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/20/1", "https://access.redhat.com/errata/RHSA-2026:6286", "https://access.redhat.com/security/cve/CVE-2026-4519", "https://bugzilla.redhat.com/2449649", "https://errata.almalinux.org/9/ALSA-2026-6286.html", "https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866", "https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b", "https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76", "https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5", "https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48", "https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03", "https://github.com/python/cpython/issues/143930", "https://github.com/python/cpython/pull/143931", "https://linux.oracle.com/cve/CVE-2026-4519.html", "https://linux.oracle.com/errata/ELSA-2026-6473.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/", "https://nvd.nist.gov/vuln/detail/CVE-2026-4519", "https://www.cve.org/CVERecord?id=CVE-2026-4519" ], "PublishedDate": "2026-03-20T15:16:24.057Z", "LastModifiedDate": "2026-03-25T18:16:33.073Z" }, { "VulnerabilityID": "CVE-2026-3644", "PkgID": "python-3.13@3.13.12-r1", "PkgName": "python-3.13", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=wolfi", "UID": "da8f384fc312ffe2", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=wolfi" }, "InstalledVersion": "3.13.12-r1", "FixedVersion": "3.13.12-r7", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3644", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:3a02b875d4a8b9a0d59cf86d16002d3451a7949c075c8edd1412bf853420935d", "Title": "cpython: Incomplete control character validation in http.cookies", "Description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-116" ], "VendorSeverity": { "amazon": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-3644", "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4", "https://github.com/python/cpython/commit/62ceb396fcbe69da1ded3702de586f4072b590dd", "https://github.com/python/cpython/commit/d16ecc6c3626f0e2cc8f08c309c83934e8a979dd", "https://github.com/python/cpython/issues/145599", "https://github.com/python/cpython/pull/145600", "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/", "https://nvd.nist.gov/vuln/detail/CVE-2026-3644", "https://www.cve.org/CVERecord?id=CVE-2026-3644" ], "PublishedDate": "2026-03-16T18:16:09.907Z", "LastModifiedDate": "2026-03-17T14:20:01.67Z" }, { "VulnerabilityID": "CVE-2026-4224", "PkgID": "python-3.13@3.13.12-r1", "PkgName": "python-3.13", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=wolfi", "UID": "da8f384fc312ffe2", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=wolfi" }, "InstalledVersion": "3.13.12-r1", "FixedVersion": "3.13.12-r7", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4224", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:da3027e73e66bd7bc08178cd64ac4fc0658dc08b060a44d10f922885ad8e0dba", "Title": "cpython: Stack overflow parsing XML with deeply nested DTD content models", "Description": "When an Expat parser with a registered ElementDeclHandler parses an inline\ndocument type definition containing a deeply nested content model a C stack\noverflow occurs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/16/4", "https://access.redhat.com/security/cve/CVE-2026-4224", "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a", "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3", "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768", "https://github.com/python/cpython/issues/145986", "https://github.com/python/cpython/pull/145987", "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/", "https://nvd.nist.gov/vuln/detail/CVE-2026-4224", "https://www.cve.org/CVERecord?id=CVE-2026-4224" ], "PublishedDate": "2026-03-16T18:16:10.07Z", "LastModifiedDate": "2026-03-17T14:20:01.67Z" }, { "VulnerabilityID": "CVE-2026-2297", "PkgID": "python-3.13@3.13.12-r1", "PkgName": "python-3.13", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=wolfi", "UID": "da8f384fc312ffe2", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r1?arch=x86_64\u0026distro=wolfi" }, "InstalledVersion": "3.13.12-r1", "FixedVersion": "3.13.12-r3", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2297", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:d78cae339638562f81ee37c3e9cb718c3b69e4371cd2c289175555dca487d248", "Title": "cpython: CPython: Logging Bypass in Legacy .pyc File Handling", "Description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "Severity": "LOW", "CweIDs": [ "CWE-668" ], "VendorSeverity": { "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/05/6", "https://access.redhat.com/security/cve/CVE-2026-2297", "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e", "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e", "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86", "https://github.com/python/cpython/issues/145506", "https://github.com/python/cpython/pull/145507", "https://nvd.nist.gov/vuln/detail/CVE-2026-2297", "https://www.cve.org/CVERecord?id=CVE-2026-2297" ], "PublishedDate": "2026-03-04T23:16:10.757Z", "LastModifiedDate": "2026-03-12T15:16:27.957Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib@1.3.1.2-r3", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/zlib@1.3.1.2-r3?arch=x86_64\u0026origin=zlib", "UID": "8687f30f3f7d8f69", "BOMRef": "pkg:apk/wolfi/zlib@1.3.1.2-r3?arch=x86_64\u0026origin=zlib" }, "InstalledVersion": "1.3.1.2-r3", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:6cef7635548adc6b2e3bc2bb8ebe6fdcaa99b41ec83d600781fc5340b1098d29", "DiffID": "sha256:4faa46a986ba8a306b6fc45da64efe4dfbffaec1284503f249ff0dffd66a7f47" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:681b86d71bb8dad5201bfb90764f19d0196a165e027a62b659e0959965141a8b", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] }, { "Target": "Node.js", "Class": "lang-pkgs", "Type": "node-pkg", "Packages": [ { "ID": "@isaacs/balanced-match@4.0.1", "Name": "@isaacs/balanced-match", "Identifier": { "PURL": "pkg:npm/%40isaacs/balanced-match@4.0.1", "UID": "67ebe5dccdb62766", "BOMRef": "2464c543-98a0-4994-8b55-75aee81b0591" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/balanced-match/package.json", "Digest": "sha1:17c25730c5cb82e1d4ee1c212f2b2588dd5a3781" }, { "ID": "@isaacs/balanced-match@4.0.1", "Name": "@isaacs/balanced-match", "Identifier": { "PURL": "pkg:npm/%40isaacs/balanced-match@4.0.1", "UID": "ebb5ec59ef4d65e8", "BOMRef": "d94a7fdc-15a7-4853-a11c-ea9f51f3ed75" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@isaacs/balanced-match/package.json", "Digest": "sha1:17c25730c5cb82e1d4ee1c212f2b2588dd5a3781" }, { "ID": "@isaacs/brace-expansion@5.0.0", "Name": "@isaacs/brace-expansion", "Identifier": { "PURL": "pkg:npm/%40isaacs/brace-expansion@5.0.0", "UID": "c76b46ad350684da", "BOMRef": "pkg:npm/%40isaacs/brace-expansion@5.0.0" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/brace-expansion/package.json", "Digest": "sha1:2459cb4c8d448d170d5705d9e9c41bc0d8fca900" }, { "ID": "@isaacs/brace-expansion@5.0.1", "Name": "@isaacs/brace-expansion", "Identifier": { "PURL": "pkg:npm/%40isaacs/brace-expansion@5.0.1", "UID": "bc1ba5922a3429e3", "BOMRef": "pkg:npm/%40isaacs/brace-expansion@5.0.1" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@isaacs/brace-expansion/package.json", "Digest": "sha1:582e89e8912ed72319d3768c79b15781164e5594" }, { "ID": "@isaacs/cliui@8.0.2", "Name": "@isaacs/cliui", "Identifier": { "PURL": "pkg:npm/%40isaacs/cliui@8.0.2", "UID": "e99dab9b9e2e63f0", "BOMRef": "pkg:npm/%40isaacs/cliui@8.0.2" }, "Version": "8.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/cliui/package.json", "Digest": "sha1:5f8f4c1e3bf1144f3a52c51bf040d843bb2a8b90" }, { "ID": "@isaacs/fs-minipass@4.0.1", "Name": "@isaacs/fs-minipass", "Identifier": { "PURL": "pkg:npm/%40isaacs/fs-minipass@4.0.1", "UID": "1c6b6a80cf4cccd4", "BOMRef": "8d9d25cb-3e82-4849-a076-0a7feb1503b6" }, "Version": "4.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/fs-minipass/package.json", "Digest": "sha1:504edba0a95630e08edf150335c2fe914825fc5a" }, { "ID": "@isaacs/fs-minipass@4.0.1", "Name": "@isaacs/fs-minipass", "Identifier": { "PURL": "pkg:npm/%40isaacs/fs-minipass@4.0.1", "UID": "aba4c22fba482671", "BOMRef": "90235119-bae0-4811-ba70-f03ae5b0633d" }, "Version": "4.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@isaacs/fs-minipass/package.json", "Digest": "sha1:504edba0a95630e08edf150335c2fe914825fc5a" }, { "ID": "@isaacs/fs-minipass@4.0.1", "Name": "@isaacs/fs-minipass", "Identifier": { "PURL": "pkg:npm/%40isaacs/fs-minipass@4.0.1", "UID": "310a1531923b39e", "BOMRef": "a55d2cea-4f12-44ab-adc7-8b99cf34fc0f" }, "Version": "4.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/tar/node_modules/@isaacs/fs-minipass/package.json", "Digest": "sha1:504edba0a95630e08edf150335c2fe914825fc5a" }, { "ID": "@isaacs/string-locale-compare@1.1.0", "Name": "@isaacs/string-locale-compare", "Identifier": { "PURL": "pkg:npm/%40isaacs/string-locale-compare@1.1.0", "UID": "5561ce0ef4def589", "BOMRef": "f8020a1c-c14f-4553-a8ed-7178fd249913" }, "Version": "1.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/string-locale-compare/package.json", "Digest": "sha1:9dc38644ea6f125e3b06825ff04df5ea22f56094" }, { "ID": "@isaacs/string-locale-compare@1.1.0", "Name": "@isaacs/string-locale-compare", "Identifier": { "PURL": "pkg:npm/%40isaacs/string-locale-compare@1.1.0", "UID": "ff7a2aee9b674abf", "BOMRef": "bc6c1fb1-a0fc-4563-b620-b1b0d8900a72" }, "Version": "1.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@isaacs/string-locale-compare/package.json", "Digest": "sha1:9dc38644ea6f125e3b06825ff04df5ea22f56094" }, { "ID": "@npmcli/agent@3.0.0", "Name": "@npmcli/agent", "Identifier": { "PURL": "pkg:npm/%40npmcli/agent@3.0.0", "UID": "f1f36054c2e4858b", "BOMRef": "pkg:npm/%40npmcli/agent@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/@npmcli/agent/package.json", "Digest": "sha1:ca472993ec88d2b98a488f843d480575f24092f7" }, { "ID": "@npmcli/agent@4.0.0", "Name": "@npmcli/agent", "Identifier": { "PURL": "pkg:npm/%40npmcli/agent@4.0.0", "UID": "164204352e85b1f0", "BOMRef": "98c8ebbe-9907-45db-8950-e6fdd7287eea" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/agent/package.json", "Digest": "sha1:48e34f21103faf00d9c60756e62dee09494be465" }, { "ID": "@npmcli/agent@4.0.0", "Name": "@npmcli/agent", "Identifier": { "PURL": "pkg:npm/%40npmcli/agent@4.0.0", "UID": "51482d152c741785", "BOMRef": "d94d8fd4-b044-4911-b047-d64cff45f772" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/agent/package.json", "Digest": "sha1:48e34f21103faf00d9c60756e62dee09494be465" }, { "ID": "@npmcli/arborist@9.1.6", "Name": "@npmcli/arborist", "Identifier": { "PURL": "pkg:npm/%40npmcli/arborist@9.1.6", "UID": "79ac5bc7a1a9548a", "BOMRef": "pkg:npm/%40npmcli/arborist@9.1.6" }, "Version": "9.1.6", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/arborist/package.json", "Digest": "sha1:f33c67da757406439e5a8bb3b39996fa87d27dbf" }, { "ID": "@npmcli/arborist@9.3.0", "Name": "@npmcli/arborist", "Identifier": { "PURL": "pkg:npm/%40npmcli/arborist@9.3.0", "UID": "dae35d04071f29a6", "BOMRef": "pkg:npm/%40npmcli/arborist@9.3.0" }, "Version": "9.3.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/arborist/package.json", "Digest": "sha1:d771192515546a98a59a0dde77a57d7a4558d57b" }, { "ID": "@npmcli/config@10.4.2", "Name": "@npmcli/config", "Identifier": { "PURL": "pkg:npm/%40npmcli/config@10.4.2", "UID": "977469affa06052", "BOMRef": "pkg:npm/%40npmcli/config@10.4.2" }, "Version": "10.4.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/config/package.json", "Digest": "sha1:194b60a9b2b1b7d9c55bbde6f002e6f407c29753" }, { "ID": "@npmcli/config@10.7.0", "Name": "@npmcli/config", "Identifier": { "PURL": "pkg:npm/%40npmcli/config@10.7.0", "UID": "54149ef126a4fb0a", "BOMRef": "pkg:npm/%40npmcli/config@10.7.0" }, "Version": "10.7.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/config/package.json", "Digest": "sha1:521ed86a49ca29431955f4ec8f5c6a6d29e1793d" }, { "ID": "@npmcli/fs@4.0.0", "Name": "@npmcli/fs", "Identifier": { "PURL": "pkg:npm/%40npmcli/fs@4.0.0", "UID": "69141222fef472b1", "BOMRef": "pkg:npm/%40npmcli/fs@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/fs/package.json", "Digest": "sha1:cf0302511d637d6a1f8b5e49b3d9b42210c7b8f0" }, { "ID": "@npmcli/fs@5.0.0", "Name": "@npmcli/fs", "Identifier": { "PURL": "pkg:npm/%40npmcli/fs@5.0.0", "UID": "8c7a92ce8be404c4", "BOMRef": "pkg:npm/%40npmcli/fs@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/fs/package.json", "Digest": "sha1:3a4053128a62fd9581012b83ef531b95397167e3" }, { "ID": "@npmcli/git@7.0.0", "Name": "@npmcli/git", "Identifier": { "PURL": "pkg:npm/%40npmcli/git@7.0.0", "UID": "bf6a54e1b802d087", "BOMRef": "pkg:npm/%40npmcli/git@7.0.0" }, "Version": "7.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/git/package.json", "Digest": "sha1:89602e9193afacae84abb1ceab33721b03fa29c6" }, { "ID": "@npmcli/git@7.0.1", "Name": "@npmcli/git", "Identifier": { "PURL": "pkg:npm/%40npmcli/git@7.0.1", "UID": "33cc72ff8ee44c07", "BOMRef": "pkg:npm/%40npmcli/git@7.0.1" }, "Version": "7.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/git/package.json", "Digest": "sha1:d74915bdb0a742b4c720d33fff12917072da12ab" }, { "ID": "@npmcli/installed-package-contents@3.0.0", "Name": "@npmcli/installed-package-contents", "Identifier": { "PURL": "pkg:npm/%40npmcli/installed-package-contents@3.0.0", "UID": "fab10f1657dfee", "BOMRef": "pkg:npm/%40npmcli/installed-package-contents@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/installed-package-contents/package.json", "Digest": "sha1:eb7509c6d4a24822861ce30d6906b6bba7ea40c1" }, { "ID": "@npmcli/installed-package-contents@4.0.0", "Name": "@npmcli/installed-package-contents", "Identifier": { "PURL": "pkg:npm/%40npmcli/installed-package-contents@4.0.0", "UID": "96aa1e56d9f84f92", "BOMRef": "pkg:npm/%40npmcli/installed-package-contents@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/installed-package-contents/package.json", "Digest": "sha1:189051543dd09896a1c31f80390afe0b5306d4c0" }, { "ID": "@npmcli/map-workspaces@5.0.0", "Name": "@npmcli/map-workspaces", "Identifier": { "PURL": "pkg:npm/%40npmcli/map-workspaces@5.0.0", "UID": "76e9ba421f6360ae", "BOMRef": "pkg:npm/%40npmcli/map-workspaces@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/map-workspaces/package.json", "Digest": "sha1:7af92b48b9fde0f645832109b03656a17c015dc5" }, { "ID": "@npmcli/map-workspaces@5.0.3", "Name": "@npmcli/map-workspaces", "Identifier": { "PURL": "pkg:npm/%40npmcli/map-workspaces@5.0.3", "UID": "7a02223595d3ef7a", "BOMRef": "pkg:npm/%40npmcli/map-workspaces@5.0.3" }, "Version": "5.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/map-workspaces/package.json", "Digest": "sha1:9b2b024266bb8c342ed0bfbefb1c48a7d9b0c015" }, { "ID": "@npmcli/metavuln-calculator@9.0.2", "Name": "@npmcli/metavuln-calculator", "Identifier": { "PURL": "pkg:npm/%40npmcli/metavuln-calculator@9.0.2", "UID": "e1ee3b370cd984e7", "BOMRef": "pkg:npm/%40npmcli/metavuln-calculator@9.0.2" }, "Version": "9.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/package.json", "Digest": "sha1:8d3811d7a2b96bdeaccde89048f54f01885506ba" }, { "ID": "@npmcli/metavuln-calculator@9.0.3", "Name": "@npmcli/metavuln-calculator", "Identifier": { "PURL": "pkg:npm/%40npmcli/metavuln-calculator@9.0.3", "UID": "6896d6fad029d093", "BOMRef": "pkg:npm/%40npmcli/metavuln-calculator@9.0.3" }, "Version": "9.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/package.json", "Digest": "sha1:ef331816f66b624d692f45b26c2e6a910767656c" }, { "ID": "@npmcli/name-from-folder@3.0.0", "Name": "@npmcli/name-from-folder", "Identifier": { "PURL": "pkg:npm/%40npmcli/name-from-folder@3.0.0", "UID": "1122f3a0bb7120d8", "BOMRef": "pkg:npm/%40npmcli/name-from-folder@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/name-from-folder/package.json", "Digest": "sha1:2b6a54a8d10c9125e653dbe6f740e380324b61ba" }, { "ID": "@npmcli/name-from-folder@4.0.0", "Name": "@npmcli/name-from-folder", "Identifier": { "PURL": "pkg:npm/%40npmcli/name-from-folder@4.0.0", "UID": "e88cd7e635abc995", "BOMRef": "pkg:npm/%40npmcli/name-from-folder@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/name-from-folder/package.json", "Digest": "sha1:4d3174b80cc1b257fa96b098c95e27ffaff5b659" }, { "ID": "@npmcli/node-gyp@4.0.0", "Name": "@npmcli/node-gyp", "Identifier": { "PURL": "pkg:npm/%40npmcli/node-gyp@4.0.0", "UID": "452610b1e5079d37", "BOMRef": "pkg:npm/%40npmcli/node-gyp@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/node-gyp/package.json", "Digest": "sha1:a91f3ca2b970fb8453035a15ea7ae5a2c68859c1" }, { "ID": "@npmcli/node-gyp@5.0.0", "Name": "@npmcli/node-gyp", "Identifier": { "PURL": "pkg:npm/%40npmcli/node-gyp@5.0.0", "UID": "f1aa2adabe210a5a", "BOMRef": "pkg:npm/%40npmcli/node-gyp@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/node-gyp/package.json", "Digest": "sha1:c2549c9809a38abb866596530702d0de2c0cdc44" }, { "ID": "@npmcli/package-json@7.0.1", "Name": "@npmcli/package-json", "Identifier": { "PURL": "pkg:npm/%40npmcli/package-json@7.0.1", "UID": "82f9872d41a976e1", "BOMRef": "pkg:npm/%40npmcli/package-json@7.0.1" }, "Version": "7.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/package-json/package.json", "Digest": "sha1:8dfa60053aeca0de1403eb7c517dafc86e7e3611" }, { "ID": "@npmcli/package-json@7.0.4", "Name": "@npmcli/package-json", "Identifier": { "PURL": "pkg:npm/%40npmcli/package-json@7.0.4", "UID": "53cc5a42b104781c", "BOMRef": "pkg:npm/%40npmcli/package-json@7.0.4" }, "Version": "7.0.4", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/package-json/package.json", "Digest": "sha1:765d7c3731b2abc0d33fd2c548968251527de7a4" }, { "ID": "@npmcli/promise-spawn@8.0.3", "Name": "@npmcli/promise-spawn", "Identifier": { "PURL": "pkg:npm/%40npmcli/promise-spawn@8.0.3", "UID": "5cc734bb07b3a19a", "BOMRef": "pkg:npm/%40npmcli/promise-spawn@8.0.3" }, "Version": "8.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/promise-spawn/package.json", "Digest": "sha1:5101b25f91ee7af2103b68a59b43b116bc4aaaad" }, { "ID": "@npmcli/promise-spawn@9.0.1", "Name": "@npmcli/promise-spawn", "Identifier": { "PURL": "pkg:npm/%40npmcli/promise-spawn@9.0.1", "UID": "1fc0f4367dfd5b03", "BOMRef": "pkg:npm/%40npmcli/promise-spawn@9.0.1" }, "Version": "9.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/promise-spawn/package.json", "Digest": "sha1:8cc9163ac59ee91de9240a11723d8701fa80317e" }, { "ID": "@npmcli/query@4.0.1", "Name": "@npmcli/query", "Identifier": { "PURL": "pkg:npm/%40npmcli/query@4.0.1", "UID": "66c8629bd37d0e80", "BOMRef": "pkg:npm/%40npmcli/query@4.0.1" }, "Version": "4.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/query/package.json", "Digest": "sha1:71d09c79da76d695099a90a592415e9c1440c5a1" }, { "ID": "@npmcli/query@5.0.0", "Name": "@npmcli/query", "Identifier": { "PURL": "pkg:npm/%40npmcli/query@5.0.0", "UID": "c20171aa5d3edfc9", "BOMRef": "pkg:npm/%40npmcli/query@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/query/package.json", "Digest": "sha1:f56866b082e0015fbbe60b12d303c71b778af0e1" }, { "ID": "@npmcli/redact@3.2.2", "Name": "@npmcli/redact", "Identifier": { "PURL": "pkg:npm/%40npmcli/redact@3.2.2", "UID": "57c7aa0b184f16d", "BOMRef": "pkg:npm/%40npmcli/redact@3.2.2" }, "Version": "3.2.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/redact/package.json", "Digest": "sha1:6f100bba733fae433b3156bd6a8a90249ffc5ecb" }, { "ID": "@npmcli/redact@4.0.0", "Name": "@npmcli/redact", "Identifier": { "PURL": "pkg:npm/%40npmcli/redact@4.0.0", "UID": "b15b6dca8c6b9f49", "BOMRef": "pkg:npm/%40npmcli/redact@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/redact/package.json", "Digest": "sha1:e81d178ea5aac085222f1c853a9b42fb0cc96a46" }, { "ID": "@npmcli/run-script@10.0.0", "Name": "@npmcli/run-script", "Identifier": { "PURL": "pkg:npm/%40npmcli/run-script@10.0.0", "UID": "d3dafe6dab3b14bd", "BOMRef": "pkg:npm/%40npmcli/run-script@10.0.0" }, "Version": "10.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/run-script/package.json", "Digest": "sha1:cdedbbbcbd429e634685f7c67d7069c6593b8006" }, { "ID": "@npmcli/run-script@10.0.3", "Name": "@npmcli/run-script", "Identifier": { "PURL": "pkg:npm/%40npmcli/run-script@10.0.3", "UID": "ef5746a386e0a359", "BOMRef": "pkg:npm/%40npmcli/run-script@10.0.3" }, "Version": "10.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@npmcli/run-script/package.json", "Digest": "sha1:d9a49385f1a06449642c48bcb52f9600898eb65f" }, { "ID": "@pkgjs/parseargs@0.11.0", "Name": "@pkgjs/parseargs", "Identifier": { "PURL": "pkg:npm/%40pkgjs/parseargs@0.11.0", "UID": "6e751c66f6ee308f", "BOMRef": "pkg:npm/%40pkgjs/parseargs@0.11.0" }, "Version": "0.11.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@pkgjs/parseargs/package.json", "Digest": "sha1:0dd3949ab9157869b8d3387f50a149bca2638d73" }, { "ID": "@prisma/client@5.4.2", "Name": "@prisma/client", "Identifier": { "PURL": "pkg:npm/%40prisma/client@5.4.2", "UID": "78977387c48975e", "BOMRef": "pkg:npm/%40prisma/client@5.4.2" }, "Version": "5.4.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:cd77c707aafeb2199fdb1eae2a35630f2f23c5dfa9e7603989cf97adcaf2aae0", "DiffID": "sha256:d4eb42647d6e498ddde0bd8a58b126153aa4d0bebad463c61f2ded763d4594fe" }, "FilePath": "root/.cache/prisma-python/binaries/5.4.2/ac9d7041ed77bcc8a8dbd2ab6616b39013829574/node_modules/prisma/prisma-client/package.json", "Digest": "sha1:067a3cf4b08bb66df88691a278bd21a778474e60" }, { "ID": "@prisma/engines@5.4.2", "Name": "@prisma/engines", "Identifier": { "PURL": "pkg:npm/%40prisma/engines@5.4.2", "UID": "45fcd609c58fdc86", "BOMRef": "pkg:npm/%40prisma/engines@5.4.2" }, "Version": "5.4.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:cd77c707aafeb2199fdb1eae2a35630f2f23c5dfa9e7603989cf97adcaf2aae0", "DiffID": "sha256:d4eb42647d6e498ddde0bd8a58b126153aa4d0bebad463c61f2ded763d4594fe" }, "FilePath": "root/.cache/prisma-python/binaries/5.4.2/ac9d7041ed77bcc8a8dbd2ab6616b39013829574/node_modules/@prisma/engines/package.json", "Digest": "sha1:27f640d9b356e0726de8c28f78eb8ad1c8bf1dd9" }, { "ID": "@sigstore/bundle@4.0.0", "Name": "@sigstore/bundle", "Identifier": { "PURL": "pkg:npm/%40sigstore/bundle@4.0.0", "UID": "1164a55426226888", "BOMRef": "89e3c5c0-9fcb-48c0-a189-52236b6d6498" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/bundle/package.json", "Digest": "sha1:1d6ca2f018ec884e6df5424d8d7fc6818d64c3b4" }, { "ID": "@sigstore/bundle@4.0.0", "Name": "@sigstore/bundle", "Identifier": { "PURL": "pkg:npm/%40sigstore/bundle@4.0.0", "UID": "aed7cc77e0fd31b2", "BOMRef": "887427ea-3ed9-4404-a5a9-8101cff6f150" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@sigstore/bundle/package.json", "Digest": "sha1:1d6ca2f018ec884e6df5424d8d7fc6818d64c3b4" }, { "ID": "@sigstore/core@3.0.0", "Name": "@sigstore/core", "Identifier": { "PURL": "pkg:npm/%40sigstore/core@3.0.0", "UID": "bc74d0d97b2c2866", "BOMRef": "pkg:npm/%40sigstore/core@3.0.0" }, "Version": "3.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/core/package.json", "Digest": "sha1:a3582aa64bea04fc99d1275aba7ebc582925a2c8" }, { "ID": "@sigstore/core@3.1.0", "Name": "@sigstore/core", "Identifier": { "PURL": "pkg:npm/%40sigstore/core@3.1.0", "UID": "fbd769ddd3d744b0", "BOMRef": "pkg:npm/%40sigstore/core@3.1.0" }, "Version": "3.1.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@sigstore/core/package.json", "Digest": "sha1:1b171001ef4ffeaaab9d24334adcb37c669acb60" }, { "ID": "@sigstore/protobuf-specs@0.5.0", "Name": "@sigstore/protobuf-specs", "Identifier": { "PURL": "pkg:npm/%40sigstore/protobuf-specs@0.5.0", "UID": "48a393e2149fba2c", "BOMRef": "50ac007d-c268-4339-8aee-f9c63d4fc0c5" }, "Version": "0.5.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/protobuf-specs/package.json", "Digest": "sha1:883da1dcb03a5b8e4ba41bd5e8db239c9c17392b" }, { "ID": "@sigstore/protobuf-specs@0.5.0", "Name": "@sigstore/protobuf-specs", "Identifier": { "PURL": "pkg:npm/%40sigstore/protobuf-specs@0.5.0", "UID": "ce0ab2c1dbd4a864", "BOMRef": "3cf5844c-ce00-455a-bf0b-86cc9958f565" }, "Version": "0.5.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@sigstore/protobuf-specs/package.json", "Digest": "sha1:883da1dcb03a5b8e4ba41bd5e8db239c9c17392b" }, { "ID": "@sigstore/sign@4.0.1", "Name": "@sigstore/sign", "Identifier": { "PURL": "pkg:npm/%40sigstore/sign@4.0.1", "UID": "ca1048a83b7a17a5", "BOMRef": "pkg:npm/%40sigstore/sign@4.0.1" }, "Version": "4.0.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/sign/package.json", "Digest": "sha1:4bec0011dd3d4f58a729b1a9e0e8e9592416f4b2" }, { "ID": "@sigstore/sign@4.1.0", "Name": "@sigstore/sign", "Identifier": { "PURL": "pkg:npm/%40sigstore/sign@4.1.0", "UID": "dd5bfc05ad62392a", "BOMRef": "pkg:npm/%40sigstore/sign@4.1.0" }, "Version": "4.1.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@sigstore/sign/package.json", "Digest": "sha1:191dce764e0717fa6f8ae2e214e69421c6fd5797" }, { "ID": "@sigstore/tuf@4.0.0", "Name": "@sigstore/tuf", "Identifier": { "PURL": "pkg:npm/%40sigstore/tuf@4.0.0", "UID": "7b72046f08f05bf5", "BOMRef": "pkg:npm/%40sigstore/tuf@4.0.0" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/tuf/package.json", "Digest": "sha1:3a59a8c16182f65f8cabbf98fee333c9eaa394f6" }, { "ID": "@sigstore/tuf@4.0.1", "Name": "@sigstore/tuf", "Identifier": { "PURL": "pkg:npm/%40sigstore/tuf@4.0.1", "UID": "d8043b8dc430d00e", "BOMRef": "pkg:npm/%40sigstore/tuf@4.0.1" }, "Version": "4.0.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@sigstore/tuf/package.json", "Digest": "sha1:6e166263107e702af9d17595f800a6e6498a7726" }, { "ID": "@sigstore/verify@3.0.0", "Name": "@sigstore/verify", "Identifier": { "PURL": "pkg:npm/%40sigstore/verify@3.0.0", "UID": "c8569436c24b7b0d", "BOMRef": "pkg:npm/%40sigstore/verify@3.0.0" }, "Version": "3.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/verify/package.json", "Digest": "sha1:fb4180fd0c6f2de9386fa2ef9929f4c1a6f00562" }, { "ID": "@sigstore/verify@3.1.0", "Name": "@sigstore/verify", "Identifier": { "PURL": "pkg:npm/%40sigstore/verify@3.1.0", "UID": "8cc57f2ba75957ab", "BOMRef": "pkg:npm/%40sigstore/verify@3.1.0" }, "Version": "3.1.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@sigstore/verify/package.json", "Digest": "sha1:4523305db384269754d0fab04bacf31ca05ad1be" }, { "ID": "@tufjs/canonical-json@2.0.0", "Name": "@tufjs/canonical-json", "Identifier": { "PURL": "pkg:npm/%40tufjs/canonical-json@2.0.0", "UID": "fde925cd2354fde4", "BOMRef": "fd02e586-fe7f-43e7-8411-b533642efd40" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/canonical-json/package.json", "Digest": "sha1:5af11d14b15be3f1dc8a1195100ea60de40325c9" }, { "ID": "@tufjs/canonical-json@2.0.0", "Name": "@tufjs/canonical-json", "Identifier": { "PURL": "pkg:npm/%40tufjs/canonical-json@2.0.0", "UID": "9f81e20c17c9af0b", "BOMRef": "78f91a2e-b7cd-4ddb-86ce-64777119fce3" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@tufjs/canonical-json/package.json", "Digest": "sha1:5af11d14b15be3f1dc8a1195100ea60de40325c9" }, { "ID": "@tufjs/models@4.0.0", "Name": "@tufjs/models", "Identifier": { "PURL": "pkg:npm/%40tufjs/models@4.0.0", "UID": "b9d423ca01c869de", "BOMRef": "pkg:npm/%40tufjs/models@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/models/package.json", "Digest": "sha1:1630e9d321e28e965386e30f9d855f05b6278fa9" }, { "ID": "@tufjs/models@4.1.0", "Name": "@tufjs/models", "Identifier": { "PURL": "pkg:npm/%40tufjs/models@4.1.0", "UID": "4438f59a1f632dc4", "BOMRef": "pkg:npm/%40tufjs/models@4.1.0" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/@tufjs/models/package.json", "Digest": "sha1:2ac6b88622c667e4c6582d32bbb21276b6781c61" }, { "ID": "abbrev@3.0.1", "Name": "abbrev", "Identifier": { "PURL": "pkg:npm/abbrev@3.0.1", "UID": "3edc545eed1f4885", "BOMRef": "pkg:npm/abbrev@3.0.1" }, "Version": "3.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/abbrev/package.json", "Digest": "sha1:58ff9d74c88270726b05e383ba4d2641a18438f3" }, { "ID": "abbrev@4.0.0", "Name": "abbrev", "Identifier": { "PURL": "pkg:npm/abbrev@4.0.0", "UID": "9e4b8fe6636456e0", "BOMRef": "pkg:npm/abbrev@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/abbrev/package.json", "Digest": "sha1:6869bc2da89cbb7aba0c148aefa7e8fc43456128" }, { "ID": "agent-base@7.1.4", "Name": "agent-base", "Identifier": { "PURL": "pkg:npm/agent-base@7.1.4", "UID": "5c7016cc744c1c6e", "BOMRef": "aac471f5-eab3-4f51-9271-69f52a36a2c0" }, "Version": "7.1.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/agent-base/package.json", "Digest": "sha1:126adbedcff6faa6826eca63c75e9193237ab10b" }, { "ID": "agent-base@7.1.4", "Name": "agent-base", "Identifier": { "PURL": "pkg:npm/agent-base@7.1.4", "UID": "6fb2ae632f05620a", "BOMRef": "23fc7e0a-bea2-4d28-b95a-39b2fcbff3fc" }, "Version": "7.1.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/agent-base/package.json", "Digest": "sha1:126adbedcff6faa6826eca63c75e9193237ab10b" }, { "ID": "ansi-regex@5.0.1", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@5.0.1", "UID": "720d84a42a02bc72", "BOMRef": "e3b0795a-d7c3-41e4-9725-413e6fa317ad" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ansi-regex/package.json", "Digest": "sha1:f1b78e043012e1ab5689d57377093e88f1400677" }, { "ID": "ansi-regex@5.0.1", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@5.0.1", "UID": "ff83972a2645e286", "BOMRef": "0869acc6-4b91-4344-a36b-5ec0cd356013" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/ansi-regex/package.json", "Digest": "sha1:f1b78e043012e1ab5689d57377093e88f1400677" }, { "ID": "ansi-regex@6.2.2", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@6.2.2", "UID": "5887d67419cd4d61", "BOMRef": "d3d6809d-6a58-46b3-be3d-cb9c5c06229a" }, "Version": "6.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex/package.json", "Digest": "sha1:ce200865f7a4839de6213072c7986484139c50b1" }, { "ID": "ansi-regex@6.2.2", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@6.2.2", "UID": "f30fc63e3dccf2d7", "BOMRef": "c263e3fc-6448-4861-800d-18644092b937" }, "Version": "6.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi/node_modules/ansi-regex/package.json", "Digest": "sha1:ce200865f7a4839de6213072c7986484139c50b1" }, { "ID": "ansi-styles@4.3.0", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@4.3.0", "UID": "680505ae3f7b0d38", "BOMRef": "pkg:npm/ansi-styles@4.3.0" }, "Version": "4.3.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-styles/package.json", "Digest": "sha1:3c9ef7bd0a1c3d805814c654c457cc315c48c116" }, { "ID": "ansi-styles@6.2.3", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@6.2.3", "UID": "61ac9a2d4ee47dfe", "BOMRef": "pkg:npm/ansi-styles@6.2.3" }, "Version": "6.2.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ansi-styles/package.json", "Digest": "sha1:adb4944aaa807d2d90a6d54e220759c3081c10d2" }, { "ID": "aproba@2.1.0", "Name": "aproba", "Identifier": { "PURL": "pkg:npm/aproba@2.1.0", "UID": "72feb6eee896a052", "BOMRef": "fe651ef1-d0c5-4f73-8a0f-ee1a61364013" }, "Version": "2.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/aproba/package.json", "Digest": "sha1:1cc57d456b29f580ef93bb2fee5566d3e3285009" }, { "ID": "aproba@2.1.0", "Name": "aproba", "Identifier": { "PURL": "pkg:npm/aproba@2.1.0", "UID": "ddaa27d904477b49", "BOMRef": "224b02b1-19c2-4fac-8cdf-8510b7ea3556" }, "Version": "2.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/aproba/package.json", "Digest": "sha1:1cc57d456b29f580ef93bb2fee5566d3e3285009" }, { "ID": "archy@1.0.0", "Name": "archy", "Identifier": { "PURL": "pkg:npm/archy@1.0.0", "UID": "c5153d2982df7c14", "BOMRef": "47a7b9a6-3a6e-4fc1-af21-c3d337deb98f" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/archy/package.json", "Digest": "sha1:3bd81e8f9d8e79057497b7473c6eac4f3d519149" }, { "ID": "archy@1.0.0", "Name": "archy", "Identifier": { "PURL": "pkg:npm/archy@1.0.0", "UID": "f018e88954f45478", "BOMRef": "034e7288-5964-4e70-8e56-98592f62f2c2" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/archy/package.json", "Digest": "sha1:3bd81e8f9d8e79057497b7473c6eac4f3d519149" }, { "ID": "balanced-match@1.0.2", "Name": "balanced-match", "Identifier": { "PURL": "pkg:npm/balanced-match@1.0.2", "UID": "decf3f99cd6c372c", "BOMRef": "pkg:npm/balanced-match@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/balanced-match/package.json", "Digest": "sha1:ef0a0d2fd68c3396309ab54ab08c5f8d362436ea" }, { "ID": "bin-links@5.0.0", "Name": "bin-links", "Identifier": { "PURL": "pkg:npm/bin-links@5.0.0", "UID": "177e105af49d34b8", "BOMRef": "pkg:npm/bin-links@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/bin-links/package.json", "Digest": "sha1:7d183a1e12f89adf8e1b38038a8b34f9be897f40" }, { "ID": "bin-links@6.0.0", "Name": "bin-links", "Identifier": { "PURL": "pkg:npm/bin-links@6.0.0", "UID": "2df5a60b5c77f1a8", "BOMRef": "pkg:npm/bin-links@6.0.0" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/bin-links/package.json", "Digest": "sha1:93d3777b34117955d6d5e16ab5342b65b8a21d46" }, { "ID": "binary-extensions@3.1.0", "Name": "binary-extensions", "Identifier": { "PURL": "pkg:npm/binary-extensions@3.1.0", "UID": "5d695b16199b8b4d", "BOMRef": "f85eeae5-40b5-4a80-9ea8-8115214553a6" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/binary-extensions/package.json", "Digest": "sha1:fd41784d905c4769ecd7a2045234bf3336b20240" }, { "ID": "binary-extensions@3.1.0", "Name": "binary-extensions", "Identifier": { "PURL": "pkg:npm/binary-extensions@3.1.0", "UID": "495c04a29a52f3d3", "BOMRef": "06fda320-906f-4c54-a695-a0f2827772df" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/binary-extensions/package.json", "Digest": "sha1:fd41784d905c4769ecd7a2045234bf3336b20240" }, { "ID": "brace-expansion@2.0.2", "Name": "brace-expansion", "Identifier": { "PURL": "pkg:npm/brace-expansion@2.0.2", "UID": "5d3d361b66c14631", "BOMRef": "pkg:npm/brace-expansion@2.0.2" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/brace-expansion/package.json", "Digest": "sha1:c2e8d8ccf674a808b63453e8432ae0f696375fbd" }, { "ID": "cacache@19.0.1", "Name": "cacache", "Identifier": { "PURL": "pkg:npm/cacache@19.0.1", "UID": "b871129320aab36", "BOMRef": "pkg:npm/cacache@19.0.1" }, "Version": "19.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/cacache/package.json", "Digest": "sha1:4bfa58e7ac62a86d0f86b54faa34f063f3344a61" }, { "ID": "cacache@20.0.1", "Name": "cacache", "Identifier": { "PURL": "pkg:npm/cacache@20.0.1", "UID": "34b7840ba3dd1436", "BOMRef": "pkg:npm/cacache@20.0.1" }, "Version": "20.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cacache/package.json", "Digest": "sha1:1680c258e907f8a5844f3ddfd9334de3825ebf84" }, { "ID": "cacache@20.0.3", "Name": "cacache", "Identifier": { "PURL": "pkg:npm/cacache@20.0.3", "UID": "2d773c298e185d49", "BOMRef": "pkg:npm/cacache@20.0.3" }, "Version": "20.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/cacache/package.json", "Digest": "sha1:794ddf6857b8e0a3ab5e8b853a874fedd196d468" }, { "ID": "chalk@5.6.2", "Name": "chalk", "Identifier": { "PURL": "pkg:npm/chalk@5.6.2", "UID": "2c1c9ad935050ecf", "BOMRef": "e284898c-f8ca-4f98-a7fc-a2b0fdbf9238" }, "Version": "5.6.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/chalk/package.json", "Digest": "sha1:468d2997b68c367664e82a1d1b8bc344c65a52f6" }, { "ID": "chalk@5.6.2", "Name": "chalk", "Identifier": { "PURL": "pkg:npm/chalk@5.6.2", "UID": "70d58157e3102b4f", "BOMRef": "c1f279eb-fe7e-4f1e-8340-72db3e1ead15" }, "Version": "5.6.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/chalk/package.json", "Digest": "sha1:468d2997b68c367664e82a1d1b8bc344c65a52f6" }, { "ID": "chownr@3.0.0", "Name": "chownr", "Identifier": { "PURL": "pkg:npm/chownr@3.0.0", "UID": "55d2c894035f4aa0", "BOMRef": "b456a541-a47c-4f18-b285-d0ba005d877e" }, "Version": "3.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/chownr/package.json", "Digest": "sha1:fc7d452c2e7e9b57f311b04f8b5826656ccc8e1b" }, { "ID": "chownr@3.0.0", "Name": "chownr", "Identifier": { "PURL": "pkg:npm/chownr@3.0.0", "UID": "4c7aa19a68f3e162", "BOMRef": "be0abbf6-2acc-4bd4-b308-f25cadb04bd2" }, "Version": "3.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/chownr/package.json", "Digest": "sha1:fc7d452c2e7e9b57f311b04f8b5826656ccc8e1b" }, { "ID": "chownr@3.0.0", "Name": "chownr", "Identifier": { "PURL": "pkg:npm/chownr@3.0.0", "UID": "c5dbcf8ac658b243", "BOMRef": "9e55b09e-e70d-4e68-9894-b9cea6416b8c" }, "Version": "3.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/tar/node_modules/chownr/package.json", "Digest": "sha1:fc7d452c2e7e9b57f311b04f8b5826656ccc8e1b" }, { "ID": "ci-info@4.3.1", "Name": "ci-info", "Identifier": { "PURL": "pkg:npm/ci-info@4.3.1", "UID": "b6c09a482c9a7ef1", "BOMRef": "pkg:npm/ci-info@4.3.1" }, "Version": "4.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ci-info/package.json", "Digest": "sha1:6b3b12a5534f6e76cb13a851250efc1bb7e5ff21" }, { "ID": "ci-info@4.4.0", "Name": "ci-info", "Identifier": { "PURL": "pkg:npm/ci-info@4.4.0", "UID": "32a32a9c9ed14cf7", "BOMRef": "pkg:npm/ci-info@4.4.0" }, "Version": "4.4.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/ci-info/package.json", "Digest": "sha1:e2623b66b993dca3177e444bd44a85376724c11d" }, { "ID": "cidr-regex@5.0.1", "Name": "cidr-regex", "Identifier": { "PURL": "pkg:npm/cidr-regex@5.0.1", "UID": "2fa67ddb316a29f8", "BOMRef": "pkg:npm/cidr-regex@5.0.1" }, "Version": "5.0.1", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cidr-regex/package.json", "Digest": "sha1:472161dcb9eaebd9f280a0b36172ba21f93a9b86" }, { "ID": "cidr-regex@5.0.2", "Name": "cidr-regex", "Identifier": { "PURL": "pkg:npm/cidr-regex@5.0.2", "UID": "eb67d6c64ecc37c2", "BOMRef": "pkg:npm/cidr-regex@5.0.2" }, "Version": "5.0.2", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/cidr-regex/package.json", "Digest": "sha1:48e5e5cbe7526f27bace9d4ff49f5cd631f73262" }, { "ID": "cli-columns@4.0.0", "Name": "cli-columns", "Identifier": { "PURL": "pkg:npm/cli-columns@4.0.0", "UID": "288f1fc256317033", "BOMRef": "513aafbe-1319-4e96-bd3d-8e22ac655b97" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cli-columns/package.json", "Digest": "sha1:06c7ce3d82ba512eafa34bab2566bcce77d4beb9" }, { "ID": "cli-columns@4.0.0", "Name": "cli-columns", "Identifier": { "PURL": "pkg:npm/cli-columns@4.0.0", "UID": "ae0c532d4aa19a0", "BOMRef": "48d17700-3aed-444f-a11d-f17c1dcf8071" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/cli-columns/package.json", "Digest": "sha1:06c7ce3d82ba512eafa34bab2566bcce77d4beb9" }, { "ID": "cmd-shim@7.0.0", "Name": "cmd-shim", "Identifier": { "PURL": "pkg:npm/cmd-shim@7.0.0", "UID": "aebe2439b1258759", "BOMRef": "pkg:npm/cmd-shim@7.0.0" }, "Version": "7.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cmd-shim/package.json", "Digest": "sha1:31d3d08612d9deeb670d074f68fd539f1bc62080" }, { "ID": "cmd-shim@8.0.0", "Name": "cmd-shim", "Identifier": { "PURL": "pkg:npm/cmd-shim@8.0.0", "UID": "1646d7fe3361ea3e", "BOMRef": "pkg:npm/cmd-shim@8.0.0" }, "Version": "8.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/cmd-shim/package.json", "Digest": "sha1:bd1a460fd1e14f3dd73e03a0b21fc6e8bb60bfff" }, { "ID": "color-convert@2.0.1", "Name": "color-convert", "Identifier": { "PURL": "pkg:npm/color-convert@2.0.1", "UID": "9367bbc63939afa9", "BOMRef": "pkg:npm/color-convert@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/color-convert/package.json", "Digest": "sha1:03f26ab8597e0117b7ad15bcfa9f0b31c8375ea9" }, { "ID": "color-name@1.1.4", "Name": "color-name", "Identifier": { "PURL": "pkg:npm/color-name@1.1.4", "UID": "6ef07f72a4fe9439", "BOMRef": "pkg:npm/color-name@1.1.4" }, "Version": "1.1.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/color-name/package.json", "Digest": "sha1:411d7c87d5b1dec0d479aa13e3406b5c38ac34f5" }, { "ID": "common-ancestor-path@1.0.1", "Name": "common-ancestor-path", "Identifier": { "PURL": "pkg:npm/common-ancestor-path@1.0.1", "UID": "b6aca6e4d7d292b8", "BOMRef": "pkg:npm/common-ancestor-path@1.0.1" }, "Version": "1.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/common-ancestor-path/package.json", "Digest": "sha1:164a1acbc7cc3127c78c5da7b26667bf93b8b8c3" }, { "ID": "common-ancestor-path@2.0.0", "Name": "common-ancestor-path", "Identifier": { "PURL": "pkg:npm/common-ancestor-path@2.0.0", "UID": "39a82b8b646a96ea", "BOMRef": "pkg:npm/common-ancestor-path@2.0.0" }, "Version": "2.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/common-ancestor-path/package.json", "Digest": "sha1:8036c99c2d18b8840dc4aa274be9fbe844e9e16f" }, { "ID": "corepack@0.34.5", "Name": "corepack", "Identifier": { "PURL": "pkg:npm/corepack@0.34.5", "UID": "e4ba5432f6c43e2e", "BOMRef": "pkg:npm/corepack@0.34.5" }, "Version": "0.34.5", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/corepack/package.json", "Digest": "sha1:2c59efe8aa565dc3e10f82c7ab2d248e5d3e711f" }, { "ID": "cross-spawn@7.0.6", "Name": "cross-spawn", "Identifier": { "PURL": "pkg:npm/cross-spawn@7.0.6", "UID": "6dc56b05a21df911", "BOMRef": "pkg:npm/cross-spawn@7.0.6" }, "Version": "7.0.6", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cross-spawn/package.json", "Digest": "sha1:9becaa8ecb51ad9b303dd62369423cb9f287163a" }, { "ID": "cssesc@3.0.0", "Name": "cssesc", "Identifier": { "PURL": "pkg:npm/cssesc@3.0.0", "UID": "970f42ec7b770d19", "BOMRef": "f9e73636-d369-40ed-ae34-202149e9d959" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cssesc/package.json", "Digest": "sha1:3a37cece4f715e91ef0aed027baea0039bb20087" }, { "ID": "cssesc@3.0.0", "Name": "cssesc", "Identifier": { "PURL": "pkg:npm/cssesc@3.0.0", "UID": "be11e952f803ac10", "BOMRef": "59f4a051-9b98-4ae8-8e47-4dc14723564e" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/cssesc/package.json", "Digest": "sha1:3a37cece4f715e91ef0aed027baea0039bb20087" }, { "ID": "debug@4.4.3", "Name": "debug", "Identifier": { "PURL": "pkg:npm/debug@4.4.3", "UID": "430fbeaef3afe390", "BOMRef": "f81bd1b2-ff90-4eac-a200-38d87af11476" }, "Version": "4.4.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/debug/package.json", "Digest": "sha1:f1c3de400f61581ce6d6d43f9ec4c456cb8017f7" }, { "ID": "debug@4.4.3", "Name": "debug", "Identifier": { "PURL": "pkg:npm/debug@4.4.3", "UID": "21ec55e8b6c67b5f", "BOMRef": "54cabd16-62f9-44b5-97dc-a4dedb8ebacd" }, "Version": "4.4.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/debug/package.json", "Digest": "sha1:f1c3de400f61581ce6d6d43f9ec4c456cb8017f7" }, { "ID": "diff@8.0.2", "Name": "diff", "Identifier": { "PURL": "pkg:npm/diff@8.0.2", "UID": "595d074141eac04e", "BOMRef": "pkg:npm/diff@8.0.2" }, "Version": "8.0.2", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/diff/package.json", "Digest": "sha1:719cc8a399073fae18f522fc26e7058f2048cd43" }, { "ID": "diff@8.0.3", "Name": "diff", "Identifier": { "PURL": "pkg:npm/diff@8.0.3", "UID": "6d1ff4a01f9560e", "BOMRef": "pkg:npm/diff@8.0.3" }, "Version": "8.0.3", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/diff/package.json", "Digest": "sha1:ee7acad3ce516cc674e0a88afbb6964bb88e355d" }, { "ID": "eastasianwidth@0.2.0", "Name": "eastasianwidth", "Identifier": { "PURL": "pkg:npm/eastasianwidth@0.2.0", "UID": "905e26cb0bc1911f", "BOMRef": "pkg:npm/eastasianwidth@0.2.0" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/eastasianwidth/package.json", "Digest": "sha1:c3bff6d91fcbc648b17edd5f8e37bac1f47485a4" }, { "ID": "emoji-regex@8.0.0", "Name": "emoji-regex", "Identifier": { "PURL": "pkg:npm/emoji-regex@8.0.0", "UID": "3b74a88271c7167e", "BOMRef": "032ff137-442e-4df5-8b50-8c481fa9fe3a" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/emoji-regex/package.json", "Digest": "sha1:c26fe90da5886724a2676b8e3d5890beeacaad20" }, { "ID": "emoji-regex@8.0.0", "Name": "emoji-regex", "Identifier": { "PURL": "pkg:npm/emoji-regex@8.0.0", "UID": "4bb6a3231acf8684", "BOMRef": "940d5a5d-a895-40e8-a679-74b2a5ddcb6e" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/emoji-regex/package.json", "Digest": "sha1:c26fe90da5886724a2676b8e3d5890beeacaad20" }, { "ID": "emoji-regex@9.2.2", "Name": "emoji-regex", "Identifier": { "PURL": "pkg:npm/emoji-regex@9.2.2", "UID": "903b1bc91095b939", "BOMRef": "7b0fd43d-771f-4dd3-b310-57d9552b6acc" }, "Version": "9.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/cliui/node_modules/emoji-regex/package.json", "Digest": "sha1:238c48183550d02ab5c0dd37e13d57006dce640a" }, { "ID": "emoji-regex@9.2.2", "Name": "emoji-regex", "Identifier": { "PURL": "pkg:npm/emoji-regex@9.2.2", "UID": "ae1c975a7e95603f", "BOMRef": "304ba588-1539-456c-9406-7a2c4c970f85" }, "Version": "9.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi/node_modules/emoji-regex/package.json", "Digest": "sha1:238c48183550d02ab5c0dd37e13d57006dce640a" }, { "ID": "encoding@0.1.13", "Name": "encoding", "Identifier": { "PURL": "pkg:npm/encoding@0.1.13", "UID": "5984b6aed7bc38b", "BOMRef": "5226373c-0aba-4731-94d6-171384d6cedd" }, "Version": "0.1.13", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/encoding/package.json", "Digest": "sha1:52b117f2bc3113970224b9dc97b7fc18f7df30ab" }, { "ID": "encoding@0.1.13", "Name": "encoding", "Identifier": { "PURL": "pkg:npm/encoding@0.1.13", "UID": "bafca8fc36dee9e2", "BOMRef": "cee0f53d-50d6-474d-878a-a377c2e02c0a" }, "Version": "0.1.13", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/encoding/package.json", "Digest": "sha1:52b117f2bc3113970224b9dc97b7fc18f7df30ab" }, { "ID": "env-paths@2.2.1", "Name": "env-paths", "Identifier": { "PURL": "pkg:npm/env-paths@2.2.1", "UID": "dc5acb4126079250", "BOMRef": "62258932-4765-4899-b47d-3e364a1e39ca" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/env-paths/package.json", "Digest": "sha1:b5b570f41c1d3e8f251fd06d075cefea4a3449a9" }, { "ID": "env-paths@2.2.1", "Name": "env-paths", "Identifier": { "PURL": "pkg:npm/env-paths@2.2.1", "UID": "dd0b5bb9fa3df91e", "BOMRef": "7d3db46c-5394-473b-ae63-75e9217c62c7" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/env-paths/package.json", "Digest": "sha1:b5b570f41c1d3e8f251fd06d075cefea4a3449a9" }, { "ID": "err-code@2.0.3", "Name": "err-code", "Identifier": { "PURL": "pkg:npm/err-code@2.0.3", "UID": "4da1a0bb0632953a", "BOMRef": "cea7e9f2-bffc-4e1e-b790-3fc9ffbdb635" }, "Version": "2.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/err-code/package.json", "Digest": "sha1:5c7bc63340bc312d1563bb2b369e333e1165ab04" }, { "ID": "err-code@2.0.3", "Name": "err-code", "Identifier": { "PURL": "pkg:npm/err-code@2.0.3", "UID": "5fd8f8a7cff680ef", "BOMRef": "46338ae5-1fd8-49b9-875c-b72295386d0e" }, "Version": "2.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/err-code/package.json", "Digest": "sha1:5c7bc63340bc312d1563bb2b369e333e1165ab04" }, { "ID": "exponential-backoff@3.1.2", "Name": "exponential-backoff", "Identifier": { "PURL": "pkg:npm/exponential-backoff@3.1.2", "UID": "363086d4c5df933a", "BOMRef": "pkg:npm/exponential-backoff@3.1.2" }, "Version": "3.1.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/exponential-backoff/package.json", "Digest": "sha1:af54bb38a82b5a0d058c722fac83b3bf91fff3f5" }, { "ID": "exponential-backoff@3.1.3", "Name": "exponential-backoff", "Identifier": { "PURL": "pkg:npm/exponential-backoff@3.1.3", "UID": "517c982b36bc5a40", "BOMRef": "pkg:npm/exponential-backoff@3.1.3" }, "Version": "3.1.3", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/exponential-backoff/package.json", "Digest": "sha1:ad6dedac96b4754817f15c7f62c6b1d72fa249fe" }, { "ID": "fastest-levenshtein@1.0.16", "Name": "fastest-levenshtein", "Identifier": { "PURL": "pkg:npm/fastest-levenshtein@1.0.16", "UID": "fed354d4d0b9df1", "BOMRef": "76784778-1ae9-449a-a2d8-11f3734a02ed" }, "Version": "1.0.16", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/fastest-levenshtein/package.json", "Digest": "sha1:3aca1160ba8ff112a40cdfd2c860a5d6cd689391" }, { "ID": "fastest-levenshtein@1.0.16", "Name": "fastest-levenshtein", "Identifier": { "PURL": "pkg:npm/fastest-levenshtein@1.0.16", "UID": "cb0f5507c1bed6ea", "BOMRef": "0d1184c7-87b5-476e-a860-7b805000a835" }, "Version": "1.0.16", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/fastest-levenshtein/package.json", "Digest": "sha1:3aca1160ba8ff112a40cdfd2c860a5d6cd689391" }, { "ID": "fdir@6.5.0", "Name": "fdir", "Identifier": { "PURL": "pkg:npm/fdir@6.5.0", "UID": "6a11abb16f58e654", "BOMRef": "7211794f-6910-420d-883d-e51ce08e2301" }, "Version": "6.5.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tinyglobby/node_modules/fdir/package.json", "Digest": "sha1:87c30edff77dd2a0847ac92b0a76837682d64eb2" }, { "ID": "fdir@6.5.0", "Name": "fdir", "Identifier": { "PURL": "pkg:npm/fdir@6.5.0", "UID": "3bf8445ed1b90645", "BOMRef": "1339add6-6929-4976-a804-e98f6442e72a" }, "Version": "6.5.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tinyglobby/node_modules/fdir/package.json", "Digest": "sha1:87c30edff77dd2a0847ac92b0a76837682d64eb2" }, { "ID": "foreground-child@3.3.1", "Name": "foreground-child", "Identifier": { "PURL": "pkg:npm/foreground-child@3.3.1", "UID": "53942d35c0b0ed00", "BOMRef": "pkg:npm/foreground-child@3.3.1" }, "Version": "3.3.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/foreground-child/package.json", "Digest": "sha1:ca2af14071df0e6084e5797f9fbcf179d51f9e5d" }, { "ID": "fs-minipass@3.0.3", "Name": "fs-minipass", "Identifier": { "PURL": "pkg:npm/fs-minipass@3.0.3", "UID": "49015bc3b0d80557", "BOMRef": "15eac8a0-6991-4ed9-a49a-fd7ce9a329e7" }, "Version": "3.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/fs-minipass/package.json", "Digest": "sha1:2e472ead48322dd560133d10f39db20ee5e3fae1" }, { "ID": "fs-minipass@3.0.3", "Name": "fs-minipass", "Identifier": { "PURL": "pkg:npm/fs-minipass@3.0.3", "UID": "a9933b820c2e7e8a", "BOMRef": "de98d74f-66f4-4cf7-864c-a431fbc760fe" }, "Version": "3.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/fs-minipass/package.json", "Digest": "sha1:2e472ead48322dd560133d10f39db20ee5e3fae1" }, { "ID": "glob@10.4.5", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@10.4.5", "UID": "8eb8674e46021ad9", "BOMRef": "pkg:npm/glob@10.4.5" }, "Version": "10.4.5", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/package.json", "Digest": "sha1:fd815b4c5b195a178a7d55053a39c28202d6ce7c" }, { "ID": "glob@11.0.3", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@11.0.3", "UID": "f43c4f2768f6c9f2", "BOMRef": "pkg:npm/glob@11.0.3" }, "Version": "11.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/package.json", "Digest": "sha1:d6ba1b347026dc0b03d5d5a448c2912a3d438e1d" }, { "ID": "glob@13.0.2", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@13.0.2", "UID": "c241af1881c703eb", "BOMRef": "pkg:npm/glob@13.0.2" }, "Version": "13.0.2", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/glob/package.json", "Digest": "sha1:628266b6b21d6f986156cb13d83aa1b8657462fe" }, { "ID": "graceful-fs@4.2.11", "Name": "graceful-fs", "Identifier": { "PURL": "pkg:npm/graceful-fs@4.2.11", "UID": "c9abe0e5c00aa33d", "BOMRef": "3d5b263f-2d33-46fc-819f-fd28c7042ee9" }, "Version": "4.2.11", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/graceful-fs/package.json", "Digest": "sha1:21a733b3f7e2ee153041de90fb03d5596934f346" }, { "ID": "graceful-fs@4.2.11", "Name": "graceful-fs", "Identifier": { "PURL": "pkg:npm/graceful-fs@4.2.11", "UID": "4f34406195873ae7", "BOMRef": "55645e7e-3af6-439a-990d-718a01b8c284" }, "Version": "4.2.11", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/graceful-fs/package.json", "Digest": "sha1:21a733b3f7e2ee153041de90fb03d5596934f346" }, { "ID": "hosted-git-info@9.0.2", "Name": "hosted-git-info", "Identifier": { "PURL": "pkg:npm/hosted-git-info@9.0.2", "UID": "f569b59ba0d9ba82", "BOMRef": "bdbffefb-379e-473f-9af7-cc04d21114fd" }, "Version": "9.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/hosted-git-info/package.json", "Digest": "sha1:bd2953244687bfff7fdc74a3798a66119f64428e" }, { "ID": "hosted-git-info@9.0.2", "Name": "hosted-git-info", "Identifier": { "PURL": "pkg:npm/hosted-git-info@9.0.2", "UID": "632f1cf57365a993", "BOMRef": "fecaf66f-5422-4b13-b7bb-3041b5a69720" }, "Version": "9.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/hosted-git-info/package.json", "Digest": "sha1:bd2953244687bfff7fdc74a3798a66119f64428e" }, { "ID": "http-cache-semantics@4.2.0", "Name": "http-cache-semantics", "Identifier": { "PURL": "pkg:npm/http-cache-semantics@4.2.0", "UID": "6b52b72471148977", "BOMRef": "1e34c67a-e661-42e4-b42c-fae9162b24b7" }, "Version": "4.2.0", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/http-cache-semantics/package.json", "Digest": "sha1:563b0d8af1a9641083e8f6cefbf4259fa845e7ca" }, { "ID": "http-cache-semantics@4.2.0", "Name": "http-cache-semantics", "Identifier": { "PURL": "pkg:npm/http-cache-semantics@4.2.0", "UID": "7c0716a1cb67d5d5", "BOMRef": "ff2c78a0-13b3-44f2-a6bd-fb88bf27963c" }, "Version": "4.2.0", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/http-cache-semantics/package.json", "Digest": "sha1:563b0d8af1a9641083e8f6cefbf4259fa845e7ca" }, { "ID": "http-proxy-agent@7.0.2", "Name": "http-proxy-agent", "Identifier": { "PURL": "pkg:npm/http-proxy-agent@7.0.2", "UID": "9bc2173210e06281", "BOMRef": "87395410-3689-41c9-8d47-634bb04b62e0" }, "Version": "7.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/http-proxy-agent/package.json", "Digest": "sha1:f8b2b2bf2f3e2f8491496f9efe80b96442a803a9" }, { "ID": "http-proxy-agent@7.0.2", "Name": "http-proxy-agent", "Identifier": { "PURL": "pkg:npm/http-proxy-agent@7.0.2", "UID": "c75325d61b0619ed", "BOMRef": "6c3bfc3c-e163-47f9-95d2-05a75f26706d" }, "Version": "7.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/http-proxy-agent/package.json", "Digest": "sha1:f8b2b2bf2f3e2f8491496f9efe80b96442a803a9" }, { "ID": "https-proxy-agent@7.0.6", "Name": "https-proxy-agent", "Identifier": { "PURL": "pkg:npm/https-proxy-agent@7.0.6", "UID": "6f7cd303c5f96428", "BOMRef": "40937341-360c-4a74-b736-b579f67466ea" }, "Version": "7.0.6", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/https-proxy-agent/package.json", "Digest": "sha1:17ea193ab8be5c579a2d10e9a13bff389858f7e8" }, { "ID": "https-proxy-agent@7.0.6", "Name": "https-proxy-agent", "Identifier": { "PURL": "pkg:npm/https-proxy-agent@7.0.6", "UID": "dd67a7051d3ea358", "BOMRef": "b034f696-68cc-4a91-86c1-77cb6e2cc97e" }, "Version": "7.0.6", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/https-proxy-agent/package.json", "Digest": "sha1:17ea193ab8be5c579a2d10e9a13bff389858f7e8" }, { "ID": "iconv-lite@0.6.3", "Name": "iconv-lite", "Identifier": { "PURL": "pkg:npm/iconv-lite@0.6.3", "UID": "22a814bcd655201a", "BOMRef": "5856dbc6-a2d9-495f-a188-e79001e13b46" }, "Version": "0.6.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/iconv-lite/package.json", "Digest": "sha1:a3d90badf75db503f5dd3ff3fb76d120d1424978" }, { "ID": "iconv-lite@0.6.3", "Name": "iconv-lite", "Identifier": { "PURL": "pkg:npm/iconv-lite@0.6.3", "UID": "db9e3a3821066b66", "BOMRef": "f1333ada-751a-4d8c-b124-afedc7e810bf" }, "Version": "0.6.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/iconv-lite/package.json", "Digest": "sha1:a3d90badf75db503f5dd3ff3fb76d120d1424978" }, { "ID": "ignore-walk@8.0.0", "Name": "ignore-walk", "Identifier": { "PURL": "pkg:npm/ignore-walk@8.0.0", "UID": "a2b01a2ce285ec11", "BOMRef": "95b07463-d9e9-49ee-bafb-755a1ceeb8c2" }, "Version": "8.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ignore-walk/package.json", "Digest": "sha1:48b090250976a784406de6d243cb8221ac357a08" }, { "ID": "ignore-walk@8.0.0", "Name": "ignore-walk", "Identifier": { "PURL": "pkg:npm/ignore-walk@8.0.0", "UID": "214a74c06db73bee", "BOMRef": "c5ae59c6-4f93-4515-a9c7-151829a3c3bb" }, "Version": "8.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/ignore-walk/package.json", "Digest": "sha1:48b090250976a784406de6d243cb8221ac357a08" }, { "ID": "imurmurhash@0.1.4", "Name": "imurmurhash", "Identifier": { "PURL": "pkg:npm/imurmurhash@0.1.4", "UID": "96b0faf688982f80", "BOMRef": "df15f2f5-0075-49b9-8393-5b0a81ecedc6" }, "Version": "0.1.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/imurmurhash/package.json", "Digest": "sha1:a28f2b413385af4188c4fc0ad1e0c38c2cd03cf4" }, { "ID": "imurmurhash@0.1.4", "Name": "imurmurhash", "Identifier": { "PURL": "pkg:npm/imurmurhash@0.1.4", "UID": "2bbd3ec6779e328f", "BOMRef": "eb1de70e-9f37-4a4a-a0b5-5ab7009d4c5b" }, "Version": "0.1.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/imurmurhash/package.json", "Digest": "sha1:a28f2b413385af4188c4fc0ad1e0c38c2cd03cf4" }, { "ID": "ini@5.0.0", "Name": "ini", "Identifier": { "PURL": "pkg:npm/ini@5.0.0", "UID": "e02c00176875c928", "BOMRef": "pkg:npm/ini@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ini/package.json", "Digest": "sha1:6f82de9e6ee727a4e745446e6687d6dc4a13bc0f" }, { "ID": "ini@6.0.0", "Name": "ini", "Identifier": { "PURL": "pkg:npm/ini@6.0.0", "UID": "d661f55a2f2e78d9", "BOMRef": "pkg:npm/ini@6.0.0" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/ini/package.json", "Digest": "sha1:5edfb581604a00537da0213d0168236a05a49bf5" }, { "ID": "init-package-json@8.2.2", "Name": "init-package-json", "Identifier": { "PURL": "pkg:npm/init-package-json@8.2.2", "UID": "ee16b012a3c8d853", "BOMRef": "pkg:npm/init-package-json@8.2.2" }, "Version": "8.2.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/init-package-json/package.json", "Digest": "sha1:fd90752e9caf5c625bc4f238dd7498c6e759f0a8" }, { "ID": "init-package-json@8.2.4", "Name": "init-package-json", "Identifier": { "PURL": "pkg:npm/init-package-json@8.2.4", "UID": "244492b39755d69d", "BOMRef": "pkg:npm/init-package-json@8.2.4" }, "Version": "8.2.4", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/init-package-json/package.json", "Digest": "sha1:5112f0d23125bc0d7e4c7980385806e8bfeb15ce" }, { "ID": "ip-address@10.0.1", "Name": "ip-address", "Identifier": { "PURL": "pkg:npm/ip-address@10.0.1", "UID": "4af948311b3b0f53", "BOMRef": "pkg:npm/ip-address@10.0.1" }, "Version": "10.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ip-address/package.json", "Digest": "sha1:c08d23fa891935fb24a5e1a07334197e8974138a" }, { "ID": "ip-address@10.1.0", "Name": "ip-address", "Identifier": { "PURL": "pkg:npm/ip-address@10.1.0", "UID": "6365055a15e8705c", "BOMRef": "pkg:npm/ip-address@10.1.0" }, "Version": "10.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/ip-address/package.json", "Digest": "sha1:191d8a246dac65b7bb2707c1b08770812e9024e6" }, { "ID": "ip-regex@5.0.0", "Name": "ip-regex", "Identifier": { "PURL": "pkg:npm/ip-regex@5.0.0", "UID": "83f437b0cef34197", "BOMRef": "76cc9f9c-2554-4e36-afc5-34d092dcacd8" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ip-regex/package.json", "Digest": "sha1:e3ebe61a5855188e86da90f29b0ea8c44793b9f0" }, { "ID": "ip-regex@5.0.0", "Name": "ip-regex", "Identifier": { "PURL": "pkg:npm/ip-regex@5.0.0", "UID": "2f92aa842be9a23d", "BOMRef": "0908b973-4142-4a3d-82a5-f884e2213cf0" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/ip-regex/package.json", "Digest": "sha1:e3ebe61a5855188e86da90f29b0ea8c44793b9f0" }, { "ID": "is-cidr@6.0.1", "Name": "is-cidr", "Identifier": { "PURL": "pkg:npm/is-cidr@6.0.1", "UID": "815083d39f6a9084", "BOMRef": "pkg:npm/is-cidr@6.0.1" }, "Version": "6.0.1", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/is-cidr/package.json", "Digest": "sha1:7ae4aacf966b4f49bd609909796a7700fd8e877d" }, { "ID": "is-cidr@6.0.3", "Name": "is-cidr", "Identifier": { "PURL": "pkg:npm/is-cidr@6.0.3", "UID": "797957670ef584cd", "BOMRef": "pkg:npm/is-cidr@6.0.3" }, "Version": "6.0.3", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/is-cidr/package.json", "Digest": "sha1:1542d8b025df8f5b8246fdc01f4fe37c5a065a31" }, { "ID": "is-fullwidth-code-point@3.0.0", "Name": "is-fullwidth-code-point", "Identifier": { "PURL": "pkg:npm/is-fullwidth-code-point@3.0.0", "UID": "82b3b50542337f4f", "BOMRef": "fb92232d-29de-409d-97fa-caa479601818" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/is-fullwidth-code-point/package.json", "Digest": "sha1:49dbcba3eb3e3cba5b97bce28eb6194775d23c88" }, { "ID": "is-fullwidth-code-point@3.0.0", "Name": "is-fullwidth-code-point", "Identifier": { "PURL": "pkg:npm/is-fullwidth-code-point@3.0.0", "UID": "61df03e498ebed10", "BOMRef": "09dd26ea-751f-4db3-bb41-793ff69b9916" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/is-fullwidth-code-point/package.json", "Digest": "sha1:49dbcba3eb3e3cba5b97bce28eb6194775d23c88" }, { "ID": "isexe@2.0.0", "Name": "isexe", "Identifier": { "PURL": "pkg:npm/isexe@2.0.0", "UID": "48d1aad48cfc3b9e", "BOMRef": "pkg:npm/isexe@2.0.0" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cross-spawn/node_modules/isexe/package.json", "Digest": "sha1:3b3eab80c4ffd08eef6b3381b98de7be3649d06b" }, { "ID": "isexe@3.1.1", "Name": "isexe", "Identifier": { "PURL": "pkg:npm/isexe@3.1.1", "UID": "cec4eb2ae8582de9", "BOMRef": "pkg:npm/isexe@3.1.1" }, "Version": "3.1.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/isexe/package.json", "Digest": "sha1:33fc88b1f05370bb6518291c601cf96cfcafdc3b" }, { "ID": "isexe@4.0.0", "Name": "isexe", "Identifier": { "PURL": "pkg:npm/isexe@4.0.0", "UID": "11197af21f108f57", "BOMRef": "pkg:npm/isexe@4.0.0" }, "Version": "4.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/isexe/package.json", "Digest": "sha1:66620ebb413146985b58e32e2fb7007a46903867" }, { "ID": "jackspeak@3.4.3", "Name": "jackspeak", "Identifier": { "PURL": "pkg:npm/jackspeak@3.4.3", "UID": "95b81519376af34b", "BOMRef": "pkg:npm/jackspeak@3.4.3" }, "Version": "3.4.3", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/jackspeak/package.json", "Digest": "sha1:15e15f7f7565d0a355be813b2e68eb35e65102a5" }, { "ID": "jackspeak@4.1.1", "Name": "jackspeak", "Identifier": { "PURL": "pkg:npm/jackspeak@4.1.1", "UID": "2c76b3773e2eff7", "BOMRef": "pkg:npm/jackspeak@4.1.1" }, "Version": "4.1.1", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/jackspeak/package.json", "Digest": "sha1:8997e3643b1400526da8981a9f1ed0bc41a60261" }, { "ID": "json-parse-even-better-errors@4.0.0", "Name": "json-parse-even-better-errors", "Identifier": { "PURL": "pkg:npm/json-parse-even-better-errors@4.0.0", "UID": "d5561d3b7d3360eb", "BOMRef": "pkg:npm/json-parse-even-better-errors@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/json-parse-even-better-errors/package.json", "Digest": "sha1:6fb81ff6b422e2dd97dbd03d6095016aa7a4317e" }, { "ID": "json-parse-even-better-errors@5.0.0", "Name": "json-parse-even-better-errors", "Identifier": { "PURL": "pkg:npm/json-parse-even-better-errors@5.0.0", "UID": "b1ee4d012647117e", "BOMRef": "pkg:npm/json-parse-even-better-errors@5.0.0" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/json-parse-even-better-errors/package.json", "Digest": "sha1:27231975ccc2498cb184ae3e74122f2427ba1a5a" }, { "ID": "json-stringify-nice@1.1.4", "Name": "json-stringify-nice", "Identifier": { "PURL": "pkg:npm/json-stringify-nice@1.1.4", "UID": "c247b8407aff3fd7", "BOMRef": "593c982f-ef13-4901-8855-b8130364dc34" }, "Version": "1.1.4", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/json-stringify-nice/package.json", "Digest": "sha1:adef02a4345a493535ccb990b09f850508ae516f" }, { "ID": "json-stringify-nice@1.1.4", "Name": "json-stringify-nice", "Identifier": { "PURL": "pkg:npm/json-stringify-nice@1.1.4", "UID": "5ace956506d37470", "BOMRef": "5bd36467-70f8-463e-b494-015e8f0486eb" }, "Version": "1.1.4", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/json-stringify-nice/package.json", "Digest": "sha1:adef02a4345a493535ccb990b09f850508ae516f" }, { "ID": "jsonparse@1.3.1", "Name": "jsonparse", "Identifier": { "PURL": "pkg:npm/jsonparse@1.3.1", "UID": "135d3be271c98e45", "BOMRef": "153d73e7-35b1-4a84-986e-38717b9ee083" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/jsonparse/package.json", "Digest": "sha1:ec0bb766bf32ebd53d835393da006bb834a663fd" }, { "ID": "jsonparse@1.3.1", "Name": "jsonparse", "Identifier": { "PURL": "pkg:npm/jsonparse@1.3.1", "UID": "20f4c1166544f6b9", "BOMRef": "d89bf72e-8334-461c-8459-dd7f0f2ce2d4" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/jsonparse/package.json", "Digest": "sha1:ec0bb766bf32ebd53d835393da006bb834a663fd" }, { "ID": "just-diff@6.0.2", "Name": "just-diff", "Identifier": { "PURL": "pkg:npm/just-diff@6.0.2", "UID": "2448b0ae5d173c57", "BOMRef": "cd0d50ce-68fa-4771-bf68-cdefa81520c4" }, "Version": "6.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/just-diff/package.json", "Digest": "sha1:396a274e87b3ad6a3704a76cf18fbb2a9dd45ada" }, { "ID": "just-diff@6.0.2", "Name": "just-diff", "Identifier": { "PURL": "pkg:npm/just-diff@6.0.2", "UID": "91917b2e2c80dcd3", "BOMRef": "62c03194-902b-4565-b2e1-e57c52ed878f" }, "Version": "6.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/just-diff/package.json", "Digest": "sha1:396a274e87b3ad6a3704a76cf18fbb2a9dd45ada" }, { "ID": "just-diff-apply@5.5.0", "Name": "just-diff-apply", "Identifier": { "PURL": "pkg:npm/just-diff-apply@5.5.0", "UID": "cdfb2a2e33347d7f", "BOMRef": "ba37b597-abc5-45ac-8184-171a8d39b634" }, "Version": "5.5.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/just-diff-apply/package.json", "Digest": "sha1:26d39d00f0fc1ddfe4974dbe69691f9c09ad9036" }, { "ID": "just-diff-apply@5.5.0", "Name": "just-diff-apply", "Identifier": { "PURL": "pkg:npm/just-diff-apply@5.5.0", "UID": "d6452dee7591f038", "BOMRef": "856e0b76-e8e9-4422-ae3f-40ccf53b7dc8" }, "Version": "5.5.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/just-diff-apply/package.json", "Digest": "sha1:26d39d00f0fc1ddfe4974dbe69691f9c09ad9036" }, { "ID": "libnpmaccess@10.0.3", "Name": "libnpmaccess", "Identifier": { "PURL": "pkg:npm/libnpmaccess@10.0.3", "UID": "3814df8046aef906", "BOMRef": "59a0ce9e-5d4b-4092-ac44-11dc0bdd2f23" }, "Version": "10.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmaccess/package.json", "Digest": "sha1:c1d01036aa963e18b715c0bf3ec1bdad5d39d0be" }, { "ID": "libnpmaccess@10.0.3", "Name": "libnpmaccess", "Identifier": { "PURL": "pkg:npm/libnpmaccess@10.0.3", "UID": "b312fde3bc794aca", "BOMRef": "c07e5840-d5b5-42df-9a46-a5c4027efcf3" }, "Version": "10.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmaccess/package.json", "Digest": "sha1:c1d01036aa963e18b715c0bf3ec1bdad5d39d0be" }, { "ID": "libnpmdiff@8.0.9", "Name": "libnpmdiff", "Identifier": { "PURL": "pkg:npm/libnpmdiff@8.0.9", "UID": "c1eee973d02475be", "BOMRef": "pkg:npm/libnpmdiff@8.0.9" }, "Version": "8.0.9", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmdiff/package.json", "Digest": "sha1:08529ea2d28cea59a474b7a9b8d07dfd33842d72" }, { "ID": "libnpmdiff@8.1.1", "Name": "libnpmdiff", "Identifier": { "PURL": "pkg:npm/libnpmdiff@8.1.1", "UID": "328402dd5dc18e0d", "BOMRef": "pkg:npm/libnpmdiff@8.1.1" }, "Version": "8.1.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmdiff/package.json", "Digest": "sha1:83fd0172d214cbddb1f9ddd75efdc2b3d13bf5f4" }, { "ID": "libnpmexec@10.1.8", "Name": "libnpmexec", "Identifier": { "PURL": "pkg:npm/libnpmexec@10.1.8", "UID": "ed48cdf080f06d33", "BOMRef": "pkg:npm/libnpmexec@10.1.8" }, "Version": "10.1.8", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmexec/package.json", "Digest": "sha1:42067a230f8087be6622933bc2204beb43c65053" }, { "ID": "libnpmexec@10.2.1", "Name": "libnpmexec", "Identifier": { "PURL": "pkg:npm/libnpmexec@10.2.1", "UID": "46f5d8049b1ace86", "BOMRef": "pkg:npm/libnpmexec@10.2.1" }, "Version": "10.2.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmexec/package.json", "Digest": "sha1:9bc387e8722546a66d6b6925e7369f37c9e765f3" }, { "ID": "libnpmfund@7.0.15", "Name": "libnpmfund", "Identifier": { "PURL": "pkg:npm/libnpmfund@7.0.15", "UID": "854f7318e53f70c2", "BOMRef": "pkg:npm/libnpmfund@7.0.15" }, "Version": "7.0.15", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmfund/package.json", "Digest": "sha1:be1b20821f310838a68e8b7ce6b0c5a783f1cf3d" }, { "ID": "libnpmfund@7.0.9", "Name": "libnpmfund", "Identifier": { "PURL": "pkg:npm/libnpmfund@7.0.9", "UID": "d0a62b1e200930ea", "BOMRef": "pkg:npm/libnpmfund@7.0.9" }, "Version": "7.0.9", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmfund/package.json", "Digest": "sha1:1906251db79b7a437239f95aa0df79c7c554619e" }, { "ID": "libnpmorg@8.0.1", "Name": "libnpmorg", "Identifier": { "PURL": "pkg:npm/libnpmorg@8.0.1", "UID": "b05ee897210b8f69", "BOMRef": "6caf8a40-4fa8-4948-879e-0407c34f869c" }, "Version": "8.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmorg/package.json", "Digest": "sha1:bb751a1dee75e700037086efe488eaadcf29345f" }, { "ID": "libnpmorg@8.0.1", "Name": "libnpmorg", "Identifier": { "PURL": "pkg:npm/libnpmorg@8.0.1", "UID": "f62508706db060cf", "BOMRef": "7faaadbe-51b2-4ec2-9f9e-855dfbb795c7" }, "Version": "8.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmorg/package.json", "Digest": "sha1:bb751a1dee75e700037086efe488eaadcf29345f" }, { "ID": "libnpmpack@9.0.9", "Name": "libnpmpack", "Identifier": { "PURL": "pkg:npm/libnpmpack@9.0.9", "UID": "580c46defefe3c3c", "BOMRef": "pkg:npm/libnpmpack@9.0.9" }, "Version": "9.0.9", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmpack/package.json", "Digest": "sha1:9946d06d2edee965070b52064492a9f7bc63194e" }, { "ID": "libnpmpack@9.1.1", "Name": "libnpmpack", "Identifier": { "PURL": "pkg:npm/libnpmpack@9.1.1", "UID": "8e27126474de08f1", "BOMRef": "pkg:npm/libnpmpack@9.1.1" }, "Version": "9.1.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmpack/package.json", "Digest": "sha1:2c922595c278da6f326595cde27732587b4a73cb" }, { "ID": "libnpmpublish@11.1.2", "Name": "libnpmpublish", "Identifier": { "PURL": "pkg:npm/libnpmpublish@11.1.2", "UID": "82dff03214d1a617", "BOMRef": "pkg:npm/libnpmpublish@11.1.2" }, "Version": "11.1.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmpublish/package.json", "Digest": "sha1:cee9c37cf9421b071b038e99b83e2d60f355d7f1" }, { "ID": "libnpmpublish@11.1.3", "Name": "libnpmpublish", "Identifier": { "PURL": "pkg:npm/libnpmpublish@11.1.3", "UID": "1fcd5db973bc4f3", "BOMRef": "pkg:npm/libnpmpublish@11.1.3" }, "Version": "11.1.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmpublish/package.json", "Digest": "sha1:ff82ddefb69c8d63b5a4be420961ed9bc267923d" }, { "ID": "libnpmsearch@9.0.1", "Name": "libnpmsearch", "Identifier": { "PURL": "pkg:npm/libnpmsearch@9.0.1", "UID": "87b652f9cf5e74fe", "BOMRef": "1bd3732c-4dc9-40b5-89b2-3f028a586174" }, "Version": "9.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmsearch/package.json", "Digest": "sha1:839c733ea34fee24f8639d9514b827f20634aa47" }, { "ID": "libnpmsearch@9.0.1", "Name": "libnpmsearch", "Identifier": { "PURL": "pkg:npm/libnpmsearch@9.0.1", "UID": "158a6693ac5ae774", "BOMRef": "dee83e99-6018-4a92-8023-2d9f95e2507e" }, "Version": "9.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmsearch/package.json", "Digest": "sha1:839c733ea34fee24f8639d9514b827f20634aa47" }, { "ID": "libnpmteam@8.0.2", "Name": "libnpmteam", "Identifier": { "PURL": "pkg:npm/libnpmteam@8.0.2", "UID": "eec50a89c6c5333c", "BOMRef": "0e71fbac-dd4b-4498-a279-619a42257191" }, "Version": "8.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmteam/package.json", "Digest": "sha1:4638228278157df58223fce221f2b21e99a43351" }, { "ID": "libnpmteam@8.0.2", "Name": "libnpmteam", "Identifier": { "PURL": "pkg:npm/libnpmteam@8.0.2", "UID": "503fd56f522df21", "BOMRef": "f4a69c5d-e1d9-4dc7-8ba1-f986739fe7ba" }, "Version": "8.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmteam/package.json", "Digest": "sha1:4638228278157df58223fce221f2b21e99a43351" }, { "ID": "libnpmversion@8.0.2", "Name": "libnpmversion", "Identifier": { "PURL": "pkg:npm/libnpmversion@8.0.2", "UID": "fe89f5ddc460cbbd", "BOMRef": "pkg:npm/libnpmversion@8.0.2" }, "Version": "8.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmversion/package.json", "Digest": "sha1:6508dfbbc8b9d0b7f7c4c0310fcb0a4b6c244754" }, { "ID": "libnpmversion@8.0.3", "Name": "libnpmversion", "Identifier": { "PURL": "pkg:npm/libnpmversion@8.0.3", "UID": "5f2b1a9e411c6dba", "BOMRef": "pkg:npm/libnpmversion@8.0.3" }, "Version": "8.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/libnpmversion/package.json", "Digest": "sha1:26c9215135593d18d97e7124f32d5644aa62edac" }, { "ID": "litellm-dashboard@0.1.0", "Name": "litellm-dashboard", "Identifier": { "PURL": "pkg:npm/litellm-dashboard@0.1.0", "UID": "dd906a2cb4b7b838", "BOMRef": "pkg:npm/litellm-dashboard@0.1.0" }, "Version": "0.1.0", "Layer": { "Digest": "sha256:da3772b0c521c1e082545f8fe601f9b1dbe4c37ce79e05d4d308e9c23e75a90f", "DiffID": "sha256:2e528d6b04f3a5e57f6078da786b8d0eb2cab58bdf11280fdfe32c327800a0c8" }, "FilePath": "app/ui/litellm-dashboard/package.json", "Digest": "sha1:d97b7606059f0a1765a8029d441111159b7ebf7f" }, { "ID": "lru-cache@10.4.3", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@10.4.3", "UID": "638b1c990ef8d2c0", "BOMRef": "pkg:npm/lru-cache@10.4.3" }, "Version": "10.4.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/lru-cache/package.json", "Digest": "sha1:eba45f816c43b1e505440b7a7f8392e38ba11306" }, { "ID": "lru-cache@11.2.2", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@11.2.2", "UID": "5af5abcbc0005f68", "BOMRef": "pkg:npm/lru-cache@11.2.2" }, "Version": "11.2.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/lru-cache/package.json", "Digest": "sha1:6dd2a4249041a81465f9774e129f7b29c27a6f80" }, { "ID": "lru-cache@11.2.6", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@11.2.6", "UID": "ffee6ce6c4cb9cf", "BOMRef": "pkg:npm/lru-cache@11.2.6" }, "Version": "11.2.6", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/lru-cache/package.json", "Digest": "sha1:d27773298a20e2414297de880c090a1a8a626c97" }, { "ID": "make-fetch-happen@14.0.3", "Name": "make-fetch-happen", "Identifier": { "PURL": "pkg:npm/make-fetch-happen@14.0.3", "UID": "6a53c3a1f312a572", "BOMRef": "pkg:npm/make-fetch-happen@14.0.3" }, "Version": "14.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/make-fetch-happen/package.json", "Digest": "sha1:4e321611ef7ad4a60c9b8db56a8e49c35f4624f5" }, { "ID": "make-fetch-happen@15.0.2", "Name": "make-fetch-happen", "Identifier": { "PURL": "pkg:npm/make-fetch-happen@15.0.2", "UID": "d30a31f88f5e50dd", "BOMRef": "pkg:npm/make-fetch-happen@15.0.2" }, "Version": "15.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/make-fetch-happen/package.json", "Digest": "sha1:da7290a1f11c33952730308c1a35b3031addcbea" }, { "ID": "make-fetch-happen@15.0.3", "Name": "make-fetch-happen", "Identifier": { "PURL": "pkg:npm/make-fetch-happen@15.0.3", "UID": "48e47a72e9437990", "BOMRef": "pkg:npm/make-fetch-happen@15.0.3" }, "Version": "15.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/make-fetch-happen/package.json", "Digest": "sha1:06b8dc0e17bf93a970739a0ac6845fa168884e8a" }, { "ID": "minimatch@10.0.3", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "e2906edbf5a05304", "BOMRef": "pkg:npm/minimatch@10.0.3" }, "Version": "10.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minimatch/package.json", "Digest": "sha1:052b0b10a498caa8cff3370cf90554d3b8be575c" }, { "ID": "minimatch@10.1.2", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@10.1.2", "UID": "da4eafc122d77c1c", "BOMRef": "pkg:npm/minimatch@10.1.2" }, "Version": "10.1.2", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minimatch/package.json", "Digest": "sha1:a78e40b2e81ee5b6b4db40e88d152ecf97967fb6" }, { "ID": "minimatch@9.0.5", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "d6ab7d0ffa6f45e1", "BOMRef": "58ce7c97-c625-41fe-8460-2edc3d83a333" }, "Version": "9.0.5", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/models/node_modules/minimatch/package.json", "Digest": "sha1:fad71756ee05319a797b6ec51669df8e01e76379" }, { "ID": "minimatch@9.0.5", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "4745c565dc61c848", "BOMRef": "920046c2-30af-4ec5-a56c-57565843c9ec" }, "Version": "9.0.5", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/minimatch/package.json", "Digest": "sha1:fad71756ee05319a797b6ec51669df8e01e76379" }, { "ID": "minipass@3.3.6", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@3.3.6", "UID": "d457a2eb667030a6", "BOMRef": "db250914-5022-43a6-b44d-f3a789b514e1" }, "Version": "3.3.6", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-flush/node_modules/minipass/package.json", "Digest": "sha1:fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c" }, { "ID": "minipass@3.3.6", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@3.3.6", "UID": "39ec10dac251cd42", "BOMRef": "8a6f6d02-1487-433f-8fe4-9fec3f0b5386" }, "Version": "3.3.6", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-pipeline/node_modules/minipass/package.json", "Digest": "sha1:fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c" }, { "ID": "minipass@3.3.6", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@3.3.6", "UID": "8c91edb903ab7213", "BOMRef": "26942e30-4db5-471c-a84f-95197036d9e5" }, "Version": "3.3.6", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-sized/node_modules/minipass/package.json", "Digest": "sha1:fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c" }, { "ID": "minipass@3.3.6", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@3.3.6", "UID": "6962d92edb2fec40", "BOMRef": "615a41fe-4523-4b9c-878a-f184e285d879" }, "Version": "3.3.6", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass-flush/node_modules/minipass/package.json", "Digest": "sha1:fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c" }, { "ID": "minipass@3.3.6", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@3.3.6", "UID": "8b378a6797459e28", "BOMRef": "6d1938fa-d382-4aae-a006-ee8b66afc9f2" }, "Version": "3.3.6", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass-pipeline/node_modules/minipass/package.json", "Digest": "sha1:fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c" }, { "ID": "minipass@7.1.2", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@7.1.2", "UID": "62b730023ba0c02b", "BOMRef": "3a4eb782-b64a-4060-b782-d6108f0ec550" }, "Version": "7.1.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass/package.json", "Digest": "sha1:798df22ae1185484c372b4da30c4d75a0e7ea572" }, { "ID": "minipass@7.1.2", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@7.1.2", "UID": "1337663a5f1fd8d5", "BOMRef": "42d8e3b6-6efb-47cb-ba3f-3772ec2a0e49" }, "Version": "7.1.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass/package.json", "Digest": "sha1:798df22ae1185484c372b4da30c4d75a0e7ea572" }, { "ID": "minipass@7.1.2", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@7.1.2", "UID": "e217ba44552051d", "BOMRef": "bb35df77-ee8b-4546-b9b8-f1e391b67fd0" }, "Version": "7.1.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/tar/node_modules/minipass/package.json", "Digest": "sha1:798df22ae1185484c372b4da30c4d75a0e7ea572" }, { "ID": "minipass-collect@2.0.1", "Name": "minipass-collect", "Identifier": { "PURL": "pkg:npm/minipass-collect@2.0.1", "UID": "e0b699ac19ad8d99", "BOMRef": "8fd8fa67-9f34-4012-a300-52b7dd9a4bb4" }, "Version": "2.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-collect/package.json", "Digest": "sha1:7ca3a77ca7b795148ecee5d9ebbe96e968dddb15" }, { "ID": "minipass-collect@2.0.1", "Name": "minipass-collect", "Identifier": { "PURL": "pkg:npm/minipass-collect@2.0.1", "UID": "dc2c30d8556b2896", "BOMRef": "fcb2e7e2-0363-4e2b-a752-d6cd1d13bbbe" }, "Version": "2.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass-collect/package.json", "Digest": "sha1:7ca3a77ca7b795148ecee5d9ebbe96e968dddb15" }, { "ID": "minipass-fetch@4.0.1", "Name": "minipass-fetch", "Identifier": { "PURL": "pkg:npm/minipass-fetch@4.0.1", "UID": "d5ec6bc3dba39cf2", "BOMRef": "pkg:npm/minipass-fetch@4.0.1" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-fetch/package.json", "Digest": "sha1:20a8b7cdd0d9df659a448aef3a4589ca2a95d39e" }, { "ID": "minipass-fetch@5.0.1", "Name": "minipass-fetch", "Identifier": { "PURL": "pkg:npm/minipass-fetch@5.0.1", "UID": "b2030e1bfcf39019", "BOMRef": "pkg:npm/minipass-fetch@5.0.1" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass-fetch/package.json", "Digest": "sha1:158d6645fb9a0b82ee2e1dd1d0491b53e31ee6e0" }, { "ID": "minipass-flush@1.0.5", "Name": "minipass-flush", "Identifier": { "PURL": "pkg:npm/minipass-flush@1.0.5", "UID": "345a9235e325dd4a", "BOMRef": "50a23e08-2ba3-43c1-80d8-ff62eca9f994" }, "Version": "1.0.5", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-flush/package.json", "Digest": "sha1:c89612a2a9c68141b8271bbc94bcc88067c29790" }, { "ID": "minipass-flush@1.0.5", "Name": "minipass-flush", "Identifier": { "PURL": "pkg:npm/minipass-flush@1.0.5", "UID": "4ad8c8271e8c61c4", "BOMRef": "c11117a7-15f0-4b56-946f-0a51899538e3" }, "Version": "1.0.5", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass-flush/package.json", "Digest": "sha1:c89612a2a9c68141b8271bbc94bcc88067c29790" }, { "ID": "minipass-pipeline@1.2.4", "Name": "minipass-pipeline", "Identifier": { "PURL": "pkg:npm/minipass-pipeline@1.2.4", "UID": "2d6ff782375a9fb5", "BOMRef": "7bcc13b3-a76c-4dcc-b19a-70a8fdc8c9e9" }, "Version": "1.2.4", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-pipeline/package.json", "Digest": "sha1:e30c58465801deaceb4b81898e531c75679563b1" }, { "ID": "minipass-pipeline@1.2.4", "Name": "minipass-pipeline", "Identifier": { "PURL": "pkg:npm/minipass-pipeline@1.2.4", "UID": "735ceb91eaf48ad7", "BOMRef": "a2fd9d49-b2a5-4990-a970-2fb1052486ac" }, "Version": "1.2.4", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass-pipeline/package.json", "Digest": "sha1:e30c58465801deaceb4b81898e531c75679563b1" }, { "ID": "minipass-sized@1.0.3", "Name": "minipass-sized", "Identifier": { "PURL": "pkg:npm/minipass-sized@1.0.3", "UID": "c61ed5ee54e44f1", "BOMRef": "pkg:npm/minipass-sized@1.0.3" }, "Version": "1.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-sized/package.json", "Digest": "sha1:615e0e93dfdbc65b217029380591abc9e9b64136" }, { "ID": "minipass-sized@2.0.0", "Name": "minipass-sized", "Identifier": { "PURL": "pkg:npm/minipass-sized@2.0.0", "UID": "9319482325b9889", "BOMRef": "pkg:npm/minipass-sized@2.0.0" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minipass-sized/package.json", "Digest": "sha1:c0e70d0d99106c4391afde2f25524f3cb876a1dd" }, { "ID": "minizlib@3.1.0", "Name": "minizlib", "Identifier": { "PURL": "pkg:npm/minizlib@3.1.0", "UID": "e18774aa5860fe29", "BOMRef": "eb0b219b-518f-4ce9-8940-999b42e6849f" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minizlib/package.json", "Digest": "sha1:ecda8f42a2256be6ae9bba8a268ae3964683fe09" }, { "ID": "minizlib@3.1.0", "Name": "minizlib", "Identifier": { "PURL": "pkg:npm/minizlib@3.1.0", "UID": "38f9daa0b6e68c29", "BOMRef": "9022230c-75ec-44c1-8d44-3e8af1dfa510" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/minizlib/package.json", "Digest": "sha1:ecda8f42a2256be6ae9bba8a268ae3964683fe09" }, { "ID": "minizlib@3.1.0", "Name": "minizlib", "Identifier": { "PURL": "pkg:npm/minizlib@3.1.0", "UID": "d8139b82a1672b96", "BOMRef": "0097e392-1c74-4c70-914d-8cb895af2dd1" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/tar/node_modules/minizlib/package.json", "Digest": "sha1:ecda8f42a2256be6ae9bba8a268ae3964683fe09" }, { "ID": "ms@2.1.3", "Name": "ms", "Identifier": { "PURL": "pkg:npm/ms@2.1.3", "UID": "ae10058863a136d8", "BOMRef": "df9a51b7-01f4-4266-911e-fe048ab44ebc" }, "Version": "2.1.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ms/package.json", "Digest": "sha1:c290eb97736177176d071da4ac855ab995685c97" }, { "ID": "ms@2.1.3", "Name": "ms", "Identifier": { "PURL": "pkg:npm/ms@2.1.3", "UID": "b4b7d1bd257e0cda", "BOMRef": "7c9d76e1-e198-4b06-80fe-90171a820d20" }, "Version": "2.1.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/ms/package.json", "Digest": "sha1:c290eb97736177176d071da4ac855ab995685c97" }, { "ID": "mute-stream@2.0.0", "Name": "mute-stream", "Identifier": { "PURL": "pkg:npm/mute-stream@2.0.0", "UID": "770c7cae8ecf1b4b", "BOMRef": "pkg:npm/mute-stream@2.0.0" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/mute-stream/package.json", "Digest": "sha1:7f9eff4bc99d6d99dfa22506626bf4d2ec36530c" }, { "ID": "mute-stream@3.0.0", "Name": "mute-stream", "Identifier": { "PURL": "pkg:npm/mute-stream@3.0.0", "UID": "f33d801a1d4095ad", "BOMRef": "pkg:npm/mute-stream@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/mute-stream/package.json", "Digest": "sha1:170b20aad820bb2d67cdb50fe6714c3030eb6961" }, { "ID": "negotiator@1.0.0", "Name": "negotiator", "Identifier": { "PURL": "pkg:npm/negotiator@1.0.0", "UID": "c8d4b299a90d81df", "BOMRef": "5b7ca239-e499-45f8-900c-e714143e25f9" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/negotiator/package.json", "Digest": "sha1:046524b23a7aefb2b0cfd3ebbd0fd84c0f7df3f6" }, { "ID": "negotiator@1.0.0", "Name": "negotiator", "Identifier": { "PURL": "pkg:npm/negotiator@1.0.0", "UID": "91ebb8135c3362fd", "BOMRef": "6506cc9f-5b42-4e2a-b815-af5cb666ca2d" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/negotiator/package.json", "Digest": "sha1:046524b23a7aefb2b0cfd3ebbd0fd84c0f7df3f6" }, { "ID": "node-gyp@11.4.2", "Name": "node-gyp", "Identifier": { "PURL": "pkg:npm/node-gyp@11.4.2", "UID": "d083361460b51c5f", "BOMRef": "pkg:npm/node-gyp@11.4.2" }, "Version": "11.4.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/package.json", "Digest": "sha1:ccf15dc1a8d1d80613e27c704d1776222cc81229" }, { "ID": "node-gyp@12.2.0", "Name": "node-gyp", "Identifier": { "PURL": "pkg:npm/node-gyp@12.2.0", "UID": "45e8e75936202498", "BOMRef": "pkg:npm/node-gyp@12.2.0" }, "Version": "12.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/node-gyp/package.json", "Digest": "sha1:94024c2f80031bfd4736e8cfc7b7e32b6b83e2d3" }, { "ID": "nopt@8.1.0", "Name": "nopt", "Identifier": { "PURL": "pkg:npm/nopt@8.1.0", "UID": "ee9f250985e16125", "BOMRef": "pkg:npm/nopt@8.1.0" }, "Version": "8.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/nopt/package.json", "Digest": "sha1:317e51d1f350fa28d851280d460bebcd9154acca" }, { "ID": "nopt@9.0.0", "Name": "nopt", "Identifier": { "PURL": "pkg:npm/nopt@9.0.0", "UID": "2079a9d3689549ad", "BOMRef": "pkg:npm/nopt@9.0.0" }, "Version": "9.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/nopt/package.json", "Digest": "sha1:44fa7f32a18abb1dde67088e347d8f7c2bfed87f" }, { "ID": "npm@11.10.0", "Name": "npm", "Identifier": { "PURL": "pkg:npm/npm@11.10.0", "UID": "f88ef21b90b50fe", "BOMRef": "pkg:npm/npm@11.10.0" }, "Version": "11.10.0", "Licenses": [ "Artistic-2.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/package.json", "Digest": "sha1:57845000370354179e594ffc58602037ff6133c2" }, { "ID": "npm@11.6.2", "Name": "npm", "Identifier": { "PURL": "pkg:npm/npm@11.6.2", "UID": "dea7327ed9a255c7", "BOMRef": "pkg:npm/npm@11.6.2" }, "Version": "11.6.2", "Licenses": [ "Artistic-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/package.json", "Digest": "sha1:d6bc9f75c73d458b7b308a38ee9a9391fbd83b04" }, { "ID": "npm-audit-report@6.0.0", "Name": "npm-audit-report", "Identifier": { "PURL": "pkg:npm/npm-audit-report@6.0.0", "UID": "62d48cf3c729a65e", "BOMRef": "pkg:npm/npm-audit-report@6.0.0" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-audit-report/package.json", "Digest": "sha1:c6d99ebde23570472f511de67beedd2a9c0a21fb" }, { "ID": "npm-audit-report@7.0.0", "Name": "npm-audit-report", "Identifier": { "PURL": "pkg:npm/npm-audit-report@7.0.0", "UID": "40679f789dd7e987", "BOMRef": "pkg:npm/npm-audit-report@7.0.0" }, "Version": "7.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-audit-report/package.json", "Digest": "sha1:040167501ae6b37c24bfdfbbd67fcf467d37bdc0" }, { "ID": "npm-bundled@4.0.0", "Name": "npm-bundled", "Identifier": { "PURL": "pkg:npm/npm-bundled@4.0.0", "UID": "be99620f9fcc0028", "BOMRef": "pkg:npm/npm-bundled@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-bundled/package.json", "Digest": "sha1:12ea20fbce124e65be448ec472b370cd1a4e4e9a" }, { "ID": "npm-bundled@5.0.0", "Name": "npm-bundled", "Identifier": { "PURL": "pkg:npm/npm-bundled@5.0.0", "UID": "14176ad841517e28", "BOMRef": "pkg:npm/npm-bundled@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-bundled/package.json", "Digest": "sha1:9dfb03e07a30a5e91c2d051690fec605e0cad435" }, { "ID": "npm-install-checks@7.1.2", "Name": "npm-install-checks", "Identifier": { "PURL": "pkg:npm/npm-install-checks@7.1.2", "UID": "cc9317116cdf327d", "BOMRef": "pkg:npm/npm-install-checks@7.1.2" }, "Version": "7.1.2", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-install-checks/package.json", "Digest": "sha1:52ed94975a6a5114ded7355615eecbca003fa139" }, { "ID": "npm-install-checks@8.0.0", "Name": "npm-install-checks", "Identifier": { "PURL": "pkg:npm/npm-install-checks@8.0.0", "UID": "f89e4876b6d1dd37", "BOMRef": "pkg:npm/npm-install-checks@8.0.0" }, "Version": "8.0.0", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-install-checks/package.json", "Digest": "sha1:407654a587e45ad83b936081f22670ebcaec1bc9" }, { "ID": "npm-normalize-package-bin@4.0.0", "Name": "npm-normalize-package-bin", "Identifier": { "PURL": "pkg:npm/npm-normalize-package-bin@4.0.0", "UID": "f60bf1796e842f15", "BOMRef": "pkg:npm/npm-normalize-package-bin@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-normalize-package-bin/package.json", "Digest": "sha1:fd34d45c247025dea9a507fb9db4586afa05c732" }, { "ID": "npm-normalize-package-bin@5.0.0", "Name": "npm-normalize-package-bin", "Identifier": { "PURL": "pkg:npm/npm-normalize-package-bin@5.0.0", "UID": "75bdee192600f979", "BOMRef": "pkg:npm/npm-normalize-package-bin@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-normalize-package-bin/package.json", "Digest": "sha1:e525037807bb400a135f7e1be77c8dc97d78bb96" }, { "ID": "npm-package-arg@13.0.1", "Name": "npm-package-arg", "Identifier": { "PURL": "pkg:npm/npm-package-arg@13.0.1", "UID": "7a8b088453cf552d", "BOMRef": "pkg:npm/npm-package-arg@13.0.1" }, "Version": "13.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-package-arg/package.json", "Digest": "sha1:a381d17d55aaf006600639a375b790c73d8e4f7e" }, { "ID": "npm-package-arg@13.0.2", "Name": "npm-package-arg", "Identifier": { "PURL": "pkg:npm/npm-package-arg@13.0.2", "UID": "dbae6df36205cc93", "BOMRef": "pkg:npm/npm-package-arg@13.0.2" }, "Version": "13.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-package-arg/package.json", "Digest": "sha1:68938fd68043d217f6ca9b6fb63c8a5470a3a589" }, { "ID": "npm-packlist@10.0.2", "Name": "npm-packlist", "Identifier": { "PURL": "pkg:npm/npm-packlist@10.0.2", "UID": "810588f38f58da89", "BOMRef": "pkg:npm/npm-packlist@10.0.2" }, "Version": "10.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-packlist/package.json", "Digest": "sha1:79c1cf949293a2c40b820bb705fb33d6a20d249d" }, { "ID": "npm-packlist@10.0.3", "Name": "npm-packlist", "Identifier": { "PURL": "pkg:npm/npm-packlist@10.0.3", "UID": "885e4db5ef3a7d54", "BOMRef": "pkg:npm/npm-packlist@10.0.3" }, "Version": "10.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-packlist/package.json", "Digest": "sha1:6a3cdda6728c40e4b1b1173cb1d0a53a222807f0" }, { "ID": "npm-pick-manifest@11.0.1", "Name": "npm-pick-manifest", "Identifier": { "PURL": "pkg:npm/npm-pick-manifest@11.0.1", "UID": "928643ad40946e16", "BOMRef": "pkg:npm/npm-pick-manifest@11.0.1" }, "Version": "11.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-pick-manifest/package.json", "Digest": "sha1:a798b711f9e66c3134e245bee2c549634583713f" }, { "ID": "npm-pick-manifest@11.0.3", "Name": "npm-pick-manifest", "Identifier": { "PURL": "pkg:npm/npm-pick-manifest@11.0.3", "UID": "482a0eb7b5866ee1", "BOMRef": "pkg:npm/npm-pick-manifest@11.0.3" }, "Version": "11.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-pick-manifest/package.json", "Digest": "sha1:da8b96c28cd5be842555739920b3574061b88b89" }, { "ID": "npm-profile@12.0.0", "Name": "npm-profile", "Identifier": { "PURL": "pkg:npm/npm-profile@12.0.0", "UID": "7fab59e566810c01", "BOMRef": "pkg:npm/npm-profile@12.0.0" }, "Version": "12.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-profile/package.json", "Digest": "sha1:7155fdd4afd5c21a85e5dc3053223cabc74adbe3" }, { "ID": "npm-profile@12.0.1", "Name": "npm-profile", "Identifier": { "PURL": "pkg:npm/npm-profile@12.0.1", "UID": "ba4ec6bd71898528", "BOMRef": "pkg:npm/npm-profile@12.0.1" }, "Version": "12.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-profile/package.json", "Digest": "sha1:5097ede462b66fae69c6420d7f1812d9ecc24d93" }, { "ID": "npm-registry-fetch@19.0.0", "Name": "npm-registry-fetch", "Identifier": { "PURL": "pkg:npm/npm-registry-fetch@19.0.0", "UID": "aa33dc6f11cfada7", "BOMRef": "pkg:npm/npm-registry-fetch@19.0.0" }, "Version": "19.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-registry-fetch/package.json", "Digest": "sha1:0edbb1a41148f0056036fa3ebc0677a5bc70c323" }, { "ID": "npm-registry-fetch@19.1.1", "Name": "npm-registry-fetch", "Identifier": { "PURL": "pkg:npm/npm-registry-fetch@19.1.1", "UID": "9d02eeb1758d8fc0", "BOMRef": "pkg:npm/npm-registry-fetch@19.1.1" }, "Version": "19.1.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-registry-fetch/package.json", "Digest": "sha1:26d6a380dc0d9bf4e36329d53b453d4258834999" }, { "ID": "npm-user-validate@3.0.0", "Name": "npm-user-validate", "Identifier": { "PURL": "pkg:npm/npm-user-validate@3.0.0", "UID": "a168a1795561d82", "BOMRef": "pkg:npm/npm-user-validate@3.0.0" }, "Version": "3.0.0", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-user-validate/package.json", "Digest": "sha1:cfea52638093ceccf3bea4e6f09bd9370943e8de" }, { "ID": "npm-user-validate@4.0.0", "Name": "npm-user-validate", "Identifier": { "PURL": "pkg:npm/npm-user-validate@4.0.0", "UID": "c7bafa940f22d616", "BOMRef": "pkg:npm/npm-user-validate@4.0.0" }, "Version": "4.0.0", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/npm-user-validate/package.json", "Digest": "sha1:55bda8b4785869e477f5f02d1e9b0134bd86267f" }, { "ID": "p-map@7.0.3", "Name": "p-map", "Identifier": { "PURL": "pkg:npm/p-map@7.0.3", "UID": "28637e8f799f3", "BOMRef": "pkg:npm/p-map@7.0.3" }, "Version": "7.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/p-map/package.json", "Digest": "sha1:95eec87c2f7ed9f31ccd295eb97b9ce9d98c58ed" }, { "ID": "p-map@7.0.4", "Name": "p-map", "Identifier": { "PURL": "pkg:npm/p-map@7.0.4", "UID": "a38b93d213e0096d", "BOMRef": "pkg:npm/p-map@7.0.4" }, "Version": "7.0.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/p-map/package.json", "Digest": "sha1:f7afd4bd0f710b2b0c099a22a646cda6fb927688" }, { "ID": "package-json-from-dist@1.0.1", "Name": "package-json-from-dist", "Identifier": { "PURL": "pkg:npm/package-json-from-dist@1.0.1", "UID": "6d8628063c7e4c1c", "BOMRef": "pkg:npm/package-json-from-dist@1.0.1" }, "Version": "1.0.1", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/package-json-from-dist/package.json", "Digest": "sha1:d93947bd52021bb5f785613249e0e198a3b48025" }, { "ID": "pacote@21.0.3", "Name": "pacote", "Identifier": { "PURL": "pkg:npm/pacote@21.0.3", "UID": "f48b5549e5795882", "BOMRef": "pkg:npm/pacote@21.0.3" }, "Version": "21.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/pacote/package.json", "Digest": "sha1:f4552e8ac648d87bd73028f236910019c6ff9436" }, { "ID": "pacote@21.3.1", "Name": "pacote", "Identifier": { "PURL": "pkg:npm/pacote@21.3.1", "UID": "12ce948f6e8e6916", "BOMRef": "pkg:npm/pacote@21.3.1" }, "Version": "21.3.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/pacote/package.json", "Digest": "sha1:e6e7a519776b7db88ebe1360d1f23340492a4ab5" }, { "ID": "parse-conflict-json@4.0.0", "Name": "parse-conflict-json", "Identifier": { "PURL": "pkg:npm/parse-conflict-json@4.0.0", "UID": "ae367a2121b57d01", "BOMRef": "pkg:npm/parse-conflict-json@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/parse-conflict-json/package.json", "Digest": "sha1:8113361744ef993fc1945a13ab153adfe70513f8" }, { "ID": "parse-conflict-json@5.0.1", "Name": "parse-conflict-json", "Identifier": { "PURL": "pkg:npm/parse-conflict-json@5.0.1", "UID": "9442b8bc0620352d", "BOMRef": "pkg:npm/parse-conflict-json@5.0.1" }, "Version": "5.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/parse-conflict-json/package.json", "Digest": "sha1:9665d46107a1ad4846912f83ee204314dfe18f6a" }, { "ID": "path-key@3.1.1", "Name": "path-key", "Identifier": { "PURL": "pkg:npm/path-key@3.1.1", "UID": "4d17f60feb9471a7", "BOMRef": "pkg:npm/path-key@3.1.1" }, "Version": "3.1.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/path-key/package.json", "Digest": "sha1:f330c46f59dbdd92dddf8a2cfc2c1569b469bdd2" }, { "ID": "path-scurry@1.11.1", "Name": "path-scurry", "Identifier": { "PURL": "pkg:npm/path-scurry@1.11.1", "UID": "23ae18e86c9eabf6", "BOMRef": "pkg:npm/path-scurry@1.11.1" }, "Version": "1.11.1", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/path-scurry/package.json", "Digest": "sha1:57ceeacc9d50abbd7e370e6a697520cc0784baa6" }, { "ID": "path-scurry@2.0.0", "Name": "path-scurry", "Identifier": { "PURL": "pkg:npm/path-scurry@2.0.0", "UID": "eb3a9c3341d23f11", "BOMRef": "pkg:npm/path-scurry@2.0.0" }, "Version": "2.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/path-scurry/package.json", "Digest": "sha1:1c1e6249d24017c9e0c2791a82542960476a565d" }, { "ID": "path-scurry@2.0.1", "Name": "path-scurry", "Identifier": { "PURL": "pkg:npm/path-scurry@2.0.1", "UID": "203790a10c0291f", "BOMRef": "pkg:npm/path-scurry@2.0.1" }, "Version": "2.0.1", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/path-scurry/package.json", "Digest": "sha1:e76f88f36b2a9decd23e2a1635afba30de8f1809" }, { "ID": "picomatch@4.0.3", "Name": "picomatch", "Identifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "e6e6b08d137b8edd", "BOMRef": "eb9d9483-22c3-4eac-95dd-a58267613d34" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tinyglobby/node_modules/picomatch/package.json", "Digest": "sha1:d5b57c1efc38eb0545dbf3eaffe857ba94597f07" }, { "ID": "picomatch@4.0.3", "Name": "picomatch", "Identifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "b6beb9e0c10fc279", "BOMRef": "30d7707e-b04d-47d9-a2f0-e9a781e4567f" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tinyglobby/node_modules/picomatch/package.json", "Digest": "sha1:d5b57c1efc38eb0545dbf3eaffe857ba94597f07" }, { "ID": "postcss-selector-parser@7.1.0", "Name": "postcss-selector-parser", "Identifier": { "PURL": "pkg:npm/postcss-selector-parser@7.1.0", "UID": "9b1b5f3d9a18e4a2", "BOMRef": "pkg:npm/postcss-selector-parser@7.1.0" }, "Version": "7.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/postcss-selector-parser/package.json", "Digest": "sha1:f3dd4406c5202c089400fad7c71a0694fc8e85dc" }, { "ID": "postcss-selector-parser@7.1.1", "Name": "postcss-selector-parser", "Identifier": { "PURL": "pkg:npm/postcss-selector-parser@7.1.1", "UID": "edc285107215e473", "BOMRef": "pkg:npm/postcss-selector-parser@7.1.1" }, "Version": "7.1.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/postcss-selector-parser/package.json", "Digest": "sha1:97ad05d49550a0c52b32de253cc8fe8e6241b987" }, { "ID": "prisma@5.4.2", "Name": "prisma", "Identifier": { "PURL": "pkg:npm/prisma@5.4.2", "UID": "409b50ce507b02ac", "BOMRef": "pkg:npm/prisma@5.4.2" }, "Version": "5.4.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:cd77c707aafeb2199fdb1eae2a35630f2f23c5dfa9e7603989cf97adcaf2aae0", "DiffID": "sha256:d4eb42647d6e498ddde0bd8a58b126153aa4d0bebad463c61f2ded763d4594fe" }, "FilePath": "root/.cache/prisma-python/binaries/5.4.2/ac9d7041ed77bcc8a8dbd2ab6616b39013829574/node_modules/prisma/package.json", "Digest": "sha1:233149234d81830aa27b624c884739e1f8c7498b" }, { "ID": "prisma-binaries@1.0.0", "Name": "prisma-binaries", "Identifier": { "PURL": "pkg:npm/prisma-binaries@1.0.0", "UID": "df5b9085371c263e", "BOMRef": "pkg:npm/prisma-binaries@1.0.0" }, "Version": "1.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:cd77c707aafeb2199fdb1eae2a35630f2f23c5dfa9e7603989cf97adcaf2aae0", "DiffID": "sha256:d4eb42647d6e498ddde0bd8a58b126153aa4d0bebad463c61f2ded763d4594fe" }, "FilePath": "root/.cache/prisma-python/binaries/5.4.2/ac9d7041ed77bcc8a8dbd2ab6616b39013829574/package.json", "Digest": "sha1:13da9e1561789f778831c4ebefed1268d740601d" }, { "ID": "proc-log@5.0.0", "Name": "proc-log", "Identifier": { "PURL": "pkg:npm/proc-log@5.0.0", "UID": "e25ca36599a151e6", "BOMRef": "pkg:npm/proc-log@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/proc-log/package.json", "Digest": "sha1:ef77e00bb180e2d474ef8ec427d3ddb2dffe8b60" }, { "ID": "proc-log@6.1.0", "Name": "proc-log", "Identifier": { "PURL": "pkg:npm/proc-log@6.1.0", "UID": "7899d3b1776d22f9", "BOMRef": "pkg:npm/proc-log@6.1.0" }, "Version": "6.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/proc-log/package.json", "Digest": "sha1:1be791ec94791bad88368bd320e09768d19af950" }, { "ID": "proggy@3.0.0", "Name": "proggy", "Identifier": { "PURL": "pkg:npm/proggy@3.0.0", "UID": "2f6a7e917dbb3c17", "BOMRef": "pkg:npm/proggy@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/proggy/package.json", "Digest": "sha1:6760b8196686e9576f1031286d5dcfda786943bd" }, { "ID": "proggy@4.0.0", "Name": "proggy", "Identifier": { "PURL": "pkg:npm/proggy@4.0.0", "UID": "b984946c4c1b0f0b", "BOMRef": "pkg:npm/proggy@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/proggy/package.json", "Digest": "sha1:6561cfc6f2b76082d0bd2e5d7c63b4ef20fe8578" }, { "ID": "promise-all-reject-late@1.0.1", "Name": "promise-all-reject-late", "Identifier": { "PURL": "pkg:npm/promise-all-reject-late@1.0.1", "UID": "5b290e6337580897", "BOMRef": "7d5313bb-598b-424f-ac54-0c935a85e3cf" }, "Version": "1.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/promise-all-reject-late/package.json", "Digest": "sha1:c88aa929d83fb2bbf326f7c62103da6b8c48c4df" }, { "ID": "promise-all-reject-late@1.0.1", "Name": "promise-all-reject-late", "Identifier": { "PURL": "pkg:npm/promise-all-reject-late@1.0.1", "UID": "4cb361838d337998", "BOMRef": "01ca1085-f9c5-4ca0-afff-891ab1f558af" }, "Version": "1.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/promise-all-reject-late/package.json", "Digest": "sha1:c88aa929d83fb2bbf326f7c62103da6b8c48c4df" }, { "ID": "promise-call-limit@3.0.2", "Name": "promise-call-limit", "Identifier": { "PURL": "pkg:npm/promise-call-limit@3.0.2", "UID": "74bdb64f14633dd2", "BOMRef": "d225fd84-d207-4798-b480-d93e68b0b9a1" }, "Version": "3.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/promise-call-limit/package.json", "Digest": "sha1:27f3261a15e6ace571c3ad192e878cec1d9358c9" }, { "ID": "promise-call-limit@3.0.2", "Name": "promise-call-limit", "Identifier": { "PURL": "pkg:npm/promise-call-limit@3.0.2", "UID": "a24adaa104c73e40", "BOMRef": "971357d8-3ef0-4bcd-ac1a-1f82fcb1c02a" }, "Version": "3.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/promise-call-limit/package.json", "Digest": "sha1:27f3261a15e6ace571c3ad192e878cec1d9358c9" }, { "ID": "promise-retry@2.0.1", "Name": "promise-retry", "Identifier": { "PURL": "pkg:npm/promise-retry@2.0.1", "UID": "556bbdb61fcaed00", "BOMRef": "253c9923-7205-44df-95e7-b340bc3bde53" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/promise-retry/package.json", "Digest": "sha1:fc649cbedea73287db37a431e5761e9c0b4abca9" }, { "ID": "promise-retry@2.0.1", "Name": "promise-retry", "Identifier": { "PURL": "pkg:npm/promise-retry@2.0.1", "UID": "70b6a0b2366e6254", "BOMRef": "26095444-3e82-4af9-ac31-b6e32b44831c" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/promise-retry/package.json", "Digest": "sha1:fc649cbedea73287db37a431e5761e9c0b4abca9" }, { "ID": "promzard@2.0.0", "Name": "promzard", "Identifier": { "PURL": "pkg:npm/promzard@2.0.0", "UID": "29d43bfdea2ebd3c", "BOMRef": "pkg:npm/promzard@2.0.0" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/promzard/package.json", "Digest": "sha1:0907f5a36bfb56f2e11b39ed343ca6296e7a514d" }, { "ID": "promzard@3.0.1", "Name": "promzard", "Identifier": { "PURL": "pkg:npm/promzard@3.0.1", "UID": "82684894698bcd8e", "BOMRef": "pkg:npm/promzard@3.0.1" }, "Version": "3.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/promzard/package.json", "Digest": "sha1:cf40b5b5f6e3f70b866ca5d7fe08e00aae1bc33c" }, { "ID": "qrcode-terminal@0.12.0", "Name": "qrcode-terminal", "Identifier": { "PURL": "pkg:npm/qrcode-terminal@0.12.0", "UID": "41c8dc6d66af62bc", "BOMRef": "5fed6e6b-03fe-4252-9de2-3b2ec671a739" }, "Version": "0.12.0", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/qrcode-terminal/package.json", "Digest": "sha1:4a84ac3decfe9f31da851b98dedd698f935b83bc" }, { "ID": "qrcode-terminal@0.12.0", "Name": "qrcode-terminal", "Identifier": { "PURL": "pkg:npm/qrcode-terminal@0.12.0", "UID": "78e8e3fa7683c89a", "BOMRef": "c07349b9-e210-426b-b41b-a62bc9580e58" }, "Version": "0.12.0", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/qrcode-terminal/package.json", "Digest": "sha1:4a84ac3decfe9f31da851b98dedd698f935b83bc" }, { "ID": "read@4.1.0", "Name": "read", "Identifier": { "PURL": "pkg:npm/read@4.1.0", "UID": "5b1b60af972221cb", "BOMRef": "pkg:npm/read@4.1.0" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/read/package.json", "Digest": "sha1:537319f6c0eeaf2b59bae777fbda32e5bbce89ff" }, { "ID": "read@5.0.1", "Name": "read", "Identifier": { "PURL": "pkg:npm/read@5.0.1", "UID": "1c4b0cc74cd0016c", "BOMRef": "pkg:npm/read@5.0.1" }, "Version": "5.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/read/package.json", "Digest": "sha1:202675a6008d164feb9732ab21970a1977d40693" }, { "ID": "read-cmd-shim@5.0.0", "Name": "read-cmd-shim", "Identifier": { "PURL": "pkg:npm/read-cmd-shim@5.0.0", "UID": "c64c5fb2f4f6c007", "BOMRef": "pkg:npm/read-cmd-shim@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/read-cmd-shim/package.json", "Digest": "sha1:3ad7a2af8954f4df2e9ee3e8af8897fb9a49e894" }, { "ID": "read-cmd-shim@6.0.0", "Name": "read-cmd-shim", "Identifier": { "PURL": "pkg:npm/read-cmd-shim@6.0.0", "UID": "a0865a261f41fc42", "BOMRef": "pkg:npm/read-cmd-shim@6.0.0" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/read-cmd-shim/package.json", "Digest": "sha1:bb22c7694960e98b244d220ac92c31f556b9a454" }, { "ID": "retry@0.12.0", "Name": "retry", "Identifier": { "PURL": "pkg:npm/retry@0.12.0", "UID": "968432c88f482bd0", "BOMRef": "c362dfb4-5541-4b7a-b719-639611f7a462" }, "Version": "0.12.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/retry/package.json", "Digest": "sha1:10dd0941e4e65c436c4f7111efdb1679c966c478" }, { "ID": "retry@0.12.0", "Name": "retry", "Identifier": { "PURL": "pkg:npm/retry@0.12.0", "UID": "bde45471e3d045e9", "BOMRef": "433ec62c-f034-4b02-9bcc-c03f8aa2f58e" }, "Version": "0.12.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/retry/package.json", "Digest": "sha1:10dd0941e4e65c436c4f7111efdb1679c966c478" }, { "ID": "safer-buffer@2.1.2", "Name": "safer-buffer", "Identifier": { "PURL": "pkg:npm/safer-buffer@2.1.2", "UID": "147eb70d0734eeba", "BOMRef": "a4d8fdae-3327-4b3e-a032-fb3047f385c6" }, "Version": "2.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/safer-buffer/package.json", "Digest": "sha1:5ed0fab8e5cac53e4d072acbd82fca9be08f5e67" }, { "ID": "safer-buffer@2.1.2", "Name": "safer-buffer", "Identifier": { "PURL": "pkg:npm/safer-buffer@2.1.2", "UID": "b36498fceb5cf8b2", "BOMRef": "146d73a5-4821-46e7-bd2d-0c3ed25448de" }, "Version": "2.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/safer-buffer/package.json", "Digest": "sha1:5ed0fab8e5cac53e4d072acbd82fca9be08f5e67" }, { "ID": "semver@7.7.3", "Name": "semver", "Identifier": { "PURL": "pkg:npm/semver@7.7.3", "UID": "97f15e01618254c4", "BOMRef": "pkg:npm/semver@7.7.3" }, "Version": "7.7.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/semver/package.json", "Digest": "sha1:8b79d46abe6fc320567c34edb59ab3f88ed2f581" }, { "ID": "semver@7.7.4", "Name": "semver", "Identifier": { "PURL": "pkg:npm/semver@7.7.4", "UID": "e29594522c3214c1", "BOMRef": "pkg:npm/semver@7.7.4" }, "Version": "7.7.4", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/semver/package.json", "Digest": "sha1:d9596b0dfd52092ec49e20d3e586feaeb5d47ffb" }, { "ID": "shebang-command@2.0.0", "Name": "shebang-command", "Identifier": { "PURL": "pkg:npm/shebang-command@2.0.0", "UID": "2ec8f5e921365c2a", "BOMRef": "pkg:npm/shebang-command@2.0.0" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/shebang-command/package.json", "Digest": "sha1:2e2395a2e489846382e5cefdf011dcd7cacb82a5" }, { "ID": "shebang-regex@3.0.0", "Name": "shebang-regex", "Identifier": { "PURL": "pkg:npm/shebang-regex@3.0.0", "UID": "fb558ea3a2c959a9", "BOMRef": "pkg:npm/shebang-regex@3.0.0" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/shebang-regex/package.json", "Digest": "sha1:4c10640951d12ad418aa40c29b550fdfe3d2567a" }, { "ID": "signal-exit@4.1.0", "Name": "signal-exit", "Identifier": { "PURL": "pkg:npm/signal-exit@4.1.0", "UID": "ee517f38b6fc9cce", "BOMRef": "a38a6dc1-8539-441f-8d00-718bfe6fe546" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/signal-exit/package.json", "Digest": "sha1:7ed47a76d7f1a65c0920cbf3d9f09c4adb9cc961" }, { "ID": "signal-exit@4.1.0", "Name": "signal-exit", "Identifier": { "PURL": "pkg:npm/signal-exit@4.1.0", "UID": "a662685ee2ae59e7", "BOMRef": "59e54140-dee8-40c8-94d8-6e06a1d69ea8" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/signal-exit/package.json", "Digest": "sha1:7ed47a76d7f1a65c0920cbf3d9f09c4adb9cc961" }, { "ID": "sigstore@4.0.0", "Name": "sigstore", "Identifier": { "PURL": "pkg:npm/sigstore@4.0.0", "UID": "2adde27e7598c7d1", "BOMRef": "pkg:npm/sigstore@4.0.0" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/sigstore/package.json", "Digest": "sha1:1c44f720163162fc2718c509f7d62ffb85c37f04" }, { "ID": "sigstore@4.1.0", "Name": "sigstore", "Identifier": { "PURL": "pkg:npm/sigstore@4.1.0", "UID": "8c1b64319e2dc432", "BOMRef": "pkg:npm/sigstore@4.1.0" }, "Version": "4.1.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/sigstore/package.json", "Digest": "sha1:a0a695a5c6df89e050ae2802dad080b0dd66e986" }, { "ID": "smart-buffer@4.2.0", "Name": "smart-buffer", "Identifier": { "PURL": "pkg:npm/smart-buffer@4.2.0", "UID": "edb78d50f126965f", "BOMRef": "72922879-f3ce-445c-b235-cebbe054e620" }, "Version": "4.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/smart-buffer/package.json", "Digest": "sha1:a9db89be9421029bd73baf8199042a08253a0b59" }, { "ID": "smart-buffer@4.2.0", "Name": "smart-buffer", "Identifier": { "PURL": "pkg:npm/smart-buffer@4.2.0", "UID": "efa2102f762a4aa9", "BOMRef": "5cdb8a3e-6fc7-49d2-9c25-e5bae6b5a588" }, "Version": "4.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/smart-buffer/package.json", "Digest": "sha1:a9db89be9421029bd73baf8199042a08253a0b59" }, { "ID": "socks@2.8.7", "Name": "socks", "Identifier": { "PURL": "pkg:npm/socks@2.8.7", "UID": "5599e1d514427d26", "BOMRef": "aa465d60-e9e1-4f9c-8115-2f3af4e6a7f8" }, "Version": "2.8.7", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/socks/package.json", "Digest": "sha1:c92d113f3614e8c725fc4de50c3312bdcde18258" }, { "ID": "socks@2.8.7", "Name": "socks", "Identifier": { "PURL": "pkg:npm/socks@2.8.7", "UID": "c084716886b79f7e", "BOMRef": "714d7a5a-3b0b-4ac5-a646-ab4b941f46b0" }, "Version": "2.8.7", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/socks/package.json", "Digest": "sha1:c92d113f3614e8c725fc4de50c3312bdcde18258" }, { "ID": "socks-proxy-agent@8.0.5", "Name": "socks-proxy-agent", "Identifier": { "PURL": "pkg:npm/socks-proxy-agent@8.0.5", "UID": "c6862c76235374f4", "BOMRef": "51b7cd53-47ad-43c9-ab16-e233305e50b9" }, "Version": "8.0.5", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/socks-proxy-agent/package.json", "Digest": "sha1:a52f0cff949fd82f9e42d4214d2917964d7a9bdb" }, { "ID": "socks-proxy-agent@8.0.5", "Name": "socks-proxy-agent", "Identifier": { "PURL": "pkg:npm/socks-proxy-agent@8.0.5", "UID": "cadd20b63512cb4e", "BOMRef": "7bcae688-9147-4be0-b1ff-b4a4da960e03" }, "Version": "8.0.5", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/socks-proxy-agent/package.json", "Digest": "sha1:a52f0cff949fd82f9e42d4214d2917964d7a9bdb" }, { "ID": "spdx-correct@3.2.0", "Name": "spdx-correct", "Identifier": { "PURL": "pkg:npm/spdx-correct@3.2.0", "UID": "506c53ecffe702a7", "BOMRef": "4da8b49e-6028-4509-a671-f265ac87fd4d" }, "Version": "3.2.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/spdx-correct/package.json", "Digest": "sha1:a7a8f7467469c676a88934b972d08c03c9a4b7b4" }, { "ID": "spdx-correct@3.2.0", "Name": "spdx-correct", "Identifier": { "PURL": "pkg:npm/spdx-correct@3.2.0", "UID": "a3b18debcdb78303", "BOMRef": "caaa9e9a-1310-4a41-a3f8-108c1bbd9dbe" }, "Version": "3.2.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/spdx-correct/package.json", "Digest": "sha1:a7a8f7467469c676a88934b972d08c03c9a4b7b4" }, { "ID": "spdx-exceptions@2.5.0", "Name": "spdx-exceptions", "Identifier": { "PURL": "pkg:npm/spdx-exceptions@2.5.0", "UID": "72f218fed5cf40c2", "BOMRef": "4e10a318-e2fa-4c05-9b1e-9d0d03cd8d29" }, "Version": "2.5.0", "Licenses": [ "CC-BY-3.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/spdx-exceptions/package.json", "Digest": "sha1:0f731ec5551fde840e6213e20cd9fbdc53468290" }, { "ID": "spdx-exceptions@2.5.0", "Name": "spdx-exceptions", "Identifier": { "PURL": "pkg:npm/spdx-exceptions@2.5.0", "UID": "84f83903b3b532b8", "BOMRef": "7e87a1f6-e16c-4b5c-b66b-d94ca49e89f4" }, "Version": "2.5.0", "Licenses": [ "CC-BY-3.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/spdx-exceptions/package.json", "Digest": "sha1:0f731ec5551fde840e6213e20cd9fbdc53468290" }, { "ID": "spdx-expression-parse@3.0.1", "Name": "spdx-expression-parse", "Identifier": { "PURL": "pkg:npm/spdx-expression-parse@3.0.1", "UID": "7907b5ea1be896ad", "BOMRef": "71a505dd-f6e5-4434-9d04-fd4855773fe5" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/spdx-correct/node_modules/spdx-expression-parse/package.json", "Digest": "sha1:72082a3e9d4efe5a06c914b7ffa738f35b550ffb" }, { "ID": "spdx-expression-parse@3.0.1", "Name": "spdx-expression-parse", "Identifier": { "PURL": "pkg:npm/spdx-expression-parse@3.0.1", "UID": "b9a01355c64018c", "BOMRef": "66b6212c-48a1-4c70-b4a8-32539780de2a" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/package.json", "Digest": "sha1:72082a3e9d4efe5a06c914b7ffa738f35b550ffb" }, { "ID": "spdx-expression-parse@3.0.1", "Name": "spdx-expression-parse", "Identifier": { "PURL": "pkg:npm/spdx-expression-parse@3.0.1", "UID": "17dc351f9063f4c5", "BOMRef": "9c44d7e3-6c66-4f8d-8cf3-b7259e9a6bfd" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/spdx-correct/node_modules/spdx-expression-parse/package.json", "Digest": "sha1:72082a3e9d4efe5a06c914b7ffa738f35b550ffb" }, { "ID": "spdx-expression-parse@3.0.1", "Name": "spdx-expression-parse", "Identifier": { "PURL": "pkg:npm/spdx-expression-parse@3.0.1", "UID": "73ac20fa8ed82b6d", "BOMRef": "e6fa9b2d-e454-486b-ab86-27f34a1c7ab5" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/package.json", "Digest": "sha1:72082a3e9d4efe5a06c914b7ffa738f35b550ffb" }, { "ID": "spdx-expression-parse@4.0.0", "Name": "spdx-expression-parse", "Identifier": { "PURL": "pkg:npm/spdx-expression-parse@4.0.0", "UID": "b88318f2e7a5e03c", "BOMRef": "ee20011c-d3f6-4ab7-94ba-d9915604eb18" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/spdx-expression-parse/package.json", "Digest": "sha1:3f1b1059652d04327b6b0513080e242935399c30" }, { "ID": "spdx-expression-parse@4.0.0", "Name": "spdx-expression-parse", "Identifier": { "PURL": "pkg:npm/spdx-expression-parse@4.0.0", "UID": "8d4182c1216593d5", "BOMRef": "ffd8b2cd-8d3a-40b9-936d-6b1cd7c3815c" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/spdx-expression-parse/package.json", "Digest": "sha1:3f1b1059652d04327b6b0513080e242935399c30" }, { "ID": "spdx-license-ids@3.0.22", "Name": "spdx-license-ids", "Identifier": { "PURL": "pkg:npm/spdx-license-ids@3.0.22", "UID": "72dd11b73957eb08", "BOMRef": "090d878d-82b5-4a77-bb15-0fb60bca4126" }, "Version": "3.0.22", "Licenses": [ "CC0-1.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/spdx-license-ids/package.json", "Digest": "sha1:0c921a3dffa4e1c2bcfdf3559a7c1713090b08f2" }, { "ID": "spdx-license-ids@3.0.22", "Name": "spdx-license-ids", "Identifier": { "PURL": "pkg:npm/spdx-license-ids@3.0.22", "UID": "183db9fcad99cba4", "BOMRef": "0843f2c9-4234-487d-9a65-903eaf87b21b" }, "Version": "3.0.22", "Licenses": [ "CC0-1.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/spdx-license-ids/package.json", "Digest": "sha1:0c921a3dffa4e1c2bcfdf3559a7c1713090b08f2" }, { "ID": "ssri@12.0.0", "Name": "ssri", "Identifier": { "PURL": "pkg:npm/ssri@12.0.0", "UID": "160227b52ba604e3", "BOMRef": "pkg:npm/ssri@12.0.0" }, "Version": "12.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ssri/package.json", "Digest": "sha1:203926d505f969e44375e6a40942ce43ae490f44" }, { "ID": "ssri@13.0.1", "Name": "ssri", "Identifier": { "PURL": "pkg:npm/ssri@13.0.1", "UID": "6217b476801c662c", "BOMRef": "pkg:npm/ssri@13.0.1" }, "Version": "13.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/ssri/package.json", "Digest": "sha1:c91b5cd4329cb25896064409cb45f2428e32f239" }, { "ID": "string-width@4.2.3", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@4.2.3", "UID": "3d3832dc753e68d4", "BOMRef": "2bb2501c-2efd-45f6-84c2-0ba0e41347fa" }, "Version": "4.2.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/string-width-cjs/package.json", "Digest": "sha1:a5306c15bba6cb123d9f061ca85eb56576c6638f" }, { "ID": "string-width@4.2.3", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@4.2.3", "UID": "e7cea2b6f9a55408", "BOMRef": "57ea307f-a8ef-4156-b70a-b017e6a46427" }, "Version": "4.2.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/string-width/package.json", "Digest": "sha1:a5306c15bba6cb123d9f061ca85eb56576c6638f" }, { "ID": "string-width@4.2.3", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@4.2.3", "UID": "97e1908da774b3ba", "BOMRef": "138c9db3-aa32-47ce-acae-9690f788e4df" }, "Version": "4.2.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/string-width/package.json", "Digest": "sha1:a5306c15bba6cb123d9f061ca85eb56576c6638f" }, { "ID": "string-width@5.1.2", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@5.1.2", "UID": "ce1fa79736944571", "BOMRef": "6f0b8211-7653-44aa-ac88-b68e3e3f151d" }, "Version": "5.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/cliui/node_modules/string-width/package.json", "Digest": "sha1:53ae7a1b3953e86624927fec8421d453d9c88e41" }, { "ID": "string-width@5.1.2", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@5.1.2", "UID": "f825b28bb39eb30f", "BOMRef": "782db2ac-9dde-4780-9e80-8f817b765882" }, "Version": "5.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi/node_modules/string-width/package.json", "Digest": "sha1:53ae7a1b3953e86624927fec8421d453d9c88e41" }, { "ID": "strip-ansi@6.0.1", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@6.0.1", "UID": "f6fecdde0b0213cb", "BOMRef": "ddad6851-4ef2-478e-a719-8d85f6ee2a0a" }, "Version": "6.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/strip-ansi-cjs/package.json", "Digest": "sha1:892d549c672831716abe655f087946d2644f2852" }, { "ID": "strip-ansi@6.0.1", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@6.0.1", "UID": "ee36000f99c6fcf", "BOMRef": "6ede8cb8-4cfa-4a9f-b799-101f95bb53fc" }, "Version": "6.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/strip-ansi/package.json", "Digest": "sha1:892d549c672831716abe655f087946d2644f2852" }, { "ID": "strip-ansi@6.0.1", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@6.0.1", "UID": "6f66bafd98241f8a", "BOMRef": "3a30656b-a764-4268-a541-ca47907e0463" }, "Version": "6.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/strip-ansi/package.json", "Digest": "sha1:892d549c672831716abe655f087946d2644f2852" }, { "ID": "strip-ansi@7.1.2", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@7.1.2", "UID": "6c75f7a57d3a534f", "BOMRef": "efaeccdc-6199-4fd9-8bb9-f8aaabeded29" }, "Version": "7.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi/package.json", "Digest": "sha1:89245990c45fdb9b9621796ada7340fff927507a" }, { "ID": "strip-ansi@7.1.2", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@7.1.2", "UID": "170b8ab430ec34d6", "BOMRef": "e803bb29-1fcd-4deb-9bef-e9f8293c6b59" }, "Version": "7.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi/node_modules/strip-ansi/package.json", "Digest": "sha1:89245990c45fdb9b9621796ada7340fff927507a" }, { "ID": "supports-color@10.2.2", "Name": "supports-color", "Identifier": { "PURL": "pkg:npm/supports-color@10.2.2", "UID": "ab383eff971089eb", "BOMRef": "50d01564-48d0-4f88-ab0f-6f69316da781" }, "Version": "10.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/supports-color/package.json", "Digest": "sha1:ba4fdcabc29b4cd931da15c51981f96731bd1b1e" }, { "ID": "supports-color@10.2.2", "Name": "supports-color", "Identifier": { "PURL": "pkg:npm/supports-color@10.2.2", "UID": "45a44481c6efb368", "BOMRef": "129890c4-bd3b-4250-be44-de791b9ddbca" }, "Version": "10.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/supports-color/package.json", "Digest": "sha1:ba4fdcabc29b4cd931da15c51981f96731bd1b1e" }, { "ID": "tar@7.5.1", "Name": "tar", "Identifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "e8e6868977c9a5db", "BOMRef": "pkg:npm/tar@7.5.1" }, "Version": "7.5.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "Digest": "sha1:52eb40b4302177cfc878a983347577a800995b8d" }, { "ID": "tar@7.5.7", "Name": "tar", "Identifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "e23451cb9b9e2b30", "BOMRef": "80e2188a-0eac-444d-8a6b-2a52d643425b" }, "Version": "7.5.7", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tar/package.json", "Digest": "sha1:2a5efd7b31120ccdaedae4ddbdc00b38cbd7295b" }, { "ID": "tar@7.5.7", "Name": "tar", "Identifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "a1d320d076cbed7", "BOMRef": "66f01f3c-f16f-4fa7-95f6-3cae233bb72d" }, "Version": "7.5.7", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/tar/package.json", "Digest": "sha1:2a5efd7b31120ccdaedae4ddbdc00b38cbd7295b" }, { "ID": "text-table@0.2.0", "Name": "text-table", "Identifier": { "PURL": "pkg:npm/text-table@0.2.0", "UID": "6d45f6d54e358a5c", "BOMRef": "cdc4ab9c-8f9c-42e5-b401-8904abdc15a1" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/text-table/package.json", "Digest": "sha1:f63faee888ad065881dff49fc3e3de8ac57b2ae2" }, { "ID": "text-table@0.2.0", "Name": "text-table", "Identifier": { "PURL": "pkg:npm/text-table@0.2.0", "UID": "d457964a8d1f0638", "BOMRef": "6de1c438-a60c-4860-ae47-dd8e4df8d728" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/text-table/package.json", "Digest": "sha1:f63faee888ad065881dff49fc3e3de8ac57b2ae2" }, { "ID": "tiny-relative-date@2.0.2", "Name": "tiny-relative-date", "Identifier": { "PURL": "pkg:npm/tiny-relative-date@2.0.2", "UID": "3baf48735ba96927", "BOMRef": "e7e4641d-5641-4c57-93a8-51170c9a7c62" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tiny-relative-date/package.json", "Digest": "sha1:120561f313d4901b1dc03b2594ecc45cfe2ad550" }, { "ID": "tiny-relative-date@2.0.2", "Name": "tiny-relative-date", "Identifier": { "PURL": "pkg:npm/tiny-relative-date@2.0.2", "UID": "910d0014dc0a851c", "BOMRef": "ba08f247-31a3-444c-b384-99e0f1fac8c0" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tiny-relative-date/package.json", "Digest": "sha1:120561f313d4901b1dc03b2594ecc45cfe2ad550" }, { "ID": "tinyglobby@0.2.15", "Name": "tinyglobby", "Identifier": { "PURL": "pkg:npm/tinyglobby@0.2.15", "UID": "d493a087617ec755", "BOMRef": "8d6c4c69-2554-4295-a2e2-1b15b73513f4" }, "Version": "0.2.15", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tinyglobby/package.json", "Digest": "sha1:811354c5cc4a6c4f64899ed3fcd9f91a7a36e857" }, { "ID": "tinyglobby@0.2.15", "Name": "tinyglobby", "Identifier": { "PURL": "pkg:npm/tinyglobby@0.2.15", "UID": "b76a4c0ab02110e0", "BOMRef": "35053d50-e908-4e01-9192-0608e885f033" }, "Version": "0.2.15", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tinyglobby/package.json", "Digest": "sha1:811354c5cc4a6c4f64899ed3fcd9f91a7a36e857" }, { "ID": "treeverse@3.0.0", "Name": "treeverse", "Identifier": { "PURL": "pkg:npm/treeverse@3.0.0", "UID": "4352415d03350e71", "BOMRef": "12df3e13-6fc1-44f7-b5fa-f8b06e88d976" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/treeverse/package.json", "Digest": "sha1:83653dcf5b0c581f485febcbeb9152176632bed0" }, { "ID": "treeverse@3.0.0", "Name": "treeverse", "Identifier": { "PURL": "pkg:npm/treeverse@3.0.0", "UID": "43735ab7b15ce975", "BOMRef": "550fe7b6-31ce-433e-8bf9-bcc4133d97d4" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/treeverse/package.json", "Digest": "sha1:83653dcf5b0c581f485febcbeb9152176632bed0" }, { "ID": "tuf-js@4.0.0", "Name": "tuf-js", "Identifier": { "PURL": "pkg:npm/tuf-js@4.0.0", "UID": "3d947c28c054268a", "BOMRef": "pkg:npm/tuf-js@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tuf-js/package.json", "Digest": "sha1:74435c57b1bedbd99b226ec5e271676d2301e4a7" }, { "ID": "tuf-js@4.1.0", "Name": "tuf-js", "Identifier": { "PURL": "pkg:npm/tuf-js@4.1.0", "UID": "5f3618b9f4cdea58", "BOMRef": "pkg:npm/tuf-js@4.1.0" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tuf-js/package.json", "Digest": "sha1:43aa062b744de4a123e714337d05adaa483ceed1" }, { "ID": "unique-filename@4.0.0", "Name": "unique-filename", "Identifier": { "PURL": "pkg:npm/unique-filename@4.0.0", "UID": "4f573d4b1f4501d", "BOMRef": "pkg:npm/unique-filename@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/unique-filename/package.json", "Digest": "sha1:7ab7ef7fed369084e86d0800e1861115c3ff1bcd" }, { "ID": "unique-filename@5.0.0", "Name": "unique-filename", "Identifier": { "PURL": "pkg:npm/unique-filename@5.0.0", "UID": "338bf9f145c47ebb", "BOMRef": "pkg:npm/unique-filename@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/unique-filename/package.json", "Digest": "sha1:6450c655c66643d252cdc98fc3c413fda26dfeee" }, { "ID": "unique-slug@5.0.0", "Name": "unique-slug", "Identifier": { "PURL": "pkg:npm/unique-slug@5.0.0", "UID": "75d939291eb749e", "BOMRef": "pkg:npm/unique-slug@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/unique-slug/package.json", "Digest": "sha1:6bfb7b3e3ad92a208217828bc65a87369999d06f" }, { "ID": "unique-slug@6.0.0", "Name": "unique-slug", "Identifier": { "PURL": "pkg:npm/unique-slug@6.0.0", "UID": "837ae0f947ce5ad7", "BOMRef": "pkg:npm/unique-slug@6.0.0" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/unique-slug/package.json", "Digest": "sha1:8e5c78d6e2c33153024c55a1d4d1730592e3915c" }, { "ID": "util-deprecate@1.0.2", "Name": "util-deprecate", "Identifier": { "PURL": "pkg:npm/util-deprecate@1.0.2", "UID": "b9ede8343e1b5316", "BOMRef": "48cf75eb-9cec-443a-a551-7ef6b0a75eee" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/util-deprecate/package.json", "Digest": "sha1:2e69081e7bab6e09d3dcfd680716fdeea577431d" }, { "ID": "util-deprecate@1.0.2", "Name": "util-deprecate", "Identifier": { "PURL": "pkg:npm/util-deprecate@1.0.2", "UID": "c7886c379a4629bf", "BOMRef": "0d80ac57-a21d-4ffd-ad22-fbf6f50a6598" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/util-deprecate/package.json", "Digest": "sha1:2e69081e7bab6e09d3dcfd680716fdeea577431d" }, { "ID": "validate-npm-package-license@3.0.4", "Name": "validate-npm-package-license", "Identifier": { "PURL": "pkg:npm/validate-npm-package-license@3.0.4", "UID": "3d2266eb80ba98e2", "BOMRef": "58c79be5-8284-432e-b548-28f27e72c3ff" }, "Version": "3.0.4", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/validate-npm-package-license/package.json", "Digest": "sha1:a938b65349aed1eb3852d98dc1a8431209faf99f" }, { "ID": "validate-npm-package-license@3.0.4", "Name": "validate-npm-package-license", "Identifier": { "PURL": "pkg:npm/validate-npm-package-license@3.0.4", "UID": "fb4e14c694e141c7", "BOMRef": "d8e383ce-5ea5-49a7-aa22-c75a741f6ae7" }, "Version": "3.0.4", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/validate-npm-package-license/package.json", "Digest": "sha1:a938b65349aed1eb3852d98dc1a8431209faf99f" }, { "ID": "validate-npm-package-name@6.0.2", "Name": "validate-npm-package-name", "Identifier": { "PURL": "pkg:npm/validate-npm-package-name@6.0.2", "UID": "a44f14dd5e1f6506", "BOMRef": "pkg:npm/validate-npm-package-name@6.0.2" }, "Version": "6.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/validate-npm-package-name/package.json", "Digest": "sha1:ed64b84be51c4d073f850831c7f9eaf3f0de6de6" }, { "ID": "validate-npm-package-name@7.0.2", "Name": "validate-npm-package-name", "Identifier": { "PURL": "pkg:npm/validate-npm-package-name@7.0.2", "UID": "6e4b098a3b5872c1", "BOMRef": "pkg:npm/validate-npm-package-name@7.0.2" }, "Version": "7.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/validate-npm-package-name/package.json", "Digest": "sha1:38514b39ec296f38677d2be6f15d799756de778e" }, { "ID": "walk-up-path@4.0.0", "Name": "walk-up-path", "Identifier": { "PURL": "pkg:npm/walk-up-path@4.0.0", "UID": "8670ecbbd408b3e6", "BOMRef": "441a7a7d-6463-4798-9957-1d3e26487f0e" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/walk-up-path/package.json", "Digest": "sha1:5d1d771c0f7a60316cd0d039f38a9e6ce3b08b44" }, { "ID": "walk-up-path@4.0.0", "Name": "walk-up-path", "Identifier": { "PURL": "pkg:npm/walk-up-path@4.0.0", "UID": "f7cee923017d9d16", "BOMRef": "99690de5-60df-4591-907c-e070fbcd407d" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/walk-up-path/package.json", "Digest": "sha1:5d1d771c0f7a60316cd0d039f38a9e6ce3b08b44" }, { "ID": "which@2.0.2", "Name": "which", "Identifier": { "PURL": "pkg:npm/which@2.0.2", "UID": "4a052a7f4e8153c8", "BOMRef": "pkg:npm/which@2.0.2" }, "Version": "2.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cross-spawn/node_modules/which/package.json", "Digest": "sha1:402837c5ba60f95b309957adc4657b8fe4fb1f05" }, { "ID": "which@5.0.0", "Name": "which", "Identifier": { "PURL": "pkg:npm/which@5.0.0", "UID": "1165b49d37665f63", "BOMRef": "pkg:npm/which@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/which/package.json", "Digest": "sha1:519f542417e96085fb8a1ad8d7a0f913155b5e56" }, { "ID": "which@6.0.1", "Name": "which", "Identifier": { "PURL": "pkg:npm/which@6.0.1", "UID": "11fbd07f0d3d2a7a", "BOMRef": "pkg:npm/which@6.0.1" }, "Version": "6.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/which/package.json", "Digest": "sha1:a4c4ac6aa9af226fc930104916a5f7cfd26f230c" }, { "ID": "wrap-ansi@7.0.0", "Name": "wrap-ansi", "Identifier": { "PURL": "pkg:npm/wrap-ansi@7.0.0", "UID": "ffd33632dca12955", "BOMRef": "pkg:npm/wrap-ansi@7.0.0" }, "Version": "7.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi-cjs/package.json", "Digest": "sha1:3442b7381f1b431861a986d8cdf144ced299db29" }, { "ID": "wrap-ansi@8.1.0", "Name": "wrap-ansi", "Identifier": { "PURL": "pkg:npm/wrap-ansi@8.1.0", "UID": "3646d706dde6536c", "BOMRef": "pkg:npm/wrap-ansi@8.1.0" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi/package.json", "Digest": "sha1:c14f366cb2c71b662f7edb2dcf7370a513fc641f" }, { "ID": "write-file-atomic@6.0.0", "Name": "write-file-atomic", "Identifier": { "PURL": "pkg:npm/write-file-atomic@6.0.0", "UID": "60aaea4a06b79705", "BOMRef": "pkg:npm/write-file-atomic@6.0.0" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/write-file-atomic/package.json", "Digest": "sha1:46f2584772ee8056a9e471fdec44718b3645c7f4" }, { "ID": "write-file-atomic@7.0.0", "Name": "write-file-atomic", "Identifier": { "PURL": "pkg:npm/write-file-atomic@7.0.0", "UID": "7e9d3bd7858b1214", "BOMRef": "pkg:npm/write-file-atomic@7.0.0" }, "Version": "7.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/write-file-atomic/package.json", "Digest": "sha1:a38060379c27d419714e1e0d4f9397aa3ca9a238" }, { "ID": "yallist@4.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@4.0.0", "UID": "4adacca89ad9bacb", "BOMRef": "6c396f26-7541-41da-b619-fc5e9a96d60f" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/yallist/package.json", "Digest": "sha1:d6a16b480cbd582f969b3d0ed89a157316268d10" }, { "ID": "yallist@4.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@4.0.0", "UID": "6ec5652b73176cb6", "BOMRef": "87931390-9980-42a9-ab89-f8f3dcd52d7c" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/yallist/package.json", "Digest": "sha1:d6a16b480cbd582f969b3d0ed89a157316268d10" }, { "ID": "yallist@5.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@5.0.0", "UID": "cec530be752aa87d", "BOMRef": "33629010-df19-4ea6-8b44-95bea6369cba" }, "Version": "5.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/node_modules/yallist/package.json", "Digest": "sha1:4eaebb818148fd3bcc27e1aef2d88497999f675e" }, { "ID": "yallist@5.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@5.0.0", "UID": "51e0c0f9f2c6cb4b", "BOMRef": "3e03754d-cb2e-4b68-b6b2-59b468408228" }, "Version": "5.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/npm/node_modules/tar/node_modules/yallist/package.json", "Digest": "sha1:4eaebb818148fd3bcc27e1aef2d88497999f675e" }, { "ID": "yallist@5.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@5.0.0", "UID": "6adaf83d730cd7a8", "BOMRef": "523076f4-26cc-4df0-af87-1d7ad76e3a76" }, "Version": "5.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "FilePath": "usr/local/lib/node_modules/tar/node_modules/yallist/package.json", "Digest": "sha1:4eaebb818148fd3bcc27e1aef2d88497999f675e" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-25547", "VendorIDs": [ "GHSA-7h2j-956f-4vf2" ], "PkgID": "@isaacs/brace-expansion@5.0.0", "PkgName": "@isaacs/brace-expansion", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/brace-expansion/package.json", "PkgIdentifier": { "PURL": "pkg:npm/%40isaacs/brace-expansion@5.0.0", "UID": "c76b46ad350684da", "BOMRef": "pkg:npm/%40isaacs/brace-expansion@5.0.0" }, "InstalledVersion": "5.0.0", "FixedVersion": "5.0.1", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25547", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:8c9fec9f313dde9febd2d029e81417290d3c5c72d5378920794ba43aea0cbe5a", "Title": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion", "Description": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-25547", "https://github.com/isaacs/brace-expansion", "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2", "https://nvd.nist.gov/vuln/detail/CVE-2026-25547", "https://www.cve.org/CVERecord?id=CVE-2026-25547" ], "PublishedDate": "2026-02-04T22:16:00.813Z", "LastModifiedDate": "2026-02-05T14:57:20.563Z" }, { "VulnerabilityID": "CVE-2026-33750", "VendorIDs": [ "GHSA-f886-m6hf-6m8v" ], "PkgID": "brace-expansion@2.0.2", "PkgName": "brace-expansion", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/brace-expansion/package.json", "PkgIdentifier": { "PURL": "pkg:npm/brace-expansion@2.0.2", "UID": "5d3d361b66c14631", "BOMRef": "pkg:npm/brace-expansion@2.0.2" }, "InstalledVersion": "2.0.2", "FixedVersion": "5.0.5, 3.0.2, 2.0.3, 1.1.13", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:bb96fe6940d56fdb797dc6566d5087686f0466d17fe4ea325b0d64c25245a237", "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33750", "https://github.com/juliangruber/brace-expansion", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", "https://github.com/juliangruber/brace-expansion/issues/98", "https://github.com/juliangruber/brace-expansion/pull/95", "https://github.com/juliangruber/brace-expansion/pull/96", "https://github.com/juliangruber/brace-expansion/pull/97", "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", "https://www.cve.org/CVERecord?id=CVE-2026-33750" ], "PublishedDate": "2026-03-27T15:16:57.297Z", "LastModifiedDate": "2026-03-30T13:26:29.793Z" }, { "VulnerabilityID": "CVE-2026-24001", "VendorIDs": [ "GHSA-73rr-hh4g-fpgx" ], "PkgID": "diff@8.0.2", "PkgName": "diff", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/diff/package.json", "PkgIdentifier": { "PURL": "pkg:npm/diff@8.0.2", "UID": "595d074141eac04e", "BOMRef": "pkg:npm/diff@8.0.2" }, "InstalledVersion": "8.0.2", "FixedVersion": "8.0.3, 5.2.2, 4.0.4, 3.5.1", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24001", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:b662062a3b909e87aa664ee2c4c2de0aecf19512c1c2e39b1fa53bd4152df149", "Title": "jsdiff: denial of service vulnerability in parsePatch and applyPatch", "Description": "jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters `\\r`, `\\u2028`, or `\\u2029` can cause the `parsePatch` method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore likely to be vulnerable to a denial-of-service attack if they call `parsePatch` with a user-provided patch as input. A large payload is not needed to trigger the vulnerability, so size limits on user input do not provide any protection. Furthermore, some applications may be vulnerable even when calling `parsePatch` on a patch generated by the application itself if the user is nonetheless able to control the filename headers (e.g. by directly providing the filenames of the files to be diffed). The `applyPatch` method is similarly affected if (and only if) called with a string representation of a patch as an argument, since under the hood it parses that string using `parsePatch`. Other methods of the library are unaffected. Finally, a second and lesser interdependent bug - a ReDOS - also exhibits when those same line break characters are present in a patch's *patch* header (also known as its \"leading garbage\"). A maliciously-crafted patch header of length *n* can take `parsePatch` O(*n*³) time to parse. Versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1 contain a fix. As a workaround, do not attempt to parse patches that contain any of these characters: `\\r`, `\\u2028`, or `\\u2029`.", "Severity": "LOW", "CweIDs": [ "CWE-400", "CWE-1333" ], "VendorSeverity": { "ghsa": 1, "nvd": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-24001", "https://github.com/kpdecker/jsdiff", "https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5", "https://github.com/kpdecker/jsdiff/issues/653", "https://github.com/kpdecker/jsdiff/pull/649", "https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx", "https://nvd.nist.gov/vuln/detail/CVE-2026-24001", "https://www.cve.org/CVERecord?id=CVE-2026-24001" ], "PublishedDate": "2026-01-22T03:15:47.627Z", "LastModifiedDate": "2026-03-04T15:23:41.347Z" }, { "VulnerabilityID": "CVE-2025-64756", "VendorIDs": [ "GHSA-5j98-mcp5-4vw2" ], "PkgID": "glob@10.4.5", "PkgName": "glob", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/package.json", "PkgIdentifier": { "PURL": "pkg:npm/glob@10.4.5", "UID": "8eb8674e46021ad9", "BOMRef": "pkg:npm/glob@10.4.5" }, "InstalledVersion": "10.4.5", "FixedVersion": "11.1.0, 10.5.0", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64756", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:b7b41c3b0456a40cdd0de150b740a0ce042236db95fff2cb113efbb67a4a0687", "Title": "glob: glob: Command Injection Vulnerability via Malicious Filenames", "Description": "Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c \u003ccommand\u003e \u003cpatterns\u003e are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.", "Severity": "HIGH", "CweIDs": [ "CWE-78" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64756", "https://github.com/isaacs/node-glob", "https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f", "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146", "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2", "https://nvd.nist.gov/vuln/detail/CVE-2025-64756", "https://www.cve.org/CVERecord?id=CVE-2025-64756" ], "PublishedDate": "2025-11-17T18:15:58.27Z", "LastModifiedDate": "2025-12-02T19:34:43.27Z" }, { "VulnerabilityID": "CVE-2025-64756", "VendorIDs": [ "GHSA-5j98-mcp5-4vw2" ], "PkgID": "glob@11.0.3", "PkgName": "glob", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/package.json", "PkgIdentifier": { "PURL": "pkg:npm/glob@11.0.3", "UID": "f43c4f2768f6c9f2", "BOMRef": "pkg:npm/glob@11.0.3" }, "InstalledVersion": "11.0.3", "FixedVersion": "11.1.0, 10.5.0", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64756", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:bae1cfcb914b94c6707f53d79af06d7cf1f7498045f888692ccc98776f9b7ab5", "Title": "glob: glob: Command Injection Vulnerability via Malicious Filenames", "Description": "Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c \u003ccommand\u003e \u003cpatterns\u003e are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.", "Severity": "HIGH", "CweIDs": [ "CWE-78" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64756", "https://github.com/isaacs/node-glob", "https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f", "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146", "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2", "https://nvd.nist.gov/vuln/detail/CVE-2025-64756", "https://www.cve.org/CVERecord?id=CVE-2025-64756" ], "PublishedDate": "2025-11-17T18:15:58.27Z", "LastModifiedDate": "2025-12-02T19:34:43.27Z" }, { "VulnerabilityID": "CVE-2026-26996", "VendorIDs": [ "GHSA-3ppc-4f35-3m26" ], "PkgID": "minimatch@10.0.3", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "e2906edbf5a05304", "BOMRef": "pkg:npm/minimatch@10.0.3" }, "InstalledVersion": "10.0.3", "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:3ef77044ef1ebb43807fc4d40f34b89a4a1f630ff2e90692c96c2396de7b8204", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26996", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@10.0.3", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "e2906edbf5a05304", "BOMRef": "pkg:npm/minimatch@10.0.3" }, "InstalledVersion": "10.0.3", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:e3a059c7f994f4fc2d7980a6e36460c4e4c192ba3705c8a84f65eed60be2fc38", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@10.0.3", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "e2906edbf5a05304", "BOMRef": "pkg:npm/minimatch@10.0.3" }, "InstalledVersion": "10.0.3", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:de88e8f014e0341fb8850f0074b4cddc03a308b9fe2abe1c7ed512590bf0cfe5", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-26996", "VendorIDs": [ "GHSA-3ppc-4f35-3m26" ], "PkgID": "minimatch@10.1.2", "PkgName": "minimatch", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.1.2", "UID": "da4eafc122d77c1c", "BOMRef": "pkg:npm/minimatch@10.1.2" }, "InstalledVersion": "10.1.2", "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:dad638c13ef88644bcd3276a21ad9137d1cc38d3c5a7e9f95906ff60af2a2fb4", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26996", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@10.1.2", "PkgName": "minimatch", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.1.2", "UID": "da4eafc122d77c1c", "BOMRef": "pkg:npm/minimatch@10.1.2" }, "InstalledVersion": "10.1.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:69bbe3f98d166dd834f8508c8b975968b954ac22f1f8be1a37356cda6b6b303a", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@10.1.2", "PkgName": "minimatch", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.1.2", "UID": "da4eafc122d77c1c", "BOMRef": "pkg:npm/minimatch@10.1.2" }, "InstalledVersion": "10.1.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:4852787f457fd77983b60f3f3c6f09e106a0aa634c7d67b8bc01f6223a8a3778", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-26996", "VendorIDs": [ "GHSA-3ppc-4f35-3m26" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/models/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "d6ab7d0ffa6f45e1", "BOMRef": "58ce7c97-c625-41fe-8460-2edc3d83a333" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:4df08e247b98ff0a129d69ca18fbecb5c041eea6d01ac05d4c75b5de6eb22ed6", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26996", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-26996", "VendorIDs": [ "GHSA-3ppc-4f35-3m26" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "4745c565dc61c848", "BOMRef": "920046c2-30af-4ec5-a56c-57565843c9ec" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:4df08e247b98ff0a129d69ca18fbecb5c041eea6d01ac05d4c75b5de6eb22ed6", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26996", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/models/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "d6ab7d0ffa6f45e1", "BOMRef": "58ce7c97-c625-41fe-8460-2edc3d83a333" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:22a353d99994d52ec4014598361d191bc910dd717159ef5460b4c5feda536b4e", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "4745c565dc61c848", "BOMRef": "920046c2-30af-4ec5-a56c-57565843c9ec" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:22a353d99994d52ec4014598361d191bc910dd717159ef5460b4c5feda536b4e", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/models/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "d6ab7d0ffa6f45e1", "BOMRef": "58ce7c97-c625-41fe-8460-2edc3d83a333" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:f7712b66150c2da11f017da8c8581d69ea0c522439dabde11c46cbbe01244389", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "4745c565dc61c848", "BOMRef": "920046c2-30af-4ec5-a56c-57565843c9ec" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:f7712b66150c2da11f017da8c8581d69ea0c522439dabde11c46cbbe01244389", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-33671", "VendorIDs": [ "GHSA-c2c7-rcm5-vvqj" ], "PkgID": "picomatch@4.0.3", "PkgName": "picomatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tinyglobby/node_modules/picomatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "e6e6b08d137b8edd", "BOMRef": "eb9d9483-22c3-4eac-95dd-a58267613d34" }, "InstalledVersion": "4.0.3", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:207ad269915973ca2f23d010cda47be6c0642612083c33e920cc47d603f2821d", "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33671", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", "https://www.cve.org/CVERecord?id=CVE-2026-33671" ], "PublishedDate": "2026-03-26T22:16:30.21Z", "LastModifiedDate": "2026-04-01T13:45:11.687Z" }, { "VulnerabilityID": "CVE-2026-33671", "VendorIDs": [ "GHSA-c2c7-rcm5-vvqj" ], "PkgID": "picomatch@4.0.3", "PkgName": "picomatch", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/tinyglobby/node_modules/picomatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "b6beb9e0c10fc279", "BOMRef": "30d7707e-b04d-47d9-a2f0-e9a781e4567f" }, "InstalledVersion": "4.0.3", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:207ad269915973ca2f23d010cda47be6c0642612083c33e920cc47d603f2821d", "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33671", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", "https://www.cve.org/CVERecord?id=CVE-2026-33671" ], "PublishedDate": "2026-03-26T22:16:30.21Z", "LastModifiedDate": "2026-04-01T13:45:11.687Z" }, { "VulnerabilityID": "CVE-2026-33672", "VendorIDs": [ "GHSA-3v7f-55p6-f55p" ], "PkgID": "picomatch@4.0.3", "PkgName": "picomatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tinyglobby/node_modules/picomatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "e6e6b08d137b8edd", "BOMRef": "eb9d9483-22c3-4eac-95dd-a58267613d34" }, "InstalledVersion": "4.0.3", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:2f6677f54143717bdb7617fbb22baa2470965a5f811541d2db8e4696d970e0cc", "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33672", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", "https://www.cve.org/CVERecord?id=CVE-2026-33672" ], "PublishedDate": "2026-03-26T22:16:30.387Z", "LastModifiedDate": "2026-04-01T13:44:53.397Z" }, { "VulnerabilityID": "CVE-2026-33672", "VendorIDs": [ "GHSA-3v7f-55p6-f55p" ], "PkgID": "picomatch@4.0.3", "PkgName": "picomatch", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/tinyglobby/node_modules/picomatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "b6beb9e0c10fc279", "BOMRef": "30d7707e-b04d-47d9-a2f0-e9a781e4567f" }, "InstalledVersion": "4.0.3", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:2f6677f54143717bdb7617fbb22baa2470965a5f811541d2db8e4696d970e0cc", "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33672", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", "https://www.cve.org/CVERecord?id=CVE-2026-33672" ], "PublishedDate": "2026-03-26T22:16:30.387Z", "LastModifiedDate": "2026-04-01T13:44:53.397Z" }, { "VulnerabilityID": "CVE-2026-23745", "VendorIDs": [ "GHSA-8qq5-rm4j-mr97" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "e8e6868977c9a5db", "BOMRef": "pkg:npm/tar@7.5.1" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.3", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23745", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:0dea88a545e0d4bde2da8018be7bc80b7499d8daf4c4ca9bd0829609f916bcd8", "Title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives", "Description": "node-tar is a Tar for Node.js. The node-tar library (\u003c= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23745", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e", "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97", "https://nvd.nist.gov/vuln/detail/CVE-2026-23745", "https://www.cve.org/CVERecord?id=CVE-2026-23745" ], "PublishedDate": "2026-01-16T22:16:26.83Z", "LastModifiedDate": "2026-02-18T16:20:07.823Z" }, { "VulnerabilityID": "CVE-2026-23950", "VendorIDs": [ "GHSA-r6q2-hw4h-h46w" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "e8e6868977c9a5db", "BOMRef": "pkg:npm/tar@7.5.1" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.4", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23950", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:afe62403e307bcb4c97b9c51ae51daeec3433773d8036f2a1b568b51af3d7ede", "Title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition", "Description": "node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS, In which it has been tested), the library fails to lock colliding paths (e.g., `ß` and `ss`), allowing them to be processed in parallel. This bypasses the library's internal concurrency safeguards and permits Symlink Poisoning attacks via race conditions. The library uses a `PathReservations` system to ensure that metadata checks and file operations for the same path are serialized. This prevents race conditions where one entry might clobber another concurrently. This is a Race Condition which enables Arbitrary File Overwrite. This vulnerability affects users and systems using node-tar on macOS (APFS/HFS+). Because of using `NFD` Unicode normalization (in which `ß` and `ss` are different), conflicting paths do not have their order properly preserved under filesystems that ignore Unicode normalization (e.g., APFS (in which `ß` causes an inode collision with `ss`)). This enables an attacker to circumvent internal parallelization locks (`PathReservations`) using conflicting filenames within a malicious tar archive. The patch in version 7.5.4 updates `path-reservations.js` to use a normalization form that matches the target filesystem's behavior (e.g., `NFKD`), followed by first `toLocaleLowerCase('en')` and then `toLocaleUpperCase('en')`. As a workaround, users who cannot upgrade promptly, and who are programmatically using `node-tar` to extract arbitrary tarball data should filter out all `SymbolicLink` entries (as npm does) to defend against arbitrary file writes via this file system entry name collision issue.", "Severity": "HIGH", "CweIDs": [ "CWE-176", "CWE-352", "CWE-367" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", "V3Score": 8.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", "V3Score": 8.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23950", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6", "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w", "https://nvd.nist.gov/vuln/detail/CVE-2026-23950", "https://www.cve.org/CVERecord?id=CVE-2026-23950" ], "PublishedDate": "2026-01-20T01:15:57.87Z", "LastModifiedDate": "2026-02-18T15:50:29.91Z" }, { "VulnerabilityID": "CVE-2026-24842", "VendorIDs": [ "GHSA-34x7-hfp2-rc4v" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "e8e6868977c9a5db", "BOMRef": "pkg:npm/tar@7.5.1" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.7", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24842", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:285fb464186a1e4cafbe7860f9c98718f7ce7f25615b20164d911b2c55c6850f", "Title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check", "Description": "node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "V3Score": 8.2 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-24842", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46", "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v", "https://nvd.nist.gov/vuln/detail/CVE-2026-24842", "https://www.cve.org/CVERecord?id=CVE-2026-24842" ], "PublishedDate": "2026-01-28T01:16:14.947Z", "LastModifiedDate": "2026-02-02T14:30:10.89Z" }, { "VulnerabilityID": "CVE-2026-26960", "VendorIDs": [ "GHSA-83g3-92jg-28cx" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "e8e6868977c9a5db", "BOMRef": "pkg:npm/tar@7.5.1" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.8", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:8f743528f119fa688684c2f972891edbbbd6fe7a3c7e82e9a60686b43a5e8966", "Title": "tar: node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26960", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", "https://www.cve.org/CVERecord?id=CVE-2026-26960" ], "PublishedDate": "2026-02-20T02:16:53.883Z", "LastModifiedDate": "2026-02-20T19:24:16.537Z" }, { "VulnerabilityID": "CVE-2026-29786", "VendorIDs": [ "GHSA-qffp-2rhf-9h96" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "e8e6868977c9a5db", "BOMRef": "pkg:npm/tar@7.5.1" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.10", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:dd689610e9bf26cc1d7f622c293dad96dad8b1ed76a595ef4ea572395296e97e", "Title": "node-tar: hardlink path traversal via drive-relative linkpath", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29786", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", "https://www.cve.org/CVERecord?id=CVE-2026-29786" ], "PublishedDate": "2026-03-07T16:15:55.587Z", "LastModifiedDate": "2026-03-11T21:50:01.91Z" }, { "VulnerabilityID": "CVE-2026-31802", "VendorIDs": [ "GHSA-9ppj-qmqm-q256" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "e8e6868977c9a5db", "BOMRef": "pkg:npm/tar@7.5.1" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.11", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31802", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:ca72230b218b64769b649eb6039231d866eeb4dd1ea37afb9a46958e72ee5744", "Title": "tar: tar: File overwrite via drive-relative symlink traversal", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "ghsa": 3, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31802", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad", "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256", "https://nvd.nist.gov/vuln/detail/CVE-2026-31802", "https://www.cve.org/CVERecord?id=CVE-2026-31802" ], "PublishedDate": "2026-03-10T07:44:58.02Z", "LastModifiedDate": "2026-03-18T18:13:34.703Z" }, { "VulnerabilityID": "CVE-2025-64118", "VendorIDs": [ "GHSA-29xp-372q-xqph" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "e8e6868977c9a5db", "BOMRef": "pkg:npm/tar@7.5.1" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.2", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64118", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:969265184e78ae941aaecb6a19cd16f57efd033c143f8844bd951387ae1e6b4a", "Title": "node-tar: tar: node-tar: Information disclosure via reading a truncated tar file", "Description": "node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362", "CWE-367" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H", "V40Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64118", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d", "https://github.com/isaacs/node-tar/commit/5e1a8e638600d3c3a2969b4de6a6ec44fa8d74c9", "https://github.com/isaacs/node-tar/issues/445", "https://github.com/isaacs/node-tar/pull/446", "https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph", "https://nvd.nist.gov/vuln/detail/CVE-2025-64118", "https://www.cve.org/CVERecord?id=CVE-2025-64118" ], "PublishedDate": "2025-10-30T18:15:33.673Z", "LastModifiedDate": "2025-11-04T15:41:56.843Z" }, { "VulnerabilityID": "CVE-2026-26960", "VendorIDs": [ "GHSA-83g3-92jg-28cx" ], "PkgID": "tar@7.5.7", "PkgName": "tar", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "e23451cb9b9e2b30", "BOMRef": "80e2188a-0eac-444d-8a6b-2a52d643425b" }, "InstalledVersion": "7.5.7", "FixedVersion": "7.5.8", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:c5aa02f8289e92a57b14ac85f1982b37721b67cda5af12979a02ce65918ad8a2", "Title": "tar: node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26960", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", "https://www.cve.org/CVERecord?id=CVE-2026-26960" ], "PublishedDate": "2026-02-20T02:16:53.883Z", "LastModifiedDate": "2026-02-20T19:24:16.537Z" }, { "VulnerabilityID": "CVE-2026-26960", "VendorIDs": [ "GHSA-83g3-92jg-28cx" ], "PkgID": "tar@7.5.7", "PkgName": "tar", "PkgPath": "usr/local/lib/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "a1d320d076cbed7", "BOMRef": "66f01f3c-f16f-4fa7-95f6-3cae233bb72d" }, "InstalledVersion": "7.5.7", "FixedVersion": "7.5.8", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:c5aa02f8289e92a57b14ac85f1982b37721b67cda5af12979a02ce65918ad8a2", "Title": "tar: node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26960", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", "https://www.cve.org/CVERecord?id=CVE-2026-26960" ], "PublishedDate": "2026-02-20T02:16:53.883Z", "LastModifiedDate": "2026-02-20T19:24:16.537Z" }, { "VulnerabilityID": "CVE-2026-29786", "VendorIDs": [ "GHSA-qffp-2rhf-9h96" ], "PkgID": "tar@7.5.7", "PkgName": "tar", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "e23451cb9b9e2b30", "BOMRef": "80e2188a-0eac-444d-8a6b-2a52d643425b" }, "InstalledVersion": "7.5.7", "FixedVersion": "7.5.10", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:bed433fab1760aa538cc5bf1095beff3dbcc487baa825e0523e252d5e707816e", "Title": "node-tar: hardlink path traversal via drive-relative linkpath", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29786", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", "https://www.cve.org/CVERecord?id=CVE-2026-29786" ], "PublishedDate": "2026-03-07T16:15:55.587Z", "LastModifiedDate": "2026-03-11T21:50:01.91Z" }, { "VulnerabilityID": "CVE-2026-29786", "VendorIDs": [ "GHSA-qffp-2rhf-9h96" ], "PkgID": "tar@7.5.7", "PkgName": "tar", "PkgPath": "usr/local/lib/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "a1d320d076cbed7", "BOMRef": "66f01f3c-f16f-4fa7-95f6-3cae233bb72d" }, "InstalledVersion": "7.5.7", "FixedVersion": "7.5.10", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:bed433fab1760aa538cc5bf1095beff3dbcc487baa825e0523e252d5e707816e", "Title": "node-tar: hardlink path traversal via drive-relative linkpath", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29786", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", "https://www.cve.org/CVERecord?id=CVE-2026-29786" ], "PublishedDate": "2026-03-07T16:15:55.587Z", "LastModifiedDate": "2026-03-11T21:50:01.91Z" }, { "VulnerabilityID": "CVE-2026-31802", "VendorIDs": [ "GHSA-9ppj-qmqm-q256" ], "PkgID": "tar@7.5.7", "PkgName": "tar", "PkgPath": "usr/local/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "e23451cb9b9e2b30", "BOMRef": "80e2188a-0eac-444d-8a6b-2a52d643425b" }, "InstalledVersion": "7.5.7", "FixedVersion": "7.5.11", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31802", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:cd23fde44f95b6dc78cb3da0979cec915c73f81c9cb21f5e49e3d861dff7e8d2", "Title": "tar: tar: File overwrite via drive-relative symlink traversal", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "ghsa": 3, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31802", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad", "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256", "https://nvd.nist.gov/vuln/detail/CVE-2026-31802", "https://www.cve.org/CVERecord?id=CVE-2026-31802" ], "PublishedDate": "2026-03-10T07:44:58.02Z", "LastModifiedDate": "2026-03-18T18:13:34.703Z" }, { "VulnerabilityID": "CVE-2026-31802", "VendorIDs": [ "GHSA-9ppj-qmqm-q256" ], "PkgID": "tar@7.5.7", "PkgName": "tar", "PkgPath": "usr/local/lib/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.7", "UID": "a1d320d076cbed7", "BOMRef": "66f01f3c-f16f-4fa7-95f6-3cae233bb72d" }, "InstalledVersion": "7.5.7", "FixedVersion": "7.5.11", "Status": "fixed", "Layer": { "Digest": "sha256:e735dcaf13b1e9bc422ef64203b34c0971df71361fc3bfe8774c12f97ae33535", "DiffID": "sha256:d343f168bbab3b47c9508ed83f020ebfdfafdbba62518813a07eaf0f5fed2532" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31802", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:cd23fde44f95b6dc78cb3da0979cec915c73f81c9cb21f5e49e3d861dff7e8d2", "Title": "tar: tar: File overwrite via drive-relative symlink traversal", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "ghsa": 3, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31802", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad", "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256", "https://nvd.nist.gov/vuln/detail/CVE-2026-31802", "https://www.cve.org/CVERecord?id=CVE-2026-31802" ], "PublishedDate": "2026-03-10T07:44:58.02Z", "LastModifiedDate": "2026-03-18T18:13:34.703Z" } ] }, { "Target": "Python", "Class": "lang-pkgs", "Type": "python-pkg", "Packages": [ { "ID": "APScheduler@3.10.4", "Name": "APScheduler", "Identifier": { "PURL": "pkg:pypi/apscheduler@3.10.4", "UID": "4b44bedbc7fb2836", "BOMRef": "pkg:pypi/apscheduler@3.10.4" }, "Version": "3.10.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/APScheduler-3.10.4.dist-info/METADATA", "Digest": "sha1:3c645283c329748c21fee30a0a21ea492988d52f" }, { "ID": "Deprecated@1.3.1", "Name": "Deprecated", "Identifier": { "PURL": "pkg:pypi/deprecated@1.3.1", "UID": "35d1b232a3917a5f", "BOMRef": "pkg:pypi/deprecated@1.3.1" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/deprecated-1.3.1.dist-info/METADATA", "Digest": "sha1:109990e0106e9872d6bf3486d1fa574730d1c717" }, { "ID": "Jinja2@3.1.6", "Name": "Jinja2", "Identifier": { "PURL": "pkg:pypi/jinja2@3.1.6", "UID": "838504a2bfbf1535", "BOMRef": "pkg:pypi/jinja2@3.1.6" }, "Version": "3.1.6", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/jinja2-3.1.6.dist-info/METADATA", "Digest": "sha1:01c4dcfd579104dd8f5b937e1511e9371b4367d3" }, { "ID": "MarkupSafe@3.0.3", "Name": "MarkupSafe", "Identifier": { "PURL": "pkg:pypi/markupsafe@3.0.3", "UID": "70a89e94e3aacc05", "BOMRef": "pkg:pypi/markupsafe@3.0.3" }, "Version": "3.0.3", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/markupsafe-3.0.3.dist-info/METADATA", "Digest": "sha1:8ada20dd783a9961d87701f2cd25b0880f23993e" }, { "ID": "PyJWT@2.10.1", "Name": "PyJWT", "Identifier": { "PURL": "pkg:pypi/pyjwt@2.10.1", "UID": "a3d705bb95a4d866", "BOMRef": "pkg:pypi/pyjwt@2.10.1" }, "Version": "2.10.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/PyJWT-2.10.1.dist-info/METADATA", "Digest": "sha1:9b853963468881a7cc9764160e5e44401f888dae" }, { "ID": "PyNaCl@1.6.2", "Name": "PyNaCl", "Identifier": { "PURL": "pkg:pypi/pynacl@1.6.2", "UID": "1d8f0f59cf1d42e7", "BOMRef": "pkg:pypi/pynacl@1.6.2" }, "Version": "1.6.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/pynacl-1.6.2.dist-info/METADATA", "Digest": "sha1:51eed4f0f5e4d39bc532c4157c5a3982308b842c" }, { "ID": "PyYAML@6.0.2", "Name": "PyYAML", "Identifier": { "PURL": "pkg:pypi/pyyaml@6.0.2", "UID": "851dd6257aec108d", "BOMRef": "pkg:pypi/pyyaml@6.0.2" }, "Version": "6.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/PyYAML-6.0.2.dist-info/METADATA", "Digest": "sha1:019874e22eba3861f59a9ab72f17f58e8b504cf4" }, { "ID": "Pygments@2.19.2", "Name": "Pygments", "Identifier": { "PURL": "pkg:pypi/pygments@2.19.2", "UID": "b5451dfdabdc4d82", "BOMRef": "pkg:pypi/pygments@2.19.2" }, "Version": "2.19.2", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/pygments-2.19.2.dist-info/METADATA", "Digest": "sha1:afee6b8cae57db32719d0559389750d7923f0605" }, { "ID": "Werkzeug@3.1.5", "Name": "Werkzeug", "Identifier": { "PURL": "pkg:pypi/werkzeug@3.1.5", "UID": "93cedc28da112b30", "BOMRef": "pkg:pypi/werkzeug@3.1.5" }, "Version": "3.1.5", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/werkzeug-3.1.5.dist-info/METADATA", "Digest": "sha1:5a19d56ed83b00d25d66542b1f3406ffb8dc4bbd" }, { "ID": "a2a-sdk@0.3.22", "Name": "a2a-sdk", "Identifier": { "PURL": "pkg:pypi/a2a-sdk@0.3.22", "UID": "4441c29036a4880b", "BOMRef": "pkg:pypi/a2a-sdk@0.3.22" }, "Version": "0.3.22", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/a2a_sdk-0.3.22.dist-info/METADATA", "Digest": "sha1:d23cb653619fcfa1339156a6f53f79ae5d7a2ff6" }, { "ID": "aioboto3@15.5.0", "Name": "aioboto3", "Identifier": { "PURL": "pkg:pypi/aioboto3@15.5.0", "UID": "bff3ed2ea72164b5", "BOMRef": "pkg:pypi/aioboto3@15.5.0" }, "Version": "15.5.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/aioboto3-15.5.0.dist-info/METADATA", "Digest": "sha1:ffd08838a16b51a1cb1807dde93c8b0f990244f5" }, { "ID": "aiobotocore@2.25.1", "Name": "aiobotocore", "Identifier": { "PURL": "pkg:pypi/aiobotocore@2.25.1", "UID": "2078d7d34ca1293d", "BOMRef": "pkg:pypi/aiobotocore@2.25.1" }, "Version": "2.25.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/aiobotocore-2.25.1.dist-info/METADATA", "Digest": "sha1:ba7a88ae15a977227d960e17f3cbdb740f04fbfe" }, { "ID": "aiofiles@24.1.0", "Name": "aiofiles", "Identifier": { "PURL": "pkg:pypi/aiofiles@24.1.0", "UID": "2af8119f79beeb32", "BOMRef": "pkg:pypi/aiofiles@24.1.0" }, "Version": "24.1.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:1db9351ecca7a5cd1ee41c32d5e874005c7f70b75038cb75d6dcdf9172be6bbf", "DiffID": "sha256:fbce99ae4659f714fbbc56bbeaaabe7ea7bcda5c11dde15ed62b9e7455350bb5" }, "FilePath": "usr/lib/python3.13/site-packages/aiofiles-24.1.0.dist-info/METADATA", "Digest": "sha1:1fee4c4fef706c9737b9ce8e245bbd8dae4e4d16" }, { "ID": "aiohappyeyeballs@2.6.1", "Name": "aiohappyeyeballs", "Identifier": { "PURL": "pkg:pypi/aiohappyeyeballs@2.6.1", "UID": "3229dc739b1a87e9", "BOMRef": "pkg:pypi/aiohappyeyeballs@2.6.1" }, "Version": "2.6.1", "Licenses": [ "Python-Software-Foundation-License" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/aiohappyeyeballs-2.6.1.dist-info/METADATA", "Digest": "sha1:01343f4e8b1584084c09e049bd83675272d9e757" }, { "ID": "aiohttp@3.13.3", "Name": "aiohttp", "Identifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "987035406bb3bcf4", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "Version": "3.13.3", "Licenses": [ "Apache-2.0 AND MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "Digest": "sha1:63d65762ed8ded0c65362a1b04e4245d6ab9f170" }, { "ID": "aioitertools@0.13.0", "Name": "aioitertools", "Identifier": { "PURL": "pkg:pypi/aioitertools@0.13.0", "UID": "1833968a4bd20076", "BOMRef": "pkg:pypi/aioitertools@0.13.0" }, "Version": "0.13.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/aioitertools-0.13.0.dist-info/METADATA", "Digest": "sha1:110d571c90f132b20fc32b46c28c3c95b1c7aa94" }, { "ID": "aiosignal@1.4.0", "Name": "aiosignal", "Identifier": { "PURL": "pkg:pypi/aiosignal@1.4.0", "UID": "af67695d38646bf", "BOMRef": "pkg:pypi/aiosignal@1.4.0" }, "Version": "1.4.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/aiosignal-1.4.0.dist-info/METADATA", "Digest": "sha1:8752e41cfbbc924405ef6bf9a9ff761cb9a6dbe3" }, { "ID": "annotated-doc@0.0.4", "Name": "annotated-doc", "Identifier": { "PURL": "pkg:pypi/annotated-doc@0.0.4", "UID": "40a91f0ca5ba3f9c", "BOMRef": "pkg:pypi/annotated-doc@0.0.4" }, "Version": "0.0.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/annotated_doc-0.0.4.dist-info/METADATA", "Digest": "sha1:24d32962e4742a901653d9fe5563c40221ddc6fa" }, { "ID": "annotated-types@0.7.0", "Name": "annotated-types", "Identifier": { "PURL": "pkg:pypi/annotated-types@0.7.0", "UID": "722da9f5d481820e", "BOMRef": "pkg:pypi/annotated-types@0.7.0" }, "Version": "0.7.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/annotated_types-0.7.0.dist-info/METADATA", "Digest": "sha1:b11011181822ac765c9f66c8aa42c26952de6a96" }, { "ID": "anthropic@0.54.0", "Name": "anthropic", "Identifier": { "PURL": "pkg:pypi/anthropic@0.54.0", "UID": "f2700dc84e31efe3", "BOMRef": "pkg:pypi/anthropic@0.54.0" }, "Version": "0.54.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/anthropic-0.54.0.dist-info/METADATA", "Digest": "sha1:7f700d1b4730958f468871fb28a2f4d416f8ed20" }, { "ID": "anyio@4.8.0", "Name": "anyio", "Identifier": { "PURL": "pkg:pypi/anyio@4.8.0", "UID": "4558a73b132fd215", "BOMRef": "pkg:pypi/anyio@4.8.0" }, "Version": "4.8.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/anyio-4.8.0.dist-info/METADATA", "Digest": "sha1:12b3a6bb5ce68bac1fe5abd01d80d367c0688db2" }, { "ID": "async-generator@1.10", "Name": "async-generator", "Identifier": { "PURL": "pkg:pypi/async-generator@1.10", "UID": "1ddcbf18a62894ed", "BOMRef": "pkg:pypi/async-generator@1.10" }, "Version": "1.10", "Licenses": [ "MIT", "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/async_generator-1.10.dist-info/METADATA", "Digest": "sha1:f4fa19d3f3bef3e3604acc54b00e8b8c50ad31c0" }, { "ID": "attrs@25.4.0", "Name": "attrs", "Identifier": { "PURL": "pkg:pypi/attrs@25.4.0", "UID": "fad66255edf879d4", "BOMRef": "pkg:pypi/attrs@25.4.0" }, "Version": "25.4.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/attrs-25.4.0.dist-info/METADATA", "Digest": "sha1:9e593ab8f12d14d819a81ca9c41b9df0b4864a59" }, { "ID": "aurelio-sdk@0.0.19", "Name": "aurelio-sdk", "Identifier": { "PURL": "pkg:pypi/aurelio-sdk@0.0.19", "UID": "97f6d626f3260f4", "BOMRef": "pkg:pypi/aurelio-sdk@0.0.19" }, "Version": "0.0.19", "Layer": { "Digest": "sha256:1db9351ecca7a5cd1ee41c32d5e874005c7f70b75038cb75d6dcdf9172be6bbf", "DiffID": "sha256:fbce99ae4659f714fbbc56bbeaaabe7ea7bcda5c11dde15ed62b9e7455350bb5" }, "FilePath": "usr/lib/python3.13/site-packages/aurelio_sdk-0.0.19.dist-info/METADATA", "Digest": "sha1:bfe4c91a1633b0aa53f4fd1c5bd9f0e22eedfb7a" }, { "ID": "azure-ai-contentsafety@1.0.0", "Name": "azure-ai-contentsafety", "Identifier": { "PURL": "pkg:pypi/azure-ai-contentsafety@1.0.0", "UID": "50ac77d0b3fbc748", "BOMRef": "pkg:pypi/azure-ai-contentsafety@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/azure_ai_contentsafety-1.0.0.dist-info/METADATA", "Digest": "sha1:45cc94c9f0a17e313b00a13f7b0f9682654e0feb" }, { "ID": "azure-core@1.38.1", "Name": "azure-core", "Identifier": { "PURL": "pkg:pypi/azure-core@1.38.1", "UID": "6bd2e83c1646f311", "BOMRef": "pkg:pypi/azure-core@1.38.1" }, "Version": "1.38.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/azure_core-1.38.1.dist-info/METADATA", "Digest": "sha1:062378cfe3d359dcbc898370f67396afb39ca209" }, { "ID": "azure-identity@1.16.1", "Name": "azure-identity", "Identifier": { "PURL": "pkg:pypi/azure-identity@1.16.1", "UID": "4970236b806127cb", "BOMRef": "pkg:pypi/azure-identity@1.16.1" }, "Version": "1.16.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/azure_identity-1.16.1.dist-info/METADATA", "Digest": "sha1:68fdde1864f6c107e1306f736d9b5fefa2acf3a1" }, { "ID": "azure-keyvault@4.2.0", "Name": "azure-keyvault", "Identifier": { "PURL": "pkg:pypi/azure-keyvault@4.2.0", "UID": "955a1071dde95058", "BOMRef": "pkg:pypi/azure-keyvault@4.2.0" }, "Version": "4.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/azure_keyvault-4.2.0.dist-info/METADATA", "Digest": "sha1:5da0d813613844740604dfa0c820222a54853a3a" }, { "ID": "azure-keyvault-certificates@4.10.0", "Name": "azure-keyvault-certificates", "Identifier": { "PURL": "pkg:pypi/azure-keyvault-certificates@4.10.0", "UID": "152979b4686eabbc", "BOMRef": "pkg:pypi/azure-keyvault-certificates@4.10.0" }, "Version": "4.10.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/azure_keyvault_certificates-4.10.0.dist-info/METADATA", "Digest": "sha1:8227ff63178e8f5a07e66f234d8c296b189f855b" }, { "ID": "azure-keyvault-keys@4.11.0", "Name": "azure-keyvault-keys", "Identifier": { "PURL": "pkg:pypi/azure-keyvault-keys@4.11.0", "UID": "2993aa61aa86172f", "BOMRef": "pkg:pypi/azure-keyvault-keys@4.11.0" }, "Version": "4.11.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/azure_keyvault_keys-4.11.0.dist-info/METADATA", "Digest": "sha1:61e25dca1cb98e731337b756f4e1bb129413c496" }, { "ID": "azure-keyvault-secrets@4.10.0", "Name": "azure-keyvault-secrets", "Identifier": { "PURL": "pkg:pypi/azure-keyvault-secrets@4.10.0", "UID": "5facd80e8c4caaf8", "BOMRef": "pkg:pypi/azure-keyvault-secrets@4.10.0" }, "Version": "4.10.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/azure_keyvault_secrets-4.10.0.dist-info/METADATA", "Digest": "sha1:5a8061494c1c50c49fa47eace47c117fe193a0b4" }, { "ID": "azure-storage-blob@12.28.0", "Name": "azure-storage-blob", "Identifier": { "PURL": "pkg:pypi/azure-storage-blob@12.28.0", "UID": "3ca528483e111723", "BOMRef": "pkg:pypi/azure-storage-blob@12.28.0" }, "Version": "12.28.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/azure_storage_blob-12.28.0.dist-info/METADATA", "Digest": "sha1:20e7abbd2536ed3374cf440f144cf9ca5c0fb098" }, { "ID": "azure-storage-file-datalake@12.20.0", "Name": "azure-storage-file-datalake", "Identifier": { "PURL": "pkg:pypi/azure-storage-file-datalake@12.20.0", "UID": "83e02aefb5853e9f", "BOMRef": "pkg:pypi/azure-storage-file-datalake@12.20.0" }, "Version": "12.20.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/azure_storage_file_datalake-12.20.0.dist-info/METADATA", "Digest": "sha1:cc8ebe204539019788e04a26f2510c35575928c2" }, { "ID": "backoff@2.2.1", "Name": "backoff", "Identifier": { "PURL": "pkg:pypi/backoff@2.2.1", "UID": "2e54f56cd50f53f6", "BOMRef": "pkg:pypi/backoff@2.2.1" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/backoff-2.2.1.dist-info/METADATA", "Digest": "sha1:ea8b96e2947c9fed16b9c4075c30113fe09fac98" }, { "ID": "boto3@1.40.53", "Name": "boto3", "Identifier": { "PURL": "pkg:pypi/boto3@1.40.53", "UID": "fb0073e867dd1a6d", "BOMRef": "pkg:pypi/boto3@1.40.53" }, "Version": "1.40.53", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/boto3-1.40.53.dist-info/METADATA", "Digest": "sha1:c3cd02ceff510cd405a1b3690f7bf4d54939faf8" }, { "ID": "botocore@1.40.61", "Name": "botocore", "Identifier": { "PURL": "pkg:pypi/botocore@1.40.61", "UID": "21c7b3134367f1ca", "BOMRef": "pkg:pypi/botocore@1.40.61" }, "Version": "1.40.61", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/botocore-1.40.61.dist-info/METADATA", "Digest": "sha1:c384355d82af3168472f016558ed2f2e1c77cb85" }, { "ID": "bytecode@0.17.0", "Name": "bytecode", "Identifier": { "PURL": "pkg:pypi/bytecode@0.17.0", "UID": "3cb6a5560295646c", "BOMRef": "pkg:pypi/bytecode@0.17.0" }, "Version": "0.17.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/bytecode-0.17.0.dist-info/METADATA", "Digest": "sha1:65fc4772a46510a0f6186e951e866f5e306a8122" }, { "ID": "certifi@2026.1.4", "Name": "certifi", "Identifier": { "PURL": "pkg:pypi/certifi@2026.1.4", "UID": "6189ef51f45e52aa", "BOMRef": "pkg:pypi/certifi@2026.1.4" }, "Version": "2026.1.4", "Licenses": [ "MPL-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/certifi-2026.1.4.dist-info/METADATA", "Digest": "sha1:fac3d36143e733dcfc1d3255e3321dd98f4376cc" }, { "ID": "cffi@2.0.0", "Name": "cffi", "Identifier": { "PURL": "pkg:pypi/cffi@2.0.0", "UID": "9e207a70c9a2f5a1", "BOMRef": "pkg:pypi/cffi@2.0.0" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/cffi-2.0.0.dist-info/METADATA", "Digest": "sha1:87e9c9d276c4f4c31f5a314d6a5472f45655674c" }, { "ID": "charset-normalizer@3.4.4", "Name": "charset-normalizer", "Identifier": { "PURL": "pkg:pypi/charset-normalizer@3.4.4", "UID": "91a116e8a904359b", "BOMRef": "pkg:pypi/charset-normalizer@3.4.4" }, "Version": "3.4.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/charset_normalizer-3.4.4.dist-info/METADATA", "Digest": "sha1:b4512da50486c7909da3992f8d8b67052b9fc03e" }, { "ID": "click@8.1.7", "Name": "click", "Identifier": { "PURL": "pkg:pypi/click@8.1.7", "UID": "a62d4d88399a4de7", "BOMRef": "pkg:pypi/click@8.1.7" }, "Version": "8.1.7", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/click-8.1.7.dist-info/METADATA", "Digest": "sha1:5c33361d71534572b6d2d3edd15ac9bad78b59c6" }, { "ID": "coloredlogs@15.0.1", "Name": "coloredlogs", "Identifier": { "PURL": "pkg:pypi/coloredlogs@15.0.1", "UID": "efa6ffc79678453b", "BOMRef": "pkg:pypi/coloredlogs@15.0.1" }, "Version": "15.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/coloredlogs-15.0.1.dist-info/METADATA", "Digest": "sha1:79d72bae2e23b677e384dedda06c6e922912aac1" }, { "ID": "colorlog@6.10.1", "Name": "colorlog", "Identifier": { "PURL": "pkg:pypi/colorlog@6.10.1", "UID": "a8b2ee6d95172311", "BOMRef": "pkg:pypi/colorlog@6.10.1" }, "Version": "6.10.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:1db9351ecca7a5cd1ee41c32d5e874005c7f70b75038cb75d6dcdf9172be6bbf", "DiffID": "sha256:fbce99ae4659f714fbbc56bbeaaabe7ea7bcda5c11dde15ed62b9e7455350bb5" }, "FilePath": "usr/lib/python3.13/site-packages/colorlog-6.10.1.dist-info/METADATA", "Digest": "sha1:1e483d118fd419ad747606c4077726b5c4eb324e" }, { "ID": "cryptography@44.0.1", "Name": "cryptography", "Identifier": { "PURL": "pkg:pypi/cryptography@44.0.1", "UID": "c0505e1e65e62fd1", "BOMRef": "pkg:pypi/cryptography@44.0.1" }, "Version": "44.0.1", "Licenses": [ "Apache-2.0", "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/cryptography-44.0.1.dist-info/METADATA", "Digest": "sha1:aef76b643d459e44dcfef3e674e4b6f562ba0d59" }, { "ID": "ddtrace@2.19.0", "Name": "ddtrace", "Identifier": { "PURL": "pkg:pypi/ddtrace@2.19.0", "UID": "b55404fac269d31d", "BOMRef": "pkg:pypi/ddtrace@2.19.0" }, "Version": "2.19.0", "Licenses": [ "LICENSE.BSD3" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/ddtrace-2.19.0.dist-info/METADATA", "Digest": "sha1:2ebcd7579775a117bf5f63f482aaee4629f69fe4" }, { "ID": "detect-secrets@1.5.0", "Name": "detect-secrets", "Identifier": { "PURL": "pkg:pypi/detect-secrets@1.5.0", "UID": "5b6d7800aabce1d6", "BOMRef": "pkg:pypi/detect-secrets@1.5.0" }, "Version": "1.5.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/detect_secrets-1.5.0.dist-info/METADATA", "Digest": "sha1:7d1969bbb2f0319f127b480fe77211aa27750fe0" }, { "ID": "distro@1.9.0", "Name": "distro", "Identifier": { "PURL": "pkg:pypi/distro@1.9.0", "UID": "57da53b1ad752ddc", "BOMRef": "pkg:pypi/distro@1.9.0" }, "Version": "1.9.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/distro-1.9.0.dist-info/METADATA", "Digest": "sha1:ce14620cf14e15a64d2ff574796543f99619e7f3" }, { "ID": "dnspython@2.8.0", "Name": "dnspython", "Identifier": { "PURL": "pkg:pypi/dnspython@2.8.0", "UID": "d9a319a648822d66", "BOMRef": "pkg:pypi/dnspython@2.8.0" }, "Version": "2.8.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/dnspython-2.8.0.dist-info/METADATA", "Digest": "sha1:360d6b80b919fa0fc9e41d101229c937531c4eae" }, { "ID": "docstring_parser@0.17.0", "Name": "docstring_parser", "Identifier": { "PURL": "pkg:pypi/docstring-parser@0.17.0", "UID": "ca376af3c0dbbf83", "BOMRef": "pkg:pypi/docstring-parser@0.17.0" }, "Version": "0.17.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/docstring_parser-0.17.0.dist-info/METADATA", "Digest": "sha1:323acb9780928a71e223759cfc8be2793bec7072" }, { "ID": "email-validator@2.3.0", "Name": "email-validator", "Identifier": { "PURL": "pkg:pypi/email-validator@2.3.0", "UID": "2803eb5bbd2f004a", "BOMRef": "pkg:pypi/email-validator@2.3.0" }, "Version": "2.3.0", "Licenses": [ "Unlicense" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/email_validator-2.3.0.dist-info/METADATA", "Digest": "sha1:8142c15247202bec284e8950c96b7f43b35ca5bc" }, { "ID": "envier@0.6.1", "Name": "envier", "Identifier": { "PURL": "pkg:pypi/envier@0.6.1", "UID": "a10ed1fa3761cd73", "BOMRef": "pkg:pypi/envier@0.6.1" }, "Version": "0.6.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/envier-0.6.1.dist-info/METADATA", "Digest": "sha1:ecb20fe2699b6e8934bacad17926b535edc4ec40" }, { "ID": "fastapi@0.120.1", "Name": "fastapi", "Identifier": { "PURL": "pkg:pypi/fastapi@0.120.1", "UID": "8b8e08fdf7f7eb44", "BOMRef": "pkg:pypi/fastapi@0.120.1" }, "Version": "0.120.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/fastapi-0.120.1.dist-info/METADATA", "Digest": "sha1:dea486b90696587ab48cbda958327ec048f93eb3" }, { "ID": "fastapi-sso@0.19.0", "Name": "fastapi-sso", "Identifier": { "PURL": "pkg:pypi/fastapi-sso@0.19.0", "UID": "2c6fe8da901b437a", "BOMRef": "pkg:pypi/fastapi-sso@0.19.0" }, "Version": "0.19.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/fastapi_sso-0.19.0.dist-info/METADATA", "Digest": "sha1:f08f145ee8c7c5c113436e3ba3fb8f1081e8a6fc" }, { "ID": "fastuuid@0.13.5", "Name": "fastuuid", "Identifier": { "PURL": "pkg:pypi/fastuuid@0.13.5", "UID": "7527db9695cb2efd", "BOMRef": "pkg:pypi/fastuuid@0.13.5" }, "Version": "0.13.5", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/fastuuid-0.13.5.dist-info/METADATA", "Digest": "sha1:589a21152a88244902586741669f828037c88a4f" }, { "ID": "filelock@3.24.0", "Name": "filelock", "Identifier": { "PURL": "pkg:pypi/filelock@3.24.0", "UID": "301efaf00d90f3da", "BOMRef": "pkg:pypi/filelock@3.24.0" }, "Version": "3.24.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/filelock-3.24.0.dist-info/METADATA", "Digest": "sha1:b4599d616cfeae5bf9ded19b4b399502f805643c" }, { "ID": "frozenlist@1.8.0", "Name": "frozenlist", "Identifier": { "PURL": "pkg:pypi/frozenlist@1.8.0", "UID": "62997a214d6e2e48", "BOMRef": "pkg:pypi/frozenlist@1.8.0" }, "Version": "1.8.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/frozenlist-1.8.0.dist-info/METADATA", "Digest": "sha1:4a37873aab1c5eaffcecd2aa93be12e9e4b2a19c" }, { "ID": "fsspec@2026.2.0", "Name": "fsspec", "Identifier": { "PURL": "pkg:pypi/fsspec@2026.2.0", "UID": "40b6f6f59b48894c", "BOMRef": "pkg:pypi/fsspec@2026.2.0" }, "Version": "2026.2.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/fsspec-2026.2.0.dist-info/METADATA", "Digest": "sha1:cd54bba9ec98bc422bda0b342e83ea43099aa174" }, { "ID": "google-api-core@2.29.0", "Name": "google-api-core", "Identifier": { "PURL": "pkg:pypi/google-api-core@2.29.0", "UID": "5c5ad3db85d8678e", "BOMRef": "pkg:pypi/google-api-core@2.29.0" }, "Version": "2.29.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/google_api_core-2.29.0.dist-info/METADATA", "Digest": "sha1:af9ca366952256ccc0b867dcecbc332949719aa7" }, { "ID": "google-auth@2.48.0", "Name": "google-auth", "Identifier": { "PURL": "pkg:pypi/google-auth@2.48.0", "UID": "70403e91e5343a46", "BOMRef": "pkg:pypi/google-auth@2.48.0" }, "Version": "2.48.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/google_auth-2.48.0.dist-info/METADATA", "Digest": "sha1:fd3435e29361652b2f4e7fd3e2297c149025e051" }, { "ID": "google-cloud-aiplatform@1.133.0", "Name": "google-cloud-aiplatform", "Identifier": { "PURL": "pkg:pypi/google-cloud-aiplatform@1.133.0", "UID": "757efac04b5c42bd", "BOMRef": "pkg:pypi/google-cloud-aiplatform@1.133.0" }, "Version": "1.133.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_aiplatform-1.133.0.dist-info/METADATA", "Digest": "sha1:23483b425b0649936a17defd0158d0f6c03ca503" }, { "ID": "google-cloud-bigquery@3.40.1", "Name": "google-cloud-bigquery", "Identifier": { "PURL": "pkg:pypi/google-cloud-bigquery@3.40.1", "UID": "28621f6a7bbd42c7", "BOMRef": "pkg:pypi/google-cloud-bigquery@3.40.1" }, "Version": "3.40.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_bigquery-3.40.1.dist-info/METADATA", "Digest": "sha1:ce2316758a0520c903eb5522d5cf1f39c2c7aa0b" }, { "ID": "google-cloud-core@2.5.0", "Name": "google-cloud-core", "Identifier": { "PURL": "pkg:pypi/google-cloud-core@2.5.0", "UID": "eb147e864237b2dc", "BOMRef": "pkg:pypi/google-cloud-core@2.5.0" }, "Version": "2.5.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_core-2.5.0.dist-info/METADATA", "Digest": "sha1:2353786cf89c5a50fc3a68db6736b632754e1b76" }, { "ID": "google-cloud-iam@2.19.1", "Name": "google-cloud-iam", "Identifier": { "PURL": "pkg:pypi/google-cloud-iam@2.19.1", "UID": "efde4234f9e5ecf4", "BOMRef": "pkg:pypi/google-cloud-iam@2.19.1" }, "Version": "2.19.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_iam-2.19.1.dist-info/METADATA", "Digest": "sha1:28391d5c4dd89160b13ec2ef8c597d3164c4c91a" }, { "ID": "google-cloud-resource-manager@1.16.0", "Name": "google-cloud-resource-manager", "Identifier": { "PURL": "pkg:pypi/google-cloud-resource-manager@1.16.0", "UID": "d89004b1ba986214", "BOMRef": "pkg:pypi/google-cloud-resource-manager@1.16.0" }, "Version": "1.16.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_resource_manager-1.16.0.dist-info/METADATA", "Digest": "sha1:94bdb211cfd6933e89c9e8f1833e3fcb28caae26" }, { "ID": "google-cloud-storage@3.9.0", "Name": "google-cloud-storage", "Identifier": { "PURL": "pkg:pypi/google-cloud-storage@3.9.0", "UID": "1ba71f4214bc695", "BOMRef": "pkg:pypi/google-cloud-storage@3.9.0" }, "Version": "3.9.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_storage-3.9.0.dist-info/METADATA", "Digest": "sha1:08b50a67c834baff46cb246b9b9d9d6c90ad3a65" }, { "ID": "google-crc32c@1.8.0", "Name": "google-crc32c", "Identifier": { "PURL": "pkg:pypi/google-crc32c@1.8.0", "UID": "bf47c7b6476bd332", "BOMRef": "pkg:pypi/google-crc32c@1.8.0" }, "Version": "1.8.0", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/google_crc32c-1.8.0.dist-info/METADATA", "Digest": "sha1:740ce2636255b7035fbcef210995df5b4484e1b3" }, { "ID": "google-genai@1.37.0", "Name": "google-genai", "Identifier": { "PURL": "pkg:pypi/google-genai@1.37.0", "UID": "f18e47b517e0c41b", "BOMRef": "pkg:pypi/google-genai@1.37.0" }, "Version": "1.37.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/google_genai-1.37.0.dist-info/METADATA", "Digest": "sha1:3399706a56fa0d50853cb580a1e032f80a3d4654" }, { "ID": "google-resumable-media@2.8.0", "Name": "google-resumable-media", "Identifier": { "PURL": "pkg:pypi/google-resumable-media@2.8.0", "UID": "56483ac3b9d7db15", "BOMRef": "pkg:pypi/google-resumable-media@2.8.0" }, "Version": "2.8.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/google_resumable_media-2.8.0.dist-info/METADATA", "Digest": "sha1:a0a8dc418f86589aa080bb59708ed5aee38faacc" }, { "ID": "googleapis-common-protos@1.72.0", "Name": "googleapis-common-protos", "Identifier": { "PURL": "pkg:pypi/googleapis-common-protos@1.72.0", "UID": "7aff2366da4ce9d1", "BOMRef": "pkg:pypi/googleapis-common-protos@1.72.0" }, "Version": "1.72.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/googleapis_common_protos-1.72.0.dist-info/METADATA", "Digest": "sha1:78df7b249d5272b19c5adc5c8a9b3b2dee57311c" }, { "ID": "grpc-google-iam-v1@0.14.3", "Name": "grpc-google-iam-v1", "Identifier": { "PURL": "pkg:pypi/grpc-google-iam-v1@0.14.3", "UID": "6bf765e5b59b1b6d", "BOMRef": "pkg:pypi/grpc-google-iam-v1@0.14.3" }, "Version": "0.14.3", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/grpc_google_iam_v1-0.14.3.dist-info/METADATA", "Digest": "sha1:98adc7e2fe504130f48db8ccb34db6820d396145" }, { "ID": "grpcio@1.78.0", "Name": "grpcio", "Identifier": { "PURL": "pkg:pypi/grpcio@1.78.0", "UID": "b18d295ad8eaedc8", "BOMRef": "pkg:pypi/grpcio@1.78.0" }, "Version": "1.78.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/grpcio-1.78.0.dist-info/METADATA", "Digest": "sha1:d96608e4adf904c6baba974b5aa102508a8d0839" }, { "ID": "grpcio-status@1.71.2", "Name": "grpcio-status", "Identifier": { "PURL": "pkg:pypi/grpcio-status@1.71.2", "UID": "ade063bc596b660e", "BOMRef": "pkg:pypi/grpcio-status@1.71.2" }, "Version": "1.71.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/grpcio_status-1.71.2.dist-info/METADATA", "Digest": "sha1:bd80c647a0df7d5b9bda31af73fa704ff4e50c9f" }, { "ID": "gunicorn@23.0.0", "Name": "gunicorn", "Identifier": { "PURL": "pkg:pypi/gunicorn@23.0.0", "UID": "a35e36818c9b2030", "BOMRef": "pkg:pypi/gunicorn@23.0.0" }, "Version": "23.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/gunicorn-23.0.0.dist-info/METADATA", "Digest": "sha1:8de2f53497d5444853a1df1f44ff417831194283" }, { "ID": "h11@0.16.0", "Name": "h11", "Identifier": { "PURL": "pkg:pypi/h11@0.16.0", "UID": "81a673905af1b7cb", "BOMRef": "pkg:pypi/h11@0.16.0" }, "Version": "0.16.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/h11-0.16.0.dist-info/METADATA", "Digest": "sha1:5d41eddffefef5f6e8ff383a2537e81a38a37807" }, { "ID": "hf-xet@1.2.0", "Name": "hf-xet", "Identifier": { "PURL": "pkg:pypi/hf-xet@1.2.0", "UID": "3da836b8473a34a9", "BOMRef": "pkg:pypi/hf-xet@1.2.0" }, "Version": "1.2.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/hf_xet-1.2.0.dist-info/METADATA", "Digest": "sha1:c62213b030017c3a6179d95b00ac0b58fa58b6d8" }, { "ID": "httpcore@1.0.9", "Name": "httpcore", "Identifier": { "PURL": "pkg:pypi/httpcore@1.0.9", "UID": "38a7aa57f65c02b5", "BOMRef": "pkg:pypi/httpcore@1.0.9" }, "Version": "1.0.9", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/httpcore-1.0.9.dist-info/METADATA", "Digest": "sha1:2981d359ae33f31d339189a9680db85785339a56" }, { "ID": "httpx@0.28.1", "Name": "httpx", "Identifier": { "PURL": "pkg:pypi/httpx@0.28.1", "UID": "183260a16b122431", "BOMRef": "pkg:pypi/httpx@0.28.1" }, "Version": "0.28.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/httpx-0.28.1.dist-info/METADATA", "Digest": "sha1:537da7e4f29438278e124e10e02d1a500fe33bcc" }, { "ID": "httpx-sse@0.4.3", "Name": "httpx-sse", "Identifier": { "PURL": "pkg:pypi/httpx-sse@0.4.3", "UID": "f76d88d513d4db79", "BOMRef": "pkg:pypi/httpx-sse@0.4.3" }, "Version": "0.4.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/httpx_sse-0.4.3.dist-info/METADATA", "Digest": "sha1:df05446be58f0a3a306e50c7ceebef24bb383a6d" }, { "ID": "huggingface_hub@0.36.2", "Name": "huggingface_hub", "Identifier": { "PURL": "pkg:pypi/huggingface-hub@0.36.2", "UID": "3378f0c1a806e3b", "BOMRef": "pkg:pypi/huggingface-hub@0.36.2" }, "Version": "0.36.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/huggingface_hub-0.36.2.dist-info/METADATA", "Digest": "sha1:c3fb68f58f110a4308ea41f02a48f890697481fe" }, { "ID": "humanfriendly@10.0", "Name": "humanfriendly", "Identifier": { "PURL": "pkg:pypi/humanfriendly@10.0", "UID": "4e06042d4587e549", "BOMRef": "pkg:pypi/humanfriendly@10.0" }, "Version": "10.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/humanfriendly-10.0.dist-info/METADATA", "Digest": "sha1:f29e22413e2b6ed83b0bd7935acd2dbb1d830f40" }, { "ID": "idna@3.11", "Name": "idna", "Identifier": { "PURL": "pkg:pypi/idna@3.11", "UID": "7558800690892c96", "BOMRef": "pkg:pypi/idna@3.11" }, "Version": "3.11", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/idna-3.11.dist-info/METADATA", "Digest": "sha1:5e73674d19cce0601253436a2e5544abe09b9bc3" }, { "ID": "importlib-metadata@6.8.0", "Name": "importlib-metadata", "Identifier": { "PURL": "pkg:pypi/importlib-metadata@6.8.0", "UID": "e3da205cddc4b2a", "BOMRef": "pkg:pypi/importlib-metadata@6.8.0" }, "Version": "6.8.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/importlib_metadata-6.8.0.dist-info/METADATA", "Digest": "sha1:691851957e4c1cce8fa41d0f23cd83355dbb8756" }, { "ID": "isodate@0.7.2", "Name": "isodate", "Identifier": { "PURL": "pkg:pypi/isodate@0.7.2", "UID": "bb5560620be208a9", "BOMRef": "pkg:pypi/isodate@0.7.2" }, "Version": "0.7.2", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/isodate-0.7.2.dist-info/METADATA", "Digest": "sha1:364399ca9e27df70628e3aff9c8b7b1da601f95d" }, { "ID": "jaraco.context@6.1.0", "Name": "jaraco.context", "Identifier": { "PURL": "pkg:pypi/jaraco.context@6.1.0", "UID": "a13401a5f6102332", "BOMRef": "pkg:pypi/jaraco.context@6.1.0" }, "Version": "6.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/jaraco_context-6.1.0.dist-info/METADATA", "Digest": "sha1:c1ba70653abadb34b0a0e792b9b7025b6a4d7b3e" }, { "ID": "jiter@0.13.0", "Name": "jiter", "Identifier": { "PURL": "pkg:pypi/jiter@0.13.0", "UID": "cefc9d4d80dd234d", "BOMRef": "pkg:pypi/jiter@0.13.0" }, "Version": "0.13.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/jiter-0.13.0.dist-info/METADATA", "Digest": "sha1:2a9f923809d4a5bfa70b5c8d13e698904f4eca60" }, { "ID": "jmespath@1.1.0", "Name": "jmespath", "Identifier": { "PURL": "pkg:pypi/jmespath@1.1.0", "UID": "954e585f1d06592c", "BOMRef": "pkg:pypi/jmespath@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/jmespath-1.1.0.dist-info/METADATA", "Digest": "sha1:d3f297922cf04b0cc127a18994ad6e6b947f0cc7" }, { "ID": "jsonschema@4.26.0", "Name": "jsonschema", "Identifier": { "PURL": "pkg:pypi/jsonschema@4.26.0", "UID": "a7cf7741a37f146b", "BOMRef": "pkg:pypi/jsonschema@4.26.0" }, "Version": "4.26.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/jsonschema-4.26.0.dist-info/METADATA", "Digest": "sha1:94b3d1a46cf55d74e42c401eaf4a4b71c76cee31" }, { "ID": "jsonschema-path@0.3.4", "Name": "jsonschema-path", "Identifier": { "PURL": "pkg:pypi/jsonschema-path@0.3.4", "UID": "b002179785771643", "BOMRef": "pkg:pypi/jsonschema-path@0.3.4" }, "Version": "0.3.4", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/jsonschema_path-0.3.4.dist-info/METADATA", "Digest": "sha1:48b69894bc45f3344dbe1daa7be14933b12db09a" }, { "ID": "jsonschema-specifications@2025.9.1", "Name": "jsonschema-specifications", "Identifier": { "PURL": "pkg:pypi/jsonschema-specifications@2025.9.1", "UID": "10c2b62144c1cb00", "BOMRef": "pkg:pypi/jsonschema-specifications@2025.9.1" }, "Version": "2025.9.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/jsonschema_specifications-2025.9.1.dist-info/METADATA", "Digest": "sha1:ac33f477be9d3336ae67bc454f68a9ff39c91cf3" }, { "ID": "langfuse@2.59.7", "Name": "langfuse", "Identifier": { "PURL": "pkg:pypi/langfuse@2.59.7", "UID": "7408d1f967a1979d", "BOMRef": "pkg:pypi/langfuse@2.59.7" }, "Version": "2.59.7", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/langfuse-2.59.7.dist-info/METADATA", "Digest": "sha1:64b00766ce586ee8bc229e1d1c519bbbaccf82af" }, { "ID": "lazy-object-proxy@1.12.0", "Name": "lazy-object-proxy", "Identifier": { "PURL": "pkg:pypi/lazy-object-proxy@1.12.0", "UID": "63b1f38e31cfd0b2", "BOMRef": "pkg:pypi/lazy-object-proxy@1.12.0" }, "Version": "1.12.0", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/lazy_object_proxy-1.12.0.dist-info/METADATA", "Digest": "sha1:68e349fa87b22a25e3af674e29698bb08d37a074" }, { "ID": "legacy-cgi@2.6.4", "Name": "legacy-cgi", "Identifier": { "PURL": "pkg:pypi/legacy-cgi@2.6.4", "UID": "e25fc6574400e786", "BOMRef": "pkg:pypi/legacy-cgi@2.6.4" }, "Version": "2.6.4", "Licenses": [ "PSF-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/legacy_cgi-2.6.4.dist-info/METADATA", "Digest": "sha1:23159c15d8f7c3223df17c75f23eb2d59ef58128" }, { "ID": "litellm@1.81.9", "Name": "litellm", "Identifier": { "PURL": "pkg:pypi/litellm@1.81.9", "UID": "e0e235c8add2b493", "BOMRef": "pkg:pypi/litellm@1.81.9" }, "Version": "1.81.9", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/litellm-1.81.9.dist-info/METADATA", "Digest": "sha1:e2fdb6d201edfe9540bbfd529ddd11d1c1d7a8b5" }, { "ID": "litellm-enterprise@0.1.31", "Name": "litellm-enterprise", "Identifier": { "PURL": "pkg:pypi/litellm-enterprise@0.1.31", "UID": "48427724bc27cd10", "BOMRef": "pkg:pypi/litellm-enterprise@0.1.31" }, "Version": "0.1.31", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/litellm_enterprise-0.1.31.dist-info/METADATA", "Digest": "sha1:219f321ec7b6c58d2144a475c10bc5389312cc62" }, { "ID": "litellm-proxy-extras@0.4.33", "Name": "litellm-proxy-extras", "Identifier": { "PURL": "pkg:pypi/litellm-proxy-extras@0.4.33", "UID": "e470ef7dc874464a", "BOMRef": "pkg:pypi/litellm-proxy-extras@0.4.33" }, "Version": "0.4.33", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/litellm_proxy_extras-0.4.33.dist-info/METADATA", "Digest": "sha1:e3345bfde106b7da15d79db8f0e1a93017f918dd" }, { "ID": "llm-sandbox@0.3.31", "Name": "llm-sandbox", "Identifier": { "PURL": "pkg:pypi/llm-sandbox@0.3.31", "UID": "899ce145efb180b4", "BOMRef": "pkg:pypi/llm-sandbox@0.3.31" }, "Version": "0.3.31", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/llm_sandbox-0.3.31.dist-info/METADATA", "Digest": "sha1:85bb0474aad9559dff054282fdd4b29a4f92a80e" }, { "ID": "mangum@0.17.0", "Name": "mangum", "Identifier": { "PURL": "pkg:pypi/mangum@0.17.0", "UID": "273f337384d48ae3", "BOMRef": "pkg:pypi/mangum@0.17.0" }, "Version": "0.17.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/mangum-0.17.0.dist-info/METADATA", "Digest": "sha1:0957be909988180dffafaf9c6ef2301be9a0739b" }, { "ID": "markdown-it-py@4.0.0", "Name": "markdown-it-py", "Identifier": { "PURL": "pkg:pypi/markdown-it-py@4.0.0", "UID": "73c05da0030b9296", "BOMRef": "pkg:pypi/markdown-it-py@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/markdown_it_py-4.0.0.dist-info/METADATA", "Digest": "sha1:0cee543cadd1bdc67e8d1acd6fae8cc419523f4c" }, { "ID": "mcp@1.25.0", "Name": "mcp", "Identifier": { "PURL": "pkg:pypi/mcp@1.25.0", "UID": "aef5c2f05cce7496", "BOMRef": "pkg:pypi/mcp@1.25.0" }, "Version": "1.25.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/mcp-1.25.0.dist-info/METADATA", "Digest": "sha1:c86fd9fb3b07f6b9cb4a3ade6abcc16c1c763399" }, { "ID": "mdurl@0.1.2", "Name": "mdurl", "Identifier": { "PURL": "pkg:pypi/mdurl@0.1.2", "UID": "da149f2e41beaa7f", "BOMRef": "pkg:pypi/mdurl@0.1.2" }, "Version": "0.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/mdurl-0.1.2.dist-info/METADATA", "Digest": "sha1:cc9d84bf84be59dd90368ea2f5e3a9fae8f0f1b7" }, { "ID": "ml-dtypes@0.4.1", "Name": "ml-dtypes", "Identifier": { "PURL": "pkg:pypi/ml-dtypes@0.4.1", "UID": "b58731781bb7c1d9", "BOMRef": "pkg:pypi/ml-dtypes@0.4.1" }, "Version": "0.4.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/ml_dtypes-0.4.1.dist-info/METADATA", "Digest": "sha1:28e53cadb8495b4a770c99d9392b1c79a14f4c8d" }, { "ID": "more-itertools@10.8.0", "Name": "more-itertools", "Identifier": { "PURL": "pkg:pypi/more-itertools@10.8.0", "UID": "e9b0b86952981d6f", "BOMRef": "pkg:pypi/more-itertools@10.8.0" }, "Version": "10.8.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/more_itertools-10.8.0.dist-info/METADATA", "Digest": "sha1:55aef894a0f39f280471306f0c5ecf3730ff5863" }, { "ID": "msal@1.34.0", "Name": "msal", "Identifier": { "PURL": "pkg:pypi/msal@1.34.0", "UID": "94210c794feb0f95", "BOMRef": "pkg:pypi/msal@1.34.0" }, "Version": "1.34.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/msal-1.34.0.dist-info/METADATA", "Digest": "sha1:9992cd494a1c8486b1a65e94cb1998d2ef320093" }, { "ID": "msal-extensions@1.3.1", "Name": "msal-extensions", "Identifier": { "PURL": "pkg:pypi/msal-extensions@1.3.1", "UID": "d3ac8c0aa9363594", "BOMRef": "pkg:pypi/msal-extensions@1.3.1" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/msal_extensions-1.3.1.dist-info/METADATA", "Digest": "sha1:41015e491016a80539109491a22adb22f7c7dddd" }, { "ID": "multidict@6.7.1", "Name": "multidict", "Identifier": { "PURL": "pkg:pypi/multidict@6.7.1", "UID": "216024f336c02b66", "BOMRef": "pkg:pypi/multidict@6.7.1" }, "Version": "6.7.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/multidict-6.7.1.dist-info/METADATA", "Digest": "sha1:216b572c03dd786e9e08cb0ed5e833a9ec0fd494" }, { "ID": "nodeenv@1.10.0", "Name": "nodeenv", "Identifier": { "PURL": "pkg:pypi/nodeenv@1.10.0", "UID": "d0a749f19fcc0d2c", "BOMRef": "pkg:pypi/nodeenv@1.10.0" }, "Version": "1.10.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodeenv-1.10.0.dist-info/METADATA", "Digest": "sha1:1b29a746e209117735cc705714358dbf9e858eb4" }, { "ID": "nodejs-wheel-binaries@24.12.0", "Name": "nodejs-wheel-binaries", "Identifier": { "PURL": "pkg:pypi/nodejs-wheel-binaries@24.12.0", "UID": "e93cf8f15a440971", "BOMRef": "pkg:pypi/nodejs-wheel-binaries@24.12.0" }, "Version": "24.12.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel_binaries-24.12.0.dist-info/METADATA", "Digest": "sha1:8a102cd330d17e7e42361b3326da94281c9b8427" }, { "ID": "numpy@2.4.2", "Name": "numpy", "Identifier": { "PURL": "pkg:pypi/numpy@2.4.2", "UID": "b342d8488fe7ce1", "BOMRef": "pkg:pypi/numpy@2.4.2" }, "Version": "2.4.2", "Licenses": [ "BSD-3-Clause AND 0BSD AND MIT AND Zlib AND CC0-1.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/numpy-2.4.2.dist-info/METADATA", "Digest": "sha1:f78437e3f7066f0441d6e9a7c34ce6f6a66871a5" }, { "ID": "oauthlib@3.3.1", "Name": "oauthlib", "Identifier": { "PURL": "pkg:pypi/oauthlib@3.3.1", "UID": "ef27077cac7b8bdf", "BOMRef": "pkg:pypi/oauthlib@3.3.1" }, "Version": "3.3.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/oauthlib-3.3.1.dist-info/METADATA", "Digest": "sha1:9ba5229bceb66742065501d44c4e07f8b401d4c8" }, { "ID": "openai@2.9.0", "Name": "openai", "Identifier": { "PURL": "pkg:pypi/openai@2.9.0", "UID": "348e7ce87bfe57df", "BOMRef": "pkg:pypi/openai@2.9.0" }, "Version": "2.9.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/openai-2.9.0.dist-info/METADATA", "Digest": "sha1:3a50a52d05f9d1a9114c73731816df78928764c0" }, { "ID": "openapi-core@0.21.0", "Name": "openapi-core", "Identifier": { "PURL": "pkg:pypi/openapi-core@0.21.0", "UID": "86fbfbb14593ca93", "BOMRef": "pkg:pypi/openapi-core@0.21.0" }, "Version": "0.21.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/openapi_core-0.21.0.dist-info/METADATA", "Digest": "sha1:23d2501e93de078ce5136cd7b4e20a7463c210f4" }, { "ID": "openapi-schema-validator@0.6.3", "Name": "openapi-schema-validator", "Identifier": { "PURL": "pkg:pypi/openapi-schema-validator@0.6.3", "UID": "261e5c2487e95da9", "BOMRef": "pkg:pypi/openapi-schema-validator@0.6.3" }, "Version": "0.6.3", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/openapi_schema_validator-0.6.3.dist-info/METADATA", "Digest": "sha1:94ac2dfdccefaac1f8f6efc0ce4e4713274af79f" }, { "ID": "openapi-spec-validator@0.7.2", "Name": "openapi-spec-validator", "Identifier": { "PURL": "pkg:pypi/openapi-spec-validator@0.7.2", "UID": "324d189e608a4588", "BOMRef": "pkg:pypi/openapi-spec-validator@0.7.2" }, "Version": "0.7.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/openapi_spec_validator-0.7.2.dist-info/METADATA", "Digest": "sha1:3b8226cdb965b31b940c1bfaba9d0b337cc0c8f8" }, { "ID": "opentelemetry-api@1.28.0", "Name": "opentelemetry-api", "Identifier": { "PURL": "pkg:pypi/opentelemetry-api@1.28.0", "UID": "afbfba3da2bc0d9a", "BOMRef": "pkg:pypi/opentelemetry-api@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_api-1.28.0.dist-info/METADATA", "Digest": "sha1:fa7a37347c7a77b570878666db0821d85e58a470" }, { "ID": "opentelemetry-exporter-otlp@1.28.0", "Name": "opentelemetry-exporter-otlp", "Identifier": { "PURL": "pkg:pypi/opentelemetry-exporter-otlp@1.28.0", "UID": "b9ba73bad8a3eed2", "BOMRef": "pkg:pypi/opentelemetry-exporter-otlp@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_exporter_otlp-1.28.0.dist-info/METADATA", "Digest": "sha1:02d9d528c93b4a483c217803ff2b5b14dff509ef" }, { "ID": "opentelemetry-exporter-otlp-proto-common@1.28.0", "Name": "opentelemetry-exporter-otlp-proto-common", "Identifier": { "PURL": "pkg:pypi/opentelemetry-exporter-otlp-proto-common@1.28.0", "UID": "51e375c5e62e36dd", "BOMRef": "pkg:pypi/opentelemetry-exporter-otlp-proto-common@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_exporter_otlp_proto_common-1.28.0.dist-info/METADATA", "Digest": "sha1:9b898d5238fd7ac09e303fb6fddbe084603de874" }, { "ID": "opentelemetry-exporter-otlp-proto-grpc@1.28.0", "Name": "opentelemetry-exporter-otlp-proto-grpc", "Identifier": { "PURL": "pkg:pypi/opentelemetry-exporter-otlp-proto-grpc@1.28.0", "UID": "a67ef72794f60903", "BOMRef": "pkg:pypi/opentelemetry-exporter-otlp-proto-grpc@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_exporter_otlp_proto_grpc-1.28.0.dist-info/METADATA", "Digest": "sha1:4d2e1a9be4c683f90b3116732d154d789efb6de5" }, { "ID": "opentelemetry-exporter-otlp-proto-http@1.28.0", "Name": "opentelemetry-exporter-otlp-proto-http", "Identifier": { "PURL": "pkg:pypi/opentelemetry-exporter-otlp-proto-http@1.28.0", "UID": "d59d0faa771d4f79", "BOMRef": "pkg:pypi/opentelemetry-exporter-otlp-proto-http@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_exporter_otlp_proto_http-1.28.0.dist-info/METADATA", "Digest": "sha1:f7029b101ac39ca429c16dfbfbd1f67d7da1e28c" }, { "ID": "opentelemetry-proto@1.28.0", "Name": "opentelemetry-proto", "Identifier": { "PURL": "pkg:pypi/opentelemetry-proto@1.28.0", "UID": "94e8c97e212ebfdc", "BOMRef": "pkg:pypi/opentelemetry-proto@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_proto-1.28.0.dist-info/METADATA", "Digest": "sha1:2f4cc88e72c49fd14c43d3160427ec7631e420ba" }, { "ID": "opentelemetry-sdk@1.28.0", "Name": "opentelemetry-sdk", "Identifier": { "PURL": "pkg:pypi/opentelemetry-sdk@1.28.0", "UID": "986e2fcc314b0ff5", "BOMRef": "pkg:pypi/opentelemetry-sdk@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_sdk-1.28.0.dist-info/METADATA", "Digest": "sha1:ff78308a4de96861a2b9afbecc1745376f09d82b" }, { "ID": "opentelemetry-semantic-conventions@0.49b0", "Name": "opentelemetry-semantic-conventions", "Identifier": { "PURL": "pkg:pypi/opentelemetry-semantic-conventions@0.49b0", "UID": "226ce02c78a38c76", "BOMRef": "pkg:pypi/opentelemetry-semantic-conventions@0.49b0" }, "Version": "0.49b0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_semantic_conventions-0.49b0.dist-info/METADATA", "Digest": "sha1:2389733e201fd7a0ec508bbc2f1e32a23488c45e" }, { "ID": "orjson@3.11.2", "Name": "orjson", "Identifier": { "PURL": "pkg:pypi/orjson@3.11.2", "UID": "a47506ff65a61a6b", "BOMRef": "pkg:pypi/orjson@3.11.2" }, "Version": "3.11.2", "Licenses": [ "Apache-2.0", "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/orjson-3.11.2.dist-info/METADATA", "Digest": "sha1:3ebc8fb8aad9e39b0e3069445ed93a000af1c9a8" }, { "ID": "packaging@24.2", "Name": "packaging", "Identifier": { "PURL": "pkg:pypi/packaging@24.2", "UID": "7e8e91a0cb4fe4e8", "BOMRef": "pkg:pypi/packaging@24.2" }, "Version": "24.2", "Licenses": [ "Apache-2.0", "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/packaging-24.2.dist-info/METADATA", "Digest": "sha1:292b8d19cdc308e072817b6407cac3cb5175a060" }, { "ID": "pathable@0.4.4", "Name": "pathable", "Identifier": { "PURL": "pkg:pypi/pathable@0.4.4", "UID": "8d7cd05a98576bf8", "BOMRef": "pkg:pypi/pathable@0.4.4" }, "Version": "0.4.4", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/pathable-0.4.4.dist-info/METADATA", "Digest": "sha1:866e61605d29a563f1cdd110899065ddb5f2f482" }, { "ID": "pillow@11.0.0", "Name": "pillow", "Identifier": { "PURL": "pkg:pypi/pillow@11.0.0", "UID": "c64e6499ef20e8c0", "BOMRef": "pkg:pypi/pillow@11.0.0" }, "Version": "11.0.0", "Licenses": [ "CMU License (MIT-CMU)" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/pillow-11.0.0.dist-info/METADATA", "Digest": "sha1:e4bd88e655b298ea8862420833c05b430e6c32a8" }, { "ID": "polars@1.31.0", "Name": "polars", "Identifier": { "PURL": "pkg:pypi/polars@1.31.0", "UID": "c6e0975db0f22ac2", "BOMRef": "pkg:pypi/polars@1.31.0" }, "Version": "1.31.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/polars-1.31.0.dist-info/METADATA", "Digest": "sha1:9372c8d51ed35260721b244d0f1432df652171cf" }, { "ID": "prisma@0.11.0", "Name": "prisma", "Identifier": { "PURL": "pkg:pypi/prisma@0.11.0", "UID": "c5a28113ce1baed7", "BOMRef": "pkg:pypi/prisma@0.11.0" }, "Version": "0.11.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/prisma-0.11.0.dist-info/METADATA", "Digest": "sha1:fad8c94f4fab264e96c18a22151e04c0cdf411b0" }, { "ID": "prometheus_client@0.20.0", "Name": "prometheus_client", "Identifier": { "PURL": "pkg:pypi/prometheus-client@0.20.0", "UID": "bc0877ae17183b10", "BOMRef": "pkg:pypi/prometheus-client@0.20.0" }, "Version": "0.20.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/prometheus_client-0.20.0.dist-info/METADATA", "Digest": "sha1:ca9ab1f552aae8ed12e1084fd9c8347782cb1049" }, { "ID": "propcache@0.4.1", "Name": "propcache", "Identifier": { "PURL": "pkg:pypi/propcache@0.4.1", "UID": "edf304ac8682b2fc", "BOMRef": "pkg:pypi/propcache@0.4.1" }, "Version": "0.4.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/propcache-0.4.1.dist-info/METADATA", "Digest": "sha1:9b2af7eeab4bcb9bad4ba6d407baa00869b8168c" }, { "ID": "proto-plus@1.27.1", "Name": "proto-plus", "Identifier": { "PURL": "pkg:pypi/proto-plus@1.27.1", "UID": "f0fbeb8286e00f03", "BOMRef": "pkg:pypi/proto-plus@1.27.1" }, "Version": "1.27.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/proto_plus-1.27.1.dist-info/METADATA", "Digest": "sha1:f256867207ef1543010030633cf2f7669c66591c" }, { "ID": "protobuf@5.29.6", "Name": "protobuf", "Identifier": { "PURL": "pkg:pypi/protobuf@5.29.6", "UID": "22aca4945206115d", "BOMRef": "pkg:pypi/protobuf@5.29.6" }, "Version": "5.29.6", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/protobuf-5.29.6.dist-info/METADATA", "Digest": "sha1:f6ba7e2f92bfad0493f3bdc530ecf2398f28d411" }, { "ID": "pyasn1@0.6.2", "Name": "pyasn1", "Identifier": { "PURL": "pkg:pypi/pyasn1@0.6.2", "UID": "eff086ad5fdbab24", "BOMRef": "pkg:pypi/pyasn1@0.6.2" }, "Version": "0.6.2", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/pyasn1-0.6.2.dist-info/METADATA", "Digest": "sha1:9e49d4b851f49962151f61b10a5d9c65e5b8eade" }, { "ID": "pyasn1_modules@0.4.2", "Name": "pyasn1_modules", "Identifier": { "PURL": "pkg:pypi/pyasn1-modules@0.4.2", "UID": "67d120dab28f1d74", "BOMRef": "pkg:pypi/pyasn1-modules@0.4.2" }, "Version": "0.4.2", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/pyasn1_modules-0.4.2.dist-info/METADATA", "Digest": "sha1:ff67c376a06e456e4caa8a256505a2298f5e7141" }, { "ID": "pycparser@3.0", "Name": "pycparser", "Identifier": { "PURL": "pkg:pypi/pycparser@3.0", "UID": "6e69824810a6c028", "BOMRef": "pkg:pypi/pycparser@3.0" }, "Version": "3.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/pycparser-3.0.dist-info/METADATA", "Digest": "sha1:ec46323dcd4dd2f7742b74b09cc0b030e330e46f" }, { "ID": "pydantic@2.12.5", "Name": "pydantic", "Identifier": { "PURL": "pkg:pypi/pydantic@2.12.5", "UID": "75a1ae35c2e83b15", "BOMRef": "pkg:pypi/pydantic@2.12.5" }, "Version": "2.12.5", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/pydantic-2.12.5.dist-info/METADATA", "Digest": "sha1:83683052da3c86191d3ce41d60fa7f9780cf0478" }, { "ID": "pydantic-settings@2.12.0", "Name": "pydantic-settings", "Identifier": { "PURL": "pkg:pypi/pydantic-settings@2.12.0", "UID": "8767848a2d89812b", "BOMRef": "pkg:pypi/pydantic-settings@2.12.0" }, "Version": "2.12.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/pydantic_settings-2.12.0.dist-info/METADATA", "Digest": "sha1:ba04c497953381f175356d81ca3aed5353a74ffe" }, { "ID": "pydantic_core@2.41.5", "Name": "pydantic_core", "Identifier": { "PURL": "pkg:pypi/pydantic-core@2.41.5", "UID": "3fa4c55a5cf9817c", "BOMRef": "pkg:pypi/pydantic-core@2.41.5" }, "Version": "2.41.5", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/pydantic_core-2.41.5.dist-info/METADATA", "Digest": "sha1:07d49fc75e0fd822fcc2719c0bbece0049fba67a" }, { "ID": "pypdf@6.7.0", "Name": "pypdf", "Identifier": { "PURL": "pkg:pypi/pypdf@6.7.0", "UID": "101d44693a691192", "BOMRef": "pkg:pypi/pypdf@6.7.0" }, "Version": "6.7.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/pypdf-6.7.0.dist-info/METADATA", "Digest": "sha1:7ff7193e3dab28285f8fbee15a8d1b23aa3b9006" }, { "ID": "python-dateutil@2.9.0.post0", "Name": "python-dateutil", "Identifier": { "PURL": "pkg:pypi/python-dateutil@2.9.0.post0", "UID": "888e91c944d662b7", "BOMRef": "pkg:pypi/python-dateutil@2.9.0.post0" }, "Version": "2.9.0.post0", "Licenses": [ "BSD-3-Clause", "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/python_dateutil-2.9.0.post0.dist-info/METADATA", "Digest": "sha1:7a3c35abd86cd96034d5afb0d4b241dc9e13e6f8" }, { "ID": "python-dotenv@1.0.1", "Name": "python-dotenv", "Identifier": { "PURL": "pkg:pypi/python-dotenv@1.0.1", "UID": "3cad67cf8fa572a0", "BOMRef": "pkg:pypi/python-dotenv@1.0.1" }, "Version": "1.0.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/python_dotenv-1.0.1.dist-info/METADATA", "Digest": "sha1:e0a2e23c662b53538eed76a837fb7ecc9327df7e" }, { "ID": "python-multipart@0.0.22", "Name": "python-multipart", "Identifier": { "PURL": "pkg:pypi/python-multipart@0.0.22", "UID": "fc0bc42cd8d49efe", "BOMRef": "pkg:pypi/python-multipart@0.0.22" }, "Version": "0.0.22", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/python_multipart-0.0.22.dist-info/METADATA", "Digest": "sha1:f8bfd84700d227e7438d2377ff7c8585ac4e11cd" }, { "ID": "python-ulid@3.1.0", "Name": "python-ulid", "Identifier": { "PURL": "pkg:pypi/python-ulid@3.1.0", "UID": "d985d822474f6d52", "BOMRef": "pkg:pypi/python-ulid@3.1.0" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/python_ulid-3.1.0.dist-info/METADATA", "Digest": "sha1:4c8b8c9ccc57da11803c277c04fd19bccf8bbe4d" }, { "ID": "pytz@2025.2", "Name": "pytz", "Identifier": { "PURL": "pkg:pypi/pytz@2025.2", "UID": "f356e03f1bdb71d4", "BOMRef": "pkg:pypi/pytz@2025.2" }, "Version": "2025.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/pytz-2025.2.dist-info/METADATA", "Digest": "sha1:db28b063c13ef94fa0f89b36bdc6d66776fe5bd5" }, { "ID": "redis@5.2.1", "Name": "redis", "Identifier": { "PURL": "pkg:pypi/redis@5.2.1", "UID": "f7c0f28ddee9a59", "BOMRef": "pkg:pypi/redis@5.2.1" }, "Version": "5.2.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/redis-5.2.1.dist-info/METADATA", "Digest": "sha1:27194d5ec4e7a9cda79f44d14513c056aff7d483" }, { "ID": "redisvl@0.4.1", "Name": "redisvl", "Identifier": { "PURL": "pkg:pypi/redisvl@0.4.1", "UID": "ba6a3dea6dcf33d7", "BOMRef": "pkg:pypi/redisvl@0.4.1" }, "Version": "0.4.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/redisvl-0.4.1.dist-info/METADATA", "Digest": "sha1:5907c76977fda13f87074bb069abf46d89f26435" }, { "ID": "referencing@0.36.2", "Name": "referencing", "Identifier": { "PURL": "pkg:pypi/referencing@0.36.2", "UID": "7a277851d34acae9", "BOMRef": "pkg:pypi/referencing@0.36.2" }, "Version": "0.36.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/referencing-0.36.2.dist-info/METADATA", "Digest": "sha1:cf1208e207b8130e0abf63be5c1dac8598fb4049" }, { "ID": "regex@2026.1.15", "Name": "regex", "Identifier": { "PURL": "pkg:pypi/regex@2026.1.15", "UID": "638fbdc614d891f1", "BOMRef": "pkg:pypi/regex@2026.1.15" }, "Version": "2026.1.15", "Licenses": [ "Apache-2.0 AND CNRI-Python" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/regex-2026.1.15.dist-info/METADATA", "Digest": "sha1:e600d879b2f5d27130a57d94ce05664a56098705" }, { "ID": "requests@2.32.5", "Name": "requests", "Identifier": { "PURL": "pkg:pypi/requests@2.32.5", "UID": "e60ae7ff0e03ad61", "BOMRef": "pkg:pypi/requests@2.32.5" }, "Version": "2.32.5", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/requests-2.32.5.dist-info/METADATA", "Digest": "sha1:ca17920e69f3c7103322151275139cf487e4da08" }, { "ID": "requests-toolbelt@1.0.0", "Name": "requests-toolbelt", "Identifier": { "PURL": "pkg:pypi/requests-toolbelt@1.0.0", "UID": "4ba2687e28ec7393", "BOMRef": "pkg:pypi/requests-toolbelt@1.0.0" }, "Version": "1.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:1db9351ecca7a5cd1ee41c32d5e874005c7f70b75038cb75d6dcdf9172be6bbf", "DiffID": "sha256:fbce99ae4659f714fbbc56bbeaaabe7ea7bcda5c11dde15ed62b9e7455350bb5" }, "FilePath": "usr/lib/python3.13/site-packages/requests_toolbelt-1.0.0.dist-info/METADATA", "Digest": "sha1:171fbbc84e8b7216e237b702f3fda539ffb1e487" }, { "ID": "rfc3339-validator@0.1.4", "Name": "rfc3339-validator", "Identifier": { "PURL": "pkg:pypi/rfc3339-validator@0.1.4", "UID": "e85cc7f95e9ea727", "BOMRef": "pkg:pypi/rfc3339-validator@0.1.4" }, "Version": "0.1.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/rfc3339_validator-0.1.4.dist-info/METADATA", "Digest": "sha1:b8cc2c804bf4cb64b4573a802305f3d0dc7e9a91" }, { "ID": "rich@13.7.1", "Name": "rich", "Identifier": { "PURL": "pkg:pypi/rich@13.7.1", "UID": "f0d39d387adaf5a3", "BOMRef": "pkg:pypi/rich@13.7.1" }, "Version": "13.7.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/rich-13.7.1.dist-info/METADATA", "Digest": "sha1:bf3cca748ddf06213ddb6911d0b2d437f202533b" }, { "ID": "rpds-py@0.30.0", "Name": "rpds-py", "Identifier": { "PURL": "pkg:pypi/rpds-py@0.30.0", "UID": "3da9327dee259bdc", "BOMRef": "pkg:pypi/rpds-py@0.30.0" }, "Version": "0.30.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/rpds_py-0.30.0.dist-info/METADATA", "Digest": "sha1:9eef46c842a0ca6229680d7bfc1272958efdcc5a" }, { "ID": "rsa@4.9.1", "Name": "rsa", "Identifier": { "PURL": "pkg:pypi/rsa@4.9.1", "UID": "ba40351b07b70ef4", "BOMRef": "pkg:pypi/rsa@4.9.1" }, "Version": "4.9.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/rsa-4.9.1.dist-info/METADATA", "Digest": "sha1:a2f68fc042a03952873edfefafda03c04787a56f" }, { "ID": "s3transfer@0.14.0", "Name": "s3transfer", "Identifier": { "PURL": "pkg:pypi/s3transfer@0.14.0", "UID": "39b6950f5190318f", "BOMRef": "pkg:pypi/s3transfer@0.14.0" }, "Version": "0.14.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/s3transfer-0.14.0.dist-info/METADATA", "Digest": "sha1:dd9c4cd2d179b27942830646a152d8f484ca7800" }, { "ID": "semantic-router@0.1.11", "Name": "semantic-router", "Identifier": { "PURL": "pkg:pypi/semantic-router@0.1.11", "UID": "b4ca884cfddcd75f", "BOMRef": "pkg:pypi/semantic-router@0.1.11" }, "Version": "0.1.11", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:1db9351ecca7a5cd1ee41c32d5e874005c7f70b75038cb75d6dcdf9172be6bbf", "DiffID": "sha256:fbce99ae4659f714fbbc56bbeaaabe7ea7bcda5c11dde15ed62b9e7455350bb5" }, "FilePath": "usr/lib/python3.13/site-packages/semantic_router-0.1.11.dist-info/METADATA", "Digest": "sha1:7de93f4f62c6d698a4693fb0c0380fdf2d9456a3" }, { "ID": "sentry-sdk@2.21.0", "Name": "sentry-sdk", "Identifier": { "PURL": "pkg:pypi/sentry-sdk@2.21.0", "UID": "42ac135f32fb1c99", "BOMRef": "pkg:pypi/sentry-sdk@2.21.0" }, "Version": "2.21.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/sentry_sdk-2.21.0.dist-info/METADATA", "Digest": "sha1:5af3250fb5606b6a97f62d83513d6010a0d3954f" }, { "ID": "six@1.17.0", "Name": "six", "Identifier": { "PURL": "pkg:pypi/six@1.17.0", "UID": "ed4f2d1f8ea133c0", "BOMRef": "pkg:pypi/six@1.17.0" }, "Version": "1.17.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/six-1.17.0.dist-info/METADATA", "Digest": "sha1:483a26554261f6c839703c0e1183f3ef33ff97f1" }, { "ID": "sniffio@1.3.1", "Name": "sniffio", "Identifier": { "PURL": "pkg:pypi/sniffio@1.3.1", "UID": "a9c4b675ff812d46", "BOMRef": "pkg:pypi/sniffio@1.3.1" }, "Version": "1.3.1", "Licenses": [ "MIT", "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/sniffio-1.3.1.dist-info/METADATA", "Digest": "sha1:bc1d7aead770fe23c8d22666b84558edb3686da3" }, { "ID": "soundfile@0.12.1", "Name": "soundfile", "Identifier": { "PURL": "pkg:pypi/soundfile@0.12.1", "UID": "266919980f15f80d", "BOMRef": "pkg:pypi/soundfile@0.12.1" }, "Version": "0.12.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/soundfile-0.12.1.dist-info/METADATA", "Digest": "sha1:b5ce3ad2ef849be1c4195d05ca730e0f7905e90b" }, { "ID": "sse-starlette@3.2.0", "Name": "sse-starlette", "Identifier": { "PURL": "pkg:pypi/sse-starlette@3.2.0", "UID": "29781cf614c622cd", "BOMRef": "pkg:pypi/sse-starlette@3.2.0" }, "Version": "3.2.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/sse_starlette-3.2.0.dist-info/METADATA", "Digest": "sha1:8a6175cd01d1e84f937287b9a9b0879cda2952f8" }, { "ID": "starlette@0.49.1", "Name": "starlette", "Identifier": { "PURL": "pkg:pypi/starlette@0.49.1", "UID": "887f82f300e25e38", "BOMRef": "pkg:pypi/starlette@0.49.1" }, "Version": "0.49.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/starlette-0.49.1.dist-info/METADATA", "Digest": "sha1:d2dc5927de72d847252d292615f15065928238dc" }, { "ID": "tabulate@0.9.0", "Name": "tabulate", "Identifier": { "PURL": "pkg:pypi/tabulate@0.9.0", "UID": "86e26241e3a3b879", "BOMRef": "pkg:pypi/tabulate@0.9.0" }, "Version": "0.9.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/tabulate-0.9.0.dist-info/METADATA", "Digest": "sha1:046f2344c8bedde41b94133c1322ae928e80e738" }, { "ID": "tenacity@8.5.0", "Name": "tenacity", "Identifier": { "PURL": "pkg:pypi/tenacity@8.5.0", "UID": "bb20a5bd25accd39", "BOMRef": "pkg:pypi/tenacity@8.5.0" }, "Version": "8.5.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/tenacity-8.5.0.dist-info/METADATA", "Digest": "sha1:67c962294c30afecad8066ac633a11bd658c5148" }, { "ID": "tiktoken@0.8.0", "Name": "tiktoken", "Identifier": { "PURL": "pkg:pypi/tiktoken@0.8.0", "UID": "4df6ab04fb6bf545", "BOMRef": "pkg:pypi/tiktoken@0.8.0" }, "Version": "0.8.0", "Licenses": [ "MIT License Copyright (c) 2022 OpenAI, Shantanu Jain Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/tiktoken-0.8.0.dist-info/METADATA", "Digest": "sha1:9d84201eb7fb511e2757fbd00150263ff31577b8" }, { "ID": "tokenizers@0.20.2", "Name": "tokenizers", "Identifier": { "PURL": "pkg:pypi/tokenizers@0.20.2", "UID": "81df555d5fd8a534", "BOMRef": "pkg:pypi/tokenizers@0.20.2" }, "Version": "0.20.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/tokenizers-0.20.2.dist-info/METADATA", "Digest": "sha1:86c509fc1d122a9bba1c089e9d38ddd1c56d64cd" }, { "ID": "tomlkit@0.14.0", "Name": "tomlkit", "Identifier": { "PURL": "pkg:pypi/tomlkit@0.14.0", "UID": "e72435fe4b48cec", "BOMRef": "pkg:pypi/tomlkit@0.14.0" }, "Version": "0.14.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/tomlkit-0.14.0.dist-info/METADATA", "Digest": "sha1:7887d40449d9684788cfb76faacc540c0769cac8" }, { "ID": "tornado@6.5.4", "Name": "tornado", "Identifier": { "PURL": "pkg:pypi/tornado@6.5.4", "UID": "8d3b31350eeeb7d2", "BOMRef": "pkg:pypi/tornado@6.5.4" }, "Version": "6.5.4", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:1db9351ecca7a5cd1ee41c32d5e874005c7f70b75038cb75d6dcdf9172be6bbf", "DiffID": "sha256:fbce99ae4659f714fbbc56bbeaaabe7ea7bcda5c11dde15ed62b9e7455350bb5" }, "FilePath": "usr/lib/python3.13/site-packages/tornado-6.5.4.dist-info/METADATA", "Digest": "sha1:a1e2393e5aa6c6bd7c26bfb9b68a31771d14a790" }, { "ID": "tqdm@4.67.3", "Name": "tqdm", "Identifier": { "PURL": "pkg:pypi/tqdm@4.67.3", "UID": "9f377c34054a9f16", "BOMRef": "pkg:pypi/tqdm@4.67.3" }, "Version": "4.67.3", "Licenses": [ "MPL-2.0 AND MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/tqdm-4.67.3.dist-info/METADATA", "Digest": "sha1:0135af1981d2b0f1326020f991192d869693b873" }, { "ID": "typing-inspection@0.4.2", "Name": "typing-inspection", "Identifier": { "PURL": "pkg:pypi/typing-inspection@0.4.2", "UID": "e036eb16a552ccae", "BOMRef": "pkg:pypi/typing-inspection@0.4.2" }, "Version": "0.4.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/typing_inspection-0.4.2.dist-info/METADATA", "Digest": "sha1:455fdb9c8e246ba02c2a28655287401b62028b60" }, { "ID": "typing_extensions@4.15.0", "Name": "typing_extensions", "Identifier": { "PURL": "pkg:pypi/typing-extensions@4.15.0", "UID": "53ee3d137b0f7203", "BOMRef": "pkg:pypi/typing-extensions@4.15.0" }, "Version": "4.15.0", "Licenses": [ "PSF-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/typing_extensions-4.15.0.dist-info/METADATA", "Digest": "sha1:c5c2ce18351f8f2ae0f4a6f7c84c523f342010ee" }, { "ID": "tzdata@2025.1", "Name": "tzdata", "Identifier": { "PURL": "pkg:pypi/tzdata@2025.1", "UID": "89957dfe69a6c840", "BOMRef": "pkg:pypi/tzdata@2025.1" }, "Version": "2025.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/tzdata-2025.1.dist-info/METADATA", "Digest": "sha1:6e57a2a6ed74712dd41842370b1c12bb8446d4b1" }, { "ID": "tzlocal@5.3.1", "Name": "tzlocal", "Identifier": { "PURL": "pkg:pypi/tzlocal@5.3.1", "UID": "4ea96bc47a482cdd", "BOMRef": "pkg:pypi/tzlocal@5.3.1" }, "Version": "5.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/tzlocal-5.3.1.dist-info/METADATA", "Digest": "sha1:fa463c4a745ae9f56544484fb7724eb107786eb4" }, { "ID": "urllib3@2.6.3", "Name": "urllib3", "Identifier": { "PURL": "pkg:pypi/urllib3@2.6.3", "UID": "f872feda31c3eb34", "BOMRef": "pkg:pypi/urllib3@2.6.3" }, "Version": "2.6.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/urllib3-2.6.3.dist-info/METADATA", "Digest": "sha1:8e2cd7246c7dce09d4590affab6060ec527397c1" }, { "ID": "uvicorn@0.31.1", "Name": "uvicorn", "Identifier": { "PURL": "pkg:pypi/uvicorn@0.31.1", "UID": "463d5274f7a8e40c", "BOMRef": "pkg:pypi/uvicorn@0.31.1" }, "Version": "0.31.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/uvicorn-0.31.1.dist-info/METADATA", "Digest": "sha1:d229686a1d0f8b25bbb3ca0ab3b5519a37abc2b2" }, { "ID": "uvloop@0.21.0", "Name": "uvloop", "Identifier": { "PURL": "pkg:pypi/uvloop@0.21.0", "UID": "6cac7d117009a06a", "BOMRef": "pkg:pypi/uvloop@0.21.0" }, "Version": "0.21.0", "Licenses": [ "Apache-2.0", "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/uvloop-0.21.0.dist-info/METADATA", "Digest": "sha1:eecfee7932b6d8397d72414b9a42e8b34c4dcbe7" }, { "ID": "websockets@15.0.1", "Name": "websockets", "Identifier": { "PURL": "pkg:pypi/websockets@15.0.1", "UID": "baef77691ff46b20", "BOMRef": "pkg:pypi/websockets@15.0.1" }, "Version": "15.0.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/websockets-15.0.1.dist-info/METADATA", "Digest": "sha1:7bcef50b72ed117258a503c68d7f5dd194872067" }, { "ID": "wrapt@1.17.3", "Name": "wrapt", "Identifier": { "PURL": "pkg:pypi/wrapt@1.17.3", "UID": "282c77894d843c8", "BOMRef": "pkg:pypi/wrapt@1.17.3" }, "Version": "1.17.3", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/wrapt-1.17.3.dist-info/METADATA", "Digest": "sha1:dbb2682fa0ce1b88bad298721b69b9263a689653" }, { "ID": "xmltodict@1.0.2", "Name": "xmltodict", "Identifier": { "PURL": "pkg:pypi/xmltodict@1.0.2", "UID": "3337b00971c24c02", "BOMRef": "pkg:pypi/xmltodict@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/xmltodict-1.0.2.dist-info/METADATA", "Digest": "sha1:12598af0f119ea10de66172e206d3394d7652bfd" }, { "ID": "yarl@1.22.0", "Name": "yarl", "Identifier": { "PURL": "pkg:pypi/yarl@1.22.0", "UID": "96e8ffc61d3bcdf8", "BOMRef": "pkg:pypi/yarl@1.22.0" }, "Version": "1.22.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/yarl-1.22.0.dist-info/METADATA", "Digest": "sha1:f41ac3bd0464e5ad45fa596ed3de6fc69d98568d" }, { "ID": "zipp@3.23.0", "Name": "zipp", "Identifier": { "PURL": "pkg:pypi/zipp@3.23.0", "UID": "f3c9594d342dad2b", "BOMRef": "pkg:pypi/zipp@3.23.0" }, "Version": "3.23.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "FilePath": "usr/lib/python3.13/site-packages/zipp-3.23.0.dist-info/METADATA", "Digest": "sha1:d7974cc6cd5ace30ae2bf7e89ed458fc7e46a194" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-32597", "VendorIDs": [ "GHSA-752w-5fwx-jx9f" ], "PkgID": "PyJWT@2.10.1", "PkgName": "PyJWT", "PkgPath": "usr/lib/python3.13/site-packages/PyJWT-2.10.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pyjwt@2.10.1", "UID": "a3d705bb95a4d866", "BOMRef": "pkg:pypi/pyjwt@2.10.1" }, "InstalledVersion": "2.10.1", "FixedVersion": "2.12.0", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32597", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:323bb010b2576f5d379e9c36fddf2b61e386778045670c235e9b108a63b1dd14", "Title": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)", "Description": "PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.", "Severity": "HIGH", "CweIDs": [ "CWE-345", "CWE-863" ], "VendorSeverity": { "amazon": 2, "ghsa": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32597", "https://github.com/jpadilla/pyjwt", "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f", "https://nvd.nist.gov/vuln/detail/CVE-2026-32597", "https://ubuntu.com/security/notices/USN-8133-1", "https://www.cve.org/CVERecord?id=CVE-2026-32597" ], "PublishedDate": "2026-03-13T19:55:09.5Z", "LastModifiedDate": "2026-03-19T13:30:29.217Z" }, { "VulnerabilityID": "CVE-2026-4539", "VendorIDs": [ "GHSA-5239-wwwm-4pmq" ], "PkgID": "Pygments@2.19.2", "PkgName": "Pygments", "PkgPath": "usr/lib/python3.13/site-packages/pygments-2.19.2.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pygments@2.19.2", "UID": "b5451dfdabdc4d82", "BOMRef": "pkg:pypi/pygments@2.19.2" }, "InstalledVersion": "2.19.2", "FixedVersion": "2.20.0", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4539", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:ebde05e4d8dcd73a17075046f3361dd78663645fafd33c8dceda93495fbf43d3", "Title": "pygments: Pygments: Denial of Service via inefficient regular expression processing in AdlLexer", "Description": "A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", "Severity": "LOW", "CweIDs": [ "CWE-400", "CWE-1333" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "V3Score": 3.3, "V40Score": 1.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4539", "https://github.com/pygments/pygments", "https://github.com/pygments/pygments/", "https://github.com/pygments/pygments/commit/24b8aa76c6cd6d70f39c6dd605cce319c98e2ccc", "https://github.com/pygments/pygments/issues/3058", "https://github.com/pygments/pygments/pull/3064", "https://github.com/pygments/pygments/releases/tag/2.20.0", "https://nvd.nist.gov/vuln/detail/CVE-2026-4539", "https://vuldb.com/?ctiid.352327", "https://vuldb.com/?id.352327", "https://vuldb.com/?submit.774685", "https://www.cve.org/CVERecord?id=CVE-2026-4539" ], "PublishedDate": "2026-03-22T06:16:20.913Z", "LastModifiedDate": "2026-03-23T14:31:37.267Z" }, { "VulnerabilityID": "CVE-2026-27199", "VendorIDs": [ "GHSA-29vq-49wr-vm6x" ], "PkgID": "Werkzeug@3.1.5", "PkgName": "Werkzeug", "PkgPath": "usr/lib/python3.13/site-packages/werkzeug-3.1.5.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/werkzeug@3.1.5", "UID": "93cedc28da112b30", "BOMRef": "pkg:pypi/werkzeug@3.1.5" }, "InstalledVersion": "3.1.5", "FixedVersion": "3.1.6", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27199", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:b74093257aea6d80fffd3b934cf4c8a45ed926648e9620a2b9f1051e92cbc088", "Title": " Werkzeug safe_join() allows Windows special device names", "Description": "Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safe_join function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that safe_join accepts paths with multiple segments, such as example/NUL. The function send_from_directory uses safe_join to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely. This issue has been fixed in version 3.1.6.", "Severity": "MEDIUM", "CweIDs": [ "CWE-67" ], "VendorSeverity": { "ghsa": 2, "nvd": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://github.com/pallets/werkzeug", "https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d", "https://github.com/pallets/werkzeug/releases/tag/3.1.6", "https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x", "https://nvd.nist.gov/vuln/detail/CVE-2026-27199" ], "PublishedDate": "2026-02-21T06:17:00.71Z", "LastModifiedDate": "2026-03-03T17:30:17.783Z" }, { "VulnerabilityID": "CVE-2026-22815", "VendorIDs": [ "GHSA-w2fm-2cpv-w7v5" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "987035406bb3bcf4", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22815", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:e297cb5a8fd78db1e9ad3bb29c1a40a1df63eabccc96ee4b5deb56e6c856a4ab", "Title": "aiohttp: AIOHTTP: Denial of Service via insufficient header/trailer handling", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400", "CWE-770" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22815", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5", "https://nvd.nist.gov/vuln/detail/CVE-2026-22815", "https://www.cve.org/CVERecord?id=CVE-2026-22815" ], "PublishedDate": "2026-04-01T21:16:58.513Z", "LastModifiedDate": "2026-04-04T04:17:11.5Z" }, { "VulnerabilityID": "CVE-2026-34515", "VendorIDs": [ "GHSA-p998-jp59-783m" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "987035406bb3bcf4", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34515", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:aa0ff32af4423f451a9b5ca9ffda6e685d476c23cfcad9f23218d016963c6ee4", "Title": "aiohttp: AIOHTTP: Information disclosure via static resource handler on Windows", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-36", "CWE-918" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 6.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34515", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/0ae2aa076c84573df83fc1fdc39eec0f5862fe3d", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-p998-jp59-783m", "https://nvd.nist.gov/vuln/detail/CVE-2026-34515", "https://www.cve.org/CVERecord?id=CVE-2026-34515" ], "PublishedDate": "2026-04-01T21:16:59.57Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34516", "VendorIDs": [ "GHSA-m5qp-6w8w-w647" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "987035406bb3bcf4", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34516", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:866e8a4d5186c80beaf50090938ccce515a3aaa37fd8a0f3288f6eb882018131", "Title": "aiohttp: AIOHTTP: Denial of Service via excessive multipart headers", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", "V40Score": 6.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34516", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647", "https://nvd.nist.gov/vuln/detail/CVE-2026-34516", "https://www.cve.org/CVERecord?id=CVE-2026-34516" ], "PublishedDate": "2026-04-01T21:16:59.723Z", "LastModifiedDate": "2026-04-04T04:17:20.147Z" }, { "VulnerabilityID": "CVE-2026-34525", "VendorIDs": [ "GHSA-c427-h43c-vf67" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "987035406bb3bcf4", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34525", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:e84f570f991af8f81da0073310141adbbe376c44e2bb855e226ffeb8826b2695", "Title": "aiohttp: aiohttp: Security bypass via multiple Host headers", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-444" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N", "V40Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34525", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/53e2e6fc58b89c6185be7820bd2c9f40216b3000", "https://github.com/aio-libs/aiohttp/commit/e00ca3cca92c465c7913c4beb763a72da9ed8349", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-c427-h43c-vf67", "https://nvd.nist.gov/vuln/detail/CVE-2026-34525", "https://www.cve.org/CVERecord?id=CVE-2026-34525" ], "PublishedDate": "2026-04-01T21:17:00.49Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34513", "VendorIDs": [ "GHSA-hcc4-c3v8-rx92" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "987035406bb3bcf4", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34513", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:96526097b9e565fbcbf5ef8c916c84641b20edb5fca07d11d43577d13d9175e1", "Title": "aiohttp: AIOHTTP: Denial of Service due to unbounded DNS cache", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34513", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92", "https://nvd.nist.gov/vuln/detail/CVE-2026-34513", "https://www.cve.org/CVERecord?id=CVE-2026-34513" ], "PublishedDate": "2026-04-01T21:16:59.267Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34514", "VendorIDs": [ "GHSA-2vrm-gr82-f7m5" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "987035406bb3bcf4", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34514", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:e702c6a7f468a334f650f8b9550cb73a6231ea5b2f4a9cfd8d21e0428e1a106a", "Title": "aiohttp: AIOHTTP: Header Injection via content_type parameter manipulation", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the content_type parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-113" ], "VendorSeverity": { "ghsa": 1, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34514", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5", "https://nvd.nist.gov/vuln/detail/CVE-2026-34514", "https://www.cve.org/CVERecord?id=CVE-2026-34514" ], "PublishedDate": "2026-04-01T21:16:59.417Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34517", "VendorIDs": [ "GHSA-3wq7-rqq7-wx6j" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "987035406bb3bcf4", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34517", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:a54f789989605bca58808a5eb74e695bddcaf31106f6193215b12e8ab415dc30", "Title": "aiohttp: AIOHTTP: Denial of Service via large multipart form fields", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking client_max_size. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34517", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/cbb774f38330563422ca0c413a71021d7b944145", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-3wq7-rqq7-wx6j", "https://nvd.nist.gov/vuln/detail/CVE-2026-34517", "https://www.cve.org/CVERecord?id=CVE-2026-34517" ], "PublishedDate": "2026-04-01T21:16:59.87Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34518", "VendorIDs": [ "GHSA-966j-vmvw-g2g9" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "987035406bb3bcf4", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34518", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:17f8068b71428244ee87fc4bd501180d108baf2d9105f003b3bb86d35173ad70", "Title": "aiohttp: AIOHTTP: Information disclosure via retained Cookie and Proxy-Authorization headers during redirects", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34518", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/5351c980dcec7ad385730efdf4e1f4338b24fdb6", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-966j-vmvw-g2g9", "https://nvd.nist.gov/vuln/detail/CVE-2026-34518", "https://www.cve.org/CVERecord?id=CVE-2026-34518" ], "PublishedDate": "2026-04-01T21:17:00.02Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34519", "VendorIDs": [ "GHSA-mwh4-6h8g-pg8w" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "987035406bb3bcf4", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34519", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:c677ff157a1bb25fab314b79823db49eca07785b4ab4ea1dd8c7d70fb78e8fe3", "Title": "aiohttp: aiohttp: Header injection vulnerability via reason parameter", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-113" ], "VendorSeverity": { "ghsa": 1, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34519", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w", "https://nvd.nist.gov/vuln/detail/CVE-2026-34519", "https://www.cve.org/CVERecord?id=CVE-2026-34519" ], "PublishedDate": "2026-04-01T21:17:00.17Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34520", "VendorIDs": [ "GHSA-63hf-3vf5-4wqf" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "987035406bb3bcf4", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34520", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:0770c420fed18efd646b9b1025c31ad6b249ef4b7310b4e44012f102049b74b9", "Title": "aiohttp: AIOHTTP: Header injection vulnerability due to improper character handling", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-113" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34520", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/9370b9714a7a56003cacd31a9b4ae16eab109ba4", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hf-3vf5-4wqf", "https://nvd.nist.gov/vuln/detail/CVE-2026-34520", "https://www.cve.org/CVERecord?id=CVE-2026-34520" ], "PublishedDate": "2026-04-01T21:17:00.333Z", "LastModifiedDate": "2026-04-04T04:17:20.773Z" }, { "VulnerabilityID": "CVE-2026-26007", "VendorIDs": [ "GHSA-r6ph-v2qm-q3c2" ], "PkgID": "cryptography@44.0.1", "PkgName": "cryptography", "PkgPath": "usr/lib/python3.13/site-packages/cryptography-44.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/cryptography@44.0.1", "UID": "c0505e1e65e62fd1", "BOMRef": "pkg:pypi/cryptography@44.0.1" }, "InstalledVersion": "44.0.1", "FixedVersion": "46.0.5", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26007", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:59598b9c8996610654c3b867f4c5eda7fe99ac2e387ebb068c981cb72d98d867", "Title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves", "Description": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. This vulnerability is fixed in 46.0.5.", "Severity": "HIGH", "CweIDs": [ "CWE-345" ], "VendorSeverity": { "azure": 3, "ghsa": 3, "nvd": 2, "redhat": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/02/10/4", "https://access.redhat.com/security/cve/CVE-2026-26007", "https://github.com/pyca/cryptography", "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c", "https://github.com/pyca/cryptography/releases/tag/46.0.5", "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2", "https://nvd.nist.gov/vuln/detail/CVE-2026-26007", "https://ubuntu.com/security/notices/USN-8087-1", "https://www.cve.org/CVERecord?id=CVE-2026-26007" ], "PublishedDate": "2026-02-10T22:17:00.307Z", "LastModifiedDate": "2026-02-23T15:40:33.787Z" }, { "VulnerabilityID": "CVE-2026-34073", "VendorIDs": [ "GHSA-m959-cc7f-wv43" ], "PkgID": "cryptography@44.0.1", "PkgName": "cryptography", "PkgPath": "usr/lib/python3.13/site-packages/cryptography-44.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/cryptography@44.0.1", "UID": "c0505e1e65e62fd1", "BOMRef": "pkg:pypi/cryptography@44.0.1" }, "InstalledVersion": "44.0.1", "FixedVersion": "46.0.6", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34073", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:226ad6022a88accfdccf5a169731bd617b5b1a38e5b2239d2c219f40d95125fb", "Title": "cryptography: python: Cryptography: Security bypass due to improper DNS name constraint validation", "Description": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the \"peer name\" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.", "Severity": "LOW", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 1.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34073", "https://github.com/pyca/cryptography", "https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43", "https://nvd.nist.gov/vuln/detail/CVE-2026-34073", "https://www.cve.org/CVERecord?id=CVE-2026-34073" ], "PublishedDate": "2026-03-31T03:15:59.123Z", "LastModifiedDate": "2026-04-01T14:24:02.583Z" }, { "VulnerabilityID": "CVE-2026-35030", "VendorIDs": [ "GHSA-jjhc-v7c2-5hh6" ], "PkgID": "litellm@1.81.9", "PkgName": "litellm", "PkgPath": "usr/lib/python3.13/site-packages/litellm-1.81.9.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/litellm@1.81.9", "UID": "e0e235c8add2b493", "BOMRef": "pkg:pypi/litellm@1.81.9" }, "InstalledVersion": "1.81.9", "FixedVersion": "1.83.0", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-35030", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:1fd38f64475f5ac65d125dc7bbf59e17c58a4b8db9c0639112379a185f40087b", "Title": "LiteLLM: Authentication bypass via OIDC userinfo cache key collision", "Description": "### Impact\n\nWhen JWT authentication is enabled (`enable_jwt_auth: true`), the OIDC userinfo cache uses `token[:20]` as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters.\n\nThis configuration option is not enabled by default. **Most instances are not affected.**\n\nAn unauthenticated attacker can craft a token whose first 20 characters match a legitimate user's cached token. On cache hit, the attacker inherits the legitimate user's identity and permissions. This affects deployments with JWT/OIDC authentication enabled.\n\n### Patches\n\nFixed in v1.83.0. The cache key now uses the full hash of the JWT token.\n\n### Workarounds\n\nDisable OIDC userinfo caching by setting the cache TTL to 0, or disable JWT authentication entirely.", "Severity": "CRITICAL", "VendorSeverity": { "ghsa": 4 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N", "V40Score": 9.4 } }, "References": [ "https://github.com/BerriAI/litellm", "https://github.com/BerriAI/litellm/security/advisories/GHSA-jjhc-v7c2-5hh6" ] }, { "VulnerabilityID": "CVE-2026-35029", "VendorIDs": [ "GHSA-53mr-6c8q-9789" ], "PkgID": "litellm@1.81.9", "PkgName": "litellm", "PkgPath": "usr/lib/python3.13/site-packages/litellm-1.81.9.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/litellm@1.81.9", "UID": "e0e235c8add2b493", "BOMRef": "pkg:pypi/litellm@1.81.9" }, "InstalledVersion": "1.81.9", "FixedVersion": "1.83.0", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-35029", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:91ce774c077e22a5f50173ee6bbb9e217fad0103b9a54b4537330d72c095d01a", "Title": "LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint", "Description": "### Impact\n\nThe `/config/update endpoint` does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to do the following:\n\n - Modify proxy configuration and environment variables\n - Register custom pass-through endpoint handlers pointing to attacker-controlled Python code, achieving remote code execution\n - Read arbitrary server files by setting UI_LOGO_PATH and fetching via /get_image\n - Take over other priveleged accounts by overwriting UI_USERNAME and UI_PASSWORD environment variables\n\n### Patches\n\nFixed in v1.83.0. The endpoint now requires `proxy_admin` role.\n\n### Workarounds\n\nRestrict API key distribution. There is no configuration-level workaround.", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N", "V40Score": 8.7 } }, "References": [ "https://github.com/BerriAI/litellm", "https://github.com/BerriAI/litellm/security/advisories/GHSA-53mr-6c8q-9789" ] }, { "VulnerabilityID": "CVE-2025-67221", "VendorIDs": [ "GHSA-hx9q-6w63-j58v" ], "PkgID": "orjson@3.11.2", "PkgName": "orjson", "PkgPath": "usr/lib/python3.13/site-packages/orjson-3.11.2.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/orjson@3.11.2", "UID": "a47506ff65a61a6b", "BOMRef": "pkg:pypi/orjson@3.11.2" }, "InstalledVersion": "3.11.2", "FixedVersion": "3.11.6", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-67221", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:cd210466de72f773215aa2ebbe00b435ba0e3408c08fde07b478d71b07d32f33", "Title": "orjson: orjson: Denial of Service due to unbounded recursion with deeply nested JSON documents", "Description": "The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P", "V40Score": 7.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-67221", "https://github.com/ijl/orjson", "https://github.com/ijl/orjson/commit/62bb185b70785ded49c79c26f8c9781f1e6fe370", "https://github.com/ijl/orjson/issues/620", "https://github.com/kpatsakis/CVE-2025-67221/issues/1", "https://github.com/kpatsakis/orjson_vulnerability", "https://nvd.nist.gov/vuln/detail/CVE-2025-67221", "https://www.cve.org/CVERecord?id=CVE-2025-67221" ], "PublishedDate": "2026-01-22T17:16:01.433Z", "LastModifiedDate": "2026-02-12T15:03:09.79Z" }, { "VulnerabilityID": "CVE-2026-25990", "VendorIDs": [ "GHSA-cfh3-3jmp-rvhc" ], "PkgID": "pillow@11.0.0", "PkgName": "pillow", "PkgPath": "usr/lib/python3.13/site-packages/pillow-11.0.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pillow@11.0.0", "UID": "c64e6499ef20e8c0", "BOMRef": "pkg:pypi/pillow@11.0.0" }, "InstalledVersion": "11.0.0", "FixedVersion": "12.1.1", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25990", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:46d7f0de8fa4e904ad55e3d74d736d68302410aca15bcf663e5490b24e1bbe96", "Title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image", "Description": "Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "ghsa": 3, "nvd": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "V40Score": 8.9 }, "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "V40Score": 8.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/02/12/1", "https://access.redhat.com/security/cve/CVE-2026-25990", "https://github.com/python-pillow/Pillow", "https://github.com/python-pillow/Pillow/commit/54ba4db542ad3c7b918812a4e2d69c27735a3199", "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa", "https://github.com/python-pillow/Pillow/pull/9427", "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc", "https://nvd.nist.gov/vuln/detail/CVE-2026-25990", "https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html", "https://ubuntu.com/security/notices/USN-8047-1", "https://www.cve.org/CVERecord?id=CVE-2026-25990" ], "PublishedDate": "2026-02-11T21:16:20.67Z", "LastModifiedDate": "2026-02-13T21:32:55.623Z" }, { "VulnerabilityID": "CVE-2026-30922", "VendorIDs": [ "GHSA-jr27-m4p2-rc6r" ], "PkgID": "pyasn1@0.6.2", "PkgName": "pyasn1", "PkgPath": "usr/lib/python3.13/site-packages/pyasn1-0.6.2.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pyasn1@0.6.2", "UID": "eff086ad5fdbab24", "BOMRef": "pkg:pypi/pyasn1@0.6.2" }, "InstalledVersion": "0.6.2", "FixedVersion": "0.6.3", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-30922", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:c8b01b67777a21a211fe112adb623397adbfa193f38a4aca319365ee454edac6", "Title": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion", "Description": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 3, "ghsa": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/20/4", "https://access.redhat.com/security/cve/CVE-2026-30922", "https://github.com/pyasn1/pyasn1", "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0", "https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8", "https://github.com/pyasn1/pyasn1/releases/tag/v0.6.3", "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r", "https://nvd.nist.gov/vuln/detail/CVE-2026-30922", "https://ubuntu.com/security/notices/USN-8129-1", "https://ubuntu.com/security/notices/USN-8134-1", "https://www.cve.org/CVERecord?id=CVE-2026-30922" ], "PublishedDate": "2026-03-18T04:17:18.397Z", "LastModifiedDate": "2026-03-21T01:17:06.36Z" }, { "VulnerabilityID": "CVE-2026-27024", "VendorIDs": [ "GHSA-996q-pr4m-cvgq" ], "PkgID": "pypdf@6.7.0", "PkgName": "pypdf", "PkgPath": "usr/lib/python3.13/site-packages/pypdf-6.7.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pypdf@6.7.0", "UID": "101d44693a691192", "BOMRef": "pkg:pypi/pypdf@6.7.0" }, "InstalledVersion": "6.7.0", "FixedVersion": "6.7.1", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27024", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:5ac928ceb680d14741d3a9fad1614be5a8e45ae80810d8b94aaf80843d577ccf", "Title": "pypdf: pypdf: Denial of Service via crafted PDF with TreeObject outlines", "Description": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in 6.7.1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 6.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27024", "https://github.com/py-pdf/pypdf", "https://github.com/py-pdf/pypdf/commit/bd2f6d052fe5941e85e37082c2a43453d48d1295", "https://github.com/py-pdf/pypdf/pull/3645", "https://github.com/py-pdf/pypdf/releases/tag/6.7.1", "https://github.com/py-pdf/pypdf/security/advisories/GHSA-996q-pr4m-cvgq", "https://nvd.nist.gov/vuln/detail/CVE-2026-27024", "https://www.cve.org/CVERecord?id=CVE-2026-27024" ], "PublishedDate": "2026-02-20T22:16:28.687Z", "LastModifiedDate": "2026-02-24T15:19:23.167Z" }, { "VulnerabilityID": "CVE-2026-27025", "VendorIDs": [ "GHSA-wgvp-vg3v-2xq3" ], "PkgID": "pypdf@6.7.0", "PkgName": "pypdf", "PkgPath": "usr/lib/python3.13/site-packages/pypdf-6.7.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pypdf@6.7.0", "UID": "101d44693a691192", "BOMRef": "pkg:pypi/pypdf@6.7.0" }, "InstalledVersion": "6.7.0", "FixedVersion": "6.7.1", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27025", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:50ddeb74e43ec4089708d806e8d65d8394fc7ea540c9f125e540281efd8d4428", "Title": "pypdf: pypdf: Denial of Service via crafted PDF with large font values", "Description": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. This vulnerability is fixed in 6.7.1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-834" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 6.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27025", "https://github.com/py-pdf/pypdf", "https://github.com/py-pdf/pypdf/commit/77d7b8d7cfbe8dd179858dfa42666f73fc6e57a2", "https://github.com/py-pdf/pypdf/pull/3646", "https://github.com/py-pdf/pypdf/releases/tag/6.7.1", "https://github.com/py-pdf/pypdf/security/advisories/GHSA-wgvp-vg3v-2xq3", "https://nvd.nist.gov/vuln/detail/CVE-2026-27025", "https://www.cve.org/CVERecord?id=CVE-2026-27025" ], "PublishedDate": "2026-02-20T22:16:28.85Z", "LastModifiedDate": "2026-02-24T15:16:48.36Z" }, { "VulnerabilityID": "CVE-2026-27026", "VendorIDs": [ "GHSA-9mvc-8737-8j8h" ], "PkgID": "pypdf@6.7.0", "PkgName": "pypdf", "PkgPath": "usr/lib/python3.13/site-packages/pypdf-6.7.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pypdf@6.7.0", "UID": "101d44693a691192", "BOMRef": "pkg:pypi/pypdf@6.7.0" }, "InstalledVersion": "6.7.0", "FixedVersion": "6.7.1", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27026", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:aaa8c28103fa18da0d96b348bd9313c263b1f3b7d5c3d87d5675fe72d29dbe46", "Title": "pypdf: pypdf: Denial of Service via malformed PDF /FlateDecode stream", "Description": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 6.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27026", "https://github.com/py-pdf/pypdf", "https://github.com/py-pdf/pypdf/commit/7905842d833f899f1d3228af7e7467ad80277016", "https://github.com/py-pdf/pypdf/pull/3644", "https://github.com/py-pdf/pypdf/releases/tag/6.7.1", "https://github.com/py-pdf/pypdf/security/advisories/GHSA-9mvc-8737-8j8h", "https://nvd.nist.gov/vuln/detail/CVE-2026-27026", "https://www.cve.org/CVERecord?id=CVE-2026-27026" ], "PublishedDate": "2026-02-20T22:16:29.023Z", "LastModifiedDate": "2026-02-24T15:13:39.513Z" }, { "VulnerabilityID": "CVE-2026-27888", "VendorIDs": [ "GHSA-x7hp-r3qg-r3cj" ], "PkgID": "pypdf@6.7.0", "PkgName": "pypdf", "PkgPath": "usr/lib/python3.13/site-packages/pypdf-6.7.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pypdf@6.7.0", "UID": "101d44693a691192", "BOMRef": "pkg:pypi/pypdf@6.7.0" }, "InstalledVersion": "6.7.0", "FixedVersion": "6.7.3", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27888", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:73433d590d1ac2f3c0aca935996765ea53e7705af035b5e69ba5fa00f0b883fe", "Title": "pypdf: pypdf: Denial of Service via crafted PDF", "Description": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader or writer and the corresponding stream being compressed using `/FlateDecode`. This has been fixed in pypdf 6.7.3. As a workaround, apply the patch manually.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", "V40Score": 6.6 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27888", "https://github.com/py-pdf/pypdf", "https://github.com/py-pdf/pypdf/commit/7a4c8246ed48d9d328fb596942271da47b6d109c", "https://github.com/py-pdf/pypdf/pull/3658", "https://github.com/py-pdf/pypdf/releases/tag/6.7.3", "https://github.com/py-pdf/pypdf/security/advisories/GHSA-x7hp-r3qg-r3cj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27888", "https://www.cve.org/CVERecord?id=CVE-2026-27888" ], "PublishedDate": "2026-02-26T01:16:25.47Z", "LastModifiedDate": "2026-02-27T17:26:35.363Z" }, { "VulnerabilityID": "CVE-2026-28351", "VendorIDs": [ "GHSA-f2v5-7jq9-h8cg" ], "PkgID": "pypdf@6.7.0", "PkgName": "pypdf", "PkgPath": "usr/lib/python3.13/site-packages/pypdf-6.7.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pypdf@6.7.0", "UID": "101d44693a691192", "BOMRef": "pkg:pypi/pypdf@6.7.0" }, "InstalledVersion": "6.7.0", "FixedVersion": "6.7.4", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28351", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:97bfd23caf341a277b8f59649288b7541a6f2be5d93a64a2fbca7c1848b4f396", "Title": "pypdf: pypdf: Denial of Service via crafted PDF with RunLengthDecode filter", "Description": "pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaround, consider applying the changes from PR #3664.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28351", "https://github.com/py-pdf/pypdf", "https://github.com/py-pdf/pypdf/commit/f309c6003746414dc7b5048c19e6d879ff2dc858", "https://github.com/py-pdf/pypdf/pull/3664", "https://github.com/py-pdf/pypdf/releases/tag/6.7.4", "https://github.com/py-pdf/pypdf/security/advisories/GHSA-f2v5-7jq9-h8cg", "https://nvd.nist.gov/vuln/detail/CVE-2026-28351", "https://www.cve.org/CVERecord?id=CVE-2026-28351" ], "PublishedDate": "2026-02-27T21:16:19.177Z", "LastModifiedDate": "2026-03-03T18:36:06.29Z" }, { "VulnerabilityID": "CVE-2026-28804", "VendorIDs": [ "GHSA-9m86-7pmv-2852" ], "PkgID": "pypdf@6.7.0", "PkgName": "pypdf", "PkgPath": "usr/lib/python3.13/site-packages/pypdf-6.7.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pypdf@6.7.0", "UID": "101d44693a691192", "BOMRef": "pkg:pypi/pypdf@6.7.0" }, "InstalledVersion": "6.7.0", "FixedVersion": "6.7.5", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28804", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:8ca95e7bfee20fd83a9d45bb7e500e160d6703693b5f38ceda546592f2d178d1", "Title": "pypdf: pypdf: Denial of Service via crafted PDF with ASCIIHexDecode filter", "Description": "pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28804", "https://github.com/py-pdf/pypdf", "https://github.com/py-pdf/pypdf/commit/648c627d2657447dfb1773412af05a0a5103b98f", "https://github.com/py-pdf/pypdf/pull/3666", "https://github.com/py-pdf/pypdf/releases/tag/6.7.5", "https://github.com/py-pdf/pypdf/security/advisories/GHSA-9m86-7pmv-2852", "https://nvd.nist.gov/vuln/detail/CVE-2026-28804", "https://www.cve.org/CVERecord?id=CVE-2026-28804" ], "PublishedDate": "2026-03-06T07:16:01.22Z", "LastModifiedDate": "2026-03-10T19:39:37.18Z" }, { "VulnerabilityID": "CVE-2026-31826", "VendorIDs": [ "GHSA-hqmh-ppp3-xvm7" ], "PkgID": "pypdf@6.7.0", "PkgName": "pypdf", "PkgPath": "usr/lib/python3.13/site-packages/pypdf-6.7.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pypdf@6.7.0", "UID": "101d44693a691192", "BOMRef": "pkg:pypi/pypdf@6.7.0" }, "InstalledVersion": "6.7.0", "FixedVersion": "6.8.0", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31826", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:bde3bf16b39c66bd455c6d99e615d253e537a8356aac8769f7c9742cec8d7d1c", "Title": "pypdf: pypdf: Denial of Service due to excessive memory consumption via crafted PDF", "Description": "pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. This vulnerability is fixed in 6.8.0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 6.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31826", "https://github.com/py-pdf/pypdf", "https://github.com/py-pdf/pypdf/commit/3c550b3196adeba1506a26e57c09c09fac75e9aa", "https://github.com/py-pdf/pypdf/pull/3675", "https://github.com/py-pdf/pypdf/releases/tag/6.8.0", "https://github.com/py-pdf/pypdf/security/advisories/GHSA-hqmh-ppp3-xvm7", "https://nvd.nist.gov/vuln/detail/CVE-2026-31826", "https://www.cve.org/CVERecord?id=CVE-2026-31826" ], "PublishedDate": "2026-03-10T22:16:20.483Z", "LastModifiedDate": "2026-03-17T20:52:08.673Z" }, { "VulnerabilityID": "CVE-2026-33123", "VendorIDs": [ "GHSA-qpxp-75px-xjcp" ], "PkgID": "pypdf@6.7.0", "PkgName": "pypdf", "PkgPath": "usr/lib/python3.13/site-packages/pypdf-6.7.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pypdf@6.7.0", "UID": "101d44693a691192", "BOMRef": "pkg:pypi/pypdf@6.7.0" }, "InstalledVersion": "6.7.0", "FixedVersion": "6.9.1", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33123", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:16c794d67a236e0d1cfaf9928a229d33d26c3994db424e3a6a0254048f13a1da", "Title": "pypdf: pypdf: Denial of Service due to excessive resource consumption from crafted PDF", "Description": "pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400", "CWE-407" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 5.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33123", "https://github.com/py-pdf/pypdf", "https://github.com/py-pdf/pypdf/pull/3686", "https://github.com/py-pdf/pypdf/releases/tag/6.9.1", "https://github.com/py-pdf/pypdf/security/advisories/GHSA-qpxp-75px-xjcp", "https://nvd.nist.gov/vuln/detail/CVE-2026-33123", "https://www.cve.org/CVERecord?id=CVE-2026-33123" ], "PublishedDate": "2026-03-20T10:16:18.717Z", "LastModifiedDate": "2026-03-23T15:48:01.007Z" }, { "VulnerabilityID": "CVE-2026-33699", "VendorIDs": [ "GHSA-87mj-5ggw-8qc3" ], "PkgID": "pypdf@6.7.0", "PkgName": "pypdf", "PkgPath": "usr/lib/python3.13/site-packages/pypdf-6.7.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pypdf@6.7.0", "UID": "101d44693a691192", "BOMRef": "pkg:pypi/pypdf@6.7.0" }, "InstalledVersion": "6.7.0", "FixedVersion": "6.9.2", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33699", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:22e0d090aa71be1d1dfbeb1fecef989d01545b1967c2999cacc77585a38da276", "Title": "pypdf: pypdf: Denial of Service via crafted PDF in non-strict mode", "Description": "pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider applying the changes from the patch manually.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "ghsa": 2, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", "V40Score": 4.6 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33699", "https://github.com/py-pdf/pypdf", "https://github.com/py-pdf/pypdf/pull/3693", "https://github.com/py-pdf/pypdf/releases/tag/6.9.2", "https://github.com/py-pdf/pypdf/security/advisories/GHSA-87mj-5ggw-8qc3", "https://nvd.nist.gov/vuln/detail/CVE-2026-33699", "https://www.cve.org/CVERecord?id=CVE-2026-33699" ], "PublishedDate": "2026-03-27T01:16:19.147Z", "LastModifiedDate": "2026-04-01T16:01:35.88Z" }, { "VulnerabilityID": "CVE-2026-27628", "VendorIDs": [ "GHSA-2rw7-x74f-jg35" ], "PkgID": "pypdf@6.7.0", "PkgName": "pypdf", "PkgPath": "usr/lib/python3.13/site-packages/pypdf-6.7.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pypdf@6.7.0", "UID": "101d44693a691192", "BOMRef": "pkg:pypi/pypdf@6.7.0" }, "InstalledVersion": "6.7.0", "FixedVersion": "6.7.2", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27628", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:3622498195f1bffa0e14c81c32cbf269c25c4daaa292f8466e099db7665ecf06", "Title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams", "Description": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually.", "Severity": "LOW", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "ghsa": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", "V40Score": 1.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27628", "https://github.com/py-pdf/pypdf", "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f", "https://github.com/py-pdf/pypdf/commit/f0a462d36971cf077d74492a348d0d06fd60ea4d", "https://github.com/py-pdf/pypdf/issues/3654", "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35", "https://nvd.nist.gov/vuln/detail/CVE-2026-27628", "https://www.cve.org/CVERecord?id=CVE-2026-27628" ], "PublishedDate": "2026-02-25T03:16:06.513Z", "LastModifiedDate": "2026-02-27T20:21:38.617Z" }, { "VulnerabilityID": "CVE-2026-25645", "VendorIDs": [ "GHSA-gc5v-m9x4-r6x2" ], "PkgID": "requests@2.32.5", "PkgName": "requests", "PkgPath": "usr/lib/python3.13/site-packages/requests-2.32.5.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/requests@2.32.5", "UID": "e60ae7ff0e03ad61", "BOMRef": "pkg:pypi/requests@2.32.5" }, "InstalledVersion": "2.32.5", "FixedVersion": "2.33.0", "Status": "fixed", "Layer": { "Digest": "sha256:c93fa64c0163355e27cfd34b687f456c06459ef04158cdfca5df76b05f901d2a", "DiffID": "sha256:020726122650b3ea84555c016e9ceb0d55f95e4e990a5b83f2f35d0b4e005530" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25645", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:2b3005b07dc5a6b7e5412ddcf35545abddc5483e79b217a7af964879fbbeb4d4", "Title": "requests: Requests: Security bypass due to predictable temporary file creation", "Description": "Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call `extract_zipped_paths()` directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set `TMPDIR` in their environment to a directory with restricted write access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-377" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-25645", "https://github.com/psf/requests", "https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7", "https://github.com/psf/requests/releases/tag/v2.33.0", "https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2", "https://nvd.nist.gov/vuln/detail/CVE-2026-25645", "https://www.cve.org/CVERecord?id=CVE-2026-25645" ], "PublishedDate": "2026-03-25T17:16:52.97Z", "LastModifiedDate": "2026-03-30T14:23:16.127Z" }, { "VulnerabilityID": "CVE-2026-31958", "VendorIDs": [ "GHSA-qjxf-f2mg-c6mc" ], "PkgID": "tornado@6.5.4", "PkgName": "tornado", "PkgPath": "usr/lib/python3.13/site-packages/tornado-6.5.4.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/tornado@6.5.4", "UID": "8d3b31350eeeb7d2", "BOMRef": "pkg:pypi/tornado@6.5.4" }, "InstalledVersion": "6.5.4", "FixedVersion": "6.5.5", "Status": "fixed", "Layer": { "Digest": "sha256:1db9351ecca7a5cd1ee41c32d5e874005c7f70b75038cb75d6dcdf9172be6bbf", "DiffID": "sha256:fbce99ae4659f714fbbc56bbeaaabe7ea7bcda5c11dde15ed62b9e7455350bb5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31958", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:10b5831ac0a0f1c5feae09fe9ece4ce967a81416be39c47bd967452119025f77", "Title": "tornado-python: Tornado: Denial of Service via large multipart bodies", "Description": "Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the max_body_size setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. This vulnerability is fixed in 6.5.5.", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31958", "https://github.com/tornadoweb/tornado", "https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839", "https://github.com/tornadoweb/tornado/releases/tag/v6.5.5", "https://github.com/tornadoweb/tornado/security/advisories/GHSA-qjxf-f2mg-c6mc", "https://lists.debian.org/debian-lts-announce/2026/04/msg00000.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-31958", "https://www.cve.org/CVERecord?id=CVE-2026-31958" ], "PublishedDate": "2026-03-11T20:16:16.617Z", "LastModifiedDate": "2026-04-01T15:23:00.217Z" }, { "VulnerabilityID": "GHSA-78cv-mqj4-43f7", "PkgID": "tornado@6.5.4", "PkgName": "tornado", "PkgPath": "usr/lib/python3.13/site-packages/tornado-6.5.4.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/tornado@6.5.4", "UID": "8d3b31350eeeb7d2", "BOMRef": "pkg:pypi/tornado@6.5.4" }, "InstalledVersion": "6.5.4", "FixedVersion": "6.5.5", "Status": "fixed", "Layer": { "Digest": "sha256:1db9351ecca7a5cd1ee41c32d5e874005c7f70b75038cb75d6dcdf9172be6bbf", "DiffID": "sha256:fbce99ae4659f714fbbc56bbeaaabe7ea7bcda5c11dde15ed62b9e7455350bb5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-78cv-mqj4-43f7", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:f1ac92fd089dcd90594868f05741f3d0f04d06b7805421f130ef6c9c03c5ab43", "Title": "Tornado has incomplete validation of cookie attributes", "Description": "Values passed to the `domain`, `path`, and `samesite` arguments of `RequestHandler.set_cookie` were not completely validated in versions of Tornado prior to 6.5.5. In particular, semicolons would be allowed, which could be used to inject attacker-controlled values for other cookie attributes.", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://github.com/tornadoweb/tornado", "https://github.com/tornadoweb/tornado/commit/24a2d96ea115f663b223887deb0060f13974c104", "https://github.com/tornadoweb/tornado/releases/tag/v6.5.5", "https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7" ], "PublishedDate": "2026-03-11T22:17:00Z", "LastModifiedDate": "2026-03-11T22:17:00Z" } ] } ] }